
OpenWRT vs. FCC – Forced Firmware Lockdown? [video] - niklasni1
http://www.cnx-software.com/2015/08/07/openwrt-vs-fcc-forced-firmware-lockdown-presentation-video-and-slides/
======
nickysielicki
If you're in the US please take 5 minutes and do something about this. This is
a big deal.

Make a phone call about this:

> 1 (888) 225-5322

Send an email:

> Chairman Tom Wheeler: Tom.Wheeler@fcc.gov

> Commissioner Mignon Clyburn: Mignon.Clyburn@fcc.gov

> Commissioner Jessica Rosenworcel: Jessica.Rosenworcel@fcc.gov

> Commissioner Ajit Pai: Ajit.Pai@fcc.gov

> Commissioner Michael O’Rielly: Mike.O'Rielly@fcc.gov

Write a letter:

> Federal Communications Commission

> 445 12th Street, SW

> Washington, DC 20554

source: [https://www.fcc.gov/contact-us](https://www.fcc.gov/contact-us)

~~~
uuuusername
PLEASE put in comments on this proceeding, everyone! WE NEED YOUR HELP!

~~~
cpncrunch
First I would advise you to understand why this is being done.

[https://news.ycombinator.com/item?id=10137739](https://news.ycombinator.com/item?id=10137739)

~~~
nickysielicki
I don't understand your/his reasoning here.

* People don't enable DFS and they mess up radar for Airports.

* ~20 reported incidents, people are fined ~$25k and stop.

* Therefore we must make it illegal to change the firmware on wireless devices.

Only 20 cases? $25k fines!? Why can't we continue to solve this problem like
this? The hobbyists flashing their devices with OpenWRT and then making a
conscious decision to override defaults (upon which OpenWRT will warn you
about legality) are a rare breed. Those that foolishly do this are being fined
heavily.

I just don't understand the jump.

~~~
AnimalMuppet
Because _one_ case can (potentially) cause the radar to miss a wind-shear
threat, which is precisely what the radar is there to detect. Missing that can
cause a plane crash and kill anywhere from one to a few hundred people.

Given that level of potential downside (even if things would have to happen
exactly wrong for it to occur), I'm not sure that "we fine them $25K and they
stop" is the right trade-off. I'm not sure that "only 20 reported incidents"
is a level that you should expect people to be comfortable with. I'm not sure
"we'll continue to not be horribly unlucky" is a valid approach.

~~~
CamperBob2
This is just a variation on the old "Turn off your Game Boys before takeoff,
or the plane might crash" schtick.

The proper way to fix that issue, if there ever was one, was to mandate the
implementation of avionics that can't be jammed by a Part 15 device. Instead,
look what happened... we got a decade of silly, groundless rules that had no
useful effect and were eventually scrapped.

Now it looks like it's the WiFi industry's turn. Gee, maybe putting weather
radar right next to an unlicensed ISM band wasn't such a great idea. Maybe
_they_ 're the ones who should move.

~~~
AnimalMuppet
> Gee, maybe putting weather radar right next to an unlicensed ISM band wasn't
> such a great idea. Maybe they're the ones who should move.

Doesn't work that way. They're trying to detect air movement. That's hard;
it's not possible at just random frequencies. You can't (effectively) move the
radars without changing physics. They're at the frequency they're at for a
reason, not just because of random bureaucratic decisions.

(Of course, it's not that simple. Of course you can move them - at some loss
of effectiveness. How much, to move them how far? I can't answer that.)

~~~
CamperBob2
I haven't looked into it in depth, but AFAIK weather radar works at X band,
doesn't it? And it doesn't detect air movement, but water droplets, correct?

------
mindslight
Better off just building your own router. The high brow option is an embedded
motherboard and minipcie wifi card. If the hardware is powerful enough to MASQ
gigabit, it won't be obsolete for a decade. And you can upgrade wireless
standards with a new card. The only reason there's such an upgrade cycle for
consumer routers is that they're built shoddily and with the slowest CPU
possible.

And as much as I appreciate spectrum partitioning, we really need to get the
major wifi chipsets completely reverse engineered so we can blow away this
ambiguous spectre of "unauthorized" modifications and turn them into something
normal. Randos stomping on ch12-15 isn't an actual problem - but that
widespread rulebreaking coupled with the unknown of what further mods could do
is scary to regulators. Destroy that unknown.

