Belkin To Offer Firmware Fix For Router Hijacking

L-Train8 writes "Belkin has an announcement at the bottom of their homepage about the spam router. They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system. This will require a firmware upgrade. The message says details will be forthcoming. Interestingly, while I was preparing this submission, the message changed. Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says. The new version is much less testy."

"anonymous usage statistics?"

[henc]

Although they remove this feature, what other 'usage statistics'-logging-features are silently embedded?

My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?

It's a good bet from the manufacturers that the device will be online all the time.
Perhaps one should install a box to surveil the router/firewall, if any connections are initiated from the router?

henc

Re:"anonymous usage statistics?"

[Davak]

- Installing ads onto a router.
- Redirecting all non-existant domains to "sitefinder"

Is this the year for the most stupid marketing ideas on the planet?

Re:"anonymous usage statistics?"

[MisanthropicProggram]

I hope the folks whose expertise is in this area will keep an eye out for any other hanky-panky.

I really appreciate the folks who spend the time to figure out these things instead of writing it off as little "quirks" or accepting the line from tech support that you have to get "used to the product".

My brother actually got this line from a Fujitsu tech support guy when he complained that his laptop didn't always read the CD-rom when a new one was inserted and the fact that the laptop didn't shutdown when told to (It would just restart ). - this was in 1999 - BTW.

Re:"anonymous usage statistics?"

[Bowie+J.+Poag]

No, but your D-Link 604 router is a piece of shit.. I should know, I own one too, unfortunately.

The router allows Windows XP to bypass normal user/administrator authentication on the router, and add entires to the firewall table.. Have a look at the firewall page on the router, and see if there's two entries for "msmsgs" that you didn't make. Ever wonder how those got there, especially in light of the fact your router is supposed to be password protected? Gee, thanks D-Link!

Concievably, any schmuck out there could easilly write a virus that pollutes the firewall table in the same manner. I'm surprised nobody has done so already.

Re:"anonymous usage statistics?"

[Tiersten]

Actually, those extra entries are caused by UPNP. It's supposed to automatically add forwarding rules for services running on your local machines.
The MSN Messenger protocol requires you to listen to certain ports and if you're behind a NAT firewall then it doesn't work properly so it uses UPNP. From what I gather, anything which knows about UPNP can request ports to be opened.

It's not a specific thing from D-Link. A lot of new routers now support it.

Re:"anonymous usage statistics?"

[Xenographic]

Don't worry.

They'll think of something else that's worse, more intrusive, etc. every eighteen months or so.

I hereby dub this law to be known as "Xeno's law"

The first corollary is that the average IQ of marketers is thought to be a monotone decreasing function which tends to zero.

Re:"anonymous usage statistics?"

[Bowie+J.+Poag]

..Which is still an exploit.

Keep in mind, when these "msmsgs" (Which I think is the spam-happy Microsoft Messaging service, not MSN Messenger) entries pop up, they occupy HUGE swathes of IP space. Literally, tens of thousands of ports.

I originally noticed this problem while playing RTCW. Periodically, I wouldn't be able to log on to any servers, because the goddamn msmsgs entries in the firewall table would encompass the port range where RTCW servers reside (port 27000-30000 or so)... Huge areas of IP space, sometimes >20000 ports wide.

Did I mention you cant delete these "msmsgs" entries?

Yup. Not only are they added to the firewall table without your permission, you cant get rid of them. The only way you can remove those entries is by restoring factory defaults and rebooting. It took me 4 or 5 repetitions of this process to figure out what the fuck was going on.

D-Link, if you're listening, fix your goddamn router.

Re:"anonymous usage statistics?"

[man_ls]

That my friend, is UPnP, Universal Plug and Play.

Any device that speaks UPnP (most commonly, system services) can talk to a UPnP-complaint router, and have port forwarding automatically opened for it.

This is good for a lot of stuff...takes the guesswork out of port forwarding for apps that support it.

It's not neferious at all.

Re:"anonymous usage statistics?"

> This is good for a lot of stuff...takes the guesswork out of port forwarding for apps that support it.

Back Orifice 2k3 here... please forward WAN::31337 to this IP address.
Okay! Is there anything else I can help you with today?

Re:"anonymous usage statistics?"

[Bowie+J.+Poag]

...So what stops any other piece of code running on the host from pulling the same trick, but worse? Or for that matter, a _remote_ exploit that spoofs a local IP address, and tells requests the router to free up or block off 0-65535?

Re:"anonymous usage statistics?"

[Bowie+J.+Poag]

(*chuckle*)

Exactly. :)

Re:"anonymous usage statistics?"

[smitty45]

you don't know what spoofing an IP address involves, then.

Re:"anonymous usage statistics?"

[Tiersten]

msmsgs is definately MSN Messenger. Windows Messenger is a RPC service I believe.

It shouldn't register such wide ranges though. Something is either buggy or it's very sloppy programming.

But yeah, it's not a particularly great thing for security. I've got UPNP disabled on my router and most of the MSN stuff in Trillian works fine. It has issues with me sending files but apart from that it does what I want. In theory somebody out there could write a Back Orifice style program but register the port with UPNP. This will allow external attackers to tunnel through the firewall as if it wasn't there.

Re:"anonymous usage statistics?"

[madcow_ucsb]

So disable the UPNP service on your windows box (or on the router if it supports it).

My netgear has a checkbox to disable it. That said, I leave it on since it makes it so I can actually transfer files over IM programs. Regular port forwarding works fine unless you have two computers that want to run the same app...

Re:"anonymous usage statistics?"

[man_ls]

Yep. That's very possible.

Security and automatic setup are often contradictory, although I'll take the automatic setup any day and worry about maintaining my own security.

Re:"anonymous usage statistics?"

[row314]

Yet another reason to take an old PC (or a new mini-ITX box), throw in a 2nd NIC, and roll your own firewall/router/NAT box/etc. Sometimes plug-n-play is not a good thing.

Re:"anonymous usage statistics?"

[the_mad_poster]

I don't think it could ever get to zero. With no IQ, I think they'd act totally randomly and, therefore, would have to do something smart from time to time, even if the probability of such an act were very small.

It will decrese at a rate of x^(1/2), where x is the initial IQ. That should allow for the current rapid decline while ensuring they continually get dumber, but never totally random.

Re:"anonymous usage statistics?"

[mackstann]

I have a D-Link 604 and I don't see what you're talking about. What page of the config thingie is it on? Advanced->Virtual Server? Advanced->Applications? I don't see it anywhere. When I got mine I went through a little process of wiping out all of their cute defaults and just putting in what I needed. It has served me well, can't say I have any complaints at all. (Other than their config webpage thing being ugly as hell.)

Re:"anonymous usage statistics?"

[kfg]

A lot of new routers support UPnP because it reduces support calls, not because it's a really good idea for a router to support UPnP.

The disguise of convienience for the home user at the cost of security (which the poor bastard doesn't even know he's giving up)to save the manufacturer the expense and pain in the ass of telling him how to properly configure the device.

The fact that it allows devices and apps to open their own outgoing doors without asking permission is just icing on the cake for the manufacturers who will abuse this for their own ends. (Guess who the major player is? I won't name names but its initials are MS)

http://www.upnp.org/

We're going to have to start putting logging boxes upstream from our commercial routers just to find out what they're really letting in and out.

KFG

Re:"anonymous usage statistics?"

Ok...you gunna do it for the neighbor who has the unsecured firewall set up? That is just elitest bullshit. Not that I agree with what Belkin did, but setting up a network of 4-5 computers is well within alot of peoples skills. My fear is the idiot cable guys setting up wireless AP's. At least the person doing it themselves MAY RTFM or at least the quick guide.

Re:"anonymous usage statistics?"

[OneArmedMan]

what about disabling the UPNP on the router? i have a DSL-500 ( ADSL router ) at home and it also has the UPNP crap in it.

All i have to do is uncheck the *do you want to use this* box, then the UPNP is disabled.. is there an option to disable the UPNP on the other products??

Re:"anonymous usage statistics?"

[gnuadam]

Uh, x^(1/2) is a monotonically decreasing function that tends to zero.

Re:"anonymous usage statistics?"

[Kwil]

Yet in order to decrease to 0, it first must decrease by half.

In order to decrease by half it first must decrease by half of that.

In order to decrease by half of that, it must first decrease by half of that, and so on.

So it would seem that the IQ can never actually decrease at all.

This would imply that the IQ must start at 0.

You could call this something spiffy.. Xeno's Paradox maybe. :)

Re:"anonymous usage statistics?"

[petard]

The MSN Messenger protocol requires you to listen to certain ports and if you're behind a NAT firewall then it doesn't work properly so it uses UPNP. From what I gather, anything which knows about UPNP can request ports to be opened.

Umm... no. The MSN Messenger protocol does not require you to listen to certain ports and works just fine from behind a NAT firewall which has no open ports and does not support UPNP at all. It also works just fine when running on a system with UPNP completely removed. Where did you get your information? (I'm not saying some braindead router wouldn't accept entries via UPNP, just that I know for a fact that the MSN Messenger protocol does not require such functionality! :-))

Re:"anonymous usage statistics?"

[Tiersten]

I know the basic features work fine behind a firewall. It's what I'm using right now and UPnP is off. I don't have a webcam so I can't tell you what happens when you try that.

What I know that doesn't work properly however is file transfers. If I turn UPnP back on in XP and the router then it works perfectly. Turn it off and it dies and will refuse to connect properly to send/receive files.

Re:"anonymous usage statistics?"

[geekoid]

create a web page with the information, and some examples.
write D-Link and tell them to change it.
Post story to /.

watch them squirm
they'll change it.

Re:"anonymous usage statistics?"

[dekemoose]

The router's not broken dimwit, its behaving exactly as it should. UPnP, on the other hand, is a horribly broken idea all the way around, IMHO. Disabling UPnP is your best bet. Next time you are purchasing a piece of computer gear, I suggest you RTFM.

Re:"anonymous usage statistics?"

[the_mad_poster]

I didn't know that, but the post was SUPPOSED to be a joke... not insightful as it's been modded. I went and looked it up, though, for my own edification (from dictionary.com):

monotonic (mn-tnk) Mathematics. Designating sequences, the successive members of which either consistently increase or decrease but do not oscillate in relative value. Each member of a monotone increasing sequence is greater than or equal to the preceding member; each member of a monotone decreasing sequence is less than or equal to the preceding member.

Re:"anonymous usage statistics?"

Yet in order to decrease to 0, it first must decrease by half.

Ignoring Newton makes Baby Jesus cry.

Re:"anonymous usage statistics?"

[DarkSarin]

lol...
that's good.

just to nitpick, though: originally, IQ was mental age divided by biological age. Since biological age is at any measurable point >0, as is mental age, IQ > 0. Someone might argue that mental age could be, theoretically 0, but one of the problems is that to know the mental age of an individual, you must measure it. Currently, there is no method of measuring this that would allow us to obtain a score of 0.

Thus to say that IQ could reach zero is incorrect. Now to say that it tends to zero is different. This may be true, but it could never result in a zero score. Since we are dealing with an average, though, we must also state that as IQ approaches zero, deviation from that IQ must also approach zero.

Someone with better math can define the function for the deviation.

Re:"anonymous usage statistics?"

[panaceaa]

Did I mention you cant delete these "msmsgs" entries?

No, actually, you didn't until later in your post.

If you find yourself asking that question in the future, try out Slashdot's "brand new" Preview button!

Re:"anonymous usage statistics?"

[gnuadam]

Actually, I'm wrong. x^(1/2) is monotonically increasing. For some reason, I read x^(-1/2) which is monotonically decreasing. My bad.

Re:"anonymous usage statistics?"

[Feyr]

i hereby suggest getting rid of all crap routers and getting a real thing

www.routerboard.com

they have a nice router for 220$. if you want you can buy their OS (40$), get one of their trial (not time limited) or run a straight linux on it (i do, spent 2 days squeezing debian to fit on 64 megs)

Re:"anonymous usage statistics?"

[ScrewMaster]

An even simpler solution would be to run a completely open-source firewall/router/NAT solution such as Smoothwall. When you consider that most of these so-called "hardware" routers are anything but, and are just a processor running a stripped-down Linux kernel anyway, a PC-based open-source package such as Smoothwall is a very reasonable alternative. Particularly if you don't trust the "hardware" vendor to keep his sticky little fingers out of your data. Belkin and Linksys and the rest can keep their little blue boxes.

Personally, I've been running Smoothwall on an old 350 Mhz K6 and have had ZERO problems with it. I have absolutely no concern over it hijacking my browser, or surreptitiously sending info back to a vendor's server.

Re:"anonymous usage statistics?"

[ScrewMaster]

Obviously they took marketing lessons from Verisign, with pretty much the same result. It's interesting to me how many modern Internet-related marketing schemes seem to result in a net loss of market share.

Re:"anonymous usage statistics?"

[rnturn]

``With no IQ, I think they'd act totally randomly and, therefore, would have to do something smart from time to time, even if the probability of such an act were very small.''

Brownian Intelligence?

Re:"anonymous usage statistics?"

[yourmom16]

why not just use the standard deviation?

Re:"anonymous usage statistics?"

[DAldredge]

So you are saying they would turn into either PHBs, politicians, and/or marketing?

Re:"anonymous usage statistics?"

[Helen+O'Boyle]

Blockquoth the poster:

accepting the line from tech support that you have to get "used to the product". ... My brother actually got this line from a Fujitsu tech support guy when he complained that his laptop didn't always read the CD-rom when a new one was inserted

I had the same problem with a Fujitsu Lifebook also circa 1999. Funnythingbut, I put up with this for a couple years, then the month my warranty was expiring, included it on a list of about a dozen defects when returning my laptop for "repair" to CompUSA. They gave me a new Toshiba 5x faster than the Fujitsu.

Party on, extended warranty business for laptops! Putting up with the CD weirdness for a couple years, was worth it to gain myself a self-renewing laptop ... which is, of course, itself protected by an extended warranty I bought for it (pay $350 every few years, get brand new laptop every few years for free? I can deal with it...)

[ For the record, I view extended warranties on just about anything EXCEPT laptops, and maybe your new Canon XL1 camcorder, to be evil. So don't interpret the above to be an endorsement of extended warranties for any time other than those FEW times when you actually stand to profit from buying them. ]

Re:"anonymous usage statistics?"

[petard]

I see... I don't think I've ever used (or been aware of, even) the ability to send and receive files via MSN. Oddly enough, I don't think this would make me enable UPnP for my router even if I could... I'd prefer to manually open the ports or use a proxy, I think.

Re:"anonymous usage statistics?"

[_xeno_]

Uh, why did you name it after me? Or did you mean him?

I don't know whether to be offended or honored...

(Although I will know what to feel about the first person who "corrects" me on this issue...)

Re:"anonymous usage statistics?"

[ebob]

My newer D-Link 604 router has some statistics and a thorough logging function (which is displayed in the web gui). - Is all of it really visible to the end user?

A better question is: Is any of it visible to the manufacturer?

Re:"anonymous usage statistics?"

So, how do you RTFM without buying the fucking thing first asshole???

Re:"anonymous usage statistics?"

[Guido+von+Guido]

Often these are available at these things called "web sites."

Yeah, I know, the damn things can be hard to find, and they generally don't index these things under "Things you should turn off immediately."

Re:"anonymous usage statistics?"

[Xenographic]

My nickname is Xeno.
I have always been known as Xeno.
I had this name long before I ever saw you.
I did not name it after you :P

Re:"anonymous usage statistics?"

[cygnusx]

The "wide ranges" is necessary for MSN Messenger file sharing (and audio+video chat), not for basic text chat. Technet has some details on how NATs and firewalls affect Messenger.

I'm curious: are there any apps that do P2P voice/video/file sharing and still are considered "secure" from a firewall administrator's perspective?

Re:"anonymous usage statistics?"

[Xenographic]

Don't be so harsh; that was a joke... a pun on Zeno's paradox of motion which you might've heard in physics class :]

Re:"anonymous usage statistics?"

[aschlemm]

If I was going to use a dedicated firewall appliance I think I would consider one of SnapGear's Linux-based appliances. For a medium solution it costs less than the $600.00 I spent some years ago to get a dedicated Pentium class that I use as a NAT'ing firewall box. I work in a small office for for the time being we've been using a Netgear FVS318 firewall/VPN appliance. It aleast does SFI (Stateful Firewall Inspection) and is quite easy to configure. I've been spoiled after using both Linux and OpenBSD for a firewall and so I want an appliance with more flexibility that what the smaller appliances offer.

SnapGear Embedded Linux Security

Re:"anonymous usage statistics?"

You're still wrong. x^(1/2) is the same thing as the square root of x. For x > 1, this is decreasing. For x 1, this is increasing. For x=1 this is steady. They all tend towards 1.

Re:"anonymous usage statistics?"

[Trepalium]

Hmmm... $220 for a router that I'd have to spend hours squeezing an OS into and configuring from scratch, or $60 for a home router that include 802.11b, and most of the basic settings preconfigured for me. Gosh, that's a difficult choice. Configuring things from scratch is fun and all, but it's not really $160 worth of fun, especially when I'd likely end up with a product with fewer functions than I have right now.

Re:"anonymous usage statistics?"

Then neither of you are creative. Case closed! Who wants beer?

Re:"anonymous usage statistics?"

[Bowie+J.+Poag]

Muahaha.. Thank you for that. :)

Re:"anonymous usage statistics?"

[fucksl4shd0t]

Ignoring Newton makes Baby Jesus cry.

So throw his ass into the pool, just like they did with Moses. Except, um, leave out the miniature ark. I don't think he needs that.

Re:"anonymous usage statistics?"

[_xeno_]

(Although I will know what to feel about the first person who "corrects" me on this issue...)

Slap-slap-slap-slap.

I know, I know, OK - I thought it was amusing. Xeno is one of the more common nicknames used by people with not a spark of creativity in them - like the AC said. I can read posts. I just thought it was amusing. Especially, if you go by date joined, that I'm copying the "real" xeno.

Besides, the X is lame. People who use names that being with X are lamers. My name starts with an underscore. :P

(Although the name I use in elsewhere online begins with - uh, an X. But ignoring that...)

Re:"anonymous usage statistics?"

[fucksl4shd0t]

Hmmm... $220 for a router that I'd have to spend hours squeezing an OS into and configuring from scratch, or $60 for a home router that include 802.11b, and most of the basic settings preconfigured for me. Gosh, that's a difficult choice. Configuring things from scratch is fun and all, but it's not really $160 worth of fun, especially when I'd likely end up with a product with fewer functions than I have right now.

2 network cards, a USB Wireless Access Point, and a 4-port switch (or more, if you prefer), that old Pentium piece of shit laying in the back, and fli4l.

Re:"anonymous usage statistics?"

[imsabbel]

I guess the moderations of the parent shows against which value the IQ of the mods is asymptotic to...
(erg. damn. sounds like yoda...)

Re:"anonymous usage statistics?"

[hanssprudel]

In theory somebody out there could write a Back Orifice style program but register the port with UPNP. This will allow external attackers to tunnel through the firewall as if it wasn't there.

Please! If the trojan is already installed, then getting around the firewall is trivial. It can simply connect out, either to cracked server somewhere, to an IRC channel (this how most trojans are controlled), or even to a webpage (say for instance an empty discussion here on Slashdot). If you are blocking outgoing ports, then it just makes sure that it uses port 80. If you have a software firewall, then it communicates by using Windows scripting to invoke IE to open the pages on it's behalf.

Firewalls are good for keeping things out. Once something is already on your network, the firewall is 100% useless, UPNP or not.

Re:"anonymous usage statistics?"

[shepd]

>So what stops any other piece of code running on the host from pulling the same trick, but worse? Or for that matter, a _remote_ exploit that spoofs a local IP address, and tells requests the router to free up or block off 0-65535?

A router configred not to allow traffic from IPs that are outside, which _should_ be inside.

One would hope that would be all of them. But with belkin, god only knows.

Re:"anonymous usage statistics?"

[hanssprudel]

Don't post math comments until you pass pre-calculus. Please.

Fuck baby jesus. The level of this discussion is making me cry.

sqrt(x) is a monotonically increasing function. If a > b then sqrt(a) > sqrt(b). This isn't even highschool math, for Christs sake. That sqrt(1)=1 does not mean that the function isn't increasing at that point (consider the function f(x) = x).

And for the record sqrt(x) -> infinity as x -> infinity. This is also bloody fucking obvious (if it wasn't true, there would have to be numbers so large they had no square). 1/f(x) -> 0 as f(x) -> infinity, Xeno's paradox has not been a problem for at least 400 years.

Just responding to this thread has made me lose half my IQ...

Re:"anonymous usage statistics?"

[jeremyp]

If x is the initial IQ then it is a constant so x^(1/2) is the square root of a constant so it is not increasing or decreasing. I think you need something like:

xe^-t

where t is the time since you started measuring

Re:"anonymous usage statistics?"

[Steve+Franklin]

You need not to mix mathematical parens with non-mathematical, grammatical parens. It gets rather confusing and looks terrible.

You may be better at mathematics, but I know more about typographical standards. ;-)

Re:"anonymous usage statistics?"

[Short+Circuit]

Would you mind putting out a writup on how you did it? Maybe even to the extent of a mini-HOWTO?

Something as simple as a package list would probably help a lot of people.

Re:"anonymous usage statistics?"

