
ESR: Cisco provides a lesson - axk
http://esr.ibiblio.org/?p=4441
======
quesera
I agree with Eric, but the problem is that even if you own your router (many
residential users have provider-provided hardware), and run Tomato or DD-WRT,
etc ... You have only one next hop, and zero control over that router.

So yes, don't invite Cisco into your living room, obviously. (Nor
Cisco/Scientific Atlanta, but that's another discussion..!)

But you're still powerless and privacyless, sorry. Get a VPN box and tunnel
everything (I do), but that's just kicking the can a few years down the road
(less if you pick a cheap host).

Also, the bigger message from this fiasco is that Cisco is feeling revenue
pressure even in their protective low margin consumer networking business.
Cisco has never been a good consumer company, but they've just never cared
enough to get "creative" before.

That's a bad bad sign for Cisco. Chambers, like Ballmer, has presided over
ten-plus years of sideways, and this move seems _desperate_.

Run for the exits.

~~~
ableal
> many residential users have provider-provided hardware

Yep. Even if I bothered to find a replacement for my combination cable
modem/router, I don't know if the ISP / cable company would "talk" to the new
hardware. Probably not contractually required to do so.

I'm reminded of the liberation of phone handsets from the phone company - up
until the 1980s, most everywhere, it used to be that one could only connect to
the network a phone leased from the carrier.

The issue of who controls (has root) on all the computers we supposedly own,
starting with internet access routers and going on to printers, smart-phones,
e-book readers, game consoles, disc players and TVs, is a vexing one.

~~~
derleth
> I don't know if the ISP / cable company would "talk" to the new hardware

I honestly, no-ulterior-motive wonder how often this happens. I mean, isn't
ADSL governed by real-world written-down standards? Isn't DOCSIS an actual
standard? If so, and given the absolute standardization of things like ARP,
RARP, DHCP, and so on, where could the problem possibly come in? Do they scan
routers and refuse to talk to ones that don't respond with the right software
version numbers?

~~~
rictic
A piece of anecdata:

I've got comcast, and I recently bought my own cable modem because the
provider given one was dropping packets.

To get it to connect at all, I needed to call them up and tell them the model
number and the the MAC address (or something that seemed analogous) of the
router. I had two models to choose from (fewer than usual because I needed
DOCSIS 3 I think), and they made it very clear that these were the only models
they would allow you to use.

(it almost goes without saying, despite using their business support, it took
three or four days, most of which I was without usable internet)

~~~
lesterbuck
I started Comcast service about a year ago. They have a page of approved
hardware on the web, and I bought a new modem off of that page. It seemed
there was plenty of choice even then.

I happened to pick a Motorola SB6150. What surprised me was that there was not
a shred of technical information or any management screen. After the cable was
installed in my house, my brand new modem was attached to the cable
infrastructure and then downloaded Comcast firmware for about twenty minutes.
After my modem had completely joined the Borg, only then was it allowed to
offer me internet service. Sigh...

~~~
mmmooo
sadly, that is DOCSIS. You get to see very little (some modems provide signal
levels, some debug info, etc) if anything at all. Everything else comes
from/is controlled by the CMTS. Even in the enterprise grade modems like cisco
hwic's, the docsis portion is almost entirely hidden from you.

------
cjbprime
The same person announcing in this blog post that Cisco is "doing evil" and
that it's not true that "Open systems and networks aren't always better for
consumers" is the person who wrote this blog post last month:

<http://esr.ibiblio.org/?p=4386>

wherein he described how he's not at all like RMS, because RMS frames his
advocacy "as a moral crusade" and because "his rhetoric and his thinking
became dominated by terms like 'evil'" and RMS doesn't use "pragmatic argument
about engineering practices and outcomes".

I think ESR is really telling us that he wishes we'd all start listening to
him tell us about how we should stop doing evil things instead of listening to
RMS do the same.

~~~
praptak
What I see in this case is evidence that RMS is not as deluded as his
opponents paint him to be.

This case shows that "evil", "good", "moral" aren't some vague abstract
concepts that only matter to graybeard philosophers. You might think they are
somehow detached from "practices and outcomes". Until Cisco bricks your router
and holds it hostage until you sign off your privacy rights.

Seriously, if I heard RMS rant about "what if Cisco bricks your router to
force you to bend over" I'd wave him off as being unrealistic and exaggerating
beyond common sense. Not anymore.

