
FCC: We aren’t banning DD-WRT on Wi-Fi routers - sprucely
http://arstechnica.com/information-technology/2015/11/fcc-we-arent-banning-dd-wrt-on-wi-fi-routers/
======
violentvinyl
It's interesting (depressing) to me, that the FCC thinks that hardware vendors
should be responsible for what their hardware does once it leaves their hands.
If we applied the same logic to other industries, there wouldn't be a firearm
manufacturer left in the USA.

Is this an actual problem? Are there people running DD-WRT in a way that is
wreaking havoc on other communications? I can count on one hand the number of
people I know who have played with DD-WRT, and I've worked with hundreds of
geeks in my career. It feels like the FCC is trying to regulate a problem that
doesn't exist yet, and it makes me wonder what the motivation behind it is.

~~~
bcg1
Actually it seems very similar to the example you provided.

A similar scenario would be if a firearms manufacturer designed a semi-
automatic rifle (one trigger pull = 1 shot fired) that easily could be
modified to be an automatic rifle (one trigger pull = multiple shots fired).
Former is legal, the latter is not. If such a firearm starting becoming a
favorite of criminals because of this feature, a vast majority of gun
enthusiasts would have no problem with BATF requiring the manufacturer to put
safeguards in place (there are perhaps a small sliver of extremists that might
object, but nowhere near the degree to which an equal-but-oppositely extreme
sliver of gun control advocates would have you believe).

The FCC is really just saying that if you make a device that you want to get
certified, and it is physically capable of transmitting outside of the
parameters for which it is being certified, it wants to know what steps you
are putting in place to ensure that the it can't easily be modified to do
that.

And to answer your question - yes, people are already modifying consumer
routers to use outside of Part 15... for example [http://www.broadband-
hamnet.org/](http://www.broadband-hamnet.org/) ... those are licensed
operators of course but anyone could do this, licensed or not.

~~~
bmelton
Honestly, as someone who associates with a lot of gun enthusiasts, I think
that the AR platform is quite easily modified into fully automatic -- just
replace the sear from a semi-automatic sear to a full auto sear.

You have to have a BATFE approval and pay a tax stamp to possess a full auto
sear, but the work in switching from semi to full auto is pretty minimal.

A more apt scenario that people would clamor behind is a semi-automatic
firearm that had a fully automatic failure state. That would be terribly
unsafe, and everyone on both sides of the gun debate would be demanding it got
fixed, just as they would if a firearm were on the market that could
accidentally fire when dropped.

Both of those used to be fairly common scenarios, but are now both exceedingly
rare thanks to advancements in gun safety.

~~~
pavel_lishin
I'm not familiar with guns - what's a sear?

Without knowing that, I'm gonna go ahead and make a comment that may not make
sense: I think the idea is that it shouldn't be _trivially_ simple to convert
a semi-automatic rifle into an automatic rifle. E.g., it can't be done by
putting a paperclip into some part of the mechanism, or slightly filing down a
metal part.

If getting a full auto sear is a non-trivial process (which it seems to be)
and making one from scratch isn't trivial either, then gun manufacturers seem
to have gone to reasonable lengths to prevent their guns from being converted
to full auto.

~~~
bmelton
A sear is, basically, a piece of metal. It's part of the trigger assembly.
Speaking simplistically, it is the thing that gives the trigger pressure -- it
holds back the striking mechanism until your trigger pull releases it.

[https://en.wikipedia.org/wiki/Sear_(firearm)](https://en.wikipedia.org/wiki/Sear_\(firearm\))

This is an animation of a semi-automatic sear (in which the sear is the green
part): [http://mcb-homis.com/blog/trigger-animation.gif](http://mcb-
homis.com/blog/trigger-animation.gif)

This is an animation of a fully automatic sear (in which the sear is blue):
[http://mcb-homis.com/blog/m16animation1ww1.gif](http://mcb-
homis.com/blog/m16animation1ww1.gif)

Taking out a semi-automatic sear and replacing it with a fully automatic sear
is trivial. Converting a semi-automatic sear is slightly more difficult, as it
requires precision, and a supplementary catch (to keep the firearm from always
firing always).

If people aren't committing crimes with fully automatic firearms, it isn't
because the process of obtaining fully automatic firearms is difficult,
because it isn't. You can get butt stocks that replicate fully automatic fire
for less than $50. Fully automatic fire is just silly to use. If you miss with
the first shot, you're almost certainly going to miss with subsequent shots,
so for anything requiring accuracy (which is almost everything you would do
with a firearm short of perhaps intimidation), converting to full auto makes
it less effective.

------
qb45
TL;DR:

 _Describe, if the device permits third-party software or firmware
installation, what mechanisms are provided by the manufacturer to permit
integration of such functions while ensuring that the RF parameters of the
device cannot be operated outside its authorization for operation in the US.
In the description include what controls and /or agreements are in place with
providers of third-party functionality to ensure the devices’ underlying RF
parameters are unchanged and how the manufacturer verifies the functionality._

This sounds like it permits open source drivers and OSs, as long as the
hardware enforces FCC compliance.

However, I see a problem with the "FCC" in "FCC compliance". This rule doesn't
sound good for world-roaming WiFi adapters, i.e. ones which are validated to
physically work in multiple regulatory regimens and try to comply with current
local regulations simply by not transmitting on frequencies not allowed
everywhere in the world until they connect to some AP working on this
frequency. Obviously, the assumption is that APs are compliant.