[Feyr]

the most important part is deleting the documentation (man page, /usr/share/doc). i don't like doing it, but since its a router it's not so big of a deal

the other thing that come to mind is the "available" files. (in /var/lib/dpkg) those were 7 megs each (and you can remove them whitout too much worries).

the rest is a matter of going through the package list (dpkg -l) and removing everything that look like it doesn't belong to a router. don't forget to purge and clean/autoclean your packages.

doing all of the above fit debian and all of the tools i need (ipsec,iptables,iproute2,openssh/ssl,tcpdump and a few more) and i still have 11 megs to spare

i'd give you a list of packages but currently the router is unplugged, waiting for some free time on my schedule to replace our main router (cisco 2611)

Re:"anonymous usage statistics?"

[Feyr]

actually you'd have more features. all of the cheap routers i've tried so far you could not disable the NAT between the wan and lan (which i require for some applications). and you can use their own OS on it (they even have a "trial" that seems almost full featured. way most feature than a belkin/linksys/etc anyway).

i agree, 220$ is a bit steep for the home luser. but if you need the power, it's on par with a good cisco (30000$ for a cisco with the same options i have, that's with a 30% discount)

Re:"anonymous usage statistics?"

Hehe, you have no idea how badly you can abuse CompUSA's extended warranties. Anything that gets somewhat outdated quickly is worth getting the warranty on. Best example: video cards. Buy a $200 Radeon 9500, have $200 towards a Radeon 500000 in 6 months. It's like extending the return period by 2 years.

Re:"anonymous usage statistics?"

[Short+Circuit]

Without the "available" package lists, how do you keep your software up-to-date?

Also, have you looked at a compressed filesystem?

Re:"anonymous usage statistics?"

[golem100]

Another exchange with ErikD at BEKIN: ---- Original Message ----- From: "Eric Deming" Sent: Tuesday, November 11, 2003 12:48 AM Subject: RE: Let's review that belkin dot com home page again... > Can you tell me how Belkin can "commented" a wrong...? > > Do you actually own a Belkin router product? I would like to know. If our corrective actions don't seem to be of your acceptance, please detail what your objection is and I will try to fully address it. > Over the years my firm has purchased many hundreds of BELKIN products--we have WiFi adapters, Routers, KVM's, Cables beyond counting. [we are a SW development firm with lots of home offices that are near either a Staples or a COMPUSA] And the issue is not if we have any samples of your current fiasco--its that your firm crossed a line. The last time in this industry I have been this pissed off with the actions of a vendor was when Digital Equipment Corp. released the PRO350. [The PRO350 was a Desktop PDP/11 in which all applications had to be purchased via a central clearing house--as every binary was tied to the CPU's serial number--and it could not format floppy diskettes--you had to purchase "pre-formatted" FD's that were serial numbered/linked in a database to your CPU serial #] Comcast also came close this past year with their "transparent" HTTP caching and URL mining/tracking. [their actions were modified via the actions of a MI law firm and a threatened class action--and followed by very public statements from their CEO on the topic!] There is _never_ an excuse for an action such as your firm's. [without clear disclosure at the point of purchase] There is a simple advantage here--unlike DEC or Comcast--you have competition for every product your sell. DEC was, Comcast is, a monopoly. As a customer we had/have no leverage. With BELKIN we do. The loss of a single Couple hundred $$$/QTR customer is trivial. But as I meet with the IT staffs of our customers, as I go to Trade Shows, as family, neighbors, friends, ask for my suggestions on SOHO equipment to purchase--that will have an impact over time. There will be, at some small level, a general distaste for purchasing your firm's products. Many firms have been treating their customers as exploitable resources. Your firm made the big mistake--you have no leverage. Your customers have alternatives. As a lesson to your management, and that of the other firms for which their customers do not have such leverage, their needs to be an appropriate set of customer actions so that the next time any idiot in a product management meeting suggests such a course--collective wisdom will prevent such poor behavior from becoming a reality. Regards,

Re:"anonymous usage statistics?"

[Feyr]

apt-get update && apt-get upgrade

from what i gathered from the debian mailing list, the available file isn't used by apt-get, only by dselect (which i abhor)

Re:"anonymous usage statistics?"

Xeno is obviously short for Xenographic; e.g. "alien writing" in Greek. An obscure reference to cryptography?

Re:"anonymous usage statistics?"

Let's try making it a bit more readable. (I hope I correctly interpreted your paragraph breaks and the quote nesting.)

Another exchange with ErikD at BEKIN:
---- Original Message -----
From: "Eric Deming"
Sent: Tuesday, November 11, 2003 12:48 AM
Subject: RE: Let's review that belkin dot com home page again..

Can you tell me how Belkin can "commented" a wrong...?

Do you actually own a Belkin router product? I would like to know. If our corrective actions don't seem to be of your acceptance, please detail what your objection is and I will try to fully address it.

Over the years my firm has purchased many hundreds of BELKIN products--we have WiFi adapters, Routers, KVM's, Cables beyond counting. [we are a SW development firm with lots of home offices that are near either a Staples or a COMPUSA] And the issue is not if we have any samples of your current fiasco--its that your firm crossed a line.

The last time in this industry I have been this pissed off with the actions of a vendor was when Digital Equipment Corp. released the PRO350. [The PRO350 was a Desktop PDP/11 in which all applications had to be purchased via a central clearing house--as every binary was tied to the CPU's serial number--and it could not format floppy diskettes--you had to purchase "pre-formatted" FD's that were serial numbered/linked in a database to your CPU serial #] Comcast also came close this past year with their "transparent" HTTP caching and URL mining/tracking. [their actions were modified via the actions of a MI law firm and a threatened class action--and followed by very public statements from their CEO on the topic!]

There is _never_ an excuse for an action such as your firm's. [without clear disclosure at the point of purchase]

There is a simple advantage here--unlike DEC or Comcast--you have competition for every product your sell. DEC was, Comcast is, a monopoly. As a customer we had/have no leverage. With BELKIN we do. The loss of a single Couple hundred $$$/QTR customer is trivial. But as I meet with the IT staffs of our customers, as I go to Trade Shows, as family, neighbors, friends, ask for my suggestions on SOHO equipment to purchase--that will have an impact over time. There will be, at some small level, a general distaste for purchasing your firm's products.

Many firms have been treating their customers as exploitable resources. Your firm made the big mistake--you have no leverage. Your customers have alternatives. As a lesson to your management, and that of the other firms for which their customers do not have such leverage, their needs to be an appropriate set of customer actions so that the next time any idiot in a product management meeting suggests such a course--collective wisdom will prevent such poor behavior from becoming a reality.

Regards,

Re:"anonymous usage statistics?"

Not just D-Link; the Linksys routers do this too.

Re:"anonymous usage statistics?"

[the_mad_poster]

Just responding to this thread has made me lose half my IQ...

You made that quite obvious right from the start of your response - now you're just being redundant.

Christ - grow up. It was a fucking joke. Nobody's impressed with your apparently mediocre math skills. I can find the same damn information on Google. If you need to feel better about yourself, go beat up some schoolchildren on the playground. You're certainly not impressing anyone here.

Re:"anonymous usage statistics?"

If x is the initial IQ then it is a constant so x^(1/2) is the square root of a constant so it is not increasing or decreasing. I think you need something like:

xe^-t

where t is the time since you started measuring

Go look up the word "rate" in a dictionary. Fuckwit.

Re:"anonymous usage statistics?"

[DarkSarin]

That's what I am saying, but I mean to predict the maximum standard deviation as the average IQ approaches approaches zero. Thus if the function to describe the IQ is X/2, what is the new standard deviation?

maybe I am not articulating this well....

Re:"anonymous usage statistics?"

[Trepalium]

Unless you have all those already, it still isn't cheaper. Most wireless access points sell for MORE than a wireless equipped home router. If you mean a HostAP capable USB wireless card, then it still doesn't get any cheaper. I've seen routers sold for $19.95CAD after MIR, or $29.95CAD for wireless. Non-sale prices seem to be $100CAD, and $70CAD respectively.

I know how to set up a Linux router, and until they became so cheap, I used to run a 486 as my personal NAT router. Today, however, even using the old parts I've collected over time, a Linux router still can't compete price-wise with a store bought model.

Re:"anonymous usage statistics?"

[Alsee]

Brownian Intelligence?

Put an atom of argon in a 1-mile by 1-mile maze. After 5,000 years it finds the exit.
Brownian Intellegence: Low.

Put a mouse in a 1-mile by 1-mile maze. After a few days it dies and never exits.
Brownian Intellegence: Zero.

-

Re:"anonymous usage statistics?"

[fucksl4shd0t]

I know how to set up a Linux router, and until they became so cheap, I used to run a 486 as my personal NAT router. Today, however, even using the old parts I've collected over time, a Linux router still can't compete price-wise with a store bought model.

I wasn't actually trying to compete with price, but with function instead. :) The GP had said that a solution where you spent $250 on hardware and then still had to cram an OS on it wasn't useful. But for $60 - $100 USD, assuming old comp hardware laying around, a homebuilt Linux-based router would be much more useful than any router you can get. Think about it like this. Most WAPs I've seen have been significantly cheaper than wireless equipped routers (half the cost at least). Instead of buying a new wireless router every few years so I can have faster wireless, I could just keep slapping on WAPs to support new standards. It's all about TCO, and function.

Re:"anonymous usage statistics?"

[Wolfrider]

--I think The Brain would do pretty well in a B.I. test. Getting away from Pinky would be a pretty strong motivation. :b

Re:"anonymous usage statistics?"

[hanssprudel]

I got scared by a couple of posts, especially the one I responded to, which was why responded harshly. If they were joking, then I apologize, IHBT.

You are right that my math skills are medicore (I haven't gotten anywhere on my dissertation in the last couple of months) but that doesn't really matter we are talking Teletubby level...

Re:"anonymous usage statistics?"

[sunhou]

My problem with D-Link di604 routers is they time out idle ssh connections after a while. E.g. I stay logged into my office machine from home (going through the di604 at home) via ssh. After a while, the ssh connection gets closed.

It used to close after about 15-20 minutes. After I complained to them, their next firmware upgrade increased the timeout to several hours, but it still times out. WTF? If I want a router to time out my connections, I'll tell it that's what I want. Since then I've unplugged the di604, and have gone back to using an old 133MHz Pentium running Linux as my firewall/router.

Re:"anonymous usage statistics?"

[yourmom16]

if you half every possible value of the variable the standard deviation is also halved.

I've got a fix...

[Dimensio]

...It involves a hatchet.

Seriously, Belkin's response to this has been utterly abysmal. First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.

They've lost a great deal of trust that they will never regain.

Re:I've got a fix...

[jumpingfred]

They are withdrawing it pretty quick. I don't know what else you can expect aside from not doing it in the first place.

Re:I've got a fix...

[Davak]

Honestly, this is the most stupid thing since TurboTax decided to write to the boot sector.

Will anybody affected ever buy TurboTax Again?
You think anybody will buy Belkin after this act of stupidity?

These companies just need a couple dozen average slashdot-type geeks to filter their ideas through. We would weed a lot of this stupid crap out. Hell, they could have just posted the idea in the newsgroup and watched the flames pour in.

Somebody will get fired over this...

Davak

Re:I've got a fix...

[Shakrai]

They've lost a great deal of trust that they will never regain.

Sure, among uber-geeks and /.'ers. John Q. Public who purchased these Routers was doubtless annoyed by it, but John Q. Public who is still in the market and who (likely) hasn't heard about it will still consider buying Belken products.

Two questions/points would spring to mind:

1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.
2) I wonder how many units are still sitting on store shelves with the old firmware in them? This could haunt Belken for quite some time yet.

Personally, I have experience with Linksys, Belken and Netgear NAT routers. I'll be sticking with my Duron based $250 Linux box and iptables :) So what if it uses 50+ kilowatt hours of power a month ;)

Re:I've got a fix...

[netsharc]

I hope they show a link to this firmware update page on their "Try our super parental control!" page.

Oh well, people who buy wireless routers should be savvy enough to be able to figure out what's going on.

Re:I've got a fix...

[Suppafly]

1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.


To flash the firmware on most routers, you just login to some web interface and click the "update firmware" option.

Re:I've got a fix...

[Shakrai]

To flash the firmware on most routers, you just login to some web interface and click the "update firmware" option.

What's a web interface? How do I login? Where do I type in that address? What's number lock? Do I need to plug the router in first? If I unplugged the router by accident in the middle of the upgrade am I in trouble?

Sorry, again, "I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware".

(And yes before I'm modded flamebait that was the disgruntled ramblings of a former Level 1 support tech ;)

Re:I've got a fix...

[CurlyG]

Err, I get your point, but really... "what's a web interface?". Why would they be buying a router if they don't know what the web is?

Re:I've got a fix...

[Shakrai]

Err, I get your point, but really... "what's a web interface?". Why would they be buying a router if they don't know what the web is?

The web? Isn't that like AOL?

Sorry, that was too easy. I should probably lose some of my cynicism :P It's been reinforced too much by end users.

In all seriousness though, I think "web interface" would confuse them, whereas if you said "We are going to a special webpage in Internet Explorer" or something along those lines you'd have better luck. Or maybe not. Never underestimate the stupidity of an end-user....

Re:I've got a fix...

"SPEWS dead? Wrong. http://spews.org/"

ITYM:

SPEWS? Dead wrong. http://goatse.cx/

HTH, HAND.

Re:I've got a fix...

[wo1verin3]

>> Seriously, Belkin's response to this has been
>> utterly abysmal

There response was fine, but this issue is WAY over-hyped. While you see this every 8 hours, that only happens if you don't click the 'don't show this again' option. Then it's gone forever. This issue has been way over-hyped and it is a non-issue. They offered you a product/service, you decline it, and you never see it again. There are MUCH WORSE WAYS THEY COULD HAVE GONE ABOUT THIS.

Here is a snippet from usenet with Belkin's response:

We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page.

In summary, you have to click 'no thanks' ONCE and you'll never see the thing again unless you do a hard reset of the router.

Re:I've got a fix...

There are MUCH WORSE WAYS THEY COULD HAVE GONE ABOUT THIS.

But then, there are also much better ways they could have gone about this. It's still right to slam Belkin for a really bad marketing decision, even if they could have been engaged in genocide in Rwanda instead.

There are plenty of alternative ways they could have marketed their service. Belkin just decided the usual ways weren't intrusive enough, and they compromised the primary functionality of their product in order to hawk some high-profit-margin addon "service". Just stupid. Maybe not global-domineering-Dr. Evil-scale evil, but still stupid.

How about if your car stops running every 8 hours and plays an ad for OnStar? Every tenth page of your document comes out of the printer with an ad for more ink?

Re:I've got a fix...

Do not give them ideas :-)

Re:I've got a fix...

[Dimensio]

Their attempt to 'justify' the hack shortly after it was exposed earned them almost as much bad karma as having it in the first place -- did you not see the USENET posting from a company spokesperson on this?

Re:I've got a fix...

[Suppafly]

If you can't walk someone through typing http://myrouter in their address bar and clicking the "install updates" option, you probably weren't a very good support tech.

Re:I've got a fix...

[Shakrai]

If you can't walk someone through typing http://myrouter in their address bar and clicking the "install updates" option, you probably weren't a very good support tech.

You entirely missed the point of my original comment, which was "I pity the poor Level 1....." Just because you can do it, doesn't mean you want to. Give me 5 or 10 minutes I can walk just about anybody through doing anything. That doesn't mean I enjoy doing so.

My point being, that the Belken tech support ppl (or whoever they outsource it to) have an interesting few weeks ahead of them.

Re:I've got a fix...

[wo1verin3]

>> It's still right to slam Belkin for a really
>> bad marketing decision, even if they could
>> have been engaged in genocide in Rwanda
>> instead.

Absolutely, but they're getting slammed for murder 1 when this was more of a j-walking issue.

>>How about if your car stops running every 8
>>hours

How did you know I drive a ford?

>> and plays an ad for OnStar? Every tenth page
>> of your document comes out of the printer
>> with an ad for more ink?

Remember, if you choose the option to DON'T SHOW ME AGAIN then you won't ever see it. While I don't like what they've done, and I may be upset if I owned one of the products, a lot of people are jumping to conclusions and the issue has turned in to a game of broken telephone. I'm not speaking of /. right now, but more mainstream news sites covering it aren't reporting the facts, they're jumping on the bandwagon.

Re:I've got a fix...

[YOU+LIKEWISE+FAIL+IT]

1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.

Eh, it's cool. I'm quite sure Belkin have some backdoor to flash them all over the internet from their underground lair.

What could possibly go wrong?

YLFI

Re:I've got a fix...

[ScrewMaster]

Yeah, I run an old K6 and Smoothwall. However I've been looking into some of these new VIA Micro-ITX-style motherboards ... they're tiny, don't draw much if any more power than your typical Linksys and some of them have two Ethernet ports on-board. Perfect setup for a small, dedicated router/firewall.

Re:I've got a fix...

[ScrewMaster]

Basically, I agree with you, but to me the idea of trusted hardware being subverted (to any degree) for marketing purposes is unacceptable. Granted, this is hardly on the scale of Verisign's SiteFinder service, but the principle is identical. Consequently, while the response may a bit hard on Belkin for a while, they deserve it and perhaps this will deter other vendors from similar actions. Frankly, this country is already too goddamned full of advertising (can't get away from it ... it's on my satellite TV, the Web, everywhere I drive, no escape.)

Re:I've got a fix...

[DontHaveAClue]

I tryed typing http://myrouter in the address bar but nothing came up... the Internet must be down

Re:I've got a fix...

[Skuld-Chan]

1) I pity the poor Level 1 techs at Belken who are going to have to walk all the Mom & Pop users through flashing the firmware.

I've been there.

Some companies actually bill these sorts of calls to the department repsonsible for the call (in this case that would be marketing).

Re:I've got a fix...

[Cecil]

Perhaps I'm doing something with those webpages other than displaying them in my web browser. How would you like to have your debian mirror randomly interspersed with broken packages because your router keeps occasionally downloading Belkin's ad instead? Perhaps it restricts itself to .html documents only. What if I'm mirroring a website?

Redirecting http requests at random is asinine and unforgivable. I have had it with EULAs, register now forms, please give us your personal information if you want to continue forms, all of it. The clickthrough information gathering stops here.

Re:I've got a fix...

[_Sprocket_]

Sure, among uber-geeks and /.'ers. John Q. Public who purchased these Routers was doubtless annoyed by it, but John Q. Public who is still in the market and who (likely) hasn't heard about it will still consider buying Belken products.

True. But look at their product line. There's a lot of stuff that seems to be more directed towards techies than the average John Q. Public consumer. I doubt Belkin wants to alienate that market.

Re:I've got a fix...

[racermd]

True, most level-1 techs are good at what they do, and they typically don't enjoy it too much. In fact, it's all they (we) can do to keep from saying, "Take this job and shove it."

And I don't think that 5-10 minutes of tech support will work for a large number of people. Don't believe me? Read some of the stories at Tech Support Comedy. Every time I feel bad that I've got to deal with some of the dumbest people on the planet, I just read some of the stories on this site. I suddenly feel much better and realize that it could always be worse.

Yes, never underestimate the stupidity of the general public. I don't exactly remember the source of the quote (although I'm sure it's from a movie of some sort), but it sure seems to fit: "A person is smart. People are dumb."

Re:I've got a fix...

[advocate_one]

"Personally, I have experience with Linksys, Belken and Netgear NAT routers. I'll be sticking with my Duron based $250 Linux box and iptables :) So what if it uses 50+ kilowatt hours of power a month ;)"

1) you paid too much... a second hand P100 for $20 or free would do the job very well

2) the power is coming out in heat... which is fine for me in winter as it also heats my room up... works as a low output space heater... :)

Re:I've got a fix...

I'm a student and work tech support for a web hosting company.. Many of our clients are dumb, but most can understand when I tell them to click somewhere or open up this or that page. I still remember this one guy who needed help getting his email working. I told him to load up his web browser. He said "web what?". I said, "Web browser. Internet Explorer." "What's that?" "The blue E on your desktop there." "Ooooh, I don't use that very often." It was hell trying to get him to open Outlook...

Re:I've got a fix...

[Lumpy]

first off, get a SMC barricade.. no problems, powerful, and just works great.

second, yes joe Q will know if the uber geek population simply opens' their damned mouths.

be sure to always say "do NOT byt belkin products, they suck, they will cost you money, break right away, hijack your internet connection, enable terrorists, launch weapons of mass destruction...

Joe Q listens to us about computer products. I personally influence 60 people daily in t hat regard.

Re:I've got a fix...

I would hope that the Belkin techs know better than to call it that...to your average non-geek, "flashing the firmware" gets you charged with indecent exposure.

Re:I've got a fix...

[HiThere]

I know some people I bet you couldn't walk through that in an hour. Of course, most of them would never call for support. (One of them has finally gotten over the fear that if you take the plug out, electricity will run all over the floor. I think.)

Re:I've got a fix...

[Shakrai]

1) you paid too much... a second hand P100 for $20 or free would do the job very well

Well I do other stuff with her too. She's run's samba on a mirrored drive setup to store/share/backup all of my critical documents, mp3s, digipictures, etc etc. Mainly for the redundancy of the mirrored drive, but also so I can access them from any of my other PCs. Samba rocks.

I also (though this is overkill for my setup) run Squid. Plus once in awhile I do some code development, so a P100 would kind of be a drag there :)

The heat output is actually pretty impressive if I max out her CPU (dnetc or seti@home) and close the door of the room she is in. This also seems to take the power consumption from about 70 watts to 90 watts (This is a fun little toy), which is odd because my Athlon system only increases power consumption by about 5 watts going from 0% CPU usage to 100%. Is this a CPU difference or an OS difference? The Athlon based system runs Windows XP... perhaps it doesn't idle the CPU the same way Linux does? Ditto for the temp difference... the Duron (w/Linux) runs at about 70 degrees idle... and 95 maxed out. The Athlon always stays at about 105 degrees.