------
corford
Without wanting to start too much of a holy war, this is exactly why I prefer
the GPL over BSD variants. The GPL takes ESR's argument in this blog post to
its natural conclusion. The only way you (the user) can be completely free is
if the code is forced to stay open. There's no other way around it.

Even if Cisco's firmware blob consisted entirely of compiled open source code,
if it was all BSD licensed you'd still be no better off.

~~~
einhverfr
OTOH, what's to stop Cisco's firmware blob from including all sorts of GPL'd
software, died together by a proprietary program?

And it's not like BSD licenses lack ways of encouraging contribution back
either.

I just don't see the choice between these licenses as important as quality of
software and pace of development in ensuring customer freedom.

~~~
praptak
> OTOH, what's to stop Cisco's firmware blob from including all sorts of GPL'd
> software, died together by a proprietary program?

I assume that you mean officially GPL'd, not secretly incorporated by Cisco
(although this type of abuse also gets detected.) GPLv3 forbids tivoization,
so GP would definitely be better off with a router running GPL'd software.
With BSD there is nothing preventing the hardware vendor from locking the
software away from users.

~~~
einhverfr
I don't know about that. Let's say the router is running a GPL'd light-weight
web server. Just because you can't lock the person out doesn't mean that the
component may be effectively replaceable.

Otherwise you could never effectively use any GPL v3 software in embedded
devices unless you add additional update paths.

------
ShabbyDoo
The phrase 'better for consumers' doesn't seem to have any testable meaning.
What hypothetical experiment, if performed, would determine whether a proposed
rule change would be "better for consumers"?

Let's pretend that we can clone the universe and run an A/B test. Universe A
receives the new rule treatment and Universe B does not. In both universes, we
inject happiness meters into every living person's head. These meters also
inject clones of themselves into fetuses for the next 100 years. So, we can
compute the average happiness levels of all people on earth over the next
century. Is a net positive change in happiness levels the definition of
"better for consumers"? Must we also consider changes in the distribution of
happiness among individuals? Is happiness even the right metric to consider?
When the word 'consumers' is used, does it imply that everyone's happiness
should be considered?

So, back to some reality. It's certainly possible that an Apple-like walled-
garden approach might, for some particular
technology/situation/problem/whatever set-off a chain of economic events which
has a positive net effect on overall human happiness. However, I have no idea
if I'm making a meaningful argument to those using the "better for consumers"
phrase as no one seems too interested in attaching a strong definition to the
term.

W.r.t. anti-trust litigation, the phrase is oft thrown about. What has
bothered me is that the "obvious" answer is provided by a static, short-term
analysis of current economic conditions. In the short-term, it's better for
consumers to regulate the price of electricity. After all, it costs "too
much", you know. However, the disincentive to build new power generation
facilities likely leads to an outcome very negative for consumers --
shortages, rationing, etc.

tl;dr; Stop using the phrase 'better for consumers' unless you bother to
attach to it a testable definition.

~~~
jiggy2011
Really you could ask the exact same questions for the phrase "better for the
economy" and doubtless many other things.

~~~
ShabbyDoo
Agree. Whenever I hear the words better/worse used without an obvious axis of
measurement, I am suspicious of the speaker.

------
Silhouette
They might be technically capable of doing this, but I would enjoy reporting
them to the police for possibly having committed criminal offences under the
Computer Misuse Act, Regulation of Investigatory Powers Act and others if they
ever tried it on me.

I wonder if the much-hyped US-UK extradition treaty cuts both ways in such a
flagrant case of unauthorised access...

------
robomartin
I really don't think that this has anything whatsoever to do with closed vs.
open source. This is definitely a case of Cisco over-reaching. The genesis of
the problem isn't really connected to closed source. There are plenty of
closed source systems that don't even approach these kinds of issues.

Would open-source prevent this kind of thing? Probably. In this case, someone
has to make the hardware, supply and maintain the infrastructure, so the
problem is probably a little more complex than the simple contrast between
closed and open source. There really aren't a lot of large open-source-
everything projects out there (hardware + software + mechanical + whatever
else) to know how this would play out.

Hardware, as a business, is really capital intensive. Software isn't. A
college student in a dorm can sit down and write software that gets
distributed to millions and reaches every corner of the world. And the cost of
doing so is virtually nothing.

To replicate this in hardware is almost impossible (yet). There's a lot more
to it than just designing and building it. There's support, warranties,
regulatory requirements, etc.

Here's a dumb example: Who wants to be responsible for the lawsuit when an
ill-designed piece of hardware kills someone because it does not deal with
high-voltages in a safe manner?

Or another one: Who wants to be responsible for a recall of thousands or even
millions of devices if they are found to be defective in some way?

Again, regardless of the contrast between hardware and software I don't think
that this issue can be used to champion the FOSS flag.