~~~
stephengillie
> _The only reason there 's such an upgrade cycle for consumer routers is that
> they're built shoddily and with the slowest CPU possible._

A lot of this is that consumers have been taught that routing, NAT, etc isn't
done by a general purpose computing device like a PC or server, but that those
tasks MUST be relegated to an appliance.

But compute is compute, and antennas are antennas. And the word "appliance"
has long held a secret meaning of "a Linux server on your Windows (or local
area) network."

~~~
Fr0styMatt88
I hadn't actually put those thoughts together - which is funny considering
I've been working a lot with embedded boards lately.

So.... how could you custom-build something akin to say, the Netgear Nighthawk
(Netgear R8000)? I'm thinking multiple 802.11ac antennae with all that new
multi-user beamforming stuff that's been released lately. Is there open
firmware that supports that / do the commodity Linux drivers support
controlling and fine-tuning that kind of function?

Added: Interesting.... There's an x86 port of DD-WRT:

[http://www.dd-wrt.com/wiki/index.php/X86](http://www.dd-
wrt.com/wiki/index.php/X86)

~~~
keeperofdakeys
All the fancy wifi stuff is part of the wifi chipset, which most router
vendors tend not to have any hand in - especially for consumer stuff. (also,
beamforming is a very misleading term). You can basically buy a card that does
all this stuff 'off the shelf', and could even plug it into a laptop. Though,
antenna placement may be something you'd need to do some research on.

------
wyager
A government-mandated locked-down radio firmware isn't much better than a
government-mandated locked-down main firmware.

The FCC should punish crimes, not impose prior restrictions on innocent
people.

~~~
cpncrunch
The reason they're doing this is because a lot of crimes have been committed
-- resulting in interference with weather radar.

[https://news.ycombinator.com/item?id=10137739](https://news.ycombinator.com/item?id=10137739)

~~~
wyager
There have also been a lot of crimes committed over the internet. We'd better
lock it down.

~~~
task_queue
We are and have been.

------
jamiesonbecker
Submit a formal comment on the Federal Register:

[https://www.federalregister.gov/articles/2015/08/06/2015-184...](https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-
authorization-and-electronic-labeling-for-wireless-devices)

------
lelandbatey
Alright, after searching on this a little bit more, it seems that the FCC is
_not_ prohibiting the installation of software like OpenWRT or DD-WRT, but are
instead mandating that there is software for the radios only that ensures they
operate in the manner they are certified for.

There is much more information in the HN comments from a previous time where
this was discussed:
[https://news.ycombinator.com/item?id=9959088](https://news.ycombinator.com/item?id=9959088)

~~~
wtallis
Given appropriately designed radio hardware, this would be a non-issue. But
given the radios that are on the market right now, this could be a very bad
thing in the short term for the most open products that are the only
affordable platforms for further R&D of Linux-based wireless router software.
Anything that would take ath9k hardware off the market before an equally-open
successor is available would be more damaging than any interference these
products are capable of producing.

~~~
Gibbon1
I mess with radio's at work. The there are two issues.

Often for testing one wants to check the radio operation outside the normal
band or modes of operation. In my case, sweeping the radio across a really
wide and band noting where the pll fails to lock. I'm going to really twitchy
if I can test the pll at frequencies outside the band. Doing things like, turn
off spreading and checking carrier and tx power. I'm sure more complicated
radio's than I use have similar.

The second is what is legal varies depending on where the product is sold and
used. So so a mode that's legal in one country is verboten in another.

In general though, I'd rather hate for the FCC to try and force manufacturers
to lock people out. Because likely it won't work well and there is a definite
cost to implementing secure boot. But then again the FCC is historically
extremely hostile to the idea of ordinary people mucking with wireless. So
this doesn't surprise me at all.

------
atmosx
I recently bought an ADSL modem/router TP-Link 8970 (or something). The thing
is awesome, except for that fact that it doesn't support OpenVPN... Supports
PPTP or IPSec.

Now if only, I could install OpenWRT on it. Since OpenWRT makes ROUNDS around
every custom software I've seen on low-end ADSL modem/routers makes me wonder
why on earth companies don't just ship OpenWRT and get over with it?