In any event, the electric usage doesn't bother me because I have dirt cheap municipal electric (4 cents/kilowatt hour), and it probably saves me a tiny little bit on my heating bill ;) I could build a smaller setup that would use less juice, but I get to do other stuff with it, so it works out nicely.

Re:I've got a fix...

[Shakrai]

Joe Q listens to us about computer products. I personally influence 60 people daily in t hat regard

Yeah, John Q. Public asks me questions all the time about computer stuff. I love being the resident "Computer-guy" and getting questions that range from "Will my PC run this new game for my son?" to "How does the Internet actually work?". There is a reason why my cell phone number is a closely guarded state secret at my company ;)

60 people though? Where do you work? I work for a company that has people in and out the door all day (Insurance Agency) and I doubt that I see 60 new faces every day, let alone 60 faces that are going to ask me computer advice.

Re:I've got a fix...

[jjsoh]

• Yes, never underestimate the stupidity of the general public. I don't exactly remember the source of the quote (although I'm sure it's from a movie of some sort), but it sure seems to fit: "A person is smart. People are dumb."

You're right. I also remember hearing it from a movie, so I had to look it up to be sure: Agent Kay in "Men In Black" (The reference is about half way down the page.)

Re:I've got a fix...

[Wolfrider]

> Somebody will get fired over this...

--Nope. Somebody *should* get fired for this - but I'll bet they won't be. This decision had to come from pretty high up in the company for it to even get implemented.

Re:I've got a fix...

[Alpha_Traveller]

That's an excellent idea....

The Slashdot Advisory Board. Sounds like a great opportunity for an open-source project to me... :::ducking:::

Seriously though, great idea. Where do I sign up, or help out? Fundamentally, so much of us are involved in aspects of UI, Tech and otherwise we'd be a great, 'free', critical asset. God help them.

tbone fp?

tbone fp?

If I were Belkin...

[segment]

I would hide from those Microsoft appointed CyberBountyHunters.

Bad boys, bad boys, what ya gonna do
when Billy Gates starts using his money on you

Re:If I were Belkin...

At first I read "Microsoft's CyberBunnyHunters"... I thought, does Bill Gates have no shame? Must he own Easter? Will we see Balmer now hop around in a bunny suit? Oh, the humanity....

In case their message changes again...

[Evil+Adrian]

"Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you."

If anyone has the testy version, post that too! I'm curious.

Re:In case their message changes again...

[(startx)]

From the google cache

"Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you."

Re:In case their message changes again...

[Mir322]

Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

---

Re:In case their message changes again...

[(startx)]

oops, this is the google cache, the previous link was to the search results.

Re:In case their message changes again...

[ls+-lR]

Man, that is such typical PR/marketroid-speak. "We are strongly against spam. What we are doing is not spam, because we say so. We are simply giving you the opportunity to learn more about this valuable service."

Well guess what, I'm giving you the opportunity to deal with the fact that I will never buy any of your shitty overpriced cables or other gear again.

Re:In case their message changes again...

From http://www.dslreports.com/shownews/35474

Since Parental Control is a subscription service, Belkin wanted to make registering for the service very easy. Since the router actually will work in tandem with an outside server (Cerberian, www.cerberian.com) registration information needs to be collected and sent to Belkin and Cerberian to activate an account. Traditional methods of registration, such as asking the user to go to a website or navigate to the Router's internal Web page to enter information didn't meet the ease-of-use goal. We elected to re-direct one http request to the "Register Now" reminder page. (There is a link in a previous posting if you want to see it) This page asks the user to register for the service for a free 6 month trial. Now, granted this looks like an ad. It should, it is intended to be informative and easy enough to understand. At this point, the user can register or click "No Thanks". Clicking "No Thanks" sets a flag in the Router to stop the Router from re-directing every 8 hours to the reminder page.

Re:In case their message changes again...

I just loaded the page and got this message:

Important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

Re:In case their message changes again...

Important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

Re:In case their message changes again...

[geekoid]

oh, it just mention how they don't consider it spam. franmly, I don't consider it spam either. How ever, it is a poorly implemented way to riemind people to turn on the parental control feature.

Re:In case their message changes again...

[bogidu]

Not spam, maybe, maybe not. However, the last thing i want to do is buy a product, then be hit with MORE advertising, ESPECIALLY when they've already reached into my wallet! If i wanted that I'd sign up w/AOL, then call them requesting more of those coasters.

Re:In case their message changes again...

[bnenning]

It isn't spam, it's a preinstalled trojan. It would be an improvement if it *were* spam, like if it used that stupid Windows Messenger service to pop up a message on clients connected to it. Instead, it is broken by design because it deliberately fails to do what it claims to, i.e. route packets to their requested destination.

Re:In case their message changes again...

[ScrewMaster]

It's not spam, it's a browser hijack. If I point my browser to a site, and something between me and the remote server decides arbitrarily to point my browser somewhere else, then I've been hijacked. I don't care if it only happens every eight hours, or only once, a goddamn HARDWARE ROUTER should not be doing this. Very unprofessional, and the are rightfully being slammed for it.

Re:In case their message changes again...

[seebs]

As of 3:05 AM (Central time), November 11th 2003:

Important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

(end quote)

FWIW, it wasn't "spam". It was "hijacking". An important distinction.

Re:In case their message changes again...

[Zathrus]

And, of course, it did change again (current as of this posting time). The big change is that they're actually apologizing now.

"In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com."

Re:In case their message changes again...

[adavidw]

The big change is that they're actually apologizing now

Note that they aren't actually apologizing for what they did. They're just saying that they're sorry that we had to go and get all angry about it, ruining their plan.

-Aaron

Re:In case their message changes again...

[Alsee]

From the to-tell-the-truth dept.

"Belkin is aware of some recent postings that claim that Belkin executives are complete asshats and that wireless routers are spamming users daily while currupting communication data. It is not now, nor has it ever been, the policy of Belkin to protect the integrity of customer data or to understand the definition of "spam". Belkin offers users a valuable free trial of our censorship feature in our routers, and to advertize the service we want to sell them and to try to get more people into the free trial, we have deleted their data to hijack the connection and force our censorware advertizement on them. The ungreatful morons should be thanking us for our generous FREE offer! However, since the peasants have begun rioting with pitckforks and torches, it is Belkin policy to flee in terror, Belkin has decided not to include this data currupting spamware in future routers. Future router's firmware that incorporates censorware as an option will gave this problem fixed. Anyone lucky enough to buy one of our routers off the shelves during the next few weeks can still enjoy this exciting feature! Supplies are limited! Buy one today!

Please expect more of our stupid antics to appear on SlashDot in the near future. Boy, did we fuck up!"

-

Original Snippy Message

[tribes]

Go go, Google cache!

Kharma whoring for fun and profit....

Re:Original Snippy Message

How the hell is this redundant? I challenge the mod who modded this redundant to show a google cache link posted before 8:31 and I'll say you're right, but until then, you sir, are an asshat.

Re:Original Snippy Message

For archival purposes, the message reads:

Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Re:Original Snippy Message

[linkjunkie]

Original Belkin reply here
Steve originally posted a link to this here
FWIW, I saw this originally posted through google groups. I can't verify it word for word, but it does look the same to me. (I did try to clean up the format a little to make it a little easier to read, but I tried to stay close to the original formatting)

Full text for the sake of duplication

From ericd@belkin.com Fri Nov 7 20:19:08 2003 Path: internal1.nntp.ash.giganews.com!border2.nntp.ash.g iganews.com!border1.nntp.ash.giganews.com!firehose 2!nntp4!intern1.nntp.aus1.giganews.com!border1.nnt p.aus1.giganews.com!nntp.giganews.com!opentransit. net!news-spur1.maxwell.syr.edu!news.maxwell.syr.ed u!postnews1.google.com!not-for-mail From: ericd@belkin.com (Eric Deming) Newsgroups: news.admin.net-abuse.email Subject: Re: [OT-evil marketing] Belkin does Verislime one better - router spam! Date: 5 Nov 2003 15:25:28 -0800 Organization: http://groups.google.com Lines: 70 Message-ID: References: NNTP-Posting-Host: 67.98.73.254 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1068074728 22743 127.0.0.1 (5 Nov 2003 23:25:28 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Wed, 5 Nov 2003 23:25:28 +0000 (UTC) Xref: intern1.nntp.aus1.giganews.com news.admin.net-abuse.email:1466982

"JerryMouse" wrote in message news:...

> Mr. Uh Clem wrote:
>
> [...]
>
> What does Belkin say when you complain?
>
> I'd make their life miserable until they removed the offending software from
> my machine.
>
> You did not conset to this aspect of your machine's modification - this is
> nothing less than malicious.
>
> Raise hell.
I was made aware of this posting by an e-mail that was sent to Belkin's tech support e-mail box.
Since I am a product manager for Belkin's LAN products and was very involved with the development of the Parental Control feature, I feel that I can shed some light on this subject.
Firstly, without trying to sound too stand-offish, we are not talking about SPAM here. For me to clarify, an understanding of the Parental Control service will really be needed.

Since Parental Control is a subscription service, Belkin wanted to make registering for the service very easy. Since the router actually will work in tandem with an outside server (Cerberian, www.cerberian.com) registration information needs to be collected and sent to Belkin and Cerberian to activate an account.
Traditional methods of registration, such as asking the user to go to a website or navigate to the Router's internal Web page to enter information didn't meet the ease-of-use goal.
We elected to re-direct one http request to the "Register Now" reminder page. (There is a link in a previous posting if you want to see it) This page asks the user to register for the service for a free 6 month trial.
Now, granted this looks like an ad. It should, it is intended to be informative and easy enough to understand.
At this point, the user can register or click "No Thanks". Clicking "No Thanks" sets a flag in the Router to stop the Router from re-directing every 8 hours to the reminder page. (Again remember, only one http request every 8 hours).
Admittedly, there is no controlling which computer on the LAN this message will pop up on. If the user just closes the window without clicking "No Thanks", then the flag is never set, and the reminders will continue.
Now, if you are the type that doesn't want to click the "No Thanks" button, then no problem. Navigate to the Router's internal web interface (default IP = 192.168.2.1), click on the Parental Control menu. In the Menu, select "Don't Remind every 8 hours" (This phrase actually varies a b

Re:Original Snippy Message

[fucksl4shd0t]

I must admit, I find this post quite reasonable. That doesn't mean what they did was right, don't get me wrong, but I have to agree that the method does achieve their goals of usability.

I would suggest that if they intend to be reasonable like this in response, they should add to their list of goals, in the future, "hardware should be trusted, since it will be relied on for security, no matter what we put in our fine print. Therefore it will always behave as the user expects it to behave."

If that goal was listed right next to their usability goal, they wouldn't have done this stoooopid thing in the first place. :)

Re:Original Snippy Message

This moment will be a classic moment in history. Thank you.

Re:Original Snippy Message

[HiThere]

Are you sure that cache entry hasn't been updated? That doesn't look like a particularly snippy message to me. (OTOH, it's hardly admitting that they did anything wrong. That probably required a decision by upper management.)

This doesn't change the fact that that was a particularly stupid and even dangerous act. I think that I'll penalize Belkin 30% over that one action. (I.e., Belkin must be either 30% cheaper or 30% better than a neutrally rated competing product to win the purchase.)
N.B.: Even the MPAA is only penalized 75%. But that's been enough to keep me out of all movies from any MPAA affiliated company, or any company that I suspect is probably MPAA affilitated. Except one... I did go to see LOTR I & II, though I regret seeing LOTR II, as that was a vile miscarriage of a movie. Then I immediately donated $60 to the EFF. (It's no penalty unless you really mean it.)

The old message? from Google cache

[AEton]

cache here (as of 10 Nov 2003 20:43 EST):

Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Re:The old message? from Google cache

[bmiller949]

I would like to thank Belkin for supporting me in my purchase of a Linksys router instead...

Re:The old message? from Google cache

[_Sprocket_]

Here's some more interesting things for the record.

The origional reply from Eric Deming ("a product manager for Belkin's LAN products and ... very involved with the development of the Parental Control feature") to news.admin.net-abuse.email was removed. Oddly enough. However you can find mirrored copies re-inserted in to Google Groups thanks to:

Malev
Clifton T. Sharp Jr.
dave

And even a simple text mirror outside Google's domain provided by Steven J Sobol.

The removed message was replaced by a very familiar sounding post again from Eric Deming. Google Groups currently has its own copy available (at the time of this writing). But others have already began the process of burying the text - probably due to previous experience.

Of course - if all these sources fail you... you can always find the same text burried in reader comments from the initial Slashdot article mentioned in this article's submission.

Re:The old message? from Google cache

[fucksl4shd0t]

I would like to thank Belkin for supporting me in my purchase of a Linksys router instead...

Didn't Linksys embed Linux and distribute it as binary without proper GPL notifications, and then subsequently refused to comply with GPL requirements that they give the source code to any customer who asks?

Re:The old message? from Google cache

[advocate_one]

The big question here is how are they going to replace the firmware on each item??? With a free replacement policy and put large announcements in the press??? The whole thing must be as public as possible and completely free to the user.

Re:The old message? from Google cache

I would like to seen an apology and an admission that they product was intentionally defective. As long as the keep trying to spin this, I'll assume they will do it again. What's next? Printer cables that replace printouts with advertisments?

Trust?

[Quasar1999]

Half the time I don't risk upgrading the firmware on my devices cuz I don't trust the engineers didn't mess something up (and they're always labeled beta... but I give up...)... How the hell am I supposed to trust they won't implement some other backdoor feature in their firmware?

They've gone so far as to generate traffic to their homepage to advertise crap, what's keeping them from simply redirecting your Outgoing data to some IP address on their networks, for anonymous data collection or some other BS, which you agree to in their 4 million word EULA that you have to click yes to before installing this patch?

Anyone know where I can buy a tinfoil hat?

Re:Trust?

[Junior+J.+Junior+III]

Updating firmware isn't as scary as you make it out to be. I've updated firmware on a large number of devices on the PCs I've owned or serviced, and never have I been screwed by it. Just read the instructions and follow them carefully, and make sure you understand what they are telling you to do so that you can be sure you're really doing it properly. It's really not that bad.

Re:Trust?

[red+floyd]

The OP probably knows how to update the FW. He's wondering about what new backdoors/advertising/whatever Belkin has put in...

Re:Trust?

[madcow_ucsb]

I don't figure it's any more likely that there are backdoors in a new version than in the original version. Combine that with the bug fixes they put in and I'd say it's usually safer to upgrade...

Re:Trust?

[shaneb11716]

Anyone know where I can buy a tinfoil hat?

How about making your own: AFDB

-Shane

Re:Trust?

[cyt0plas]

"Anyone know where I can buy a tinfoil hat?" Make your own. After all, where better to put a brainwave monitoring device than in mass-produced tinfoil hats? The foil will actually _amplify_ the brainwaves. To be as safe as possible, use tinfoil from a varieety of different sources to make your hat, and be sure to use different parts of the roll, to further reduce the likelyhood of any monitoriting devices.

Re:Trust?

[archivis]

Get yer bug fixes here...mind the crates of new bugs. Don't worry about them, next week we're going to be showing you adds for new Electronic Off! Bug Repellent Spray...(once the bugs in the firmware patch have had time to incubate dontcha know)

Re:Trust?

Not scary huh? Well, I have *written* code to update equipment remotely - users should be scared - especially if it was the stuff I wrote...

original message text

[L-Train8]

I was in the process of cutting and pasting Belkin's message into a story submission earlier today when it changed, so I have the original text. The message earlier today read:

Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Now we have the more concise and concilliatory

We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet
but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Re:original message text

[lildogie]

The marketeers are being shown the door by the PR people, the latter having been educated by engineering, and the former being uneducable.

Re:original message text

[TheWart]

Maybe I am just too accepting, but that message does not seem "snippy" to me. Maybe a little long-winded, but hardly condescending.

Re:original message text

well, routers are not supposed to do what theirs does.

maybe they need a new name for a router that randomly gives you ads?

Re:original message text

[Drishmung]

It's a very common attitude: that spam is something that other people do. Our advertising is valuable and desirable and can't possibly be spam, so different rules apply.

It is really, really basic. It's a form of the Golden Rule. "Would this be acceptable to us if someone did it to us?" Or, "would our customers find this acceptable if another company did it?"

The marketing types responsible for this are demonstrably liabilities to Belkin and should be dismissed. As if...

Re:original message text

So we can wait a little bit for things to cool down and do nothing, we can just disable the spam feature server side, we can spam firmware updates that will trash routers, or we can promise things will be better in the future, continue spamming, then disable server side spamming. Hmm, your still jerk-offs in my book belkin.. You made some high quality cables and such, but we can live without you, and I, hopefully, will.

Re:original message text

[Humba]

We apologise for the fault in the router. Those responsible have been sacked.

Mynd you, moose bites Kan be pretty nasti...

We apologise again for the fault in the router. Those responsible for sacking the people who have just been sacked have been sacked.

--Humba

Re:original message text

[Krellan]

Wow, I just read the page and read yet a third variant on this text. Here's what I saw.

Important message from Belkin:

In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.


Notice that there's 2 gotchas in here:

1) It won't be available until 11/17. One full week of more Belkin spam.

2) It only mentions removing extra browser windows during the installation process. This isn't the concern of many. The concern is the hijacking of a random outgoing HTTP connection every 8 hours, redirecting it to the Belkin spam page! They don't mention removing this. Instead, they only mention removing a popup from the installation process (which is typically only done once, and a lot less annoying than the 8-hour-repeating spam that was the main issue in the first place).

I have avoided Belkin products for some time now, because of abysmal experiences using their KVM switches. Wretchedly poor products that often lock up completely and require you to reboot all machines connected to them! Not good, if in a server environment. Switched to Iogear KVM switches and never looked back! Belkin also hides the true cost of their KVM switches by forcing you to buy connector cables separately at an extra price, whereas Iogear kindly includes the cables.

How do you spell "broken"? B-e-l-k-i-n :)

Re:original message text

[RiffRafff]

"However, since this has become a source of concern to our users[...]

Correction: EX-users...

Re:original message text

Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter.

So they claim it, the implication here is it's not true. Snippy.

It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else.

I'd call this a lie, but that's just me. Either way, they are denying what everyone knows is true.

Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features.

It doesn't make one bit of difference how wonderfull there product is. It's still advertising.

However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers.

They aren't removing it because it was wrong. Only because of concern. There's no apology, no admission that hijacking browsers is ever wrong.

I read this as Belkin saying that we all over reacted, but since they put us first they will fix it anyway. That's condescending to me.

I consider this to be a product defect and they should fix it because they don't want to sell defective products.

Re:original message text

[Daoenti]

And they once again apper to have changed the message, this time with more information about the avaliability of the fix:

Important message from Belkin: In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

November 17th... I'm sure they have a lot of testing to do to make sure this firmware update works properly however should it really take 6 days to remove this one 'feature' since they say they already have a way to disable it (or 'opt-out')?

I am such a Karma Whore

[Evil+Adrian]

Here's an article about it from about 7 hrs ago.

Here's an article about their stupid response.

Here's the original Slashdot article.

Adware.. but what else

[pvt_medic]

So now we can pay for them to track our activities and send us advertisement. Reminds me of how initially having a logo on an article of clothing seamed insane... now we are walking billboards.

Re:Adware.. but what else

Reminds me of how initially having a logo on an article of clothing seamed insane

pa-dum chshhh!!! :)

Speaking of routers...

[toupsie]

I am in the market for a small home DSL router and now that Belkin is completely out of the running, what would you choose? I would love one with SNMP monitoring. I currently have an old LinkSys 4 port-er. 802.11g would be nice to have on it. Any suggestions?

Re:Speaking of routers...

Netgear. I've never had an issue, and have been using them since before they spun off from Bay Networks, now Nortel.

The blue ones are more durable than a brick, to boot. The silver/grey ones less so.

Re:Speaking of routers...

[Cyno01]

I'm typing this right now on my laptop connected over 802.11g to my cable line through my linksys WRT54g. It seems to be what your looking for, 4 port switch and Wi-Fi, it was relativly cheap and easy to setup, range is better than expected and the speed is decent. I definitly recomend linksys, all my networking stuff besides the NIC in my main box(onboard anyway) and my cable modem (motorola surfboard provided by time warner) are linksys and i havn't had any problems with any of it.

Re:Speaking of routers...

[yukio]

I use a Netgear DG824M.

It's an all-in-one DSL modem, router & 4-port switch with 802.11b. Decent security, and was as plug and play as it could be with PacBell DSL (meaning it worked out of the box, though the circuit was incorrectly provisioned - twice.)

I wouldn't choose this level of integration for a production office environment - but for my home LAN and the consulting stuff I do - it rocks. It's about $150.

Re:Speaking of routers...

[perotbot]

IBM300GL running smoothwall between my D-Link 614+ (router, switch and wireless) and the c-modem. I've never seen anything get past the smoothwall, but then the D-Link acts like a seconday layer of protection. Took a bit of testing to get everything dialed in, but now I don't get a hint of trouble and my overly geek homelan (10pc's at times) doesn't get touched. The key to protection is not a single layer, but a multilayer defense.

Re:Speaking of routers...

[cypherz]

I have used several of the SMC "Barricade" soho routers to good effect over the years.

Re:Speaking of routers...

[CokeBear]

I've tried 4 different brands, and I keep coming back to SMC. Check out the SMC2804WBRP-G Everything you need in a router: Wireless, 802.11g, 4 ports, Print server...

It should be available in about a week.

Re:Speaking of routers...

[0x0d0a]

I've configured one of those low-end Linksys routers about a year ago, and remember running into tons of pain when the thing tried using an MTU that was six bytes off. After a firmware upgrade, it let me manually set the value, but I was never impressed with Linksys' products.

