>Cisco argues that open source software could be consistent with the FCC's goals. "There is nothing in the Commission's existing or proposed rules that would limit or eliminate the ability of a developer to use Open Source software, including software that controls radio emissions," Cisco said in an FCC filing in November.
>But this would require a more locked-down approach than one in which users can modify the firmware, Cisco said. "The ability to review source code is not inherently incompatible with the notion of locking the integrity of a product against modification or tampering," Cisco wrote. "It is perfectly possible for a product to have source code that is capable of review by the public while that same code is secured inside the device against change by the end-users."
That misses many of the important goals of open source (and points back to the "open source" vs "free software" debate). It's not just about being able to view the existing software, it's about being able to control the systems that process your data.
For example, what if the manufacturer stops supporting the hardware? Today, you can just keep updating openwrt and avoid any security issues. After 2016, that won't be possible.
In this case, I bet the interpretation would be that if a piece of software requires you to break FCC law if sold as part of a Wifi router, then that software cannot be sold as part of a Wifi router.
Back to VxWorks in other words.
...within the jurisdiction of the US Government. Have a look at libdvdcss for guidance on how such a baseband might be developed and distributed.
> If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information.
However, it can be still followed by not letting even Wi-Fi router vendor update the firmware on a device.
> But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM).
Otherwise, you cannot provide the program at all. It's intentional, it's supposed to provide pressure on regulations like FCC regulations, at least in theory (vendors who already use GPLv3 software, could complain to FCC that they cannot use free software licensed under GPLv3).
> If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all.
If we're ignoring licences now then this is a different argument.
Might get away with it but maybe need alternatives. If not "open source" or "shared source," what's a generic phrase for software that includes the source but not necessarily OSS principles.
A free software (often copyleft) core with addons, which usually means that contributions to the core are riddled with CLAs or other hurdles, if possible at all.
See mysql, openoffice (pre-Apache), ...
Something tells me that cases demonstrating the need for such a ruling are hard to come by.
This will probably evolve into the baseband firmware being closed, and the higher abstractions being open (with an API to interface to the baseband). Just like cellphones. Which is acceptable unless you're unrealistic about necessary regulations.
EDIT: If you don't believe regulation is required, think about tens or hundreds of thousands of wireless devices in the wild that can cause RF interference with no ability to get them recalled.
That time Netgear negligently hardcoded the address of University of Wisconsin's NTP server comes to mind: http://pages.cs.wisc.edu/~plonka/netgear-sntp/
Right. So they should go after people who actually misuse the spectrum, and not people who install their own firmware without doing that.
Or go after the people who are distributing firmware that misuses the spectrum.
> This will probably evolve into the baseband firmware being closed, and the higher abstractions being open (with an API to interface to the baseband). Just like cellphones
The problem is including separate hardware to lock only the baseband is more expensive than locking the entire device. Smart phones cost several times what consumer-level routers do, and that's after the phone is subsidized by advertising and app store revenue.
I don't want the FCC trying to obtain the resources to patrol the RF spectrum across millions of US square miles. Cheaper to simply regulate control over the RF hardware.
Ham radio operators have to take tests to operate in certain areas of spectrum. I'd be willing to allow experimentation with RF hardware if RF hackers want to go through the same licensing requirements that already exist.
> The problem is including separate hardware to lock only the baseband is more expensive than locking the entire device. Smart phones cost several times what consumer-level routers do, and that's after the phone is subsidized by advertising and app store revenue.
The baseband is proprietary in all phones, even those in the $10-30 range. Cost is not the issue.
Full Disclosure: I have a technical ham radio license, and own a HackRF device for experimenting with RF (I only receive though when hacking; AIS, ADS-B, and other such traffic)
Why would they need to? If someone is causing interference then the victims can report it.
It's not like there are going to be millions of different people causing interference. The only way it possibly happens on a mass scale is if someone is mass distributing bad firmware, and then you can go after them.
> Cheaper to simply regulate control over the RF hardware.
Except that it isn't. At all. First, there is software defined radio, then there is hardware from other countries, and then there is the fact that because they're limiting access to the whole device, people are definitely going to figure out how to bypass it for at least some devices, so the regulations can't be effective anyway.
> Ham radio operators have to take tests to operate in certain areas of spectrum. I'd be willing to allow experimentation with RF hardware if RF hackers want to go through the same licensing requirements that already exist.
It isn't about people experimenting with RF hardware. For that use case what you're talking about is fine. But people who have no interest in RF hardware and just want to install OpenWRT should still be able to do it. On everything. Because otherwise, whatever people can't install it on becomes a security zombie as soon as the manufacturer stops supporting it but the customers keep using it.
> The baseband is proprietary in all phones, even those in the $10-30 range. Cost is not the issue.
