Skip to content

Top New Best Ask Show Jobs

OpenWRT vs. FCC – Forced Firmware Lockdown? [video] | Better HN

OpenWRT vs. FCC – Forced Firmware Lockdown? [video] (opens in new tab)

(cnx-software.com)

166 pointsniklasni110y ago119 comments

119 comments

nickysielicki10y ago

If you're in the US please take 5 minutes and do something about this. This is a big deal.

Make a phone call about this:

> 1 (888) 225-5322

Send an email:

> Chairman Tom Wheeler: Tom.Wheeler@fcc.gov

> Commissioner Mignon Clyburn: Mignon.Clyburn@fcc.gov

> Commissioner Jessica Rosenworcel: Jessica.Rosenworcel@fcc.gov

> Commissioner Ajit Pai: Ajit.Pai@fcc.gov

> Commissioner Michael O’Rielly: Mike.O'Rielly@fcc.gov

Write a letter:

> Federal Communications Commission

> 445 12th Street, SW

> Washington, DC 20554

source: https://www.fcc.gov/contact-us

uuuusername10y ago

PLEASE put in comments on this proceeding, everyone! WE NEED YOUR HELP!

cpncrunch10y ago

First I would advise you to understand why this is being done.

https://news.ycombinator.com/item?id=10137739

rando28910y ago

Here is where you do that: https://www.federalregister.gov/articles/2015/08/06/2015-184...

mindslight10y ago

Better off just building your own router. The high brow option is an embedded motherboard and minipcie wifi card. If the hardware is powerful enough to MASQ gigabit, it won't be obsolete for a decade. And you can upgrade wireless standards with a new card. The only reason there's such an upgrade cycle for consumer routers is that they're built shoddily and with the slowest CPU possible.

And as much as I appreciate spectrum partitioning, we really need to get the major wifi chipsets completely reverse engineered so we can blow away this ambiguous spectre of "unauthorized" modifications and turn them into something normal. Randos stomping on ch12-15 isn't an actual problem - but that widespread rulebreaking coupled with the unknown of what further mods could do is scary to regulators. Destroy that unknown.

pdabbadabba10y ago

> And as much as I appreciate spectrum partitioning, we really need to get the major wifi chipsets completely reverse engineered so we can blow away this ambiguous spectre of "unauthorized" modifications and turn them into something normal. Randos stomping on ch12-15 isn't an actual problem - but that widespread rulebreaking coupled with the unknown of what further mods could do is scary to regulators. Destroy that unknown.

There was a lot of resistance to allowing unlicensed use of 5.25-5.35 GHz and 5.47-5.725 GHz precisely because some were afraid that unauthorized modifications would be commonplace, and devices could not be relied upon to sense and avoid the RADAR systems that also operate in those bands. So bear in mind that the more you insist on modifying, the harder it will be to persuade the FCC to open up new unlicensed bands.

Alupis10y ago

Curious why we have home devices run on the same band as airport radar systems and what-not.

Seems here the original regulation was the problem, not people modding their home routers.

mariuolo10y ago

Can a single modified home router actually cause disturbance to a RADAR?

Or are we talking about a widespread use of such devices?

stephengillie10y ago

> The only reason there's such an upgrade cycle for consumer routers is that they're built shoddily and with the slowest CPU possible.

A lot of this is that consumers have been taught that routing, NAT, etc isn't done by a general purpose computing device like a PC or server, but that those tasks MUST be relegated to an appliance.

But compute is compute, and antennas are antennas. And the word "appliance" has long held a secret meaning of "a Linux server on your Windows (or local area) network."

Fr0styMatt8810y ago

I hadn't actually put those thoughts together - which is funny considering I've been working a lot with embedded boards lately.

So.... how could you custom-build something akin to say, the Netgear Nighthawk (Netgear R8000)? I'm thinking multiple 802.11ac antennae with all that new multi-user beamforming stuff that's been released lately. Is there open firmware that supports that / do the commodity Linux drivers support controlling and fine-tuning that kind of function?

