| From: James Knott via talk <talk@gtalug.org> | On 07/13/2017 05:17 PM, Scott Sullivan via talk wrote: | > I also for the most part replace the software on my routers. These | > days that's LEDE, the fork of OpenWRT that's actually getting things | > done, and making regular releases. Easier said than done. Almost all routers aimed at "consumers" and small businesses are based on Linux. (I imagine Apple's are based on BSD.) In fact, almost all of the stack appears to be based on open sourcee. There are a couple of points where things become grim. - all seem to have proprietary closed-source kernel modules to drive hardware bits like radios and switches - too often, and increasingly, the bootloaders are locked down. + this is called "tivoisation" by the FSF (if I remember correctly) + this is convenient for the vendor since they don't have to support "tampered" boxes. + users cannot update obsoleted hardware + embarassing security flaws and other bugs are somewhat hidden + the US FCC has all-but required this to ensure the implementation of their regulations regarding radio frequencies and powers. There are other ways of implementing the FCC limitations but that would require more hardware and re-engineering. - most vendors use software created in China where GPL compliance appears not to be understood. | Well, there's this: | https://www.theregister.co.uk/2017/05/10/openwrt_and_lede_peace_plan/ | | Since TP-link is open source, perhaps someone more knowledgeable than I | could fix that access point bug. ;-) Example tale of woe. As you may know, I implemented parts of IPSec for Linux. I included a feature where bare RSA keys could be used for authentication (without being wrapped in X.509 certificates). I read the manual for the Linksys WRV200n (I think that I've got the name right). Without using the name "FreeS/WAN", it was clear that it was running our code. And it had the feature of bare RSA keys. So I bought it at Canada Computers for a modest price. When I got it home, I found that it did not support bare RSA keys. I contacted Linksys who said that it was a bug in the manual (upon which I'd based my purchase decision). I was armed with the GPL, so I did not return the unit. I asked for the source code. Linksys would not release it. Not to me, the author of the code (which gives me no special rights except to terminate their license) nor as a person to whom they distributed a binary (and thus did have rights). The device was quite buggy. It would crash (not for me -- I never used it). There were lots of complaints on the forums. Linksys once in a while issued new firmware, but reliability was never reached. Eventually Linksys released source for the GPLed components. Nobody was able to build and install it. I never even tried: it takes a special kind of patience to do the reverse engineering required. But others did. It was too late for me to care anyway. If Linksys had released enough to allow us to rebuild the system, we might have been able to increase the reliability. But perhaps not -- the lock-up bugs might well have been in proprietary drivers. This product left a bad taste with many users. Even the pragmatic ones that just wanted a working router. I suspect that Linksys was unhappy too, I think that the next linksys-branded wireless router I bought was the WRT1900acs, close to a decade later. I bought it because it appears to be one of the last promised-to-be-open wireless router. In practice, I use PCs as routers and use wireless routhers only as access points. With open source, products can get better after release. Without it, the chances are unlikely and out of the control of customers.