Re:Speaking of routers...

[fucksl4shd0t]

I've configured one of those low-end Linksys routers about a year ago, and remember running into tons of pain when the thing tried using an MTU that was six bytes off. After a firmware upgrade, it let me manually set the value, but I was never impressed with Linksys' products.

Really? I found my Linksys router plugged in and just fucking worked. Like good things should. I've been very pleased with my Linksys, especially compared to the netgear piece of crap I had before.

Of course, now that Linksys turns out to be evil for violating the GPL, and Belkin can't be trusted for awhile either, and considering that I *am* a bit upset that 11g came out so quickly after I bought my router (which had 11b), I'm thinking I'll be better off building my next router from scratch, and just using a switch to network my wired computers. Get a WAP and plug it in, and when a new standard comes out, just get the plugin box for it (and update my kernel as needed).

On a side note, to my knowledge D-link has been Linux-friendly for awhile and done no harm. I could be wrong, but I was pretty happy that they included redundant Linux drivers on their driver disk (I say redundant because my 2.4.x series kernel already supported the card).

Pissy Belkin

[Bowie+J.+Poag]

"Feature"?... Dear lord. There must be some really, really fine crack going around in industry circles these days. Belkin sounds like they've taken a hit or two off the SCO crack pipe.

I wonder if they use their own products in-house. That would be a fitting punishment if it ever came down to a class-action suit.... Force Belkin to use their own products. :)

Snippy comment

[ssafarik]

Old Comment:
-----
Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Current Comment:
-----
Important message from Belkin:
We at Belkin apologize for the recent trouble our customers have experienced with the wireless router/browser redirect issue. We will be offering firmware fixes available for download early next week. We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

lemme guess...

Every 8 hours you get redirected to a page saying "Sorry, we won't do it again. Promise."

Re:lemme guess...

Hello, this is Eric Deming, a.k.a. Happy Dude. In response to a recent Usenet group posting, I decided to contact every customer to apologize for my telemarketing scam. I'm sorry. If you can find it in your heart to forgive me, opt in for the free 6 month trial of the Parental Control feature. You have the power.

Re:lemme guess...

[sharkey]

Please send one dollar to "Sorry Dude"...

Forget it...

[herrvinny]

Forget it. I'm not using a Belkin product unless they can prove there's no hidden "features" in the firmware. Either they open their source code, or they pay an independent review agency to completely review the firmware, hardware, etc. Every single chip in that router should be examined for any hidden "features". This was a monumental clusterfuck. And now you tell me they actually had the stupidity to attempt to defend their actions? Morons.

Anyone want to do some testing on the new firmware to make sure it's clean?

Re:Forget it...

[way2trivial]

shouldn't be impossible to test.

put the router inside a firewall... something that creates a pop up window every time the router goes out for resources on the WAN side.. Hell, put it on a PC with two ethernet ports, one to your broadband connection, one to the router, and then bridge the connection. A firewall on the PC, or logger, should tell you every time the 'router' goes anywhere, and 'where' that it is trying to go to....

Re:Forget it...

[jridley]

Screw that, I'm not buying another Belkin product, period. I don't care if it's just a cable. I've got a couple hundred bucks worth of their cables, but I'm done giving money to them.

Unfortunately, their cables are about all that the big box stores carry for some types of cables, like firewire and VGA/serial, etc.

Re:Forget it...

[geekoid]

you're overlooking the fact that they are fixing it, per the customer demands.
as for your other point, pray tell, whose router are you going to use? is there an open source router? it might be a good project to write open source firmware for existing routers...hmmm.

Re:Forget it...

[Spoticus]

>you're overlooking the fact that they are fixing it, per the customer demands.

Bullshit.
They're fixing it because they got caught scamming people, made some lame excuses, attempted to justify their abhorrable behavior, and now they're trying desperately to save face.
The _only_ reason they're fixing it is because they got caught.

Re:Forget it...

[ScrewMaster]

is there an open source router?

Yes. It's called Linux. And if you don't want to go so far as to set up and configure a full distro, simply download the open-source Smoothwall (they're at 2.0 Beta 7 now) and install that on any old PC you have lying around with a couple of NICs in it. Voila! Instant firewall, NAT router and intrusion detector in one, fully browser-administrable.

Re:Forget it...

[fishbowl]

>The _only_ reason they're fixing it is because
>they got caught.

Someone might have actually gotten through to them that there are potential liability issues.
The most obvious one I saw dealt with HIPAA. The argument of course being that hospitals don't use consumer products for their infotech... Ah, but sometimes they do! It's conceivable that, through a firmware upgrade, and unknown to the client, a security risk could be introduced. While that's still the customer's responsibility, the effect could be an unmitigated disaster.

I wish the first person to notice this had been some lawyer who does his own pc networking.

Re:Forget it...

Screw that, I'm not buying another Belkin product, period. I don't care if it's just a cable. I've got a couple hundred bucks worth of their cables, but I'm done giving money to them

There needs to be more declarations like this, with some level of organisation. Some kind of proper petition/drive/movement, where at the end of it you have thousands and thousands of declarations/signatures of people saying "no more Belkin products for us, EVER". After that, Belkin will presumably be even more contrite (instead of making we're-just-humoring-some-idiot-customers statements, even if they retract them later), but more importantly, NO ONE ELSE WILL EVER TRY ANYTHING LIKE THAT AGAIN.

Brouhaha over nothing

[fleener]

I have a Belkin for my home. Upon setting up the equipment, the advert page was the first one I saw. I skipped it, but encountered it again about a (?) week later. That time I actually read it and realized I had to jump through a hoop to never see the page again. I can't imagine managing a computer lab and taking more than a day to notice the advert.

Yes, I was annoyed, but no more than from mandatory product registrations or e-mails I receive from e-tailers from whom I've bought something. In the grand scheme of things, I'm used to the abuse. Today's standard practice is to let the customer opt-out after the first annoying sales pitch.

I honestly was surprised to see this issue posted on /. as a discussion topic. I accept it as the way companies act today, nothing unusual.

Re:Brouhaha over nothing

[herrvinny]

The problem is, you do accept it so willingly. You shouldn't have to deal with this. Nobody should have to.

Advertising shouldn't be on a product that is paid for. The router should do only one thing: route packets. Anything else, if it drops packets, rewrites packets (which it does), etc, then it doesn't work properly, and a complaint to Belkin is in order, along with a request for an RMA#. If the router is designed not to work properly (as it seems), then we need to file a report with the FTC.

Re:Brouhaha over nothing

So you have no problem with the company making your router having the ability to change some of its settings remotely ? We definitely have different standards of network security, pal.

Re:Brouhaha over nothing

[netsharc]

I can't imagine managing a computer lab and taking more than a day to notice the advert.

How come? If the router is being used by a lot of people (in a lab environment), and the page only comes up once randomly every 8 hours, chances are, they'll only show up at a random user's workstation, who'd just click it away. And the admin wouldn't realize what's going on.

Re:Brouhaha over nothing

[Strudelkugel]

I honestly was surprised to see this issue posted on /. as a discussion topic. I accept it as the way companies act today, nothing unusual

If Belkin chooses to put a piece of literature in the box with the product, fine. I might look at it and even be interested. If the want to put a removable sticker in the device to make it more obvious, that's OK, too. Modifying the product to insert advertising into my workflow, however, is not acceptable at all.

Imagine buying presentation software that would randomly insert ads into your presentations. How would that go over in front of a large audience?

Some fool at Belkin thought it would be a good idea to add this behavior to the router because it would create a highly visible exception - One that was bound to get your attention. The problem was that the exception was not clever or amusing, an acceptable form of advertising, rather it gained your attention because it broke the implicit trust between the customer and the manufacturer of a device.

We dare not allow vendors to go down this path, or information flow will be overwhelmed with unwanted messages. The Internet is useful because it offers individuals easy and fast access to vast amounts of information. Allowing vendors to inject unsolicited info into this stream risks destroying the fundamental value of the Internet. Pop-up ads were bad enough, and now even M$ will allow one to eliminate them from the browsing experience. Fortunately most vendors seem to understand what NOT to risk. We should all be glad people emailed Belkin with their disapproval, and that this has encouraged Belkin to ultimately reject such a stupid idea.

Re:Brouhaha over nothing

[fleener]

Well, I expect you'd notice the page because the advert is the first web page you see after install. And if you're dealing with more than one lab, you'd catch on pretty quick.

Re:Brouhaha over nothing

[fleener]

>The problem is, you do accept it so willingly.
> You shouldn't have to deal with this. Nobody
> should have to.

And yet that's the evil world we live in. I never vote democrat or republican so as to not prolong our torture, that's an easy choice. But with products there's no way to tell which corporation will annoy me until after I've bought and used the product. I've never seen a "crap free" sticker on any product.

Re:Brouhaha over nothing

[fleener]

> We dare not allow vendors to go down this
> path, or information flow will be
> overwhelmed with unwanted messages.

Too late. Every business I purchase from online sends me unwanted e-mail. Experts now recommend that the average joe use a second, separate e-mail address just to communicate with companies.

Re:Brouhaha over nothing

Hey pal, RTF post. I said nothing about what you're commenting on.

Re:Brouhaha over nothing

[fleener]

You know, this reminds me of DVDs. I don't see people up in arms that DVDs have mandatory FBI warnings, copyright warnings, corporate logo intros and disclaimers that are forced upon the home viewer each and every time a DVD is played. In the case of the logo, it's a clear case of hijacking my DVD player to show me a corporate advertisement.

Re:Brouhaha over nothing

[BlackHawk]

You accept that a company provides a router product that by design, periodically fails to perform as expected?

I certainly hope you're never in a position to affect my company's data stream.

Re:Brouhaha over nothing

[fishbowl]

"I expect you'd notice the page because the advert is the first web page you see after install."

So why do you assume "the web" is in any way involved in my network environment?

Re:Brouhaha over nothing

[fleener]

It's no different than a mandatory product registration. Actually, it's better because you can ignore the thing if you really want to.

Re:Brouhaha over nothing

[dubiousmike]

while I too am angry at Belkin, something you said struck a chord with me.

What if Belkin was trying to reduce costs to be able to compete and one way is to get an increase of revenue from this hijacking of your http request.

Now, with all of us knowing this, does Belkin benefit in the long run? Absolutely not. But you wrote:

"Advertising shouldn't be on a product that is paid for."

Who is to say what we really paid for? I mean, supposedly, you pay for cable without commercials, but they end up placing products within your show. Isn't this sort of the same thing? Tivo is decimating an aging business model (8 minutes per hour of commercials seperate from and inturupting your show) and seemingly, the cost of manufacturing is forcing some companies to get truly and weirdly creative. I would be pissed if it happened to my router, but you almost want to hire (for purely selfish reasons) the guy who was smart enough to put the pieces together and create revenue from something it took people so long to notice.

If Belkin had been up front in any way about this, we would be less likely to complain. How about a $10 rebate for those customers who don't mind popups for savings. Personally, I would never. But there are MANY who would. That's a small price to pay to not only be able to serve you ads consistantly, but also track your browsing habits. That part is HUGE. Just like Tivo found out that people will pay them HUGE bucks to give up user usage data (glad I have a Replay).

Re:Brouhaha over nothing

[fleener]

> So why do you assume "the web" is in any
> way involved in my network environment?

Uh, because the web is part of 99.99% of network environments. And, uh, if the web isn't, then your 'great inconvenience' is seeing a DNS error once in a blue moon. Seeing as I've never seen a blue moon, I could care less.

Re:Brouhaha over nothing

[fishbowl]

I'm far more concerned about the existence of an undocumented means of remote accessibility than any other concern here. I think that aspect of it has been kind of swept under the rug.

Re:Brouhaha over nothing

[herrvinny]

The problem with that is, the router actually rewrites some packets to go to Belkin's ad server. So actually, you're losing data. What if you completed a long form and and you hit submit, but oops, the ad comes up. My only complaint is that the Belkin product is losing data packets, rewriting them so they go to the Belkin ad server instead of their intended target.

If Belkin wanted to sell ads on the router's hosted web page (where you set router settings, etc), yeah sure, I would be fine with that. It would even be OK with me if they put ads on an LCD screen on the Belkin router. Hell, I don't care if the router sends me ads to my email inbox every 8 hours. The only guidelines I want the Belkin router to follow is:

1. Route packets as best as it can. Do not intentionally destroy, edit, delete, mutilate, or otherwise change any packet.

2. If the router must send ads, do so in a manner consistent with it's function. Email me every 8 hours with the ad, along with usage stats for the router? Fine. Display a big honking LCD screen with 2 feet tall letters showing ads 24/7? I might not like it, but, OK. I'll even spring for the electricity costs.

But for goodness sakes, I want a router that routes. Period. Anything else, fine, as long as the core functionality of the router itself is not changed.

Re:Brouhaha over nothing

Really, I don't think you get how important this is. I'm disappointed nobody bothered to propose a truly significant scenario where Belkin's asinine self-promotional routing could fuck things up, so I will:

a) Suppose I am a small business that buys this router and hooks it up in front of a secondary site (say, one of the partner's basements) where we have a "co-location" facility. This router handles NAT and traffic for a backup mail/web server, etc.

b) I write a Perl script to trawl our company's bulletin-board web pages and back up the contents every week, or maybe to log in and clean out some old user-generated documents in a cache folder every night. From the off-site machine, behind the router, so that the production servers aren't impacted by all the scripts processing and archiving.

c) Due to an obscure race condition between my Perl script and Belkin's undocumented router ad, maybe once a month my script ends up backing up or trying to clean out the cache of Belkin's fucking ad page!

That's why this behavior is fundamentally unacceptable. Period. Because it violates the Internet RFCs that dictate how routers should route traffic. It's not a "Brouhaha over nothing", jackass, if it could conceivably crash my backup server so Belking can advertise their stupid fucking parental control product.

Re:Brouhaha over nothing

[fucksl4shd0t]

1. Route packets as best as it can. Do not intentionally destroy, edit, delete, mutilate, or otherwise change any packet.

I agree, I don't have a problem with a company giving you more advertising after you've bought something. If they're smart, they'll approach you as "We want to build a lasting relationship with you" rather than "We want to get as much money out of you as possible." In the first case, there's an opportunity for me to benefit as a customer. In the second case, I don't want to give them the money at all.

The problem with their method is as you outlined. THey broke the core function of the product in order to advertise. I have scripts I periodically run as part of my work that do a lot of http requests (parsing search results, parsing client web pages, and so forth), and I would be in big trouble if I turned in a report to my client and said "This is how your web page gets ranked in relevance" and my client said "What is 'Parental Control Service'?". My business is small, so we use many low-grade consumer pieces of hardware (incidentally, the routers probably also have in their fine print something that says "suitable for home/office use only"), and something like this could be potentially devastating to one of my own customer relationships. Didn't anybody there ever think, even once, "It's great we're advertising this service, but we've broken the product. We can no longer guarantee huge uptimes, because we already know that one http request every 8 hours will be redirected. Our product can't be reliable if it's already known to redirect requests." This advertising method doesn't pass the common sense test, so obviously Belkin needs to institute some sort of Common Sense Training(tm).

I am available to train the monkeys.

Re:Brouhaha over nothing

[xsbellx]

Sorry but I disagree with your analogy. The advertisments/warnings displayed when you play a DVD are a direct function of the media, not the player or for that matter, the televison set it is being displayed on.

I think a more accurate analogy would be: After a random amount of time receiving a signal on one of the line-in connectors, your television would pop up an advertisement offering an extended warranty from the manufacturer of the television.

Quite simply, as has been stated previously, the product is advertised as a router/firewall. The function of a firewall is to restrict access based on owner/administrator configuration not at whim of the manufacturer. The function of a router is to direct network traffic, based on owner/administrator rules, along a path that will most likely allow the traffic to arrive at its intended destination. This product grossly violated both of these fundemental concepts.

Re:Brouhaha over nothing

[fleener]

My analogy is correct.

The DNS redirect is a function of the router. The DVD advertisement is a direction function of the DVD disc. Just as my web browser is not to blame, my DVD player is not to blame.

The fact that you dislike this particular function of the router is beside the point.

Re:Brouhaha over nothing

[dubiousmike]

excellent point - why can't the router create a new http request for an ad and have it appear in a new window?

Re:Brouhaha over nothing

[Alsee]

encountered it again about a (?) week later.

Well the router hijacks one connection every 8 hours as long as it's in use, whether you saw it or not. Thatt means several of your automated connections were currupted and you were completely unaware of that curruption!

For example do you have a virus scanner? It may have tried to download updated virus information and silently failed leaving you vulnerable to infection.

This sort of curruption is merely annoying when it happens to a human surfing the web, but it can be destructive or fatal when it currupts a program connection. It can wreak all untold havok if it hits a critical program in a commercial enviornment.

For nintey-odd percent of people it is an annoyance. For a few percent it's a minor problem. For a handful of people it can cause real data curruption, downed system, out other costly disruption. Major problems are rare, but your router should NEVER intentionally currupt your data. It can be particualarly difficult to hunt down the problem when it is an inexplicable error once every couple of hours.

-

Re:Brouhaha over nothing

[BlackHawk]

• It's no different than a mandatory product registration. Actually, it's better because you can ignore the thing if you really want to.

Wrong. A mandatory product registration is required by the company in question for support, or to keep their customer database up to date, for whatever reason. When you purchase a product, you expect to have to register it. You do not expect to have your data request hijacked at random so that you can view an advertisement instead of the data you requested.

Further, Belkin did not advise its customers that this is what was happening. Again, you expect a registration requirement, whether it's enforced or not. Belkin only commented on the subject after the firestorm of protest forced them to take action.

You appear to be in a decided minority in your acceptance of this as a non-issue. I would suggest that there's a reason for that, although you're certainly entitled to your opinion.

Re:Brouhaha over nothing

Dude, the first thing you see is the prompt. This is not a hidden thing. No subterfuge.

Don't try to makde mandatory product registrations sound OK. Typically they are used for marketing purposes. Product registrations are 99% marketing data collection and 1% product recall use.

.. and just what will this change be?

[mkettler]

"We do not have exact details yet but we can tell you now that each Router's firmware that incorporates Parental Control as an option will be changed."

Hmm.. hopefully this doesn't mean they're going to do something even more nefarious, like only hijack sessions going to the websites of parental control software manufacturers...

I look forward to seeing how they wind up handling the fix, and what they have to say about the patch when it's released. Hopefully Belkin has learned that this was an incredibly bad idea and will do the right thing. However, only time will tell this.

Of course, it still won't convince me to buy Belkin products again. Trust lost to abuse takes a long time to regain.

Re:.. and just what will this change be?

These people are such fucking morons it's absolutely unbelieveable... In case ANYONE from Belkin is reading, here's your instant solution to this problem:

1) Dig through the code vault and find the previous firmware version - you know, the one immediately preceeding this fucked up piece of crap

2) Revise the version to 1+ whatever it is now...

3) Recompile

4) Post it.

5) Submit it to an independent panel of experts for review to certify it as being clusterfuck free...

Shouldn't take more than about 2 hours - TOPS

What's the problem?

When you buy and install software, you usually get adverts the first time you run it telling you about new products etc. etc. typically you click the 'No thanks' button and it never pops up again.

I fail to see what the big deal is with Belkin. When I got my router the page popped up and I hit 'No' in response to their 'do you want our 3 month trial', and guess what - I haven't seen it since.

Now if you are a big enough twat to not figure out that hitting 'No' is going to make it go away, just like most advertising, then you probably shouldn't be owning a router and probably not a computer either. And people who are saying 'ooh, Belkin, evil company, never buy from them again!!', well they make good products and I'm certainly not going to stop buying them based on morons not being able to click a button.

Re:What's the problem?

[pilot1]

...and you also work for Belkin.

Re:What's the problem?

[troutsoup]

too bad if a NON-HUMAN is looking that that www page. say a program trying to automate something. or even someone who has no idea what that trial thing is about, say your 5 year old child? go to the corner, put this dunce hat on.

Re:What's the problem?

[griffinn]

The problem is a classical one: bad assumption about the user environment. Belkin likely thinks that all users fit one and the same profile:

• They use the router at home
• The router is connected to the Internet
• There are probably just 3 or 4 users on the network
• The person installing the router is technically savvy
• Whoever first encounters the ad will find the person installing the router and have him turn off the feature
• All traffic over port 80 are generated by humans viewing human-readable web pages

The assumption breaks down if any of the following is true: (i) The router is connected to a company's Intranet; (ii) There are multiple users on multiple floors who may not all know the administrator or realize that the ad must be disabled at the router; (iii) The HTTP request that triggers is ad happens to be (say) an antivirus update with a server within the Intranet.

Re:What's the problem?

I was asked by another Slashdotter to repost this whenever a similar story appears. I intended it to be a tongue-in-cheek criticism of an argument very similar to yours, but apparently a lot of people found it pretty funny. As commanded, here it is (posted anon, I don't need twice the karma for it):

Waiter: "Hi, I'll be your waiter tonight."

Customer: "Great! I'd like a cup of the soup please."

[Waiter takes out a hammer, thwaps customer on skull]

Customer: "WTF was that for?"

Waiter: "Sir, I'll stop thwapping you on the head as soon as you TELL me to stop."

Customer: "Why the hell would I have to TELL you to stop?"

[Waiter thwaps customer once more]

Customer: "GOD DAMMIT!"

Waiter: "Just say 'Stop,' sir, and this will all be over..."

Userfriendly cartoon bashing...

[Kentamanos]

Sorry if everyone's seen it already, just saw someone post it on another messageboard I read.

UserFriendly ad

The damage is done

[bnavarro]

I use an old Pentium computer as a Linux router for my cable modem; I was an early adopter of broadband, before these router devices were affordable.

