>Cisco argues that open source software could be consistent with the FCC's goals. "There is nothing in the Commission's existing or proposed rules that would limit or eliminate the ability of a developer to use Open Source software, including software that controls radio emissions," Cisco said in an FCC filing in November.
>But this would require a more locked-down approach than one in which users can modify the firmware, Cisco said. "The ability to review source code is not inherently incompatible with the notion of locking the integrity of a product against modification or tampering," Cisco wrote. "It is perfectly possible for a product to have source code that is capable of review by the public while that same code is secured inside the device against change by the end-users."
That misses many of the important goals of open source (and points back to the "open source" vs "free software" debate). It's not just about being able to view the existing software, it's about being able to control the systems that process your data.
For example, what if the manufacturer stops supporting the hardware? Today, you can just keep updating openwrt and avoid any security issues. After 2016, that won't be possible.
What does that even mean? If regulators say it's illegal to comply with the license terms, you can't use products released under those terms. It's not like the GPL'd components fall into the public domain.
There's a legal order of compliance. You don't get to break the law because you agree to a contract that stipulates you're going to break the law.
In this case, I bet the interpretation would be that if a piece of software requires you to break FCC law if sold as part of a Wifi router, then that software cannot be sold as part of a Wifi router.
In a clause is contrary to public policy, it may be unenforceable in that jurisdiction and thus they could use the code without violating the license. The unenforceable clause will be skipped over by the courts. It is a nullity.
IANAL, but GPLv3 requires software to be modifiable by an user.
> If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information.
However, it can be still followed by not letting even Wi-Fi router vendor update the firmware on a device.
> But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM).
Otherwise, you cannot provide the program at all. It's intentional, it's supposed to provide pressure on regulations like FCC regulations, at least in theory (vendors who already use GPLv3 software, could complain to FCC that they cannot use free software licensed under GPLv3).
> If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all.
No, they couldn't. The GPL is a grany of rights, not a restriction of them - if you can't fulfil the criteria then you do not get the grant, regardless of public policy.
Nope nope nope. Gpl is a binary decision whether you are in compliance and can distribute or not. So, in this case, it would be negative, not allowed to distribute. Unless the law requires someone to distribute gpl software, which it doesn't, there is no conflict here.
Glad to you brought this to my attention. My proprietary vs OSS essay promoting hybrids was going to change OSS to shared source to avoid confusion of established OSS definitions. Now, I suddenly find Microsoft has a brand of intiatives called Shared Source. They had to pick the most generic, intuitive thing I could come up with. This will probably cause confusion at some point. (sighs)
Might get away with it but maybe need alternatives. If not "open source" or "shared source," what's a generic phrase for software that includes the source but not necessarily OSS principles.
hybrids are sometimes referred to as "open core projects".
A free software (often copyleft) core with addons, which usually means that contributions to the core are riddled with CLAs or other hurdles, if possible at all.
I'll try to remember that. Although, my model allows for entirely proprietary software with source available for review, extension, whatever. Any combo of source availability, freedom, or paid so long as a review is possible. I explained more in this essay:
It's amazing to me that instead of seeking out and prosecuting the handful of people causing problems near airports, the FCC wants to prevent everyone in the United States from running open source router firmware.
Regulating the proper use of a shared public resource (RF spectrum) is sort of the FCC's thing. Tragedy of the commons, your rights end where the next person's begin, that sort of jazz.
This will probably evolve into the baseband firmware being closed, and the higher abstractions being open (with an API to interface to the baseband). Just like cellphones. Which is acceptable unless you're unrealistic about necessary regulations.
EDIT: If you don't believe regulation is required, think about tens or hundreds of thousands of wireless devices in the wild that can cause RF interference with no ability to get them recalled.
> Regulating the proper use of a shared public resource (RF spectrum) is sort of the FCC's thing. Tragedy of the commons, your rights end where the next person's begin, that sort of jazz.
Right. So they should go after people who actually misuse the spectrum, and not people who install their own firmware without doing that.
Or go after the people who are distributing firmware that misuses the spectrum.
