Slashdot Mirror
New FCC Rules Could Ban WiFi Router Firmware Modification
An anonymous reader writes: Hackaday reports that the FCC is introducing new rules which ban firmware modifications for the radio systems in WiFi routers and other wireless devices operating in the 5 GHz range. The vast majority of routers are manufactured as System on Chip devices, with the radio module and CPU integrated in a single package. The new rules have the potential to effectively ban the installation of proven Open Source firmware on any WiFi router.
ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and others have created the SaveWiFi campaign, providing instructions on how to submit a formal complaint to the FCC regarding this proposed rule. The comment period is closing on September 8, 2015. Leave a comment for the FCC.
ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and others have created the SaveWiFi campaign, providing instructions on how to submit a formal complaint to the FCC regarding this proposed rule. The comment period is closing on September 8, 2015. Leave a comment for the FCC.
Boy, that is going to work well, now, won't it.
someone from the FCC gonna come bust down my door and make me plug in to the management console to make sure I'm not using WRT?
I imagine a similar revolt will take place after the new rules take effect.
You can buy an ALIX or Soekris board with a case and wifi card, then install your favorite router distribution on it such as pfSense
I have a advanced-consumer-level wifi router and I put Tomato on it long ago. Is that what they are talking about? What kind of rule can prevent you from installing software on computers you own? It seems like a violation of something fundamental to me.
I let them have it thanks for the link.
Is this the same glorious FCC that was going to "save the internet" from the evil corporate pigs?
Guaranteed.
Say it again.
Fuck off FCC
My phone can act as a WiFi router. Does that mean no more firmware updates allowed for my phone?
Parsing legalese tends to cause me physical pain, but I decided to check the actual text rather than accept the summary.
So, here's the deal, any radio transmitter physically capable of operating in certain controlled bands has some complex and moderately convoluted limits applied to parts of those bands. This is about keeping those bands operating in the ways the FCC has approved. IFF your preferred Open Source software were to include those restrictions in its default behavior list, they'll be fine. If you use such a re-written wifi controller with the proper default behavior list, you'll be fine. If you remove one of the safeguards and start broadcasting a jammer signal on police radio frequencies, you'll be very far from fine.
We don't want you to be able to overwrite our back doors.
Isn't this delicious irony? The FCC's own "SamKnows" broadband survey project uses Netgear routers with modified firmware so that they can "phone home" the benchmark data collected. This rule would invalidate their own survey project unless they hypocritically exclude it from the rule! "YOU can't modify the firmware of routers you own, but it's okay if WE do it."
(I know about this hacked firmware because I'm a project participant and have one of the hacked routers.)
Actually, no, the FCC have taken a fairly anarchistic approach on management of the airwaves - by which I mean they expect the various service users to behave themselves, and mostly they do. Recently, however, they've paid more attention to the regulations, for example shitting on antisocial radio hams who spoil things for others - that's a good thing. There is a balance, as with anything, and this would count to me as going too far.
(The FCC has all sorts of other bullshit responsibilities, such a regulating the visibility of nipples, but that's another department entirely.)
I use different firmware on my router, seeing as it's also has 2.4 and 5Ghz WiFi incorporated this would block my abilities to upgrade. This may be a duh statement but only after thinking a bit more on the subject, did I feel the pain.
That I'll happily ignore.
Lawyers, MBA's, RIAA? A jedi fears not these things!
At least this has something to do with electromagnetic spectrum, but only tangentially: They're still claiming the ability to rule over hardware and software, as opposed to merely effects that are detectable over the air.
Wonder what the public key field is for?
This sounds like the perfect sort of thing to include in a comment to them, so they know just how bad of an idea making the rule change would be. I encourage you to submit it, if you haven't already.
It simply requires the hardware to be designed such that if you install open source, you cannot modify the radio to use frequency bands and powers that it is not supposed to use.
And this is easy to do. Just put in settings to limit power and lock out bands and make those settings irreversible until a full system reset. Then make the bootloader set those settings before running the installed OS.
Then the OS can be open source.
It would be absolutely fantastic if people would be rational about tech news. Tech people/netizens are starting to sound like my grandfather now. Every change is something to be feared. OBAMA IS GOING TO TAKE YOUR GUNS! The people running the FCC are people, just like you. They aren't demons or out to get you. Try to work with other people you haven't met instead of exhibiting xenophobia.
http://lkml.org/lkml/2005/8/20/95
And how exactly are they going to enforce such a law? Any method manufacturers use to lock out 3rd party firmware can and will be circumvented. They're wasting time and taxpayer money on nonsense like this.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Ok which dingleberry of a company came up with this idea then bought a politico to propose it?
I want to make sure I do not buy ANY more of their products.
The corporate pigs are still evil. If you can't see that you're either not paying attention or you watch Fox News.
