
Clearing the Air on Wi-Fi Software Updates - pavornyoh
https://www.fcc.gov/blog/clearing-air-wi-fi-software-updates
======
JoshTriplett
> Our original lab guidance document released pursuant to that Order asked
> manufacturers to explain “how [its] device is protected from ‘flashing’ and
> the installation of third-party firmware such as DD-WRT”. This particular
> question prompted a fair bit of confusion – were we mandating wholesale
> blocking of Open Source firmware modifications?

> We were not, but we agree that the guidance we provide to manufacturers must
> be crystal-clear to avoid confusion.

Can you feel the wind off of that backpedaling?

There's no possible way they asked how devices were "protected" from "third-
party firmware such as DD-WRT" while not expecting blocking of Open Source
firmware modifications. It sounds a lot more like they got too much backlash:
"...no, of course that's not what we meant [looks around nervously] you
believe us, right?".

While this _might_ result in a desirable outcome, I think it would have come
across as far more genuine if they'd directly acknowledged that they
originally suggested blocking all third-party firmware, and subsequently
decided that they'd need a more nuanced approach. That, at least, would not
come across as a (transparently bad) spin attempt.

Why does this need any kind of new change in the first place? The FCC can
certainly go after people who _actually_ transmit in violation of FCC
regulations, and they do, no matter what device they use to do so.

~~~
creshal
The irony is that DD-WRT never touched anything within FCC legislation – it
still uses the vendors' proprietary WiFi firmwares for the actual radios. It
just makes everything around that suck less.

The worst you can do with DD-WRT is intentionally set a wrong country code.

~~~
JoshTriplett
> The worst you can do with DD-WRT is intentionally set a wrong country code.

Which lets you transmit on unauthorized frequencies, such as channel 14.

But you can hardly do that by accident.

~~~
creshal
> But you can hardly do that by accident.

Exactly, and plenty of closed source router firmwares expose the same option.
And radios (Japanese radios can listen on German police frequencies, I think),
etc. pp.; basically everything with an antenna that's sold in more than one
country.

------
th0ma5
I think however what they ultimately do want to do is of course make a 1:1
parity between hardware and the license granted. This is a very good thing
with regards to protecting spectrum, but it seems to possibly not reflect the
trend to push more and more of signal processing into firmware and software.
Will it increase parts counts and the bill of materials? Perhaps it has been
too optimistic make one globally available physical product supplemented with
a software tweak for each locality.

~~~
bravo
Maybe I'm misunderstanding, why is it an issue if the signal processing is
done in firmware? Isn't the idea of firmware that it's factory set and read-
only?

~~~
x0x0
There are regulations about what frequencies and at what power different
devices may broadcast. Currently, those implementations (and hence
regulations) are done/enforced in some combination of hardware and software,
but mostly hardware. Implementation is moving to software, so updating the OS
allows the user to override those regulations. The FTC is not thrilled about
this.

~~~
bravo
Yeah, I understood that, I was just confused as to why he or she mentioned
firmware along with software because I thought firmware can't be modified by
users like software can. I was wrong in thinking that though.

------
rlpb
"So, today we released a revision to that guidance to clarify that our
instructions were narrowly-focused on modifications that would take a device
out of compliance."

With the advent of software defined radio, how is it even possible to draw
such a line between the part of firmware "that can take a device out of
compliance" and the part of firmware that cannot?

------
i336_
Nobody will probably see this, but this is my take on the undertone I get from
reading this:

"Manufacturers are lazy, and hardware/driver implementations are often buggy
and not sufficiently restrictive. Lobbying the manufacturers didn't work
_[citation impossible]_ , so we might need to block DD-WRT et al. on devices
that are sufficiently enough that they freely allow firmware like DD-WRT (and
OpenWRT) unmitigated access to the RF chip's parameters via an insecure
driver."

Of course they had to be much nicer and much more opaque than that, so
everyone got confused.