> This will probably evolve into the baseband firmware being closed, and the higher abstractions being open (with an API to interface to the baseband). Just like cellphones
The problem is including separate hardware to lock only the baseband is more expensive than locking the entire device. Smart phones cost several times what consumer-level routers do, and that's after the phone is subsidized by advertising and app store revenue.
> Right. So they should go after people who actually misuse the spectrum, and not people who install their own firmware without doing that.
I don't want the FCC trying to obtain the resources to patrol the RF spectrum across millions of US square miles. Cheaper to simply regulate control over the RF hardware.
Ham radio operators have to take tests to operate in certain areas of spectrum. I'd be willing to allow experimentation with RF hardware if RF hackers want to go through the same licensing requirements that already exist.
> The problem is including separate hardware to lock only the baseband is more expensive than locking the entire device. Smart phones cost several times what consumer-level routers do, and that's after the phone is subsidized by advertising and app store revenue.
The baseband is proprietary in all phones, even those in the $10-30 range. Cost is not the issue.
Full Disclosure: I have a technical ham radio license, and own a HackRF device for experimenting with RF (I only receive though when hacking; AIS, ADS-B, and other such traffic)
> I don't want the FCC trying to obtain the resources to patrol the RF spectrum across millions of US square miles.
Why would they need to? If someone is causing interference then the victims can report it.
It's not like there are going to be millions of different people causing interference. The only way it possibly happens on a mass scale is if someone is mass distributing bad firmware, and then you can go after them.
> Cheaper to simply regulate control over the RF hardware.
Except that it isn't. At all. First, there is software defined radio, then there is hardware from other countries, and then there is the fact that because they're limiting access to the whole device, people are definitely going to figure out how to bypass it for at least some devices, so the regulations can't be effective anyway.
> Ham radio operators have to take tests to operate in certain areas of spectrum. I'd be willing to allow experimentation with RF hardware if RF hackers want to go through the same licensing requirements that already exist.
It isn't about people experimenting with RF hardware. For that use case what you're talking about is fine. But people who have no interest in RF hardware and just want to install OpenWRT should still be able to do it. On everything. Because otherwise, whatever people can't install it on becomes a security zombie as soon as the manufacturer stops supporting it but the customers keep using it.
> The baseband is proprietary in all phones, even those in the $10-30 range. Cost is not the issue.
Then how are we discussing this on an article that says a router maker has decided that it's cheaper to lock the whole device than just the baseband?
> It's not like there are going to be millions of different people causing interference
Why not? When someone has trouble with wifi in their apartment because there are a zillion other wifi networks in their neighborhood, and they Google for "boost my wifi signal" or similar they are going to get several articles that suggest installing open source firmware so they can tweak performance parameters that they cannot with the stock firmware, including tweaking transmit power.
Then the FCC can go to the people making that firmware and demand that they remove the option that allows violating FCC regulations or face a large fine. The developers presumably didn't intend to violate FCC regulations, so they comply, and then that stops happening.
It's not like there are millions of different people making open source router firmware. There are a small handful.
Not to someone that wants to turn up their signal power it isn't, they don't consider themselves to be causing problems, they just don't care so much about other people.
You can't really place restrictions like this in FOSS software. It doesn't work.
> Then how are we discussing this on an article that says a router maker has decided that it's cheaper to lock the whole device than just the baseband?
Because people are entitled? And think they have rights that they don't? You have a right to software under a certain license. If government regulation prevents that layer of software from bring open source, it isn't. What about that is difficult to understand?
> But people who have no interest in RF hardware and just want to install OpenWRT should still be able to do it. On everything.
There is no law, regulation, whatever that says this is required by a manufacturer. You are free to your opinion, of course.
> That is correct. People are entitled to control the things that they own.
so long as it doesn't effect others. Just like existing cell phone regulation. Do you own a cell phone? You already own a device you cannot fully control.
There is scads of legal precedent that some actions that may not result in harm are still not permissible because of risk, or consequence, or difficulty of policing, etc.
HN has a rather libertarian bent and loves to suggest what you've suggested- that actual harm is the only thing that ought to be prohibited. But (IMO) that isn't always suitable.
> There is scads of legal precedent that some actions that may not result in harm are still not permissible because of risk, or consequence, or difficulty of policing, etc.