Added: Interesting.... There's an x86 port of DD-WRT:

http://www.dd-wrt.com/wiki/index.php/X86

narrowrail10y ago

My router runs dd-wrt and cost me 50$. It uses iptables for a firewall and only burns 12W max. That's hard to beat going the custom route.

wmf10y ago

consumers have been taught that routing, NAT, etc isn't done by a PC or server, but MUST be relegated to an appliance.

Because that's far more reliable. People don't want their whole home's Internet to go down every time they reboot their computer (and buying an extra computer to do routing is a big waste of money/complexity). Not to mention households that only have laptops.

dsr_10y ago

If that's the highbrow option, what's a mini-ITX motherboard with an AMD 5350, 4GB RAM, an SSD and an Intel 4-port gig-e card plus the onboard gig-e?

Scout NewEgg for combos -- you too can run a fully supported OS on x86-64 instruction sets with familiar hardware, but at a low cost of both purchase and power.

mindslight10y ago

You built a server that also happens to route?

I was thinking the low brow option would be an old laptop, but that's not going to suffice for someone who wants to keep up with wireless protocols (due to the same FUD under discussion). Obviously you can fix this (coreboot or modded BIOS), but specificity and tinker factor is going way up.

It's the rise of low power general boards that really make this practical. I tried out the ECS E2100 board for a remote server, and with a silver PS it drew around 15W from the wall. It didn't work with the RAM I already had though, so I ended up going with an i5 which still only measured around 20W before I put drives in.

blfr10y ago

Better off just building your own router.

Highly unlikely and unnecessarily expensive. It's also a hassle to make a nice enclosure for what you build. Instead, you can currently consult the OpenWRT website, pick up any of many widely available $50 routers, and be set.

I don't care if it can MASQ gigabit since I don't have a gigabit connection. Whatever slowest CPU possible they put in there is more than enough to run a couple of VLANs, VPNs, IPv6 tunnel, and Samba. Not only that but you can easily recycle older hardware (for additional APs for example) or reuse what you already have.

slacka10y ago

Yeah there was a dead zone in my house that was so bad, I was about to buy a $100 repeater. Then on a whim, I googled "DD-WRT bridge" sure enough there's some black magic that allows me to use my old WRT54g without creating more e-waste. Also, my new Asus router had to be rebooted about once a month until I found and flashed it with Asuswrt-Merlin firmware.

Just in the past year, I've found 2 great uses for custom firmware, rejuvenate old hardware and improvements to official f/w. I'm going to do some more research and send them a piece of my mind:

https://www.fcc.gov/comments

jaskerr10y ago

A noob question: what does MASQ refer to?

Also, do you have any suggestions for a motherboard + minipcie combo? I'd like to get off of our DSL router soon-ly.

kenz0r10y ago

MASQ refers to IP Masquerading or Network Address Translation (NAT)

wyager10y ago

A government-mandated locked-down radio firmware isn't much better than a government-mandated locked-down main firmware.

The FCC should punish crimes, not impose prior restrictions on innocent people.

cpncrunch10y ago

The reason they're doing this is because a lot of crimes have been committed -- resulting in interference with weather radar.

https://news.ycombinator.com/item?id=10137739

wyager10y ago

There have also been a lot of crimes committed over the internet. We'd better lock it down.

madez10y ago

The reasonable answer to that is to regulate wifi frequencies world wide and modify weather radars if necessary. That would solve the interference problem while keeping the firmware open.

Freedom is better.

jamiesonbecker10y ago

Submit a formal comment on the Federal Register:

https://www.federalregister.gov/articles/2015/08/06/2015-184...

lelandbatey10y ago

Alright, after searching on this a little bit more, it seems that the FCC is not prohibiting the installation of software like OpenWRT or DD-WRT, but are instead mandating that there is software for the radios only that ensures they operate in the manner they are certified for.