I had considered switching over to one of these devices (I have periodic problems with the hard disk failing, and I am running out of small hard disk replacements for it :-( ), but after seeing this little stunt, no way. I won't trust any router that I can't program myself now. When my Packard Hell quits, I'm gonna just buy another old used computer and turn it into a Linux router.

I would strongly urge anyone else savvy with Linux or even *BSD administration to strongly consider this route. Belkin just proved that you can't trust anyone to route your data with a "black box" solution. OK, maybe not Cisco, but are you gonna fork over $10k for a home router? ;-)

(Yes I know Cisco just bought Linksys; I still won't trust 'em)

Re:The damage is done

[gl4ss]

i use an old pentium too.. (underclocked 200mmx).

but the reason i use it is because the 'hard'ware nats that would be able to push reasonable amounts of data through cost shitloads of money(that is, even if they have '100mbit' for the outside connection, which they rarely even have, it can't really push more than 1-2mbyte/s through, where the old pentium with dlink&intel cards can push 6-7mbyte/s at best, before the cheapo dlink card it had a realtek based cheapo card that was much worse, only 3mbyte/s with it and the intel).

i use smoothwall currently on it(really really easy to setup for anyone). my complain with smoothwall is that it insist on logging(and the 100mbyte log partition it makes got filled quite fucking fast, actually my other complaint is that it uses the hd at all), i used to use a more less featured(harder to use just) closedbsd on it though(that booted from cd, didn't have a hd plugged in at then in it.. silent..)

Re:The damage is done

I realized as I read your post that I was having a harder harder time paying attention to your message and more trying to decipher your grammer and lack of punctuation.

Eventually, I gave up.

Punctuation, proper grammer and diction serve a purpose.

Re:The damage is done

The verb "realized" usually takes an object; paragraphs should normally contain more than one sentence; there were three misspellings, and one double word instance; the word "diction" in this context is redundant when paired with the phrase "proper grammar."

Here is a rewrite that is easier to read: As I read your post, I realized that I was having a hard time paying attention to your message, because more time was being spent trying to decipher your grammar and lack of punctuation. Eventually, I gave up. Punctuation and proper grammar serve an important purpose.

Re:The damage is done

[gss]

You're just a wee bit paranoid aren't you? Just because one company pulls a dumb stunt like this doesn't mean everyone will. Also the little hardware routers have their advantages over a PC router, they're noise free and draw less power.

I think you can put away your tin foil hat for this one.

Re:The damage is done

Why do you have a hard disk in it? A single floppy or CDROM will do and it only needs to read it at startup, then never again, so I don't see why it will wear out.

Re:The damage is done

[Atragon]

Actually, it's relatively trivial to make a (nearly) silent PC. Especially if you're running a very slim OS.

In fact, I recently bought a used IBM for $220 (canadian), it's overkill to act as a router (except for needing a few more NICs), p3-733, 256MB of ram, 10GB drive. And it only has one fan in the PSU (a duct draws air over the CPU and its monster passive heatsink).

I picked it up to act as a file server for my LAN, but I'm tempted to pick up another one and a few multi-port NICs and use it as a replacement for my Linksys router. Heck, with another stick of RAM, I could run windows from a RAM drive, let alone linux.

Yes, you could call me a bit paranoid, but guess what. It's MY network.

Re:The damage is done

Why do you have a hard disk in it? A single floppy or CDROM will do and it only needs to read it at startup, then never again, so I don't see why it will wear out.

In general, old Pentium motherboards can't boot from CD. And what geek doesn't have an old hard drive lying around? Trying to fit everything onto a floppy could be annoying anyway, unless you go with a premade distro.

Re:The damage is done

[FrostedWheat]

and I am running out of small hard disk replacements for it :-(

I recommend getting a Compact Flash -> IDE convertor, and a small CF chip (depending on how big your system is). They are quite cheap now, and as long as you don't write to it to often it'll probably outlast the computer it's in.

Plus it's silent.

Re:The damage is done

Try http://www.soekris.com/

We use their box and it rocks. Boots from CompactFlash or PXE with 3 10/100 BaseT, 1 USB, 1 serial, 1 mini-PCI slot, small footprint and quiet.

Just a happy customer.

Re:The damage is done

[PhilipPeake]

My firewall/router was running RH9 until this week when I switched over to using devil-linux (http://www.devil-linux.org). Its a version which runs from a CD, and keeps its config on a floppy (write protected).

The end result is a system from which I removed the disks - much quieter, much less heat. And if someone should ever break into the system, I just re-boot and the system is re-set, all hacks are obliterated.

It can also be configured to run from a USB storage device, so that would make a system with no moving parts at all. Take a look at it, and forget about those failing disks in your firewall!

Re:The damage is done

Run your router from a CF card using a CF-IDE adapter and get rid of the hard drive. Saves power, is silent, and works well.

Wow! Companies really do listen!

[winkydink]

Now they just need to do a press release naming the marketer that thought it up, saying that he was fired for cause. :)

It's a quality thing

[WolfWithoutAClause]

The bottom line of this is that this feature was good for the producer, and bad for the customer (potentially very bad if it messes up something on an intranet).

Trouble is, we buy products because it is good for us, not good for the manufacturer. They seem to have lost sight of it, although may have realised their mistake (or equally likely they haven't realised it, but it's just they dislike the bad publicity).

Either way, it speaks volumes of their corporate decision making. In my experience, corporate decision making is at best, of highly variable quality; managers try to come up with just slightly too clever schemes that try to raise profits at the (non financial) expense of the customer. These things add negative qualities to the product. Why would you ever want to do that?

Actually, that was the first message

[FearUncertaintyDoubt]

The message that is currently running on their web site was actually what they originally posted on their site on Friday night, when they started to realize the uproar that they had provoked (and posted this message to the usenet).

Then, either Saturday or Sunday, they changed it to the far less likable one, which was much closer to Eric Deming's original reply in the usenet thread (which, oddly enough, was deleted from google groups). The problem is that it seemed more that they were trying to spin than acknowledge the problem. Methinks that they went back to the first version because they realized that they couldn't spin it at all.

Re:Actually, that was the first message

What group did that get posted to? It's probably still sitting on news servers (GigaNews keeps months worth of retention in the text-only groups.)

Re:Actually, that was the first message

They changed it again. They still don't understand that what they did was wrong.

Important message from Belkin:

In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

They still claim that it was just some harmless spam. To me they're still acting under the pretense that they did nothing wrong; and that the big bad evil geek community shouldn't have understood what they were doing.

They sure as shit belkined their reputation in my opinion.

The Original Message

[EvilStein]

Maybe they changed it because it was long & boring. :P

"Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you."

Sigh. . .

[MikeDawg]

I'm now going to cringe everytime I see a product that has "New Features". I'm going to start buying products with no features at all. . .

Re:Sigh. . .

[JonTurner]

>>I'm going to start buying products with no features at all. . .

You're switching to SCO? Oh, wait, that's features with no product. Nevermind.

Microsoft (/me ducks to avoid flames)

[MooseGuy529]

Disclaimer: This is my first and only router, and I haven't used any others!

Personally, I have a Microsoft "Wired Base Station" (i.e. router) model MN-110. It's pretty nice--there are no annoying redirects--but other things too.

The configuration screens are easy to use, but remember a few years ago when someone figured out that Microsoft browsers and servers collaborate in ignoring the TCP/IP protocol? Well, I have an inkling the router does so. When I view pages in Mozilla, they refresh a second time, showing "Content-type: text/html" in the upper-left corner. Either way, it's still easy to use, and pretty good feature-wise.

There are port-forwarding features, pretty simple, except you can't redirect to a different port, i.e. if you map external port 80 to a box, it has to go to that box's port 80. Not much of a problem. There's also application-triggered port forwarding, which opens certain inbound ports when an outbound connection is made. Personally, I don't see a point in this, since most users are too stupid to figure out port forwarding, and if they figure it out, maybe since their firewall software doesn't suck, why would they go to the trouble of figuring out what outbound port the app uses first? Anyway, it's also got rudimentary firewall features and a "Virtual DMZ," which is simply a default port-forwarding setting.

I have no complaints--of course, I will receive several Slashdot-generated emails pointing me to flame-replies about how Microsoft sucks, but it works. And it was $10 cheaper than the Linksys router next to it, and it looks cooler!

Too little, too late

[swordgeek]

Belkin has lost my business, until they very aggressively do something to FIX the problems of the internet.

All that backing off here is doing, is admitting that they pushed a bit too hard. Nobody can tell me that the goal of Belkin has changed, or is any different from VeriSign's. They want to manipulate the infrastructure of the internet. They want control over my computer, and how it works.

Fuck 'em. They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.

Re:Too little, too late

[ronmon]

Yep, I do a lot of SOHO network setups for fun and profit. In fact I have such a job lined up tomorrow morning. There's no way I'm going to recommend / install something like that. It could be pretty hard on the reputation a self employed geek like myself. My clients trust me for good reasons and I'm not letting Belkin screw that up.

So I sent an email to the address on their front page (kannynmc@belkin.com) and told them exactly that. Of course, it was sent from my semi-disposable yahoo account. Somewhat cowardly, no doubt, but they're sure not getting my real address.

Re:Too little, too late

[Bartmoss]

Totally agree. I do not own a Blekin product, but you can be sure I will never, either. Fuck 'em.

Re:Too little, too late

I completely agree. My reason for avoiding Belkin wasn't that they were selling broken routers, but rather that messing with traffic is such a fundamentally stupid idea for these types of products that who knows what else they've been up to? This is just a symptom of cluelessness - and it's the cluelessness that is stopping me from buying Belkin products in the future, not the symptom.

For all I know, they've fixed the cluelessness by firing a couple of people, but there's no way for me to know, is there? So no Belkin from now on.

Re:Too little, too late

[Zathrus]

They have to REALLY work hard to win back my business. Apologizing and issuing a firmware patch ain't good enough by half.

Sigh. Folks, when you grow up and enter the real world, don't just bitch and whine about things and say "that's not good enough". Do that and you're of no use to anyone -- all you are is annoying. If it's not good enough, that's fine, but you have to say what is good enough. And it has to be reasonable.

I emailed Belkin and informed them I would no longer be purchasing any of their products because of this. That's the stick -- yeah, I may be just one person, but for every one person that actually takes the time to complain there's usually 10-100 more people that are equally pissed but won't bother taking the time. The carrot was that they could do damage control and win back my business -- apologize (done), release a patch (allegedly going to be done), and promise to never do any such thing again (not done).

So they met 2/3rds of the goals. They flubbed on the last, but it's not an entirely reasonable request (it's far too broad and open-ended). That said, I'm still not going to buy Belkin products if I can help it. Their spin control on this story is poor, and I don't think they're really sorry about the crap they pulled. Now if they ever did say "look, it was a really bad idea and we're never going to try anything like that again" then I'd be happy to buy their products in the future.

Re:Too little, too late

[swordgeek]

I hate to dissappoint you. I'm grown up, and entered the real world some decades ago. I have a very polite but firm stock letter that, with a few modifications, has already been sent to Belkin.

My take on your third goal is the crux of the matter. An apology and a fix are fine, but my point to /. and to Belkin is that it's not enough. The companies have to realise that commercialisation of the infrastructure is a horrible idea, and they cannot be allowed to get away with it.

Imagine if the roads were such that only Toyotas could go down 3rd and 7th Avenue, and Fords weren't allowed on odd streets at all? That's the sort of thing that Belkin and Verisign and no doubt many other companies out there are heading towards, with no thought towards anything except their short-term profits.

I made it clear in my letter that I won't be buying Belkin until I see substantial action from them to counter this behaviour, from them and from others.

Re:Too little, too late

An apology and a fix are fine, but my point to /. and to Belkin is that it's not enough. The companies have to realise that commercialisation of the infrastructure is a horrible idea, and they cannot be allowed to get away with it.

I guess it's all a matter of wording. I haven't seen an apology from Belkin. They are still saying we are making a big deal out of nothing. To me an apology would do admit that messing with infrastructure for advertising is a horrible idea and cannot be allowed. I'd also like to see that Bozo who justified this fired, but I know that wont happen.

Re:Too little, too late

[HiThere]

It was reported earlier that his former job had been announced as vacant. True? False? I don't know.

Whatever, scapegoating doesn't suffice. You can't load your sins onto a goat, if you intentionally committed them. You must actively reform yourself, also. Companies have done this. It usually takes time for them to realize that they must, and until they do, they haven't really changed.

I fine Belkin 30% penalty over this. To me this means that to get back to neutral they must be seen to do good sufficiently to balence that, and until they do their products will need to be either 30% cheaper, or equivalently better. And that's a tough percentage. Intel has lost out to AMD over a much less penalty (10% I believe, I'd need to check my records).

Now I admit that I'm unusual in assigning numeric scores here, but I think that most people have some sort of informal equivalent. For some people firing the scapegoat would do a lot towards restoring the balance, but he was only the public voice of internal policies that he may well have had no part in shaping. (Ineptly defending, yes, but those policies were basically indefensible.)

Fun with HIPPA regs

[CBob]

Now what it STILL doesn't answer... Will the router still be externally reconfigurable w/o the owner/user's knowledge. Big nasty now well publicized backdoor "feature" on a router that could end up in small medical offices or used by home transcriptionists. HIPPA regs are scary to the "little" folks who have to comply w/em. They're hellishly terrifying to large companies that could face sanction just because somebody working from home saved $5 on a router with known security issues.

Belkin makes iPod products

Makes me want to double-check Belkin's integrity before getting a voice recorder for my iPod.

Re:Belkin makes iPod products

Next thing you know, you are listening to some tunes and suddenly the Belkin Vacation Battery Pack starts yelling into the audio stream about buying the Parental iPod Modules.

Canned email reply from Belkin

[PHPee]

Like many fellow Slashdotters, I emailed several different people/departments at Belkin, expressing my disappointment with their new "feature". I received the following canned response today, from Eric Pipkin, an Account Manager at Belkin:

Rob,

Please refer to attachment below in regards to your email.

Thnx.

The email contained a 119k pdf file attachment, which I actually found on the Belkin website by adding the filename to the end of the belkin.com URL. Here's a link to the pdf file I received: http://www.belkin.com/Belkin_parental-control.pdf

It doesn't really tell us anything new, except that Belkin seems to be missing the point entirely, defending their "feature" and not mentioning anything about any upcoming firmware fixes.

Re:Canned email reply from Belkin

[argent]

I got that same message back from Deming.

My response was "wrong anwer... the right answer starts with 'we apologise and will be shipping a firmware update within a week...'", followed by an explanation of why their argument that it wasn't spam because it didn't do anything to the software on your PC was misleading and irrelevant.

Apparently they've been getting a lot of that. :)

Can I bill Belkin for field installation?

[G4from128k]

Corporate behavior like this drives me insane. The personal labor cost to fix their defective product exceeds the price of the product. But I'm sure the EULA is careful to explain that the product is not necessarily useful for anything and Belkin is liable for nothing beyond the price of the product.

attention manufacturers!

[kevin+lyda]

if you sell a widget to do thing x, just have it do that thing. don't collect stats. don't have it usually do thing x buf sometimes do thing y randomly.

even with this change the chances of me buying anything by belkin ever again are nil. until i see belkin publicly appoint an ethics officer who will vet marketing decisions like this (and with the power to block them) i will actively encourage people to avoid them as well.

i suspect i'm not alone in this opinion.

Re:attention manufacturers!

i suspect i'm not alone in this opinion.

Yeah, I suspect there's quite a few people that have willingly disconnected themselves from reality that would agree with you.

not buying Belkin

[austad]

I went shopping for a laptop bag yesterday. I really liked this Belkin one I found, but decided not to buy it solely because of their little router spamming escapade. I won't buy Belkin products anymore.

The sooner hardware manufacturers realize that pulling stunts like this results in some sort of backlash which affects their bottom line, the better.

Re:not buying Belkin

[Shakrai]

The sooner hardware manufacturers realize that pulling stunts like this results in some sort of backlash which affects their bottom line, the better.

Hey, not to rise to Belken's defense (because I'm not too hip on their products.... got a dead USB hub from them once... and a dead USB add-on card a week later, both RMA'ed and replaced thou, but still...), but does anybody seriously think this was an intentional stunt?

More likely then not, this was the brainchild of some idiot in marketing, who will probably lose his job over it. One of those ideas that looks great on paper and blows up in your face when released to the world. It's happened to all of us at one point or another (though probably not to this scale).

Now that doesn't excuse the initial statement on the website defending the feature. But again, that was probably the brainchild of some idiot in PR saying "We can't admit we made a mistake". Fortunately, it seems that smarter heads prevailed in this case.

Re:not buying Belkin

[RodgerDodger]

More likely then not, this was the brainchild of some idiot in marketing

Needs to be a bit more than that. Some idiot in marketing is highly unlikely to be able to modify the firmware of a product in the way described.

Nope, this was a deliberate feature, that would have been signed off by the product manager, and assigned to an engineer to implement. Odds are it had testers verifying that it worked, as well.

There is no way that "some idiot in marketing" is solely responsible for this; this is a deliberate ploy by a company with no consideration for its customers.

Re:not buying Belkin

[Captain_Chaos]

More likely then not, this was the brainchild of some idiot in marketing, ...

I think there was a lot more to it than that. The brainchild of some idiot in marketing doesn't magically end up in the firmware of several of their products! It has to pass through a lot of departments and be approved by a lot of people who should know better.

Re:not buying Belkin

[Shakrai]

I think there was a lot more to it than that. The brainchild of some idiot in marketing doesn't magically end up in the firmware of several of their products! It has to pass through a lot of departments and be approved by a lot of people who should know better.

Remember that none of us is as dumb as all of us ;)

Should know better and do know better are two different things. The only person here who probably knew better was the poor engineer who had to make the changes to the firmware. He probably started to protest, only to be cut off by the pointy-hair boss, at which point he thought to himself "Ahhh, fuck 'em. Who cares if they piss everybody off and go down in a blaze of glory. I can always go work somewhere else."

That's the tradgedy

[L-Train8]

I accept it as the way companies act today, nothing unusual.

This is what is really bad, and why Belkin thought they could get away with this crap. We have become used to the abuse. We need to stand up and say, "I'm mad as hell, and I'm not gonna take it anymore!"

The incredibly onerous and annoying contracts that have become standard parts of software licenses are starting to creep out of the fine print of click-through EULA's that no one ever reads and into everyday life. I think hardware companies look enviously at software companies, with their "no responsiblity for the company/no rights for the user" legal disclaimers. They are increasingly trying to get the same kind of weasely deals for themselves.

But actual physical products are a different animal, and you can't hide how you're screwing the customer behind an "agree" button. If EULA's weren't such confusing legalese, and people actually bothered to understand what they are actually "agreeing" to, I believe we'd all make a bigger stink about it. Fortunately, it's more obvious when physical items try to act like virtual ones.

Re:That's the tradgedy

[fleener]

>We need to stand up and say, "I'm mad as hell,
> and I'm not gonna take it anymore!"

That's nice sentiment, but not practical in the real world. I'm mad as hell with Microsoft, but am locked into using Windows (don't even try to say Linux is ready for general consumer use). I'm mad as hell with the MPAA, but I still watch movies because indy movies are hard to find and most suck. The only thing that slogan works for me with is the RIAA. I only buy music direct from the artist now, purely local bands.

Re:That's the tradgedy

[fishbowl]

> We need to stand up and say, "I'm mad as hell,
>and I'm not gonna take it anymore!"

The way to do that is simply to return the defective product, if you've already bought one, or else not buy the product if you haven't.

There, that wasn't so hard, was it?

Re:That's the tradgedy

[1lus10n]

just cause im bored ....

whats your beef with linux ? what cant it do that you need it to ?

Re:That's the tradgedy

[fleener]

> whats your beef with linux ? what cant
> it do that you need it to ?

The average consumer cannot install it or configure it or get it to do what they want with a reasonable measure of training. Disagree? The statistics are on my side. MS is almost universally hated, and yet Linux sits idle because it's not easy.

Re:That's the tradgedy

[HalfFlat]

MS is almost universally hated, and yet Linux sits idle because it's not easy.

It may be the case that Linux is not easy, but that's the least of it. Linux is not widely used on home computers because

1. It's not installed by default.
2. It typically does not run Microsoft applications 'out of the box'
3. Many people are forced to use Microsoft applications due to Microsoft having cornered the office software market, and then making it difficult or impossible for others to interoperate at the file format level.

When these are no longer an issue, then you can start worrying about ease.

Re:That's the tradgedy

[fleener]

You are the underdog. The operating system must be fitted to the audience if you want any chance of adoption.

Whining about monopolies is academic. I would gladly switch my home computers and convert my entire office to Linux if it were a good move. Linux has not matured. My heart wants Linux, but my brain tells me to endure slavery because it's better in the long run. For millions, freedom will remain a dream.

Re:That's the tradgedy

[1lus10n]

when was the last time you installed or configured linux ? i would venture a guess to say that 80% of the people out there could install redhat 9 with little to no problems.

but the point stands, the reason linux isn't more widely used is because of ms's ILLEGAL bussiness tactics. not because of its usability.

dont give me hearsay, give me specifics.

Re:That's the tradgedy

[fleener]

I don't need to argue this point. Anyone whose life isn't engulfed by linux knows linux is far, far away from being ready for market. Spare me the commentary of my saying "market." You know what I mean. Not ready for prime time. Everyone and their second cousin has already said this. Shout into the wind all you want.

Re:That's the tradgedy

[0x0d0a]

The average consumer cannot install it or configure it or get it to do what they want with a reasonable measure of training.