And those things are the last resort after we've proven with much hard thinking and a long stint of trial and error that nothing else can possibly work. Even at that point we would still have to evaluate whether the cure is worse than the disease.
Are you seriously contending that this is such a case? Custom router firmware is in the same category as private ownership of smallpox and nuclear materials?
This is consumer gear. It has hardware filters. It has hardware power limiting. It has hardware implementation of the physical layer. Again: this is consumer gear.
It is very very difficult to do any kind of harm in the spectrum with these devices. Much easier to do damage at layer 2 and beyond, which is of course what this doesn't fix at all. I figure you cited a misconfiguration and software bug because you can't actually find any kind of incident caused by consumer gear routers running with custom firmware that involves any kind of RF?
It's quite ridiculous to hear a ham radio operator applaud the FCC on regulating routers that will by hardware design never, ever output on spectrum where they could do any sorts of damage while the same agency happily approves of powerline communications adapters that turn mains wiring into antennas.
It's pretty inconvenient for people who want to experiment with e.g. mesh networks, ham radio, etc as mentioned in the article. Also, it seems a bit silly, as true SDR prices are going to keep going down. You can already buy a HackRF for $300 or a YardStick for $150.
I'd be in favor of requiring a significant technical burden to enable access to the wireless hardware. Maybe make people open the case and solder a jumper. But there should always be a path forward for experimentation.
> Also, it seems a bit silly, as true SDR prices are going to keep going down. You can already buy a HackRF for $300 or a YardStick for $150.
I know YardStick can't do WiFi frequencies and even if it did the throughput is 500 kbps max. Is HackRF actually beefy enough to act as a WiFi radio? Do you know about the state of doing WiFi in SDR in general? I was under the impression that it's not practical with any remotely affordable hardware, but I'd be interested to hear if I'm wrong as I'm not that well informed on the subject.
It is the same kinda of idea of banning big scary guns instead of going after the people who use guns to commit crimes (and also ignoring that the people who do commit crimes often aren't even using the big scary guns).
What country do you live in? In the US, gun violence is a real serious crime and the police will use all their resources to go after criminals yet we are a world leader in gun violence. It's probably something to do with guns being so unregulated, plentiful, and easy to get here...
I was talking about different forms of gun violence. Namely, bigger, scarier, more powerful weapons are the least likely to be used in a crime but which receive the most regulations. Such as 'assault weapon' laws which ignore all the handguns used in gang violence.
Obviously, country that has no guns also has no gun violence, but such country may have higher violence rate overall. Guns also prevent at least some violence, you need to take it into account.
If this is going to be the "new normal" then I'm thinking that the best way to go would be to use a low-power PC or ARM system with two NICs as my router, and use dedicated access points for wireless. I'm not going to put up with crappy router firmware.
You should still want the benefits of open-source wireless. Only the open drivers will benefit from new algorithms for per-packet transmit power control (https://github.com/thuehn/Minstrel-Blues) and queuing/QoS that is designed for wifi (http://thread.gmane.org/gmane.linux.network/401202). Plus, the open drivers get bug fixes to the point that they're actually stable.
Hah, yeah right. The general consumer simply doesn't care they can't flash open source firmware. For every 1 star review from someone who does care, there'll be plenty of 5 star reviews from regular users who have their needs filled by the router with default firmware.
There is no way to comply with those regulations without prohibiting software updates on current generation of WiFi chips because they don't enforce regulatory constraints in hardware - it's driver's job.
I expect all other vendors to do the same, at least for now. Market can't sort this out.
From their FAQ, the change will only happen on routers produced after June of this year. So technically, the best time to buy a TP-Link router is right now!
I wonder if the blocking is simple to circumvent. If people circumvent it, the fault is not TP-Links, they had no idea or whatever, right? Either way I'm sure people would "root" these devices eventually, it usually happens. That or I could see a market in e-bay for older routers.
I just bought one of the affected TPLink models. Personally I hope this means more vendors ship a good quality copy of OpenWRT a la Buffalo (though I ended up sticking with their modified version) as an officially supported firmware. People who buy premium routers are aware enough of the benefits that it is worth it for Buffalo to ship it on their devices. I can't see it not being a value add for others.
