[GTALUG] "open source" [was Re: Cheap vs Inexpensive (Was: router upgrade)]

D. Hugh Redelmeier hugh at mimosa.com
Fri Jul 14 13:53:06 EDT 2017


| From: James Knott via talk <talk at gtalug.org>

| On 07/13/2017 05:17 PM, Scott Sullivan via talk wrote:
| > I also for the most part replace the software on my routers. These
| > days that's LEDE, the fork of OpenWRT that's actually getting things
| > done, and making regular releases.

Easier said than done.  Almost all routers aimed at "consumers" and
small businesses are based on Linux.  (I imagine Apple's are based on
BSD.)  In fact, almost all of the stack appears to be based on open sourcee.

There are a couple of points where things become grim.

- all seem to have proprietary closed-source kernel modules to drive
  hardware bits like radios and switches

- too often, and increasingly, the bootloaders are locked down.

  + this is called "tivoisation" by the FSF (if I remember correctly)

  + this is convenient for the vendor since they don't have
    to support "tampered" boxes.

  + users cannot update obsoleted hardware

  + embarassing security flaws and other bugs are somewhat hidden

  + the US FCC has all-but required this to ensure the implementation of
    their regulations regarding radio frequencies and powers.  There
    are other ways of implementing the FCC limitations but that would
    require more hardware and re-engineering.

- most vendors use software created in China where GPL compliance
  appears not to be understood.

| Well, there's this:
| https://www.theregister.co.uk/2017/05/10/openwrt_and_lede_peace_plan/
| 
| Since TP-link is open source, perhaps someone more knowledgeable than I
| could fix that access point bug.  ;-)

Example tale of woe.

As you may know, I implemented parts of IPSec for Linux.  I included a
feature where bare RSA keys could be used for authentication (without
being wrapped in X.509 certificates).

I read the manual for the Linksys WRV200n (I think that I've got the
name right).  Without using the name "FreeS/WAN", it was clear that it
was running our code.  And it had the feature of bare RSA keys.  So I
bought it at Canada Computers for a modest price.

When I got it home, I found that it did not support bare RSA keys.

I contacted Linksys who said that it was a bug in the manual (upon
which I'd based my purchase decision).

I was armed with the GPL, so I did not return the unit.

I asked for the source code.  Linksys would not release it.  Not to
me, the author of the code (which gives me no special rights except to
terminate their license) nor as a person to whom they distributed a
binary (and thus did have rights).

The device was quite buggy.  It would crash (not for me -- I never
used it).  There were lots of complaints on the forums.  Linksys once
in a while issued new firmware, but reliability was never reached.

Eventually Linksys released source for the GPLed components.  Nobody
was able to build and install it.  I never even tried: it takes a
special kind of patience to do the reverse engineering required.  But
others did.  It was too late for me to care anyway.

If Linksys had released enough to allow us to rebuild the system, we
might have been able to increase the reliability.  But perhaps not --
the lock-up bugs might well have been in proprietary drivers.

This product left a bad taste with many users.  Even the pragmatic
ones that just wanted a working router.  I suspect that Linksys was
unhappy too,

I think that the next linksys-branded wireless router I bought was the 
WRT1900acs, close to a decade later.  I bought it because it appears to be 
one of the last promised-to-be-open wireless router.  In practice, I use 
PCs as routers and use wireless routhers only as access points.

With open source, products can get better after release.  Without it,
the chances are unlikely and out of the control of customers.


More information about the talk mailing list