~~~
mindslight
Their firmware is _the_ feature they're selling you. The hardware is generic
and without their wonderful firmware, they'd be competing solely on price.
This is what the skinjobs think, at least.

BTW, openvpn performance sucks eggs on the processors used in consumer
routers.

~~~
wlesieutre
Feels like the same problem that a lot of Android handsets have had. "Look! We
added value by making the product worse!"

~~~
yellowapple
And the same problem that Windows PCs have had for two decades now. The
hardware is effectively equivalent; it's now a matter of trying to "add" value
with shitware.

This is especially true of Windows laptops nowadays; you're pretty much
relegated to 1366x768 screens, shitty dual-core or hyperthreaded single-core
processors, _maybe_ 4GB of RAM, and Intel graphics at best. Anything better is
still at the prices they were 5 years ago. You'd think that old technology
would get cheaper as time goes on, but it seems like the only innovation these
OEMs are going for is "how do we make customers pay for progressively shittier
hardware and software?".

~~~
trynumber9
> hyperthreaded single-core processors

I don't think Intel has marketed a single core processor since the Core 2 era.
You may want to look at Windows laptops again: it's now possible to buy a
1920x1080 13.3", 8GB RAM, and a 256GB SSD for $600 without any bloatware. It
does have a weak dual-core hyperthreaded processor, but this allows it to omit
fans.

~~~
yellowapple
> I don't think Intel has marketed a single core processor since the Core 2
> era.

[http://www.intel.com/content/www/us/en/processors/celeron/ce...](http://www.intel.com/content/www/us/en/processors/celeron/celeron-
processor.html)

Specifically: [http://ark.intel.com/products/74390/Intel-Celeron-
Processor-...](http://ark.intel.com/products/74390/Intel-Celeron-
Processor-G470-1_5M-Cache-2_00-GHz) (a "hyperthreaded single-core processor",
as I was describing) or even [http://ark.intel.com/products/58667/Intel-
Celeron-Processor-...](http://ark.intel.com/products/58667/Intel-Celeron-
Processor-G440-1M-Cache-1_60-GHz), which is single-core and not even
hyperthreaded. These are being marketed unironically under some "Experience
Brilliant PC Performance" marketing blurb.

> You may want to look at Windows laptops again: it's now possible to buy a
> 1920x1080 13.3", 8GB RAM, and a 256GB SSD for $600 without any bloatware.

And I have a garden that grows unicorns on a vine. Got a link to this mythical
creature?

~~~
trynumber9
The mythical creature is the UX305. You have to apply the promotional code
"SAVE100" at checkout to get the price I mentioned.

[http://www.microsoftstore.com/store/msusa/en_US/pdp/ASUS-
Zen...](http://www.microsoftstore.com/store/msusa/en_US/pdp/ASUS-Zenbook-
UX305FA-USM1-Signature-Edition-Laptop/productID.320751400)

------
dogma1138
Asshats brought it on themselves, don't commit felonies and mess with
regulatory bodies... There is no reason in the world to run Wifi on outlawed
channels other than pure selfishness to have a better connection and not be on
the same base band or expansion bands as your neighbors. The FCC even allowed
people to run low power transmitters on the restricted channels 12/13 but
stated that channel 14 is banned and asked nicely for people not to dick
around with it.[1]
[https://transition.fcc.gov/oet/ea/presentations/files/oct05/...](https://transition.fcc.gov/oet/ea/presentations/files/oct05/Unlicensed_Devices_JD.pdf)

Now it doesn't matter why is that channel blocked, it's not a licensed channel
in many countries (as they are used for air traffic landing assist systems,
radars, medical equipment such as panic buttons for elderly and disabled
people, alarms etc...) and it seems like it is causing interference other wise
the FCC would not be chasing this issue again after relaxing the regulations
for restricted channels and asking the users to behave.

It's a felony to tweak your Wifi beyond specs, it causes issues and regulatory
bodies react, OpenWRT and DD-WRT could've saved them selves the trouble by
developing a mechanism to respect local regulation own their own.

Also as it seems people panic too quickly what will happen is the same thing
with the radio's on mobile SOC's each region will have it's own channels
enabled, you'll still be able to use DD-WRT or w/e you want in the end you
won't be able to play with the Wifi settings out of spec which there's no
reason in the world for you to be able to in the 1st place.