There is much more information in the HN comments from a previous time where this was discussed: https://news.ycombinator.com/item?id=9959088

wtallis10y ago

Given appropriately designed radio hardware, this would be a non-issue. But given the radios that are on the market right now, this could be a very bad thing in the short term for the most open products that are the only affordable platforms for further R&D of Linux-based wireless router software. Anything that would take ath9k hardware off the market before an equally-open successor is available would be more damaging than any interference these products are capable of producing.

Gibbon110y ago

I mess with radio's at work. The there are two issues.

Often for testing one wants to check the radio operation outside the normal band or modes of operation. In my case, sweeping the radio across a really wide and band noting where the pll fails to lock. I'm going to really twitchy if I can test the pll at frequencies outside the band. Doing things like, turn off spreading and checking carrier and tx power. I'm sure more complicated radio's than I use have similar.

The second is what is legal varies depending on where the product is sold and used. So so a mode that's legal in one country is verboten in another.

In general though, I'd rather hate for the FCC to try and force manufacturers to lock people out. Because likely it won't work well and there is a definite cost to implementing secure boot. But then again the FCC is historically extremely hostile to the idea of ordinary people mucking with wireless. So this doesn't surprise me at all.

the_ancient10y ago

This is where technical regulations meet with real world implementation. To have a "locked down" radio will increase the cause of the Appliance, computers and other devices. Manufacturers will take the cheapest way to implement these regulations, the cheapest way will be to lock down the entire device. An example of this is the Lenovo WiFi White lists in BIOS, there are other ways for Lenovo to comply with the regulation but it is cheaper to simply only allow approved wifi modules instead of implement a more costly solution

So while the rules may not directly ban custom firmware, that will be the implementation result of these regulations. less than 1% of consumers ever customize their devices so if a manufacturer even has to Spend $0.01 more per device to enable the ability to customize they will not do it.

TD-Linux10y ago

The lab guidelines mention DD-WRT by name.

atmosx10y ago

I recently bought an ADSL modem/router TP-Link 8970 (or something). The thing is awesome, except for that fact that it doesn't support OpenVPN... Supports PPTP or IPSec.

Now if only, I could install OpenWRT on it. Since OpenWRT makes ROUNDS around every custom software I've seen on low-end ADSL modem/routers makes me wonder why on earth companies don't just ship OpenWRT and get over with it?

mindslight10y ago

Their firmware is the feature they're selling you. The hardware is generic and without their wonderful firmware, they'd be competing solely on price. This is what the skinjobs think, at least.

BTW, openvpn performance sucks eggs on the processors used in consumer routers.

wlesieutre10y ago

Feels like the same problem that a lot of Android handsets have had. "Look! We added value by making the product worse!"

krylon10y ago

The only SOHO router I have seen whose vendor-supplied firmware did not totally suck is the Fritz!Box, and they are fairly expensive for what they do. But people seem to be willing to pay the price if that means they at least get a device that just works (tm), at least most of the time.

At work, we recently got a couple of wifi routers and installed DD-WRT on them to finally get a decent wireless network that spans the entire building, plus a guest network that is isolated from the company network. The freedom and flexibility DD-WRT offers made this both easy and - relatively - enjoyable.

(I do not own a Fritz!Box, and I never have. The last piece of equipment made by AVM I owned was a Fritz!Card ISDN card which sat in an ISA slot, so you can roughly figure out how long ago that must have been...)

wmf10y ago

AFAIK most lower-end routers have pretty generic firmware (with their logo added) as well. Maybe paying a no-name firmware sweatshop to tweak some reference firmware is cheaper than tweaking OpenWhatever.

