Cisco's Cloud Vision: Mandatory, and Killed At Their Discretion

An anonymous reader writes "Last week, a number of Cisco customers began reporting problems with three specific Linksys-branded routers. When owners of the E2700, E3500, are E4500 attempted to log in to their devices, they were asked to login/register using their 'Cisco Connect Cloud' account information. The story that's emerged from this unexpected "upgrade" is a perfect example of how buzzword fixation can lead to extremely poor decisions."

Voting with wallet

Will never buy from again...

Re:Voting with wallet

[MightyMartian]

That's why I build my own from a very basic Debian install. Since most of the routers out there are just embedded Linux boxes using iptables, why would I pay for what I can build for free. If I'm looking for high capacity stuff like Cisco's real offerings, I doubt I'll be running up against his problem anyways.

Re:Voting with wallet

[SJHillman]

Until May, my router was a repurposed Dell Dimension 2100 with four PCI NICs thrown in it running ClearOS 5. Started having some hardware issues with it, so I built a new rack-mount box with a low-power Athlon II x2 and a small SSD with a quad-port NIC, threw ClearOS 6 on it and off to the races. Runs great and because it's a full PC, it can do a lot more than DD-WRT (my old router with DD-WRT is now just used as a regular WAP). Sure, it's overkill but it gives me a lot to play around with. You can easily pick up an PC for the price of a Linksys router that will do everything that Linksys could and more (at the expense of an extra dollar or two a month in energy costs)

Re:Voting with wallet

[vlm]

That's why I build my own from a very basic Debian install. Since most of the routers out there are just embedded Linux boxes using iptables ...

... which are never updated or only updated with security patches when shamed into doing it...

My debian based firewall is about 15 seconds of "apt-get update apt-get upgrade" away from the most recent security patches.

why would I pay for what I can build for free

A 486/50 clocked down to 25 so as to be fanless could run "a couple megs" with no serious bus or CPU issues about a decade ago. Pretty much anything made in the last decade has WAY more than enough "compute power" to be a firewall.

$100 of electricity instead of router hardware provides 25 watts extra power continuously for 5.7 years.

Also I can run some pretty advanced stuff on my firewall that you can't get with commodity NAT boxes.

Re:Voting with wallet

[vlm]

What kind of box would run 100 watts as a router, no routers use zero watts, so you need a delta between the router and the PC, and 6 months out of the year I'm paying to heat anyway, so 100 watts of electricity merely means the equivalent of 100 watts less of natgas. If you go laptop I can't even find a laptop power supply that can draw 100 watts.

Also that ridiculous 100 watts would cost me about $5/month. Well worth the staggering expense to avoid Cisco.

Re:Voting with wallet

[cusco]

We put in a number of Linksys R16 and R08 layer three switches at remote customer sites in the first couple of years after the Beast Of Cupertino purchased the company. Through the web interface I could set up a couple of VLANs, DHCP, DNS forwarding, firewall, a PPTP VPN connection, and a DMZ (if necessary) on them in a couple of hours, a set of tasks that would take a $250/hr CCNA most of a day on order-of-magnitude more expensive Cisco hardware. Everyone was happy, then one of them got hit by lightning.

I took the replacement unit out to the site and went to set it up. The VLAN option was gone, and was actually necessary at that site. When I tried to access the help file I found that the new switch no longer had an on-board set of help files, but insisted on phoning back to the mother ship in California. Several other options had been changed or crippled. Fortunately I had a backup of the original configuration stored on a local server, and when I uploaded the config file my VLANs returned (although I still couldn't access their interface).

Last one of those we installed.

Re:Voting with wallet

[gman003]

I just got* an Asus G75. Power supply is 150W. And yes, it has some crazy-sized fans to keep itself cool.

* Well, got, and then had to send back in for repair after only three hours, and now I've been waiting for weeks just to get an ETA. Long story short, fuck Asus, I'm never buying from them again.

Re:Voting with wallet

[Bert64]

Get some USB wireless cards such as those from alfa networks along with a decent antenna...
A long USB cable means you can site the wifi card and antenna away from the system itself (which is a source of interference).

Re:Voting with wallet

[FireFury03]

Not if you don't want to get a cheap and/or gigantic piece of shit that can't even keep things secure, want actual functionality, etc.

Tell me, which consumer-grade routers *don't* fall into the "gigantic piece of shit" category? (when running the stock firmware)

On my list so far:

Linksys - a number of the Linksys routers do crazy stuff like limiting your total number of outgoing connections to about 10.

Netgear - My Netgear router has more bugs than you can shake a stick at: it hard crashes when it receives certain UPnP packets (even when the UPnP server is turned off!). The extent of its logging is "Connected" or "Not Connected" - good luck figuring out why it won't connect. Last time I had to debug a connection fault I had to connect a laptop between the router and DSL modem to see that the PPP stream said "authentication failure" - would it kill them to put this stuff in a log file? The wifi also periodically drops a machine off the network at random for no obvious reason, requiring a reboot of the router. The web interface also doesn't accept CHAP usernames longer than 16 characters, so to enter these you have to dump the config to an XML file, hack it and then upload the XML file again. This router also has a habit of mangling the port numbers in SIP traffic from being correct (determined by the SIP endpoint using the rport extension so it matches the port in the router's NAT table) to being incorrect (doesn't match the port in the router's NAT table so the router ends up dropping the return traffic).