AFAIK at least Atheros makes such adapters (for laptops, phones, etc) and the
channel limiting logic is implemented in drivers, which are open source for
some platforms. I wonder how are they going to deal with such regulations.

Not that this would be the first time radio regulations screw mobile users,
btw. You may think that even if your laptop's WiFi card is locked to channels
allowed in one country, you can get a USB dongle from another country and use
it there. Not that easily. Some cards made by Atheros (dunno about other
vendors) are validated only for operation in certain regulatory domains and
this information is stored in EEPROM on the card. Their Linux driver reads the
country code from the card and passes it to the wireless stack, which in turn
immediately locks out all frequencies and power levels disallowed in this
country.

When I asked about this behavior, the WiFi stack maintainer's response was
that they treat each region-locked card in the system as a "hint" that the
system may be operating in this region and try to comply with this region's
regulations just to be safe. Madness and paranoia. This maintainer was an
employee of one WiFi hardware vendor.

I ended up replacing my laptop's WiFi card with one whose drivers are based on
independent reverse-engineering effort, simply because they didn't bother
passing regulatory codes to the WiFi stack and messing up USB dongles.

~~~
h4waii
You can quite easily change your regulatory domain on Linux, as well as change
stored settings (through wireless-regdb) in it. CRDA is run in user-space.

For example, `iw reg set` to BO ro JP will remove many power and channel
limitations.

Yes, it's possible to have these settings stored in a tertiary firmware, but
it's not common anymore. The hardware is the same, the driver and stack simply
limit it based on what the OS requests.

~~~
qb45
1\. `iw reg set JP` is exactly what this regulation seeks to prohibit, i.e. if
you are selling WiFi hardware in the US, you have to be damn sure that no one
will be able to switch it to channel 14.

2\. Even with `iw reg set JP` you won't be able to go above channel 11 if your
system contains an Atheros adapter certified for US market only. Even using
other hardware, suitable for the job and certified by whatever agency Japan
has.

The only solution is `rmmod ath` or patching the mac80211 stack. Or avoiding
Atheros hardware, as I do. Not that I have anything against Atheros, I'm sure
they wouldn't bother implementing this bullshit logic if they didn't have to,
but their hardware is simply a PITA to use because of this.

------
willvarfar
No mention of Dave Taht and Vint Cerf's open letter to the FCC then? Sad.

[http://fqcodel.bufferbloat.net/~d/fcc_saner_software_practic...](http://fqcodel.bufferbloat.net/~d/fcc_saner_software_practices.pdf)

~~~
qb45
This letter calls for quite radical and, dare I say, controversial changes.
Did you really expect to see this changes adopted overnight?

Or are you complaining that Arstechnica didn't mention it?

~~~
slang800
How are those changes radical or controversial?

~~~
qb45
Giving users full control over the hardware and expecting that they will
follow regulations is exactly the opposite of what RF regulatory looked like
throughout the last century.

And if you want to understand the "controversial" part, just go to any company
and ask what they think about being required to open source their precious
firmwares and fix bugs in timely manner under the threat of getting banned
from the market.

------
zaroth
It's a step in the right direction. The concern I have is that "disabling" the
ability to use 3rd party firmware is still the primary means of compliance
which is prima facie accepted, whereas if you don't disable, then you have to
make the case for why you comply, including coordinating with random 3rd
parties and FCC may decide you haven't done enough. Are manufacturers going to
take this risk?

Ideally for a manufacturer to take the stance that they comply through
disabling 3rd party firmware updates (versus the preferred method of... what
exactly?) they should have to work harder than the alternative, but at least
it should be an equally "certain" process and outcome. That shifts the
calculus of a risk adverse company deciding how to comply.

------
jimrandomh
So they changed the language, and the new language is

> Describe, if the device permits third-party software or firmware
> installation, what mechanisms are provided by the manufacturer to permit
> integration of such functions while ensuring that the RF parameters of the
> device cannot be operated outside its authorization for operation in the US.
> In the description include what controls and/or agreements are in place with
> providers of third-party functionality to ensure the devices’ underlying RF
> parameters are unchanged and how the manufacturer verifies the
> functionality.

Hardware locking to correct frequencies would satisfy this requirement. But it
also sounds like getting in touch with the authors of common third-party
firmwares, and getting them to agree to stay within FCC might suffice? That
isn't totally clear, but it seems like that would be the ideal: hardware
manufacturers some risk of power users reprogramming their radios incorrectly,
but keep an eye on things so no one publishes software that leads people into
doing it by accident or makes it too easy.

------
tracker1
It seems to me that transmitter chipsets should work with an optional
resister/register that is hard-wired to the market.. in this way the device
firmware won't be able to utilize the antenna out of band, or at least the
drivers should/could use this as a guide, and with most device drivers of this
type being included as closed/source blobs, it would be less of an issue while
allowing for userspace mods like dd-wrt, open-wrt and tomato to continue
working.

edit: Maybe having a dip switch panel under the cover, so it _could_ be user
modifyable, but not the "default" for a region.

------
c2the3rd
While they aren't banning DD-WRT, they are creating restrictions for
manufacturers. The easiest way for a manufacturer to meet the new rules is
simply to not allow flashing third-party software.

Even if they don't intend to ban DD-WRT, their rules may indirectly eliminate
consumer ability to use it.