~~~
PhasmaFelis
> _Asshats brought it on themselves_

I've been using Tomato firmware for years, and I never did anything illegal
with it. How did I bring it on myself exactly?

> _you 'll still be able to use DD-WRT or w/e you want_

RTFA: Vendors will have to “describe in detail how the device is protected
from “flashing” and the installation of third-party firmware such as DD-WRT”

As far as I know, all of the issues at hand _could_ be solved with baked-in
hardware lockouts without otherwise affecting custom firmware, but that's not
what the FCC is demanding.

~~~
dogma1138
Have you read it?

GP1: "Describe all the radio frequency parameters that are modified by any
software/firmware without any hardware changes. Are these parameters in some
way limited, such that, it will not exceed the authorized parameters?"

3dP1: "Explain if any third parties have the capability to operate a US sold
device on any other regulatory domain, frequencies, or in any manner that is
in violation of the certification"

3dP2: "What prevents third parties from loading non-US versions of the
software/firmware on the device? Describe in detail how the device is
protected from “flashing” and the installation of third-party firmware such as
DD-WRT."

They don't care that people can install DD-WRT because of DD-WRT they care
about it because it bypasses vendor restrictions if DD-WRT comes up with a way
to comply with the regulatory domain, or if the vendor explains that DD-WRT
will not be able to modify the Wireless Parameters out of the spec of the US
regulatory domain due to limitations on the radio SOC it self they won't care
if you can install DD-WRT.

~~~
Spivak
Yes, I appreciate that the FCC's proposal imposes the fewest possible
restrictions, but you'd be crazy to think that it will work this way in
practice. It's far easier to comply with FCC regulations by preventing any
modifications whatsoever than to lock down the specific modules.

~~~
dogma1138
Really depends on how the open firmware community decides to handle this, if
they'll put their heads in the sand and say well FCC are bad and write to your
representatives nothing will come out of it. If they work out a framework to
prevent misuse of regulated equipment there's a good chance that thats what
we'll see implemented.

And locking out the firmware might not be the easiest way to handle this if
you are a manufacturer since you'll still need to provide updates and multiple
software versions (even basic things like ISP branding), so you'll have to
resort to using cryptography building in a secure boot/secure flash mechanism
and such and such which isn't cheap to maintain, for you telling broadcom to
just disable Channel X Y and Z in their radio might be a cheaper and easier
option.

------
Sephr
Does this affect phones that can be used as hotspots? If so, you can say
goodbye to any remaining Android phones that come with unlocked bootloaders,
such as the Nexus series.

------
riskable
The unintended consequences of this will be millions upon millions of
compromised devices all over the world with owners completely unable to solve
the problem themselves.

~~~
tzs
Or the router manufacturers will properly modularize their designs so that the
parts you need to replace to fix a compromise are separate from the parts that
ensure that the radio stays on legal frequencies, under legal power limits,
and uses legal modulation modes.

~~~
mark-r
The cheapest way to ensure those things is to do it in software, which is how
we get into this situation in the first place. Modularization will cost more,
and what manufacturer is going to willingly sign up for that?

~~~
noir_lord
The one made too by FCC regulations.

Companies would do lots of things if they could get away with it, as someone
commented on here a while back (and I wish I could find it) "It's a
corporation of course you can expect it to shit on the kitchen floor"

------
dec0dedab0de
I don't know too much about these things, but isn't it possible to have some
sort of hardware filter on the antenna to block illegal channels?

~~~
colechristensen
They release physical hardware which is capable of operating in many regions
and firmware which is specific to a region.

It's straightforward to create hardware which is physically incapable of
violating licensure, but it is also expensive.

That's not the point though, it's becoming a serious problem with technology
enabling restrictions which weren't possible in the past and which now
threaten free society through a well intentioned but misguided bureaucracy.

"We hold these truths to be self-evident, that all men are created equal, that
they are endowed by their Creator with certain unalienable Rights, that among
these are Life, Liberty and the pursuit of Happiness."

There's a certain unalienable right which is being encroached more and more –
the right of ownership, the freedom to tinker.

That is more specifically, everyone should be capable of learning and
executing complete control over the things they own. DRM, locked firmwares,
license agreements – all of these things are a serious and existing threat to
your freedom.

------
kefka
This makes a great reason to buy Chinese equipment. Do that, it might be
substandard, but you preserve your freedom.

