
Why doesn’t OpenWrt autoupdate? - zdw
http://prpl.works/2016/01/06/why-doesnt-openwrt-autoupdate/
======
kogepathic
I am not an OpenWrt developer, but I develop software for OpenWrt based
platforms.

In short: on a lot of these devices it would be difficult or impossible to
have a stable auto update mechanism. This could be due to flash size (16MB is
considered large for consumer devices), or due to the state of the kernel
modules responsible for hardware (e.g. wireless drivers).

Also there isn't usually a backup to the kernel in flash, so if your auto
update is interrupted by a power failure or the user pulling the cord, you
will have a bricked device. Good luck explaining the limitations of SPI EEPROM
and compressed filesystems to a pissed off user with a brick. After the update
you have to reboot, how do you schedule this on a device which is typically
invisible to the user? In networks it's extremely difficult for these embedded
devices to guess when someone might not be using it.

Having seen my fair share of ancient OpenWrt devices deployed in the field,
the industry as a whole definitely needs to focus more on auto updates to
resolve security issues.

However as the author points out, the sheer number of chipsets out there, it
would be very difficult to accomplish without extensive testing.

I hope that we can all make meaningful progress toward auto updates of
critical issues, but there is a long road ahead to that.

~~~
chx
I actually would pay decent money for a device with dual flash to address some
of this (like Gigabyte dual BIOS on PC motherboards).

~~~
chrissnell
If you're willing to pay "decent money" for a router with auto-update, get
some PC hardware (even as small as a WRAP or Soekris) and run pfSense. You'll
never look back. I love OpenWRT but a $100 Netgear or Linksys device just
can't touch a real PC motherboard with Intel NICs.

My preferred pfSense platform at both home and the office is a server-grade
chassis running ESXi. My router runs in a VM on this server and I use
vSwitches to connect the VM to the various ports on the 4-port Intel NIC.

I just built it like this for convenience (I already had the ESXi server) but
I later found a side-benefit: if you've set up a DMZ on pfSense, you can
easily attach VMs to the DMZ by associating them with the DMZ vSwitch. So, I
have some untrusted VMs sitting in my DMZ and trusted VMs sitting on my
LAN...all on the same piece of hardware.

I've been running this way since 2013 and it's been flawless and fast. More
details here:

[http://output.chrissnell.com/post/39550480075/the-jack-of-
al...](http://output.chrissnell.com/post/39550480075/the-jack-of-all-trades-
home-server)

~~~
silon7
How much power does that use? I run linux a firewall/router on an older laptop
+ usb ethernet(2) and it's about 20w. I'd prefer < 10\. Perhaps I need to try
Raspberry Pi next.

~~~
jlgaddis
The Raspberry Pi is gonna suck as a router due to the "Ethernet on USB". You'd
be much happier with one of the boards that _chrissnell_ mentioned above.

Personally, I use a "Maxxwave 1106" running BSD I had laying around but it's
on the more expensive side. If I was putting something together for myself,
I'd get one of the small Atom boards with a couple of onboard Intel NICs.

------
simonmorley
I am an OpenWrt developer but not part of the core team by far. We've been
developing a platform to manage OpenWrt devices from the cloud for the last 18
months.

We struggled with this since day zero. As a startup, we didn't have the luxury
money to build our own boxes with loads of memory. Plus we we wanted to
support all OpenWrt devices. Ultimately, we took the logic of auto upgrades
(and everything else for that matter, separate story) off the aps directly and
now do everything in our platform.

Currently we only support a minimal set of devices - about 15 in total.
However building / maintaining the firmwares for all of these, making sure
they're up to date etc. is a huge burden.

Upgrading a box for a user poses so many challenges, I can't see why this is
actually OpenWrt's responsibility?

What to do about testing? New releases can (do) have bugs. Again, since we're
bootstrapped, we don't have a lab so we have separate development modes and
test these on customers willing to have the bleeding edge.

The Netflix Syndrome as we call it. What if someone/thing is connected - do we
still upgrade? I work late, and before sleep, I usually watch some Netflix.
However, our nightly upgrades pushed from our platform were ruining my
enjoyment! Shock. We had to introduce a feature to disable auto upgrades if
there is a device detected.

What about stragglers? Customers with very outdated firmwares were not only
vulnerable but also holding our development back. In the end we upgrade all
boxes that are 2 months old between 4am and 5am local time every day. Some
people refused to upgrade, they like the status quo, they're used to the
gotchas in a particular release.

Ok, OpenWrt is becoming hugely popular but there's still a huge knowledge gap.
If people struggle to understand the difference between WiFi and broadband,
how can we expect them to understand firmware let alone, why it needs to be
updated.

------
J_Darnley
If openwrt had an updating feature and I was running it, do you want it to
brick my device when they decide they can no longer support my router?

That is exactly what happened when I tried out openwrt a few years ago. Nobody
thought it was wise to say that I would need more than the 4M of flash that is
in my original "the linux router". I had to use tftp to put ddwrt back on it.
That requires a wired connection. Thank god I have plenty of those. People
today with their wireless everything would be SOL.

------
chx
Is the solution then to use an x86 PC for home routing? I have been
considering doing that. What's a good distro for this particular purpose? As
it happens I bought a fanless i3 5005U from aliexpress a week ago mostly as a
media player but also as a vague "I need something silent and server-ish"
thing.

~~~
jlgaddis
Small Atom boards with multiple Intel NICs are absolutely awesome for this. I
prefer OpenBSD myself but if you're looking for something with a pointy-clicky
web interface, slap pfSense on it and call it a day.

------
seivan
My ISP auto updates ours (against my wishes). I've had to hardware reset it
several times as it introduces bugs constantly. Sometimes it just goes bust as
well.

The worst part is that they don't seem to test before pushing these updates.
Im back on 3.2.2RC.

~~~
narrowrail
This is interesting, but it would be more so if you could tell us what
hardware, what "3.2.2RC" refers to, and which ISP (I'm assuming somewhere in
Europe?).

Also, I thought it was assumed that letting your ISP control your router is a
'bad idea'; modem, sure, but not the router. Perhaps this just isn't important
enough for you to care, but this entire thread is full of people that feel
differently.

~~~
seivan
Yup, not sure how to disable their access to be honest. I really don't got a
choice if I want fiber.

This is what I am running EG300-WU21U_OWT3.2.22-151006_1056

------
newman314
It would be great to see auto update for ddwrt, openwrt etc.

Kong's build for ddwrt does have command line update

OSMC has done a really nice job of an auto update mechanism and it would be
great to have the same functionality for router firmware.

There is also nslug2 and opkg...

~~~
mschuster91
> There is also nslug2 and opkg...

Whoa, people still use these in the days of Raspberry Pi's? Oo

~~~
newman314
Well, the last time I used it was when I was hacking on Palm Pre phones =O