Then how are we discussing this on an article that says a router maker has decided that it's cheaper to lock the whole device than just the baseband?
Why not? When someone has trouble with wifi in their apartment because there are a zillion other wifi networks in their neighborhood, and they Google for "boost my wifi signal" or similar they are going to get several articles that suggest installing open source firmware so they can tweak performance parameters that they cannot with the stock firmware, including tweaking transmit power.
It's not like there are millions of different people making open source router firmware. There are a small handful.
And if someone did purposely want to cause problems, there are much cheaper, easier and more effective ways to do it than this.
You can't really place restrictions like this in FOSS software. It doesn't work.
Because people are entitled? And think they have rights that they don't? You have a right to software under a certain license. If government regulation prevents that layer of software from bring open source, it isn't. What about that is difficult to understand?
> But people who have no interest in RF hardware and just want to install OpenWRT should still be able to do it. On everything.
There is no law, regulation, whatever that says this is required by a manufacturer. You are free to your opinion, of course.
That is correct. People are entitled to control the things that they own.
> If government regulation prevents that layer of software from bring open source, it isn't. What about that is difficult to understand?
It isn't difficult to understand. It is unacceptable.
so long as it doesn't effect others. Just like existing cell phone regulation. Do you own a cell phone? You already own a device you cannot fully control.
Exactly. So people should be able to install OpenWRT as long as they don't actually cause interference.
> Do you own a cell phone? You already own a device you cannot fully control.
Sensible people have objected to that for similar reasons.
HN has a rather libertarian bent and loves to suggest what you've suggested- that actual harm is the only thing that ought to be prohibited. But (IMO) that isn't always suitable.
And those things are the last resort after we've proven with much hard thinking and a long stint of trial and error that nothing else can possibly work. Even at that point we would still have to evaluate whether the cure is worse than the disease.
Are you seriously contending that this is such a case? Custom router firmware is in the same category as private ownership of smallpox and nuclear materials?
It is very very difficult to do any kind of harm in the spectrum with these devices. Much easier to do damage at layer 2 and beyond, which is of course what this doesn't fix at all. I figure you cited a misconfiguration and software bug because you can't actually find any kind of incident caused by consumer gear routers running with custom firmware that involves any kind of RF?
It's quite ridiculous to hear a ham radio operator applaud the FCC on regulating routers that will by hardware design never, ever output on spectrum where they could do any sorts of damage while the same agency happily approves of powerline communications adapters that turn mains wiring into antennas.
I'd be in favor of requiring a significant technical burden to enable access to the wireless hardware. Maybe make people open the case and solder a jumper. But there should always be a path forward for experimentation.
That's not how regulation of consumer hardware works. Experimentation allowed in spectrum? Sure. Require consumer hardware be able to do so? No.
I know YardStick can't do WiFi frequencies and even if it did the throughput is 500 kbps max. Is HackRF actually beefy enough to act as a WiFi radio? Do you know about the state of doing WiFi in SDR in general? I was under the impression that it's not practical with any remotely affordable hardware, but I'd be interested to hear if I'm wrong as I'm not that well informed on the subject.
Regulators gonna regulate!
Time to go give some money to bradley :)
The market will likely sort this out for itself.
I expect all other vendors to do the same, at least for now. Market can't sort this out.
The average person doesn't care.
We thought the same thing about privacy and user data mining, but look where we are.
When tp-link plug these holes there will still exist many exploits possible to get root access and if not we will have to flash it through SPI.
Edit: here is one of the first exploits available: https://forum.openwrt.org/viewtopic.php?id=63123
It all really depends on how much the FCC will be willing to bother hardware vendors whose products end up as popular hack platforms.
Will be interesting to watch the arms race between OpenWRT and the reluctant ODMs.
The FCC has commented that the minimum is significantly less than what TP-Link actually implemented. See https://ifixit.org/blog/7571/fcc-routers/ (and the linked FCC amendment) for more information.
The article you linked shows that people saw it coming:
> Open source projects might not be fully out of the woods yet, though. A few commenters on the FCC’s post have pointed out that some manufacturers might choose to lock down the whole router—as opposed to just the radio—as a cost-saving measure, even if that’s not what the FCC intended.
It does not matter that I replaced Ubuntu on my Galago with Arch or the DDWRT on my wzr-n600 with OpenWRT, becauase I'm on the books at these companies buying hardware running open source software.
I see this as sign of coming total control, followed by lack of initiative and stagnation of humanity.
TP-Link's response is hopeful in my opinion, compared to what router's were 10 years ago. We are fighting for improvement, and the FCC ruling is simply a speedbump. The current mentality is openness, as I see it.
Reverse engineering things can be a fun challenge - but not if your purpose is not to have fun analyzing it, but to do something else, like actually use the device you bought. If RE is not something you want to do but you have to - it's more like frustrating than interesting.