I disagree, though it may be just that I am familiar with Linux -- I'd say that a new user with a *current* distribution (very important -- ease of configuration is the fastest increasing factor in distributions and has been for a couple of years) goes through less pain to install Linux than Windows (assuming no preinstall), and roughly equal pain to configure (some of which is the fact that there are just less configurable options in Windows).

I'd say that the main impediment to Linux catching on with Joe Public is that Linux is many distributions with many different interfaces. In general, Windows is Windows (and at the least Windows XP Home is Windows XP Home). You need learn only one interface and one way of doing things.

If you're a Linux guru, you *still* probably aren't (intimately) familiar with more than three or four distributions' installation and configuration setup -- and for that matter, from Red Hat 5.0 to Red Hat 9, the system configuration interface has changed at least 3 times. Even if you're a guru, every last minor version number change of Linux (2.0, 2.2, 2.4) has resulted in a new routing/firewalling interface and similar to be learned.

The sluggishness of Windows to change and improve isn't always a liability in the market. People (non-techies) frequently want to learn something that they can keep using. They don't want to learn something that will be obsolete in eighteen or twenty four months.

Re:That's the tradgedy

[fleener]

> I'd say that a new user with a *current*
> distribution goes through less pain
> to install Linux than Windows

My mother can install Windows if she can click the "next" button. Is Linux that easy?

Re:That's the tradgedy

[1lus10n]

so basically what your saying is that because people say something that makes it true ?

the earth is flat.
the earth is the center of the universe
there was no holocaust.
america isnt self-centered.
bush isnt a jackass

and so on and so forth ......

Re:That's the tradgedy

[fleener]

I've seen it to be true and so has virtually everyone else. To go along with your analogy, you are the one insisting the earth is flat.

Re:That's the tradgedy

My mother can install Windows if she can click the "next" button. Is Linux that easy?

Ark Linux is, and probably Lindows, too. Knoppix is easier: No install at all, just boot it, wait, and you're logged in.

Installation is not a major hurdle anymore. It's what comes after the install, like adding new software and hardware, that gives many neophytes trouble. E.g. learing to shun third party installers is quite hard.

"The market" is a nebulous term. Certain parts of the market are ready, and are pushing Linux quite hard. After all, you can get Lindows boxes on Walmart!

--
Herman Robak

Re:That's the tradgedy

[HiThere]

OK. So you are willing for them to walk all over you..or at least acquiescent. But that doesn't mean it's "not practical in the real world" to stand up to them.

I *don't* see MPAA affiliated movies *UNLESS* I also donate twice the ticket price to the EFF.

I *don't* use any MSWind product except one copy of MSWind95. Linux is fine for me, and my wife is currently on a Mac. (I intend to gradually move her to Linux, but that is a staged project.) I campainged against MSWindXP at work (I've recently retired). This will not be successful in the medium term, but it was in the short term, and during that period several computers using Linux were installed. So the long term prospects are promissing. (My ex-boss now understands about the XP EULA terms...and why it's important to get away from it. Newly hired staff came on who understood from before they were hired why Linux was a preferable choice, etc. Including the current SysAdmin and the current DBAdmin.)

Personally, *I* don't find it practical to lie down and let them walk over you. You need to consider both the short term AND the long term consequences. (I retired from a job as an MSAccess programmer...and that's a part of what convinced me that Linux was the only viable choice. The Mac would have been slightly better, but had the same basic drawbacks. Centrally controlled systems are operated for the benefit of the controlling party. If not at first, then they evolve into that design.)

Re:That's the tradgedy

[juhaz]

The average consumer cannot install it or configure it

I agree. But only because average consumer can not install or configure Microsoft Windows either.

In optimal case, both are probably about equally hard to install, sometimes Linux is even easier and sometimes Windows is easier.

or get it to do what they want with a reasonable measure of training.

That depends. I'd say they can do basic tasks (web browsing, email, maybe a bit of word processing...) on both just as easily as well. It's not like there is any difference in clicking on a browser icon in gnome or in explorer. Everything beyong that is not within their reach, regardless of the operating system.

Re:That's the tradgedy

[fleener]

My mother can install Windows and she's a dolt. "Just hit the 'next' button mom. When it says 'OK' click that too."

Re:That's the tradgedy

[1lus10n]

no actually the analogy was very simple, just like the question that you cannot answer:

analogy= many people claimed at some point with closed minds the following (see previous post)

question= if there are so many people who have used linux I would like to know when this was, since the vast majority of the population have not used it. Since you are leading people to believe you HAVE used it and somehow have a problem with it, why dont you answer the very simple question: what doesnt it do that you need it to do, and when was the last time you tried it.

very simple. your refusal to answer the question leads me to believe your full of shit.

Re:That's the tradgedy

[fleener]

The answer, should you care to pay attention: Linux is not ready for prime time. My mother is a complete dolt and she can do a full Windows install. Linux is fine for nerds, but is years away from being ready for the masses. What do I want? I want my mother to install and understand Linux without a six week workshop. That's what I want. Go on believing Linux is God and ignoring the world around you. You are a funny little man.

Re:That's the tradgedy

[1lus10n]

what distro did she use ? my father who is a corrections officer and has no computer experience installed redhat 8 with almost no help from me. the only thing he needed help with was configuring evolution to get his mail.

Linux doesnt do alot of things. but some distros are easier for a computer n00b to use than windows.

Too bad

[Blair16]

Unfortuneately for Belkin, the damage has already been done. I already thought their routers were no good after I had a hell of a time getting one to work with a DLink wireless NIC. They've just run out of chances with me.

IQ of marketers = - (IQ of sensible person)

[Futurepower(R)]

From the parent post: "... average IQ of marketers ... tends to zero."

The average IQ of some marketers is less than zero. They are very intelligent in being destructive to their companies, meaning they have a high negative IQ. Deciding to include router hijacking is not something an ignorant person could do.

The router hijacking idea was a product of considerable creative thinking. And Belkin's router project manager Eric Deming made himself semi-famous on Slashdot. Not everyone could do that!

Think how this will look on Mr. Deming's resume, as he looks for a new job: "I significantly affected my company's profitability." This is honest because: (Truth in marketing) = - (Actual truth).

Turn off UPnP.

[Trillan]

It's on Tools->Misc.

Still not buying.

I just purchased a couple of Belkin UPS's. Not bad for the price.

Would I buy a router from these folks? Hell no. Would I buy a Linksys router? Nope, they don't play well with GPL. I think Microsoft makes home network routers, but they have an even worse shot at getting any more of my money..:-) Maybe SCO will be the next slime organization to enter the home networking arena?

Perhaps Belkin's marketing department is calling too many technical shots? A router should just decide what to do with packets, not play nasty games with the upper level protocols.

Belkin's marketing droids can try to spin this any way they like... it's just as slimy and "spammy" as Windows Messenger popups.

One would think a small company (I believe privately held, even) would be responsive to their customers (or potential customers) and just suck it up, release a patch *and* an apology... but *no*! "We don't understand why you're whining about this being spam. Our marketing bozos don't consider this spam .. and here's your stinking firmware upgrade.." isn't a good technique to get people to open up their wallets.

Belkin: Open your eyes, listen to potential customers. Find all of the marketing idiots responsible for this and fire 'em. Get new marketing folk and have them write up a press release about their successors. Make sure marketing stays in their little sandbox of advertising and box art design. Leave technical things to technical people.

Re:Still not buying.

I recently bought one of their UPS's because it
provided a lot of power for the price. However,
I found they don't publish technical details on
how to talk to their UPS. I sent them an email
message suggesting that they were in the business
of selling hardware and not software. And that
keeping their communication protocols secret was
going to keep them from selling some hardware.
Now I have even less reason to look their stuff
for my next UPS.

would the following no longer be spam?

[hhknighter]

En14rge Ur Peenis is aaware of some receent pposting5 that c/laim that we 4re 5pamm1ng users with our pr0du6t. It is not now, nor has it ever been, the policy of En14rge Ur Peenis to intentionally spam our customers. En14rge Ur Peenis offers b35t ppeenis enla45gements, and to make our t1ny twiggy customers aware of the p0ssibi1ity in satisfying the1rr parttner, we have tried to d1rect udsers to thee inforasmation regarding en14rgeing ur p0ker.

peese t4k3 us 0ff1 ur sp4m l1st, we r ur s4vior, itz\\our c0onstituti90nal rightsl to anneoy da liv1ngs phsucks outsta u

Good thing I never thought about buying anything from Belkin, I would've chucked that damn thing at the marketing director so hard he would be dumb enough to respond to one of those spam emails

Re:I've got a fix... really

[JohnDoe.Slashed]

How about if every hour from now on they would mangle a http request such that you get some nice pr0n... wouldn't that be a way to repair the situation?

What is the Punishment Lifecycle?

[IBitOBear]

So now the real question...

What is the punishment lifecycle for this kind of abbuse? They fixed it pretty fast but it burned a hole in their credibility out here in user land.

How fast do we forgive? Do we forgive at all? How many releases will receive strict scruteny before Belkin regains "acceptable vendor" status? Are we now intent on scrubbing all their products for any exploit on the "fool me once" principle?

Quite a quandary.

Re:What is the Punishment Lifecycle?

I spend a fair bit on network hardware, and I do have some belkin equipment around the place. After this little stunt, I won't be adding to it.

Cheers
Simon

Re:What is the Punishment Lifecycle?

Two things to say:

1. Others have to see the blood and get *very* scared to keep this sort of thing from happening regularly. As far as I'm concerned, it's the death penalty for Belkin.

2. Consumer wrath can be long lived. FWIW, when I was fresh out of college in my first job and didn't have any money, I went shopping for a cheap car. I went to one dealer's used car lot and told the salesman I was looking for under a certain dollar amount. He was very disinterested, unhelpful, and made me feel small. In the 20+ years since I've bought 10 cars and trucks for myself and my wife, some used, some new. That dealer has gotten $0 of my business. I'll never buy from him. Ever.

RE: UPNP service

[King_TJ]

Right! I always make sure UPNP is disabled on every XP box I set up. I can't really see good reasons for the service to be there - and I recall people complaining about the security holes it created back when it was first released to the public.

I'm just a little bit surprised routers are actually making use of it now. I guess it's all about pressure put on them to make it easier for people to run special services from multiple computers (since NAT firewalls make you redirect traffic to one specific IP otherwise).

Ultimately, it's a matter of convenience vs. security, and to me, UPNP compromises too much security for "ease of use". It's like setting your home alarm system up with an easy to remember code like 1-2-3, for the sake of convenience.

Original "snippy" remarks

Belkin is aware of some recent postings, done by ill-tempered individuals, that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is of our full understanding that this is crap. This feature was added in response to thousands upon thousands of requests to the Belkin Feature Department, and added in good faith to the benefit of our customers.

Furthermore, our R&D department took the utmost care in presenting the best material possible in the redirected HTTP requests. It is of general understanding that our Parental Control option ads are more visually appealing and interesting than any other site you may have wanted to view at that time. For that, dear customer, you are welcome.

Unfortunately, due to the pitifully small reproductory organs of the complaining Usenet posters, we will have to strip your routers of this feature. You will be missing information on our great products and will not be able to take advantage of our incredible 30-day free trial (a $9.95 value!!!) because of these people.

Expect more information and their full names and adresses later this week. Thank you.

Re:Original "snippy" remarks

YES! Parental Control advertisements is all I use the Internet for! I just browse net nanny sites all day long because there is seriously nothing better on the Internent than those nanny ads!!! Even though I don't have children. Even though if I had children I wouldn't teach through sheltering! Even though...

Re:Original "snippy" remarks

But in all seriousness. That is the most unprofessional notice I have ever seen a large company spit out. Even Corel has more tact than that.

Re: UPNP service

[madcow_ucsb]

True. But I'd say it's pretty secure if you

1) Block untrusted hosts from controlling the router via UPNP

-and-

2) Don't run trojans :)

Unemployed? Want a job?

[Futurepower(R)]

In case you would like to apply for Mr. Deming's job, it's available. (Scroll down to "Marketing Manager"). Or, just write careers@belkin.com.

Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".

Re:Unemployed? Want a job?

> Of course, Belkin won't accept just anyone. The "right candidate" must be able to "strategize, initiate, and execute". He or she must be able to "drive revenue" and "leverage knowledge" about "end-user sell-thru strategies" and must be able to "align resources" and "translate raw content".

Oh, so the candidate must be a dipshit.

Ads are broken.

Re:Unemployed? Want a job?

[per11]

and have "20 years experience in Java"

Re:Unemployed? Want a job?

[micromoog]

"drive revenue"

drive revenue away?

Re:Unemployed? Want a job?

Oh, a PHB that is excelled in speaking fluent Bullshitese. Sorry, even if my ethics where that low, I am too informed to be blatently blind of everything outside of making money as fast as possible, right away. The pay is nice though...

Being a greedy dumbass is one of the highest paying and most influential jobs around. Man, those people that encoraged me to be honest and work on my education really screwed me up.

This doesn't address...

[Dachannien]

This doesn't address the most important issue: did Belkin actually ship routers with the firmware including their "feature" installed? Are they planning a recall to flash the firmware for those who can't figure out how? And how many unwitting sysadmins will install one of these routers on a system where the only machines behind the router run automated scripts where they can't click "no thanks" on their ad?

Re:This doesn't address...

[ezonme]

DONT WORRY! The good guys at Belkin are patching it right now trought one of the thousands backdoors they have on their so-called router

Revised Email Sig

[Bob9113]

Following is my revised email sig, part of which is stolen from a +5 rated message from the last story. Keep the pressure on folks. As Microsoft has so clearly demonstrated, preventing further harm from one specific act is not enough to dissuade new and more creative despicable acts by malicious corporations. Companies must realized that it is not enough to say you're sorry (particularly when you have your fingers crossed behind your back). We don't let criminals who have malice aforethought get away with "I'm Sorry". We should not be any more lenient with malicious corporations.

Belkin (verb) - To surreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
"I installed topdesk and it belkined my browser."
"VeriSign's SiteFinder belkined the .com and .net TLDs."

Belkin products are broken as designed. http://slashdot.org/article.pl?sid=03/11/07/174020 5

Belkin has recanted and claims they will issue a patch. Good. Now all they have to do for me to remove this .sig is to pay their pennance. Backing down is not enough, I require satisfaction. May I suggest a $100,000 donation to the EFF?

Re:Revised Email Sig

[herrvinny]

What about $100,000 for me, for having to find this stuff out on /., emotional distress, etc. That should easily reach $100,000 - tax ;-)

Oh, I almost forgot:

Belkin (verb) - To surreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.

Example:
"That Eric Deming really belkined his company's product."

Re:Revised Email Sig

[cabalamat2]

Belkin (verb) - To surreptitiously alter a product in such a fashion that legitimate use is hijacked to the benefit of the manufacturer or associated beneficiaries, usually in a crass self-promoting fashion.
"I installed topdesk and it belkined my browser."
"VeriSign's SiteFinder belkined the .com and .net TLDs."

Oh, I like this very much.

Let's all use this in our sigs, and put it on our websites; hopefully it'll get in the Jargon File, and will be preserved for posterity.

New Belkin response - total downplay

Now it's just one disgruntled guy on Usenet, what horrible spin (and "to allay customers' worries", not "to fix our defective product"):

Important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

Re:New Belkin response - total downplay

[paranerd]

And notice the phrase "during the installation process". Like they weren't doing something everybody does. What they aren't admitting to now is that it's not just during the installation process that they were spamming their customers.

This post doesn't address...

[Phil+John]

...the fact that if a sysadmin actually used a belkin router on a corp network he should ask for the money back on that "I.T. For Managers" seminar and go back to fouling things up as a PHB, the place they can do the least damage.

Belkin makes these things for home users wanting more than 1 computer to access the internet, not for corps looking to cut corners. Anyone who does that deserves for it to go pear-shaped.

***THWACK!!!****

[wowbagger]

That was the sound of Belkin getting a TREMENDOUS bitchslap from the Internet.

What astounds me is not that they did this in the first place (although I told a Marketing Director where I work about it, and his first reaction was "That's STUPID! What were they thinking!").

It's not that a product director at Belkin would respond to something like this in a public forum without vetting his response against Corporate Marketing/Communications and Legal (or, if he did, that they would approve this).

It's not that they corrected the problem within days - that was inevitable.

It's the fact that it took them TWO TRIES to get a proper response on their web site to this - one a snippy, spin'ny "We didn't do anything wrong, we're undoing it, and we won't do it again, you annoying freaks" and then the properly "We are sorry, we will make it right." response.

Now, the interesting question is, "Is the Eric Deming, the moron responsible for all this, still employed by Belkin?"

Anybody interested in seeing how long until his email bounces?

D-Link PnP

under the Tools tab, click Misc., disable UPNP settings

Re:D-Link PnP

[Bowie+J.+Poag]

Thank you.

I just wish there was a more adequate explanation of UPnP in the manual. Here's a copy of it, taken directly from the manual:

"UPnP is short for Universal Plug and Play which is a networking architecture that provides compatibility among networking equipment, software, and peripherals. The DI-604 is a UPnP enabled router and will only work with other UPnP devices/softwares. If you do not want to use the UPnP functionality, it can be disabled by selecting "Disabled".

It should read:

"Leaving this stupid fucking feature on leaves you bent-over and spread-cheeked for when a piece of malicious software comes along decides block every damn port on our router. UPnP allows changes to be made without your knowledge OR consent--it allows any program to totally bypass user/admin authentication. As an added bonus, entries commited via this backdoor^H^H^H^H^H^H^H^H"feature" cant' be removed without first factory-defaulting the whole goddamn router and rebooting it. Anyway, Microsoft wants us to put it here and leave it on by default. Click the box to disable it."

I think my explanation is much clearer, don't you? :)

Well, I for one...

[diesel66]

I guess I'll be the one guy who apreciates the fact that at least they had enough of a clue (conscience ?)to admit that maybe it was't the best idea.

At least they learn...

Some folks don't, that's worse.

-dzil

Big Brouhaha over nothing??

[linkjunkie]

This is a device to route traffic.
If it is not routing traffic to its appropriate destination, then it is faulty!

If a car were to stop running every 8 miles and ask you if you'd like Onstar, you'd sue!
And you should.

I will NEVER buy a Belkin product again.
This is a sign that the marketing department has control over the tech side.

The ONLY way that this would be REMOTELY acceptable is if it were clearly stated on the outside packaging.

One last thing. You give money to a manufacturer for a product, NOT advertising.

And no, my clothing doesn't have labels.

Re:Big Brouhaha over nothing??

[fleener]

>If a car were to stop running every 8 miles
> and ask you if you'd like Onstar, you'd sue!

I wouldn't sue. That's absurd. It's not even an apples to apples comparison. An appropriate comparison would be that when I try to use Onstar is connects me to a representative (as usual) and that rep pitches me a sales message. I tell the person I'm not interested and Onstar never pitches me again. Simple.

(Anyone reading this threat out of order should note that we're talking a hypothetical. I've never heard of Onstar doing this.)

Re:Big Brouhaha over nothing??

[linkjunkie]

Unless you do not give the appropriate 'not interested' answer, at which point Onstar continues to give you the sales pitch every time you connect, until you give the answer they are expecting.
I might add that Belkin needs access to the router to turn off the flag that causes this behavior.(Hope your device isn't behind a firewall).

Ok, the 'you'd sue' was a little over the top, but I am quite angry about it.

I still feel the comparison is fair though.
The device does malfunction every 8 hours until you give the appropriate response.
Even Belkin admitted that it wasn't covered in the manual as it should have been.
That doesn't even mention the routers that didn't originally come with this feature, but had it turned on with a firmware update.

Re:Big Brouhaha over nothing??

[fleener]

Well, duh. If you ignore the prompt, yes, you will get prompted again.

The device does not "malfunction." As per the advert instructions you were presented during installation, if you ignore the prompt, you will get prompted again. I remember reading that I was going to see this page again if I didn't tell Belkin I wasn't interested. I had plenty of time to return the product to the retailer I purchased it from. But telling Belkin to nix the prompt was far easier than returning the product. It annoyed me about as much as any software's mandatory product registration.

Routers firewalls etc

[baomike]

I must have missed something.
Is it really that much easier to use/buy one of these routers than to just use an old 486 box with
linux?
Two ethernet cards and a minimal set of hardware
(33mhz 16 megs) seem to handle anything the DSL
line can put out.
Makes a nice firewall also.

Mike

Re:Routers firewalls etc

Yes.
I login to my corporate LAN using VPN. VPN masquerading is not fully supported in Linux.

Re:Routers firewalls etc

[NotClever]

For a normal person? You're kidding right?

Cheapo appliance route : Go to Best Buy, buy one, follow the big shiny sheet that shows you how to plug things in, and you're up and running in 10 minutes.

Linux route : Find old computer that still boots, find a linux installation that works, spend 3 weeks trying to get it to install, buy 4 books on how to configure IPTables, Reinstall 6 times, finally go to Best Buy, buy a cheapo appliance, ...

Re:Routers firewalls etc

[ScrewMaster]

At one point I would have said, "Yes, it's much harder" but then Smoothwall came out.

Re:Routers firewalls etc

Well, yeah, I got to agree with you. I even have a bunch of firewall appliances that I bloody well designed myself and had made in Taiwan - yet, when I needed a firewall appliance last week, I went out and bought one from another company, since it is easier than upgrading the Linux firmware in my own ones...

Re:Routers firewalls etc

[Atragon]

And as an added bonus, you have complete control over your configuration.

In my opinion, now is a great time for technically inclined people who want to add dedicated machines to their network. In the last few months, large quantities of pentium II and III based machines from big brands (such as IBM) have been pouring onto the used market in my area at reasonable prices. I'm sure this isn't just an isolated event, so now looks to be a good time to stock up on (relatively) cheap CPUs for dedicated applications.