Sorry, I guess it's more accurate to say that the model will be affected in the future. I'm obviously still able to put OpenWRT on the one I actually own.
> Appears that TP-Link's heart is not in this -- they're doing the minimum to comply with FCC rules.
The FCC has commented that the minimum is significantly less than what TP-Link actually implemented. See https://ifixit.org/blog/7571/fcc-routers/ (and the linked FCC amendment) for more information.
TP-Link appears to be doing the minimum as in "minimum effort", as opposed to "minimum restriction to firmware modifications".
The article you linked shows that people saw it coming:
> Open source projects might not be fully out of the woods yet, though. A few commenters on the FCC’s post have pointed out that some manufacturers might choose to lock down the whole router—as opposed to just the radio—as a cost-saving measure, even if that’s not what the FCC intended.
At the very least they could start selling some DD-WRT routers to appease the critics and make them forget all of their other products are closed, but they aren't even willing to do that.
This is why I always buy Buffalo routers. They are marginally more expensive, but in the same way I will intentionally buy laptops that ship with Linux as a price premium, I'll also buy routers that ship open source firmware by default because my money sends a message.
It does not matter that I replaced Ubuntu on my Galago with Arch or the DDWRT on my wzr-n600 with OpenWRT, becauase I'm on the books at these companies buying hardware running open source software.
I just bought a TP-Link wireless adapter due to specs, reviews, and OSS support. Then I read this crap. That's just great. There's actually an obvious solution to this that gives us plenty freedom and meets FCC regulations. I'm not sure why companies aren't doing it. I plan to approach some of them or SOC providers this year to see if they might help us and them out.
It might cost less, about the same, or slightly more. It's not clear without more information from their side. Let's just say the techniques I considered are widely applied in industry in cost-sensitive HW. Even products build around 8-bit SOC's use similar techniques sometimes.
This is interesting, big companies are moving their enterprise switch / routers to open source software and Cisco is trying to lock it down. I think long term, Cisco will lose this battle.
How hard is it to import a European router to the US? Is that illegal? I would think as long as one operated it within the FCC's limits it would be legal to use it.
The FCC ruling seems logical. The earliest "sky is falling" reaction comes from TP-Link's initial attempt to comply, and even TP-Link's response is logical and somewhat subdued compared to the alternatives.
TP-Link's response is hopeful in my opinion, compared to what router's were 10 years ago. We are fighting for improvement, and the FCC ruling is simply a speedbump. The current mentality is openness, as I see it.
Reverse engineering things can be a fun challenge - but not if your purpose is not to have fun analyzing it, but to do something else, like actually use the device you bought. If RE is not something you want to do but you have to - it's more like frustrating than interesting.
This, and also it can become a whack-a-mole game with vendors threatened by the FCC, possibly ending up in shit like encrypted firmware. Go ahead and hack that.
If you're buying a device to replace the stock firmware with something customised to your liking, then you're already in the hacker mindset, so having to tinker that little bit harder surely shouldn't be much of a burden.
There is a slight difference between flashing a custom firmware (right from the stock one, no RS232+TFTP or JTAG), and hacking your way through a locked bootloader.
Only in the amount of effort one is willing to expend in doing so, and learning any necessary skills. It's only a happy accident that so many (relatively inexpensive) routers are easily flashable with custom firmware, not an entitlement.
>Cisco argues that open source software could be consistent with the FCC's goals. "There is nothing in the Commission's existing or proposed rules that would limit or eliminate the ability of a developer to use Open Source software, including software that controls radio emissions," Cisco said in an FCC filing in November.
>But this would require a more locked-down approach than one in which users can modify the firmware, Cisco said. "The ability to review source code is not inherently incompatible with the notion of locking the integrity of a product against modification or tampering," Cisco wrote. "It is perfectly possible for a product to have source code that is capable of review by the public while that same code is secured inside the device against change by the end-users."
That misses many of the important goals of open source (and points back to the "open source" vs "free software" debate). It's not just about being able to view the existing software, it's about being able to control the systems that process your data.
For example, what if the manufacturer stops supporting the hardware? Today, you can just keep updating openwrt and avoid any security issues. After 2016, that won't be possible.