AceJohnny210y ago

Many Buffalo routers ship with DD-WRT, a fork of OpenWRT:

http://www.buffalotech.com/products/wireless/dd-wrt-1

yellowapple10y ago

It wasn't a fork of OpenWRT per se. Rather, OpenWRT and DD-WRT are siblings, both having descended from the stock firmware on the Linksys WRT54G. They share some code nowadays, but that's a convergence rather than a divergence.

smellf10y ago

Asus does ship a open source fork of Tomato (AsusWRT) on at least their high-end routers. I've used it, it's actually pretty decent.

esaym10y ago

I didn't even know OpenWRT could work on a DSL modem? I wonder what it would take to get it working on the new ATT IPDSLAM based DSL network?

keeperofdakeys10y ago

From my experience, you'll also lose DSL functions when you do. It's all proprietary from what I've read.

dogma113810y ago

Asshats brought it on themselves, don't commit felonies and mess with regulatory bodies... There is no reason in the world to run Wifi on outlawed channels other than pure selfishness to have a better connection and not be on the same base band or expansion bands as your neighbors. The FCC even allowed people to run low power transmitters on the restricted channels 12/13 but stated that channel 14 is banned and asked nicely for people not to dick around with it.[1] https://transition.fcc.gov/oet/ea/presentations/files/oct05/...

Now it doesn't matter why is that channel blocked, it's not a licensed channel in many countries (as they are used for air traffic landing assist systems, radars, medical equipment such as panic buttons for elderly and disabled people, alarms etc...) and it seems like it is causing interference other wise the FCC would not be chasing this issue again after relaxing the regulations for restricted channels and asking the users to behave.

It's a felony to tweak your Wifi beyond specs, it causes issues and regulatory bodies react, OpenWRT and DD-WRT could've saved them selves the trouble by developing a mechanism to respect local regulation own their own.

Also as it seems people panic too quickly what will happen is the same thing with the radio's on mobile SOC's each region will have it's own channels enabled, you'll still be able to use DD-WRT or w/e you want in the end you won't be able to play with the Wifi settings out of spec which there's no reason in the world for you to be able to in the 1st place.

bbrazil10y ago

> It's a felony to tweak your Wifi beyond specs, it causes issues and regulatory bodies react, OpenWRT and DD-WRT could've saved them selves the trouble by developing a mechanism to respect local regulation own their own.

The Linux kernel has such mechanisms and they're not trivial to bypass. You'd as a user have to go out of your way to do so, and the devs are not in favour of users doing this. (source: I had to do so to workaround a card that was configured for completely the wrong regulatory domain).

PhasmaFelis10y ago

> Asshats brought it on themselves

I've been using Tomato firmware for years, and I never did anything illegal with it. How did I bring it on myself exactly?

> you'll still be able to use DD-WRT or w/e you want

RTFA: Vendors will have to “describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT”

As far as I know, all of the issues at hand could be solved with baked-in hardware lockouts without otherwise affecting custom firmware, but that's not what the FCC is demanding.

dogma113810y ago

Have you read it?

GP1: "Describe all the radio frequency parameters that are modified by any software/firmware without any hardware changes. Are these parameters in some way limited, such that, it will not exceed the authorized parameters?"

3dP1: "Explain if any third parties have the capability to operate a US sold device on any other regulatory domain, frequencies, or in any manner that is in violation of the certification"

3dP2: "What prevents third parties from loading non-US versions of the software/firmware on the device? Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT."

They don't care that people can install DD-WRT because of DD-WRT they care about it because it bypasses vendor restrictions if DD-WRT comes up with a way to comply with the regulatory domain, or if the vendor explains that DD-WRT will not be able to modify the Wireless Parameters out of the spec of the US regulatory domain due to limitations on the radio SOC it self they won't care if you can install DD-WRT.

Sephr10y ago

Does this affect phones that can be used as hotspots? If so, you can say goodbye to any remaining Android phones that come with unlocked bootloaders, such as the Nexus series.

riskable10y ago

The unintended consequences of this will be millions upon millions of compromised devices all over the world with owners completely unable to solve the problem themselves.

tzs10y ago

Or the router manufacturers will properly modularize their designs so that the parts you need to replace to fix a compromise are separate from the parts that ensure that the radio stays on legal frequencies, under legal power limits, and uses legal modulation modes.

mark-r10y ago

The cheapest way to ensure those things is to do it in software, which is how we get into this situation in the first place. Modularization will cost more, and what manufacturer is going to willingly sign up for that?

sehugg10y ago

Grid-tied power inverters are implemented this way.

dec0dedab0de10y ago

I don't know too much about these things, but isn't it possible to have some sort of hardware filter on the antenna to block illegal channels?

colechristensen10y ago

They release physical hardware which is capable of operating in many regions and firmware which is specific to a region.