~~~
1337p337
> I really don't think that this has anything whatsoever to do with closed vs.
> open source.

[...]

> Would open-source prevent this kind of thing? Probably.

I don't think I could have made the argument better than you have.

The point isn't that all closed source software does this, or even that most
does it. The point is that when you cannot control the software, the abuse can
happen. Anyone who has power can abuse it, which means that if you cede
control over software in your router to Cisco, you have to trust Cisco not to
abuse it. If you don't, then you don't have to worry.

~~~
Getahobby
Even if Cisco was running open source code they could still put ALL of this
language into this agreement. The difference would be you could see the actual
mechanism in work if they had open source code. The egregious part is the
language, not the implementation.

~~~
jiggy2011
Or you could get the code, rip out the parts you didn't like, recompile and
install on your router.

You might be breaching the terms & conditions of their cloud stuff, but you
could simply choose not to use it.

~~~
Xylakant
Well, even though I'm pretty technically literate and know my way around a
compiler, I probably couldn't do this, even with the source. There's so much
knowledge that you need to accumulate. I could probably learn how to do it,
but that would take me weeks, if not month. So first, somebody would have to
do it. Second, he'd have to maintain it. Then, my less-computer-literate
friends would need someone who makes them aware of the issue and points them
to the firmware, probably even install it. Most won't bother, check the box
and accept the TOS, maybe thinking "I'm not planning on doing anything illegal
anyways." - that won't be solved with open source.

Open source protects the technical literate people, but it's not the silver
bullet that solves this issue. Raising awareness and pushing back is at least
as important and that's possible with closed source as well.

~~~
aangjie
While I agree with your point Open-source is not a silver bullet. I don't see
anything other than Open-source as a good enabler.

Yes, pushing back is possible with closed source as well.

The real question becomes, which is harder? and for who? To push back at
closed source, you'd have to be a big consumer of them or atleast big enough
to be able to sue the vendor. If you're an individual, you're in real trouble.
Of course, there are people who play both roles.

And I see Open-source as the best enabler for technical individuals. As far as
i can see, of course.

------
tux1968
Eric has about the worst personality you could ask for in a representative of
a movement; but i can't fault this post. Likely he doesn't realize that he's
parroting RMS's key message more or less verbatim. But there's no reason to
make a fuss about that when it's an important message for people to hear,
regardless of the source.

------
munin
how would open source software prevent this?

I have an open source Buffalo router that shipped with DD-WRT. it has a
service onboard where I can run an alternate SSID as a free wifi hotspot, and
software on the router will inject a frame into clients web browsers to serve
ads.

evil? yep. on by default? no. implemented entirely with open source software?
yes.

what would happen if this feature shipped in an open-source router on-by-
default and without the software button to click to change it? are you
seriously advocating to consumers that they download the source code to their
router, change some #defines to remove the code that injects ads, recompile
it, and reload it onto their router?

~~~
wpietri
Why would most consumers need to do that? It only takes one HNish person to
get the code, fix it, and release something that consumers can easily use.

~~~
munin
reflashing router firmware is still something out of reach to most consumers.
it would probably not even occur to most consumers that the ads in their web
browser would be something they could change.

~~~
jiggy2011
You could ask/pay/sleep with a person of your choosing and have them do it for
you.

To the second point, if you had a world with mostly open source software then
people would start to assume that things like that could be done.

It's like arguing that you should design cars to be only serviceable by the
manufacturer simply because not everyone is a mechanic.

------
gwillen
This reminded me that I owned some CSCO, and I need to sell some stock anyway.
Sell sell sell!

(I laughed when I saw how _much_ CSCO I own -- I bought it in high school,
also total it's worth about $250, and that is apparently about the same as it
was worth when I bought it.)

------
monochromatic
So he disagrees withe the statement that "Open systems and networks aren’t
always better for consumers." Ok, fine.

But he asserts that open is _absolutely never_ better, and he backs up that
assertion with... a single example. That's not much of a syllogism.

------
bconway
_last a few days Cisco pushed a firmware update to several of its most popular
routers that bricked the device unless you signed up for Cisco’s “cloud”
service._

It did no such thing, even for very liberal uses of the term "brick."

------
emmelaich
<http://www.tonidoplug.com/> anyone?