Dlink - My Dlink router has a firewall that periodically starts blocking legitimate traffic after it has decided it is malicious, even though the firewall is completely disabled. The web interface also doesn't support CHAP usernames with a dot in them (luckilly you can get around this by turning off javascript in the browser while entering the username)

TP-Link - Ok, I'll admit that this is a dirt cheap box, but on the face of it it seems to be pretty feature rich. I'm using it as a DSL bridge (the PPP session is terminated on another machine). Unfortunately in the evening the SNR drops on my DSL and the router never bothers to retrain. Eventually all the traffic is arriving at the router as a CRC error and you have to powercycle the router to get it to retrain the connection. The manufacturer tells me that this is the "expected behaviour". I'm guessing they weren't expecting anyone to actually use the "bridge" feature and were relying on the internal PPP daemon blowing up and triggering a retrain if the SNR got too bad - this doesn't work so well when you're not using the internal PPP daemon.

So as yet, I've not found anything that I would describe as fit for purpose at the consumer end of the spectrum (and all these, except TP-Link, are "big name brands"). Billion seem to get good write-ups, but at £150 a pop, I'd hardly call that consumer equipment.

Re:Voting with wallet

[Shark]

It would explain why they bought linksys in the first place too. Just before they got bought, you could get stuff off of linksys 'pro' hardware that would cost about 10 times more for the equivalent cisco product. They quickly discontinued/crippled those.

They'll probably buy Netgear any day now, some of their switches have some pretty nice 'pro' features and are very cheap.

Sure, you might not want them in a datacenter, but the small/medium business has no use for a cisco support contract, can't justify cisco prices, and have needs that fit right in the offered feature set.

Re:Voting with wallet

[dissy]

I've always done the same, using slightly older PC hardware with Debian as a router.
My last system started having hard drive problems after 5 years of service, so on my hunt for new hardware I've kept the power draw issue in mind.

I just purchased some of these little 1u Atom servers:
http://www.newegg.com/Product/Product.aspx?Item=N82E16816101365

They have on-board dual gigabit, plus a PCI Express slot with a quad port gigabit card in it.
It can boot from USB as well, and even has an internal USB jack on the motherboard, as well as headers you can use your own connector with, and keep the USB flash drive internal.

Other than a small fan in the PSU, there is basically no moving parts to fail, and the PSU is only 200 watt max. It draws just under 60 watt when idle.

Add in a 2gb soDIMM and the price is still under $400, a great buy if you only need 2 network interfaces. I already had the quad gigabit card, which might bump the price up a bit more, but it's well worth it for the lack of over heating issues most tiny embedded systems have like the Guruplug.

Don't confuse malice for stupidity...

[fuzzyfuzzyfungus]

I'm pretty sure that this wasn't a case of mere stupidity, brought on by poor, poor, management's exposure to too many buzzwords. This is a straightforward control grab, an overt attempt to turn a low-margin hardware sale into an ongoing data harvesting and customer lock-in opportunity. The putrid buzzwords and condescending infographics are just the cover.

It looks like this would be a very good time for owners of cisco-branded routers to start hitting the OpenWRT, assuming that Cisco hasn't also locked-down or VXworks-ed all of the linksys routers by this time...

Re:Another lousy company

[cpu6502]

Wow:

"IIn some cases, in order to provide an optimal experience on your home network, some updates may still be automatically applied, regardless of the auto-update setting." --- So Cisco will install some updates even when you specifically say no updates. I hope Microsoft or Google doesn't see this, and start updating Windows or Chrome w/o my permission.

It's Belkin all over again

[alanw]

It's Belkin all over again

The marketing geniuses at Belkin, the consumer networking vendor, have dreamed up a new form of spam - ads served to your desktop, by way of its wireless router.

Re:Another lousy company

[msauve]

I hope the US DoJ does see it (they might even prosecute).

"Whoever...knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer...the term 'damage' means any impairment to the integrity or availability of data, a program, a system, or information;..shall be punished..." - 18 USC 1030 (a "protected computer" includes any involved in interstate commerce - ever used eBay or Amazon?)

Before someone says that users somehow agreed to upgrades, think again. User buys AP/router which has auto-upgrade on by default. Plugs it in and uses it. Upgrade gets automatically applied without authorization, impairing the availability of the system (the article describes how features are removed). Cisco is in criminal violation of federal law.

The described tracking of browsing behavior is another crime - a violation of the ECPA.

Re:What did Toyota do?

[vlm]

I'm curious. The worst thing they do is phone me up and ask when I would like to book my car in for servicing.

My guess was a couple years ago there was that big scandal where everyone who got themselves into a car crash claimed the car accelerated all on its own, because on TV the night before they saw someone get away with the same story. Once the TV newsies tired of the stories, the "incidents" stopped happening.

Re:End run.

[Jeng]

Considering how paranoid most network admins are if it does end up that Cisco is spying for whomever pays them then Cisco will lose the majority of their customers and probably end up sued to hell and back.

As far as I can tell there is no upside for Cisco in this.

Re:End run.

[Anachragnome]

"As far as I can tell there is no upside for Cisco in this."

You're just not looking at things from their perspective. Would you like to? Here. This pretty much sums up today's Cisco.

http://www.cisco.com/en/US/prod/collateral/ps7045/ps6129/ps6133/ps6150/prod_qas0900aecd8041c9d4_ps6151_Products_Q_and_A_Item.html

As you might notice (it isn't that hard to read between the lines in the Q & A), they are discussing a solution to control our connections to the internet--as opposed to merely facilitating it--and do so purely in terms of monitization. Cisco no longer just sells routers, they sell the people using them. There is also stated concern for the interests of both the RIAA and the MPAA on the part of Cisco in that Q & A I linked to.