It's straightforward to create hardware which is physically incapable of violating licensure, but it is also expensive.

That's not the point though, it's becoming a serious problem with technology enabling restrictions which weren't possible in the past and which now threaten free society through a well intentioned but misguided bureaucracy.

"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness."

There's a certain unalienable right which is being encroached more and more – the right of ownership, the freedom to tinker.

That is more specifically, everyone should be capable of learning and executing complete control over the things they own. DRM, locked firmwares, license agreements – all of these things are a serious and existing threat to your freedom.

kefka10y ago

This makes a great reason to buy Chinese equipment. Do that, it might be substandard, but you preserve your freedom.

cordite10y ago

Unless of course their equivalent of the NSA doesn't install something that runs next to the firmware independently.

> http://www.infoworld.com/article/2608141/internet-privacy/sn...

dingaling10y ago

At this point in history I fear less the Chinese government intercepting my data than I do my own ( UK )...

nine_k10y ago

It's a nice option as long as it (1) is still legal to buy and use in the US and (2) Chinese government does not cripple it even harder than US government, just in different ways.

anonbanker10y ago

So far so good on both counts.

anonbanker10y ago

I stick to Rockchip and Mediatek, myself.

An 8-core MT6592 with 4gb RAM makes for a fantastic laptop. And China isn't sharing their backdoors with the Five Eyes, if they have them at all.

jMyles10y ago

This appears to me to be a clear-cut example of prior restraint, if common sense standards of free speech are to be applied to source code.

cpncrunch10y ago

I'm not sure that is a valid analogy. They're not trying to prevent "free speech", just stop idiots who don't know what they're doing from interfering with aircraft weather radar.

https://news.ycombinator.com/item?id=10137739

edit please read the background before downvoting, and you'll see what I mean. Also, there is no loss of freedom here. As long as your radio software is separate from the router software, there is no issue at all.

jMyles10y ago

I certainly didn't downvote you.

I do, however, disagree.

In this particular case, it seems that the method employed to "stop idiots who don't know what they're doing from interfering with aircraft weather radar" is to infringe on everyone's right both to run software without the government assessing its content and to broadcast signals regardless of their content.

chatmasta10y ago

As a skeptic I have to wonder whether Google lobbied for this prior to their OnHub release. I'm also expecting Apple to announce some sort of router on Sep 9 to go with HomeKit + AppleTV. Both parties would have a vested interest in locking down the open source router ecosystem.

tzs10y ago

If you are not using a Google or Apple router, I don't see why they would care if you are running third party firmware on your router.

If you are using a Google or Apple router and they do not want you to replace the firmware on it they could use signed firmware already. They would not need to have the FCC tell them that they have to use signed firmware in order to use signed firmware.

If there was some way to use third party firmware on a non-Google, non-Apple router in order to interact with Google or Apple routers in a way that compromises something Google or Apple are trying to do, then maybe Google or Apple would have an interest in trying to stop that...but this would not be an effective way to stop that.

It would not be effective because people would simply build their own routers using a PC with a wifi card to attack the Google or Apple routers, instead of attacking by replacing firmware on stand-alone consumer routers with firmware that supports that attack.

I can't think of anything else. Did you have some other vested interest in mind?

function_seven10y ago

I think parent meant competition. If all other choices are super-exploitable crapware-laden routers, then Google's and Apple's devices become that much more valuable. Not sure effects on the market would be that great, but I can see how it would benefit GOOG/AAPL to reduce choices.

thrownaway242410y ago

Believing every crackpot conspiracy theory that pops into your mind is actually the opposite of skepticism.

j / k navigate · click thread line to collapse