This is being done for exactly the same reason wifi-routers use funny RF connectors (such as RP-SMA.) They are "not commonly available" therefore average-joe-user can't add a high-gain yagi and break the ERP limits.
Guess how many people have been prosecuted for selling / using the RP-SMA pigtails and high gain antennas that are being sold by the thousand on e-bay....
what about banning forced modem renting as well?
some cable co's do it for some plans / make it very hard for you use you own on some of the plans.
comcast extreme 505 and 2gb must rent there hardware at $20 /mo
comcast Static IP Addresses must rent there hardware at a fee and that is on top the Static IP Addresses fee.
at&t u-verse in most cases must rent there hardware
Where does the FEDERAL government get the right to tell people what they can and can't do with a device whose transmissions barely reach outside their yard?
I was already trying, but their stupid form is heavily scripted in a moronic way and won't allow pasting anything into the fields: if you paste anything - and I have a browser extension that lets me paste frequently used text - then it erroneously claims that the field is empty and won't allow you to proceed. Some Web coders need to be taken out back and shot in the head.
I don't think the FCC is arguing that they don't want people's own distribution running along side a WiFi device, but rather, as WiFi chipsets become more "Software Defined" - rewriting the code in them is essentially the same as "modifying the radio".
The best analogy are the RTL HDTV over-the-air capture dongles for software defined radios. Guess what? They're generic radios which only do TV decoding via software - so people write NEW code and suddenly you can use them to do (and I dare say ANYTHING) that any sort of radio receiver could ever be made to do.
This is okay (and legal) with a receiver - they just don't want to to happen with transmitters. What would happen if anyone could do anything they want on the airwaves?
The counterargument is going to be "but they're not cracking down on MODIFYING the radio - just leaving the radio OPEN to being modified". This is expressly prohibited (and has been for a very long time) by the FCC - long before software-defined stuff. Lots of devices like Family-Band radios (and other licensed transmitters) are REQUIRED to be manufactured with things like "non-replaceable antennas" - which make user-modifications more difficult, because they are prohibited (unless done by a [ham] licensed operator).
When I installed it, I had a few extra wifi channels, 14 total I think. I found out it was not legal to use the extra channels in the U.S. so that's probably what they're after.
I wish someone would make this stuff to have a consumer private key... say like a USB drive that is plugged in the router when you get it. Once you set it up, you pull the USB key. Anytime that the router needs to be updated, you insert your USB key, do you updates, and then pull it when you are done. Ta-dah! Private key to keep it from being compromised and owner has control. You could also add some consumer dummy protection: once it is setup, require the key to be pulled to operate (keeps people from being lazy and leaving the router unlocked), prompt people for the key only when updating.
This would also stand in the way of experimentation with modifying commercial radio equipment by licensed radio amateurs in their 5650-5925 Mhz (secondary use) allocation.
This appears to apply to all software installed on something that is licensed by the FCC... so what about third party software on smartphones? This proposed rule seems to give the FCC certification holder all the power to decide what is or is not legally allowed on their devices.
Probably made that way to stop bots. A simple captcha would do tho lol.
The FCC regs linked in the summary above:
(Usual IANAL applies)
The FCC is only interested in and authorized to prevent RF interference. Basically the FCC wants the manufacturers to put safeguards in place that prevents the device from operating out of its authorized bands and/or cause willful interference to other devices. It didn't ban all firmware modifications. The manufacturer needs to make the radio not operate out of its approved allocations and make a method to ensure that the firmware is modified by authorized individuals using standard authentication methods.
You are free to continue to panic if you desire.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
SOFTWARE SECURITY REQUIREMENTS FOR U-NII DEVICES
Describe in detail how the device is protected from “flashing” and the installation of third-party firmware such as DD-WRT.
So...is the FCC's Firmware Compliance Strike Team is going to kick down my door, shoot my dog, and audit my router's firmware?
Ha ha, the joke is on them- I don't even have a dog!
Just cruising through this digital world at 33 1/3 rpm...
The PDF explicitly mentions DD-WRT as an example of what should not be permitted:
Third-Party Access
Control
1. Explain if any third parties have the capability to operate a US sold device on any
other regulatory domain, frequencies, or in any manner that is in violation of the
certification.
2. What prevents third parties from loading non-US versions of the
software/firmware on the device? Describe in detail how the device is protected
from “flashing” and the installation of third-party firmware such as DD-WRT.
Wrote a comment.
Leonid S. Knyshov
Find me on Quora
In the first place why in the hell is a department making these rules, bypassing the legislative process altogether? I suppose they learned from President Usurper himself.
I wouldn't doubt if the FCC is doing this so people don't overpower wifi equivalents to stingrays as well having oem's leave back doors open for them to eavesdrop.
If the latter is true then the next step is to eliminate open source routers such as smoothwall, monowall and pfsense so hang onto your old install iso images!
If so, that's an awful way to stop bots. It's not that hard to generate key events.
save NSA backdoors?