~~~
cordite
Unless of course their equivalent of the NSA doesn't install something that
runs next to the firmware independently.

> [http://www.infoworld.com/article/2608141/internet-
> privacy/sn...](http://www.infoworld.com/article/2608141/internet-
> privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html)

~~~
dingaling
At this point in history I fear less the Chinese government intercepting my
data than I do my own ( UK )...

------
jMyles
This appears to me to be a clear-cut example of prior restraint, if common
sense standards of free speech are to be applied to source code.

~~~
cpncrunch
I'm not sure that is a valid analogy. They're not trying to prevent "free
speech", just stop idiots who don't know what they're doing from interfering
with aircraft weather radar.

[https://news.ycombinator.com/item?id=10137739](https://news.ycombinator.com/item?id=10137739)

 _edit_ please read the background before downvoting, and you'll see what I
mean. Also, there is no loss of freedom here. As long as your radio software
is separate from the router software, there is no issue at all.

~~~
jMyles
I certainly didn't downvote you.

I do, however, disagree.

In this particular case, it seems that the method employed to "stop idiots who
don't know what they're doing from interfering with aircraft weather radar" is
to infringe on _everyone 's_ right both to run software without the government
assessing its content _and_ to broadcast signals regardless of their content.

~~~
cpncrunch
Assuming that the radio and router are separate and only the radio firmware is
locked down, is there any way that the NSA could snoop on the content? Or are
you saying you want to have the right to reprogram the radio?

~~~
quotemstr
I'd be happy [1] with locked-down radio firmware if it could talk only to the
radio.

One big problem is that coprocessors in embedded systems often have full
access to the memory bus, meaning there's no way to stop a trojan in the
closed and locked radio firmware from reading and modifying any bit of system
memory, which can include your personal data and encryption keys.

[1] Although I'd hope that it'd still be possible to buy or build a general-
purpose SDR.

~~~
cpncrunch
I would have thought (correct me if I'm wrong) that it would be pretty
straightforward to give the radio unit its own memory, and not give it access
to the system memory bus at all. However I don't know if manufacturers will
want to go to the trouble of segregating the radio.

------
chatmasta
As a skeptic I have to wonder whether Google lobbied for this prior to their
OnHub release. I'm also expecting Apple to announce some sort of router on Sep
9 to go with HomeKit + AppleTV. Both parties would have a vested interest in
locking down the open source router ecosystem.

~~~
tzs
If you are not using a Google or Apple router, I don't see why they would care
if you are running third party firmware on your router.

If you are using a Google or Apple router and they do not want you to replace
the firmware on it they could use signed firmware already. They would not need
to have the FCC tell them that they have to use signed firmware in order to
use signed firmware.

If there was some way to use third party firmware on a non-Google, non-Apple
router in order to interact with Google or Apple routers in a way that
compromises something Google or Apple are trying to do, then maybe Google or
Apple would have an interest in trying to stop that...but this would not be an
effective way to stop that.

It would not be effective because people would simply build their own routers
using a PC with a wifi card to attack the Google or Apple routers, instead of
attacking by replacing firmware on stand-alone consumer routers with firmware
that supports that attack.

I can't think of anything else. Did you have some other vested interest in
mind?

~~~
function_seven
I think parent meant competition. If all other choices are super-exploitable
crapware-laden routers, then Google's and Apple's devices become that much
more valuable. Not sure effects on the market would be that great, but I can
see how it would benefit GOOG/AAPL to reduce choices.

~~~
noir_lord
Oth hand no way in hell would I consider putting a Google device in the most
important spot on my network, My distrust of them grows by the day.

~~~
PhantomGremlin
When Google bought Nest, someone quipped something like: "great, now I'll have
to listen to an ad before my smoke alarm goes off".