But..

[jfmiller]

To get the updated firmware you must click through the ads that they were going to send you in the first place, right?

Dealing with this situation...

[kjs3]

There is a reasonably effective way to deal with this sort of thing, especially from a second-tier vendor like Belkin. Don't buy their stuff.

Recommend to friends & clients it's not to be bought. Figure out and communicate the alternative. Communicate simply & clearly why the alternative is better (avoiding histrionics). Let Belkin know why this is.

Let Belkins resellers (CompUSA, no?) know why you will not buy their stuff, and that you tell everyone who listens the same thing. Do this clearly & simply. Tell them what acceptable alternative are out there.

Eventually you'll get marketing people having conversations like "Hey...let's do ", "are you an idiot, Belkin did , and look where it got them". When it becomes financially painful, either the incumbents will change or new competitors will arise to give us what we want.

Re:Dealing with this situation...

[AuntMartha]

The notion of going direct to their resellers, CompUSA, BestBuy, Apple, Gateway, etc. is a good one. And doing it at the Corporate level is the way to go.

Call the Corp. HQ and ask for the "Buyer/Merchandiser" for Hubs, Routers, whatever the hell your target reseller carries. Maybe you'll talk to the real-live human who buys Belkin's Spamware, and you can express your extreme unlikeliness to purchase the same. Can you spell "Excess Inventory?" I thought you could.

Failing finding a real human, e-mail the "Contact us" address AND the Investor Relations people in Finance. Same message. Same impact. If only a few thousand of us do it, BestBuy, Buy.com, CompUSA, etc., will roast Belkin over a slow fire.

Pulp Fiction

[bstadil]

One of those ideas that looks great on paper

They must be using some special kind of pulp

It's akin to the phone companies deciding that every 5'th time you call your mother you get 1-900-DOITINGA

Wll maybe not but almost.

Buh Bye Belkin

[FunWithHeadlines]

Later for you, Belkin. I want nothing to do with a company that treats its customers with contempt. You fixed the problem, you say? Why did you create a problem in the first place, and who is to say there isn't something else in there still hidden? You didn't do a thing about this problem until it blew up in your face. So you aren't sorry, you are sorry you got caught.

Why is it whenever a company that thinks of itself as reputable sends spam (unasked for advertising messages) to someone they deny it is spam? 'We did not spam our users. We had a product we thought they would be interested in so we directed their attention to the product.' In other words, you spammed. Busted by your own admission.

I've used Belkin products in the past. Never again. Trust shattered. Blame the marketing person at your company who came up with this idea.

Spam? Nah! Broken? You bet!

[rnturn]

``Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says.

And, AFAICT, they're correct. It wasn't really spam and ``everyone on the internet'' that called it that were wrong. What everyone on the internet should have called it is ``a broken router'' which should have been recalled or replaced free of charge. Gosh, isn't nice of them to offer a firmware fix. What happens when the fix isn't applied properly by the end-users? Well they're pretty much screwed as far as their internet access now aren't they? Belkin should do the right thing and ship everyone using one of these broken units a brand new router that properly routes.

Almost makes you wish for a certification process for any equipment that's connected to a public network. If it doesn't strictly adhere to IETF standards, it doesn't get connected. Just out of curiosity, what RFC specifies the manner by which a router is supposed to replace requests with preferred advertisers? Oh yah. The same one Verisign referred to when designing their SiteFinder atrocity.

Re:I've got a fix... really

[ScrewMaster]

Actually, yes. Particularly if they hosted it on their company servers and made sure all the .MOV and .AVI files were exploit-free. Excellent idea, and it would probably convince me to rush out and buy a Belkin router this instant.

Well I was gonna use Linux for my router...

[AvantLegion]

... but $699's just a bit too much for my blood.

Re:Well I was gonna use Linux for my router...

[TheVidiot]

I clicked the link in your sig, and now I feel like slitting my throat!

Belkin verboten

[Sean+Clifford]

I can't tell you how much Belkin stuff I have at work. Cables of every type, USB hubs, KVM switches, and whatnot. This escapade earns them a spot on my blacklist. This behaviour is inexcusable and they are deservedly being lambasted for cramming spam down folks throats - it calls into question how many other "features" are buried in other Belkin hardware.

I doubt we'll see much more hijacking from hardware vendors.

Try a LRP-type distro that runs out of RAM

[SIGBUS]

...such as LEAF. I've been running it for quite a while on my old P166. I've set mine up to boot from a hard drive, then use a hdparm -y to shut the hard drive down once it's up and running. Works like a charm!

Re:Try a LRP-type distro that runs out of RAM

[Gothmolly]

Except none of the images from LEAF boot from HD, its all floppy.

Dammit!

[pclminion]

I was trying to find the Belkin stock ticker symbol, so I can see how far their stock has plummeted since this started. Alas, Belkin appears to be privately held.

I cannot express how disappointed this makes me.

It DID change again!

[AragornSonOfArathorn]

As of 9:49 CST 11/10/03, this is it:

Important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue. To allay customers' worries, Belkin will offer a firmware upgrade that will be available via download from its website (www.belkin.com) on November 17, 2003. This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process. Questions can be directed to our dedicated networking customer support line at 877-736-5771 or e-mailed to kannynmc@belkin.com.

For reference, here is the orignal (from the Google cache:

Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Letter to Belkin

Taking Belkin's advice, I sent this to kannynmc@belkin.com.

Hi,

I've read the apology on the Belkin home page and I just wanted to share a few edits with you.

1) "a recent Usenet group posting stating that Belkin spams its customers through its routers"

This really misrepresents both the scope of the problem and the scope of the bad publicity you are receiving.

Very few postings alleged that Belkin 'spammed' its users through the router; most of the concern is that the router does not act as a transparent network device, and will rewrite outgoing http requests to get pages from Belkin's own ad servers. This will create very challenging network issues when used in automated environments, where no user is present to click the opt-out request in the served advertisements. No network administrator would expect the router to be redirecting requests in this fashion, and it will lead to many lost man-hours of network debugging.

On the scope of the bad publicity: the post to usenet is the least of your problems, and was probably seen by only a few hundred people -- until the article was referred to by slashdot.org, the online community of computer enthusiasts. Also, you can be sure that RISKS, the Peter Neumann's international journal of computer failures, will publicize this breach as well. It seems likely that this story will spread to the print media. So, much as you may hope to keep this on usenet, I think that opportunity has passed.

2) Belkin "apologizes for the concern this has caused"

A subject (Belkin) can't apologize for the action (concern) of another.

Instead, how about "Our router would intentionally misroute packets every eight hours, which is unacceptable for a transparent network device."

This shows that you understand where you went wrong, not just that you are disappointed at the public reaction. It is important that your audience believe that you are not just trying to brush this problem aside. If Belkin wants to be taken seriously as a network device manufacturer -- I thought you only made mousepads and wrist rests, myself -- you're going to need to acknowledge where you went wrong, in the most frank and honest way possible. And your current home page is not even halfway to that point.

Dave Broske

That's SPECIAL.

[Svartalf]

Yeah, it's become a source of concern for their users... The damn thing breaks so many different functionalities it's not even funny .

SOAP.
XML-RPC.
Any other HTML derived protocol.

Turning off ads manually does NOT constitute configuring the thing, either. The topper's the fact that they plain flat don't understand that they've done a grotesquely boneheaded thing. The snippy and the current announcement indicate they still just don't get it.

Re:That's SPECIAL.

[0x0d0a]

All true, though:

Any other HTML derived protocol.

I think you mean HTTP.

I Wish I knew where you could buy a bloody *router* any more. No UPnP, no ad reroutings, no IE-specific functionality, blah blah blah, no flaky, poorly-designed-by-some-firmware-programmer-with-j ack-all-network-knowledge features.

There needs to be a certification company that certifies things as "Good For Geek".

This was informative?

[Svartalf]

1) This is not software, nor did it need drivers to work. There should be no "No thanks" 'button'- period.

2) What if you're NOT using a browser for your applications? What if you're using SOAP or XML-RPC for something? In either of those cases, Belkin's little advert thing will BREAK things.

3) When I install software, I don't get ads about new products when I'm installing. This includes GAMES.

I don't care HOW you'd like to rationalize it- what Belkin did was way over the top stupid.

Re:This was informative?

Heh, It would be cool if you got this "feature ad" in one of the browsers integrated into games nowadays. Imagine sitting there waiting to login to a cs-server and suddenly a Belkin ad pops up on your screen.

Re:This was informative?

[Snaller]

3) When I install software, I don't get ads about new products when I'm installing. This includes GAMES.

You don't install many games do you? I always see ads for other games when i install a game..

Wait for the new billion model

[Hecatonchires]

The 743ge is pretty nice - a review is here. However, the 7500 whatever they are promising is 802.11g instead of b, and also has achip to offload the ipsec crypto to, improving performance.

Its apparently due 'early december' (christmas sales?) Oh, and the prices on that page are in AUD.

What is this Java of which you speak?

[Futurepower(R)]

Java. That's coffee, right?

Re:What is this Java of which you speak?

[_Sprocket_]

Dude. You're supposed to say that to THEM when you apply, not here. Granted - with dialog like that, I'm sure you're a shoe-in. You're speaking their language.

Perhaps if they admitted...

[Svartalf]

...that what they did was a completely boneheaded thing to do, they might get back in good graces in time. Now, they're going to do good to get my cable and KVM business- they do not appear to be willing in the slightest to admit they screwed up royally on this. It'll stay that way (and I reccomend things to a LARGE number of people) until they change their tune.

Re:Perhaps if they admitted...

Belkin to Customers:

important message from Belkin:
In response to a recent Usenet group posting stating that Belkin spams its customers through
its routers, Belkin Corporation apologizes for the concern this has caused and is taking
action to address the issue. To allay customers' worries, Belkin will offer a firmware
upgrade that will be available via download from its website (www.belkin.com) on November
17, 2003. This upgrade will rid the redirect completely so that no additional browser
windows will appear during the router's installation process. Questions can be directed to
our dedicated networking customer support line at 877-736-5771 or e-mailed to
kannynmc@belkin.com.
---

Excuse me?

Let's try that again:

Belkin, Inc. actively violated the trust its customers placed in its products by
deliberately selling a defective product. [a router that did not reliably route data--
infact a router that would actively redirect traffic to a destination that was not of the
customer's selection on a periodic basis] This information of the deliberately installed
product defect was not made plain on the product's packaging at the point of purchase. The
defect placed in this product by Belkin was solely intended to further the business
interests of Belkin, Inc. at the expense of its customers. Belkin publically and clearly,
without equivocation, acknowledges that it has commented a wrong. The collective staff of
this firm and its corporate officers apologizes.

Regards,

[and yes, your firm is no longer on our "Approved Vendor's List"--what's next? Key logging in the KVM's]

They didn't admit squat.

[Svartalf]

Both of them do not address that there is really something fundamentally wrong with what they did- they make it sound like some of their customers had issues with what the router was doing by design and that they're changing it for that reason.

Spam and Hijacking

That's what it is, regardless of Belkin's protestations.

Belkin has been banned at my location because of this. Even if they fix the spam/hijacking, the ban will remain in place because they tried, regardless of whether they actually fix their broken routers.

I have a belkin kvm switch for my servers. It will be the last belkin product I ever buy, even if they fire the dumbass suit who signed off on the spam/hijacking, and the dumbass suit who supervises the idiot who came up with this dumbass idea.

Re: UPNP service

[Gojira+Shipi-Taro]

And there are hosts outside your network that you DO trust to control your router? Other than yourself, that is.

If the default is to allow hosts to control the router via UPnP, that's a bad thing.

okay, now what?

[TubeSteak]

You've made your stand, vented your anger, now what? Other than having all their software/hardware vetted by an outside firm, what would Belkin need to do to win your business back? You've already said a fix + apology isn't good enough... free products? extended warranties? the ceo committing harakiri/seppuku?

As consumers, we usually know what we don't want, but more often that not, we have no clue what we would like.

Re:okay, now what?

[k12linux]

what would Belkin need to do to win your business back?

How about gaurantee the next model they release 6 mo from now won't have the "feature" back on? Or maybe swear that if their products do more than they are supposed to do (in this case route, NAT and FW) they'll put a warning on the box.

This seems like a very dumb thing for them to have done on many levels. Seems like substituting URLs in a request at the wrong time could really fsck up some web apps... or at least make someone miss out on *first post*!

Re:okay, now what?

[elmegil]

Given that every belkin product I've used has fscked up in some manner or other, hearing about this was just the icing for a long standing personal boycott against them. Couldn't get their USB ethernet to work worth a damn. The KVM switch had to be rebooted (unplug, no power switch, did I mention it had an ugly wall wart unlike my keyboard-powered linksys?) on a regular basis. The only Belkin stuff that has ever worked reliably for me were cables, so I'm hardly surprised. Time the rest of the world woke up and ran them out of business as they deserve.

UPNP w/OpenBSD NAT'ing firewall?

[aschlemm]

If MSN Messenger requires UPNP support in a firewall please explain to me how I've been using MSN Messenger and MSN Messenger-like clients from clients inside my internal which sits behind an NAT'ing OpenBSD firewall. AFAIK OpenBSD doesn't support UPNP and from some of the comments I've read from the BSD crowd UPNP is considered a huge security risk since it allows clients to arbitrarily open holes in a firewall.

Re:UPNP w/OpenBSD NAT'ing firewall?

[Tony+Hoyle]

It needs it for file transfer.

MSNv9 now has the ability to use a proxy at microsof t to do this - it also can tunnel via port 80, making UPNP superfluous. However it still attempts to work the old way.

Open Sourced, User installed!

[pentalive]

Yeah, Open Source so we can compile and install it ourselves.

Otherwise how do we know that *they* did not ship a clean unit to the inspector, and sell units that still have strange features?

I don't want to target just Belkin, like the comercial used to say " if it don't say sunkist on the outside, you don't know what's on the inside" - Well if it isn't open source on the outside, you can't be sure of what's on the inside.

Crack Product Management

[rixstep]

They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system.

No question about it - the product managers at Belkin are sharp! ;P

Lost trust of uberGeeks

[BroncoInCalifornia]

Sure, among uber-geeks and /.'ers. John Q. Public who purchased these Routers was doubtless annoyed by it, but John Q. Public who is still in the market and who (likely) hasn't heard about it will still consider buying Belken products.

1) John Q. Public goes to the uberGeeks for advice on what to buy.

2) John Q. Public then goes to the uberGeeks to get the stuff to work. Those who do not go to the uberGeeks then put in calls for support that cost way more the the $5 of profit Belkin is likely to make on these products.

Re:Lost trust of uberGeeks

[Shakrai]

1) John Q. Public goes to the uberGeeks for advice on what to buy.

True, none of my non-geek friends (yes I have them!) will be buying one of these anytime soon. But a good deal of "John Q. Public" will buy whatever the idiot at Circuit City tells them to buy, and the idiot at Circuit City isn't usually an uber-Geek (and if he/she is, he/she is typically going to do what the boss tells them to do).

Belkinization of the Internet

Well, I agree that they did not spam their users - this action calls for a new term:

They Belkinized their user connections, by breaking them up into different pieces...

Many a war was fought over the Belkins...

All Your Requests Are Belong To Us

[denks]

In AD 2003
War was beginning
Manager: What happen?
Sys Admin: Somebody set us up the router
User: We get page
Manager: What!
User: Main Monitor Turn On
Manager: Its you!
Belkin: How are you gentlemen?
Belkin: All your requests are belong to us
Belkin: You are on the way to destruction
Manager: What you say!!
Belkin: You have no chance to survive make your backup
Belkin: HA HA HA HA...
User: Boss!!
Manager: Take off every 'port'!!
Manager: You know what you doing
Manager: Move port
Manager: For great justice

Precedent setting, not overblown

[rjamestaylor]

• but this issue is WAY over-hyped.

Wrong. When a precedent is set it is always a huge deal; hijaaking HTTP requests for company-sponsored oh-yeah-I-guess-it-could-be-seen-as-an-ad spam breaks new ground. Lookit, people still cheer Chuck Yeager for breaking the sound barrier, Hank Aaron for his home runs, Armstrong for his one small step and we still jeer Robert Morris Jr.'s first Internet Worm, Amazon's One-Click patent, X10's pop-under ads (not the actual first, but many people's first in experience). Closer to home, you and everyone reading this remembers the first time they clicked a Slashdot troll's link to Goatse. Belkin will be remembered for bringing spam and censorship to the router long after others extend the breach further.

Now the question is...

[The+Lone+Badger]

Do you trust Belkin enough to install their new firmware?

This bit of the router is the most worrying!

[bensonandhedges]

I have known about this for a while, it confused me at first but i quickly realised how to turn it off....



Your Parental Control Subscription is NOT-ACTIVATED.

To stop PARENTAL CONTROL signup prompts, Click here:



The bit that worries me is the next part of the admin page.....



Reporting,

You are currently subscribed to reporting.



What the hell does that mean, what is it reporting and to whom?

Use the proper browser!

[haraldm]

Their web page says

This upgrade will rid the redirect completely so that no additional browser windows will appear during the router's installation process.

If that is so, and popup windows are the only problem, why do people use inferior browsers anyway? This problem is not just with Belkin but with many, many web pages to begin with. Duh. Use a better browser which prevents popups, and Junkbuster or something. Or do you f*ck around in swinger clubs without condomes?

Make good products?

What's good about a router product, when it doesn't route correctly, because it ends up displaying advertisements?

Microsoft an excellent purchase on clearance

[0x0d0a]

I purchased another one of these Microsoft Wired Base Stations, which represents the first Microsoft product I've ever purchased. I actually wanted a switch, but I needed one ASAP, and this was the only thing handy at the local Radio Shack, so I grabbed it and kicked it into switch mode.

It was actually quite funny -- the only reason it was competitive was because it (and a whole line of other Microsoft Wired Base Stations) were at 50% off clearance. When I took the thing up to the counter to purchase it, the manager mumbled "Finally. I can't wait to get rid of these things so that I can actually put up something else. You want more? I've got plenty, all at 50% off clearance." This really blew my mind -- I mean, how *badly* do you have to sell in order to get a retail manager to be irritated enough to say something like that to a customer?

I use it as no more than a slightly expensive switch.

Unlike the Belkin switch downstairs, it hasn't gotten confused when the power started wavering (the Belkin barfed with a diagnostic display on its output lights).

What about the backdoor?

[Pepebuho]

The Belkin router had not only a non compliant routing algorithm, but it had also a backdoor. Remember, if you clicked on "No Thanks", then a flag INSIDE THE ROUTER would be modified to disallow the misbehavior. Namely CLICKING AN EXTERNAL WEBPAGE MODIFIED THE INSIDES OF YOUR ROUTER!!!!! Is Belkin fixing this security hole also?

Re:What about the backdoor?

[thelenm]

In my mind, this is the more serious violation. Redirecting packets is annoying and stupid and breaks things. Fine. But intentionally including a backdoor that modifies the router's internal configuration based on events completely outside my control is way over the top. Eric Deming directly confirmed that this is what is happening, in his now famous Usenet post. I'm sure it originated in marketing or whatever, but I don't understand how this kind of idiocy could have made it past all the technical supervisors who had to sign off on it. This is a company that does networking, for crying out loud. And they see nothing wrong with this? Sorry, Belkin, you had your chance, but you'll get no more of my business.

What their PR machine said - more interesting

[CrystalFalcon]

I got this from their PR machinery yesterday on the topic. Should clear up any doubts on whether they deserve a second chance:

- cut here -

Dear Sir;
Thank you for your email to Eurosales@belkin.com

Further to your email below please note that we are aware of the rumours about our 54g routers and are currently working to rectify the situation. Please note that these are only rumours. Belkin does not condone spam and you will not see this type of advertising from Belkin anywhere and certainly not on our products.

I do hope you understand that occasionally companies such as ourselves can be subject to malice and I assure you this is one of those situations.....I have attached a pdf. detailing the situation for your information.

If you have any further questions or concerns about Belkin products, please contact myself directly.

Regards,

Liz Holland
PR & Trade Marketing Executive
Belkin Components
Tel: 01933 352152
Fax: 01933 312000

- cut here -

The PDF, although posted previously elsewhere, reads:

- cut again -

Does the Belkin Router send me Spam? NO.

Recently a group of privacy advocates have targeted Belkin Routers, claiming that Belkin Routers equipped with Parental Control send spam, unwanted advertisements and spyware to computers.

1. Belkin Parental Control Content Filtering is promoted on our 802.11g Wireless Router packages as an added value service included with purchase. Parental Control filtering enables our customers to block access from their network to specific websites; it is a content filter, nothing more.

2. During the installation process, the router produces a web page asking the owner of the router if they want to sign up for a free six-month trial of Belkin Parental Control, similar to common online product registration requests.

3. The Parental Control registration page is not spam, adware or spyware. It is part of the setup process of the router. It does not "hi-jack" the browser.

4. Belkin routers do not install spyware or adware, nor does Belkin have the ability to advertise to our customers using our routers as a conduit.

5. If a customer clicks "No Thanks" on the first prompt, the registration page for Parental Control signup will no longer appear.

Additional Information:

- The "No Thanks" button is not a trick button that will install spyware, etc. on the computer. If a customer is uneasy clicking "No Thanks" in the web page, to stop the reminder, you can navigate to the Internal web page of the Router, click on Parental Control and select "Don't Remind me Every 8 hours". This will stop the web page from ever being displayed again.

- If the browser window is closed without clicking "No Thanks", it will be displayed again after 8 hours has elapsed. Please note that this is not a browser pop-up, this means that the Parental Control web page will only be displayed if the user opens the browser. Again, clicking "No Thanks" will stop the web page from being displayed.

We sincerely hope that this information provides an explanation that meets your needs, if for any reason you would like to contact Belkin directly, please email your concerns to Kannynmc@belkin.com
Regards,
Kannyn MacRae
Business Unit Manager, Networking
Belkin Corporation

- cut here -

And if anyone missed the interesting stuff in Usenet NANAE, the "No thanks" button referenced above sent a signal FROM BELKIN TO THE ROUTER to reconfigure it to not show ads.

They have shown, and continue to show, an amazing lack of clue.

Listen to the Engineers, not Marketing

[sir_cello]

Take a straw poll of Belkin Engineers, and you'll probably find that most of them also think that this was a stupid idea. I'm sure its a Marketing decision - no real Engineer I know would sanction such a thing. I know that where I work we've had to do stupid things to keep Marketing happy - and it's always enjoyable when the shit comes back to hit the fan and Marketing takes it in face. This kind of Engineering sport is enjoyable :-).

The other good thing is this: now that it's been so embarrasing for Belkin, we can be reasonably confident that no one else will repeat the idea. Any marketing person who wants to keep their job will make sure of this: delivering and supporting firmware upgrades is not cheap, nor is the loss of goodwill for your product.

Does anyone have time to tell whether any other Belkin products have similar bozo-features ? Or, can we watch Belkin in the next month or two to see whether any other firmware upgrades are released ?

Most Smoking Crack Operation?

[heironymouscoward]

Instant poll:

Who smoked the most crack in 2003?

(_) SCO
(_) Belkin
(_) Verisign
(_) CowboyNeal
(_) *A
(_) All of the above

Re:Most Smoking Crack Operation?

Bush.

Re:Most Smoking Crack Operation?

[SmittyTheBold]

You forgot the Quicken folks.

Funny

[EmagGeek]

The stock photo on the Belkin front page is the same one that is used on PNCBank ATM Machines...

I guess she gets around :)

Re: UPNP service

[hanssprudel]

Obviously UPNP is only available to hosts INSIDE the router.

This part of UPNP is a GOOD thing. It helps against the growing problem of the "the firewalled consumer" that thanks to NAT has created an A and B class of Internet citizens: those that can be connected to, and those that can't.

A good example of this is VoIP. VoIP phones are being sold that connect straight to the home router, and allow calling over the Internet. But 99% of all home routers do NAT, so without port forwards it will be impossible for two such phones to talk to one another. Since users can't really be expected to set this up manually, UPNP is a necessity. I think it is fantastic that routers are starting to support this!

I agree that it ought to be more configurable (which ports it will allow forwards to, etc) but in the end we cannot secure things by neutering the entire Internet. You shouldn't be running insecure services (consider that P2P applications like IM can be cracked straight through a NAT: they connect back to others at the request of the central server. and those back connections are just as vulnerable to buffer overflows and incoming (there is a worm for you!)).

This kind of incident will make sure ...

[Vedanti]

This kind of incident will make sure that in future too many idiots in marketing will not comeup with such ideas.

I'm not saying such things will not repeat ... mankind has an uncanny ability to repeat its past mistakes.

I don't think, for eg., anyone is going to repeat the "activation features" tried by Intuit for TurboTax.

Re:This kind of incident will make sure ...

[Shakrai]

I don't think, for eg., anyone is going to repeat the "activation features" tried by Intuit for TurboTax.

Belken and Intuit probably learned their lesson. But I wouldn't put it past a company like Microsoft (whose products you almost have to use, at least in a business environment) trying that idea (or something even worse) again in the future.

Product activation in any way, shape, or form just sucks.

Full Text of Message

"Steven J Sobol" <sjsobol@JustThe.net> wrote in message news:yMydnXbjyJr78jGiRVn-ig@lmi.net...
> http://stevesobol.com/belkin.txt
>
> --
> JustThe.net Internet & New Media Services
> 22674 Motnocab Road * Apple Valley, CA 92307-1950
> Steve Sobol, Proprietor
> 888.480.4NET (4638) * 248.724.4NET * sjsobol@JustThe.net

I'll paste it below. Eric is a biatch and I hope an elephant fucks
him up the poop shoot.

--------------------

From ericd@belkin.com Fri Nov 7 20:19:08 2003
Path: internal1.nntp.ash.giganews.com!border2.nntp.ash.g iganews.com!border1.nntp.ash.giganews.com!firehose 2!nntp4!intern1.nntp.aus1.giganews.com!border1.nnt p.aus1.giganews.com!nntp.giganews.com!opentransit. net!news-spur1.maxwell.syr.edu!news.maxwell.syr.ed u!postnews1.google.com!not-for-mail
From: ericd@belkin.com (Eric Deming)
Newsgroups: news.admin.net-abuse.email
Subject: Re: [OT-evil marketing] Belkin does Verislime one better -
router spam!
Date: 5 Nov 2003 15:25:28 -0800
Organization: http://groups.google.com
Lines: 70
Message-ID: <c91e821d.0311051525.70aa9920@posting.google.com>
References: <3FA87D03.E1C44EDE@DutchElmSt.invalid>
<wh-dnR5oc 5YJnDSiU-KYhA@giganews.com>
NNTP-Posting-Host: 67.98.73.254
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1068074728 22743 127.0.0.1 (5 Nov 2003
23:25:28 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 5 Nov 2003 23:25:28 +0000 (UTC)
Xref: intern1.nntp.aus1.giganews.com
news.admin.net-abu se.email:1466982

"JerryMouse" <nospam@bisusa.com> wrote in message news:<wh-dnR5oc5YJnDSiU-KYhA@giganews.com>...
&gt ; Mr. Uh Clem wrote:
>
> [...]
>
> What does Belkin say when you complain?
>
> I'd make their life miserable until they removed the offending software from
> my machine.
>
> You did not conset to this aspect of your machine's modification - this is
> nothing less than malicious.
>
> Raise hell.

I was made aware of this posting by an e-mail that was sent to
Belkin's tech support e-mail box. Since I am a product manager for
Belkin's LAN products and was very involved with the development of
the Parental Control feature, I feel that I can shed some light on
this subject. Firstly, without trying to sound too stand-offish, we
are not talking about SPAM here. For me to clarify, an understanding
of the Parental Control service will really be needed.

Since Parental Control is a subscription service, Belkin wanted to
make registering for the service very easy. Since the router actually
will work in tandem with an outside server (Cerberian,
www.cerberian.com) registration information needs to be collected and
sent to Belkin and Cerberian to activate an account. Traditional
methods of registration, such as asking the user to go to a website or
navigate to the Router's internal Web page to enter information didn't
meet the ease-of-use goal. We elected to re-direct one http request to
the "Register Now" reminder page. (There is a link in a previous
posting if you want to see it) This page asks the user to register for
the service for a free 6 month trial. Now, granted this looks like an
ad. It should, it is intended to be informative and easy enough to
understand. At this point, the user can register or click "No Thanks".
Clicking "No Thanks" sets a flag in the Router to stop the Router from
re-directing every 8 hours to the reminder page. (Again remember, only
one http request every 8 hours). Admittedly, there is no controlling
which computer on the LAN this message will pop up on. If the user
just closes the window without clicking "No Thanks", then

Just stop with the melodrama.

[fmaxwell]

Seriously, Belkin's response to this has been utterly abysmal.

You people are absolutely amazing. News of this hit the net on November 4. By Nov. 8, Belkin had already said that they would release new firmware and apologized.

First they tried to justify it, only now that it's blowing up in their face do they try to remedy it.

I guess it never occurred to you that they thought what they were doing was okay and then, after seeing the public response, changed their minds. Did you bitch like this about the fact that Internet Explorer's home page is MSN and remains that way unless you manually change it? Did you carp and whine about the fact that mistyped URL's in IE take you to Microsoft's MSN search site?

They've lost a great deal of trust that they will never regain.

Oh please! Stop with the melodramatic, somber proclamations.

When I first saw this story sensationalized on Slashdot, I was pretty damned pissed off. Then I read the real story. All that it took to stop the undesired behavior was clicking the button labelled "No thanks" and it would never happen again. Alternatively, should you be averse to pushing a "No thanks" button, a single checkbox in the web-based configuration would disable it.

I'm not saying that I like what they did, but it's hardly like they installed sypware in the router.

Re:Just stop with the melodrama.

[sqlrob]

When I first saw this story sensationalized on Slashdot, I was pretty damned pissed off. Then I read the real story. All that it took to stop the undesired behavior was clicking the button labelled "No thanks" and it would never happen again. Alternatively, should you be averse to pushing a "No thanks" button, a single checkbox in the web-based configuration would disable it.

So let me get this straight - a website on the WAN side of your router can change router configurations. And this doesn't bother you?

I'm not saying that I like what they did, but it's hardly like they installed sypware in the router

Prove it. You have the source code?

Re:Just stop with the melodrama.

[fmaxwell]

So let me get this straight - a website on the WAN side of your router can change router configurations. And this doesn't bother you?

No, it doesn't. It's a clearly defined interface that can do the equivalent of accept a cookie. Why would I get upset about that? Should I be afraid that some other website might also try to turn off the every-8-hour routing behavior?

Prove it. You have the source code?

I don't have videotape of what you were doing last night, so I'll just assume that you were molesting children. Ever heard of "innocent until proven guilty"?

Re:Just stop with the melodrama.

[sqlrob]

No, it doesn't. It's a clearly defined interface that can do the equivalent of accept a cookie. Why would I get upset about that? Should I be afraid that some other website might also try to turn off the every-8-hour routing behavior?

Are you sure that's the interface? You have the full documentation? I've seen mentioned that the resetting isn't effective if you are behind a firewall. Does that sound like a cookie to you?

Are you sure the mechanism, whatever it is, doesn't have buffer overflow vulnerabilities?

Ever heard of "innocent until proven guilty"?

They had their innocence until they pulled this stunt. I have no reason to believe they aren't repeat offenders, and the way they are trying to squirm out of it doesn't sound like they have the ethics to *NOT* put something in.

Re:Just stop with the melodrama.

[fmaxwell]

I've seen mentioned that the resetting isn't effective if you are behind a firewall. Does that sound like a cookie to you?

Yes, it sounds like a cookie to me in its behavior. Who cares if it's a traditional cookie or a TCP command sent through some high port? The effect is what matters.

Are you sure the mechanism, whatever it is, doesn't have buffer overflow vulnerabilities?

Are you sure that any given router doesn't have overflow vulnerabilities?

They had their innocence until they pulled this stunt. I have no reason to believe they aren't repeat offenders, and the way they are trying to squirm out of it doesn't sound like they have the ethics to *NOT* put something in.

And you had your innocence until you broke the law and turned right on red without stopping. I have no reason to believe that you aren't going to commit a hit-and-run vehicular homicide after the way that you didn't even turn yourself in for running that red light.

You are making a big deal out of nothing. What they did was no big deal. They thought that they had a clever way to get potential customers to see the filtering offer. Any techie with half a brain could have turned off that "feature" and been done with it. It was a friggin' check box in the admin interface. Just how technically clueless do you have to be to not understand that? You act like they went to great pains to hide the feature. They didn't

Like I asked before, do you get pissed off that Microsoft has set up IE to take you to the MSN homepage every time you start it? Does it make your blood boil when you mistype a URL and it takes you to MSN's search engine? Do you go ballistic when you find that Mozilla takes you to their home page after installing the browser? Unlike Belkin, there is no one-time "no thanks" button to disable those unwanted web-site loads. So why are you so much more pissed about Belkin than Microsoft, Opera, Netscape, or Mozilla for taking you to sites that you did not ask to be taken to?

Re:Just stop with the melodrama.

[sqlrob]

Who cares if it's a traditional cookie or a TCP command sent through some high port? The effect is what matters.

The owners of those behind firewalls for one. They have a completely broken router that randomly drops HTTP connections every 8 hours. Wonderful effect, isn't it?

Are you sure that any given router doesn't have overflow vulnerabilities?

The main point of the router is to route. I hope that functionality is seriously tested for vulnerabilities. Now, are they bothering to test something like this? After all, it's not important, it only turns off ads. Can't do anything with that, can you? Heck, you can't do something with something innocuous like playing media files, so why should you worry about disabling ad functionality?

The more crap you add, the higher the surface area for attack. Not something desirable in a router.

Like I asked before, do you get pissed off that Microsoft has set up IE to take you to the MSN homepage every time you start it?

Let's see, I don't use IE, so what do you think? These browsers are not redirecting other traffic, nor are they network hardware that has one set purpose.

Re:Just stop with the melodrama.

[fmaxwell]

The owners of those behind firewalls for one. They have a completely broken router

If it is "completely broken", then explain how thousands of consumers are successfully using it.

that randomly drops HTTP connections every 8 hours. Wonderful effect, isn't it?

If someone is so brain-dead-stupid that they can't configure their router through the web interface and can't click on a "no thanks" button, they have no place using a router. Do you really think that this would confuse you? Please. Tell me. Would turning off this behavior really baffle you?

It doesn't "randomly [drop] HTTP connections every 8 hours." A dropped connection is not the same as a redirection. Secondly, it's either random or it's every 8 hours. It can't be both.

Let's see, I don't use IE, so what do you think?

Do you use a Belkin router? You seem to be all wrapped around the axle over them.

So, did you browser come with a pre-configured home page? Did it show that homepage every time you started it? Did you have to do something to reconfigure it to a homepage of your choosing? Was doing that more complex than clicking a "no thanks" button on a web page?

These browsers are not redirecting other traffic, nor are they network hardware that has one set purpose.

Ever looked at a modern consumer router? It has far more than "one set purpose." It includes routing, NAT, PPTP and PPPoE clients, firewalls, port forwarding, and DHCP serving. It's hardly your daddy's router.

You need to get some perspective. Belkin has been offering the Parental Control feature on its Routers since February 2003, having sold tens of thousands of them since that time. Prior to this uproar in early November, the company had not received any complaints from consumers about the browser redirect.

Try looking at it from a non-geek perspective. The nervous consumer, after spending 30 minutes or more studying the documentation, installs the router. They go into their web browser and are taken to a web page that tells them that they are connected to the Internet and can now activate the filtering that they might want for their families -- or hit the "No Thanks" button. That sounds like a satisfying experience for the typical technophobic consumer who would buy a Belkin router.

If we were talking about a Cisco rack-mount router aimed at enterprises, I'd be right with you in your criticism, but this is a consumer product and it's expected to be easy to set up -- including any aftermarket filtering subscriptions that may be offered. I'm not saying that Belkin made the right choice, but neither do I see it as that unmitigated evil that you do.

Two words: zombie servers

[plover]

I think you haven't taken into account the methods of operation of many hackers.

They're frequently not looking for a box they can simply get "out" of. They're looking to create an army of zombies; boxes that sit there listening on some random port. Upon receipt of the hackers' commands, the zombie army rises up and strikes at whatever the target du jour is. Sometimes the signal is simply to log onto an IRC channel and await further instructions from their puppet masters.

A firewall will prevent anything that doesn't already have an established outbound link from being so controlled. Punching holes through the firewalls would allow the task to listen silently until otherwise ordered from afar.

If they dialed home to look for instructions, well, that would pretty much tip off everyone who their controller is. If they sit there waiting for random UDP packets that can be inserted anywhere in the network then the hacker can call upon them from anywhere.

Finally, sometimes the hackers are looking to establish servers. Underground FTP servers that can function as storage and trade boxes for warez, IRC servers for controlling the aforementioned zombie armies, SMTP servers for control by spammers, HTTP servers for criminals looking for temporary boxes to host phony web pages for phishing expeditions or for quick-buck porn operations, the list is long and the hackers' desires are great.

And sometimes people have reasons we don't expect. Some people may simply want to arbitrarily disable other peoples' firewalls out of sheer perversity. So, there are lots of reasons hackers might want to have a program open up a firewall from the inside.

Just enough, just in time

I sent pretty much the same message to their sales e-mail, and got back a PDF file with the snippy response. That didn't make me terribly happy, but I wasn't surprised either.

Until they realized just how many people aren't happy, they were going to defend their actions.

Now, they've realized their mistake and have taken some appropriate action to remove what harm they've done. I asked them to promise not to do it again, but that's not really a feasable thing to say on their public website. But as far as I'm concerned, they got the message.

I applaud them for not defending their mistake to the grave, admitting they were wrong, and doing what they could about it in the meantime.

Re:Just enough, just in time

[swordgeek]

You're a much more optimistic soul than me, then.

All they've realised is that they pushed too fast and too hard. I don't for a second think that they've changed their mind about the goodness of controlling their customers, one way or another. Nor do I believe that they've suddenly discovered the badness of commercialisation of the internet's infrastructure.

Until they prove me wrong, I'm going to assume they're just as sleazy today as they were yesterday.

thats nice...

[micq]

Really, the problem was never with the broken router, the problem is that a company that you trusted would potentially compromise your network for a buck...

Fix the router or not, I'll never buy Belkin products again.

In case you missed it...

[knisa]

Original text:

Important message from Belkin:
Belkin is aware of some recent postings that claim that Belkin wireless routers are spamming users during the setup process and periodically thereafter. It is not now, nor has it ever been, the policy of Belkin to intentionally spam our customers or anyone else. Belkin offers a free trial of our parental control feature in our routers, and to make our customers aware of the feature itself and to give them the opportunity to take advantage of the free trial, we have tried to direct users to the information regarding the parental control features. However, since this has become a source of concern to our users, and it is Belkin policy to address the concerns of our users quickly, Belkin has decided to remove this function from the routers. Each router's firmware that incorporates parental control as an option will be changed.

Please expect more detailed information to follow early next week. Thank you.

Google Cache

Fire Eric Deming

Originally, it included a snippy remark about how what they were doing was not spam, despite what everyone on the internet says.

Just like the snippy remark Deming posted on usenet which was later removed from google. Drives me nuts listening to this guy defend a defective product as helpful. Maybe he's right that it's not exactly spam, it's 100x worse. If he can't understand this yet, he doesn't belong where he is.

This is simply a "they dunnit" reply...

[thrill12]

"In response to a recent Usenet group posting stating that Belkin spams its customers through its routers, Belkin Corporation apologizes for the concern this has caused and is taking action to address the issue"
translates to:
"Those Usenet-bastards, of which you (our ignorant customer who is just reading this) know nothing about, tried to make everybody think we are spamming the lot out of you through our routers. If this were really true (like duh!), we will apologize. Because we are such a nice company, we will take action to prevent it from being true, because it are actually only those usenet-bastards who feel really bad about this."

Group posted to was

news.admin.net-abuse.email

Stop helping people hurt you via non-free software

[jbn-o]

They have decided to disable the 'feature' that hijacks a random http request every 8 hours and redirects to a webpage advertising their parental control system.

The whole reason anyone got into this mess was because they blindly trusted non-free software. Don't make the same mistake twice. Get an inexpensive low-end PC and install a free software router on it. If you're technically savvy, help someone improve their distribution of a free software router (I'm sure there are many others) so novices can more easily use it. This is a great chance to contribute to a volunteer project and help people escape untrustworthy-by-default software.

Belkin still screwed it's users

I still think they lost their customers trust, and should get negative reviews at Amazon

• Belkin F5D52314 4-Port Cable/DSL Router
• Belkin F5D6231-4 Wireless Cable/DSL Router
• Belkin F5D6230-3 Wireless Cable/DSL Router
• Belkin 54g Wireless DSL/Cable Gateway
• etc... Maybe even recommend a netgear or d-link product instead, just to show the industry this will not be tolerated.

Actually... belkin's 802.11g product line uses GPL

[thrill12]

Yes that is true, though it has not been a secret.
The 802.11G product line of Belkin is based on the same Broadcom model which Linksys used. Talked over many times before, but somehow it takes a while before Belkin's sourcecode is released just as Linksys did...

Went and bought a linksys.

[digital+photo]

This whole thing has pissed me off to Belkin. I'm happy to say that my network is Belkin free.

Went to frys with some cash. Left with a Linksys wifi router. Very happy with it and no "misdirected" packets or inane advertisements.

The fact that they are correcting their mistake, after hundreds of unhappy emails noting that they will never buy their products again, is a good start for them.

But as far as I'm concerned, I'll never buy from them again. They have broken the link of trust. It isn't a matter of it being potentially annoying or that it is "just an ad" as some have put it. It is the fact that they have done it to begin with. Without regard for the quality of traffic of the people who are buying and using these devices. Or perhaps more accurately, with a weighed regard for their chance for profits vs the consumer's rights.

I own netgear switches and build my own secured wired and wireless networks. I need something I can trust to work with everything else in a predictable way. Them having done this once opens the door for them to do it again "once the complaining has died down". I can't depend on that and so I go with another vender.

In this case, I got a Linksys router.

Consumers who are not technically oriented have enough issues dealing with their ISPs and the telco providers. Having their routers screw with them just makes things that much worse, imho.

Re: UPNP service

[madcow_ucsb]

Bah, yeah I meant trusted ones inside (since you could conceivably not want every internal machine to be able to change things). Naturally letting outside hosts mess with UPNP would typically be a bad thing.

It takes some work...

[SIGBUS]

...but it is possible to make LEAF boot from a hard drive. You need to use a bootable DOS partition configured with SYSLINUX, and be sure to have the IDE drivers in your initrd.lrp. The boot/etc/modules file must load ide-mod, ide-disk, and ide-probe-mod.

Similar approaches can be used to boot from a flash memory device, but I have several old hard drives lying around.

5 Days?

[uberdood]

Why will it take five days to simply NOP the subroutine that branches once per eight hours. The fix should take five minutes to release, not five days. Then they can worry about removing the code completely in the next bug-fix release.