(posting anonymously to preserve moderation) I don't deny that you're having this issue, but FYI I encountered nothing of the sort. I just submitted a comment the bulk of which was copy-pasted from the SaveWifi wiki (and then edited) and had no issues (no special workarounds or anything). Firefox 40 on Win7
This is easily solved by using a separate router and Wifi AP.
Good-bye
"... it's okay if WE do it."
That would be authorized party list which they are certifying during approval so it should include FCC by default I guess.
and then edited
My guess is that they've got some onkey* event handler checking to see if you typed something in the blank, instead of using oninput which also fires for pasting.
If I have been able to see further than others, it is because I bought a pair of binoculars.
You're fine with the FCC saying what software you can run on a special-purpose computer you own? Would you feel the same way if they said you must leave the Windows 10 installation that came on your brand new PC intact?
The 5Ghz spectrum has a couple dozen channels that are under strict DFS requirements. Wireless firmware in the 5Ghz spectrum must have FCC approval that it will correctly honor the DFS requirements. Someone modifying wireless firmware could unknowingly stomp onto a DFS frequency and create a whole shitstorm of problems they weren't even aware of.
i really wish they'd get around to whacking the whackers around here. I'm getting tired of hams driving retired cop cars with aftermarket lightbars and "REACT" painted on the doors with a somewhat official-looking seal and a plastic badge they bought at the security guard outfitter supply thinking they're somehow entitled to do more than use the radio.
Do not look into laser with remaining eye.
hey dipshit, pay the fuck attention. PC != FCC regulated device. Analogy much? Fucking. dumb. ass.
The whole FCC Measuring Broadband America is based of a modified OpenWRT based routers maintained by SamKnows!
I have been curious about SDR (Software Defined Radio) for a few weeks now, but haven't had time to really look into it. Would this rule have any impact on SDR?
If this is enacted then that means only router manufacturers would be able/allowed to modify router firmware, right? That means that any security flaws or backdoors will be permanently in place with nothing the end-user can do about it.
Gee-whiz, cui bono?
Stallman was 100% right.
That would be reasonable, perhaps, but it's not the approach the FCC is taking. The FCC instructions (linked below) require all applicants (manufacturers) to:
Describe in detail how the device is protected
from âoeflashingâ
and the installation of third-party firmware such as DD-WRT.
So indeed the rule they have proposed is to explicitly require that manufacturers prevent the installation of DD-WRT.
https://apps.fcc.gov/kdb/GetAt...
Hey, if they enforce this against the NSA, America's freedom might get a win here! http://www.theguardian.com/boo...
Many radio chipsets require the driver to upload a device-specific firmware as part of device initialization, typically this is a binary blob.
This is distinct from firmware that contains the operating system that does the routing and other features.
By the same line of reasoning, it should be illegal to install custom software on any computer with a wireless network card.
The people who write RF management code are not security experts.
People who write router code may be.
But the composition of the two into one box is guaranteed to lead to unintended consequences.
Get APs to put on your wired network and a router to connect to the outside world. Putting both in one box has been an ongoing security disaster for a decade.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
The analogy holds, but wasn't detailed enough. Imagine if the FCC said you had to use Windows 10 to use a wifi card.
IF uncle charlie has actually started earning his money I'll be very happy.
I was reduced to putting a pin through a dudes coax. He was running a 1kW linear on the cheapest tweaked for power CB base station he could get for free off craigslist. We could not only hear him on the TV, Radio and phone but on the god damn microwave oven.
Repeated complaints to the FCC were ignored and I was forced to fix it myself.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
As far as I understand, integrators who build custom firmwares for wifi routers do not alter the actual radio firmware, which they usually obtain from the manufacturer and integrate into their builds.
There is good reason why you would not want random people hacking the radio firmware.
Translation: "I don't like a certain group of people. Even though they aren't breaking any laws, mother government MAKE THEM STOP!! WAAHHHHH MOMMY!!!!"
While I certainly agree that those guys are a bunch of jaggers, they're also mostly harmless losers who don't hurt anything. If you can't tell the difference between those jokers and a real cop, get out of the gene pool. You know what I hate, though, for real? Assholes who want the government to "whack" people who are not breaking the law but merely mildly annoying to them.
Life Tip: You can "think" you're entitled to do whatever you want. Plenty of people live in dreamland. Actually acting upon it is where the whacking should start. If a guy wants to drive around in an old cop car and think he's something other than a washed up loser from a trailer park, that's his opinion. It's a free country. If he tries to tell me what to do, then we'll see who's right and who's wrong.
Plus, many hams aren't this kind of asshole and are valuable assets during times of emergency.
Yet another NSA troll infused USA 'legislation'.
If you could change the router firmware to your liking because it is your router,
then NSA trolls can't get into your machine.
With google making out they are helping by launching their own routers,
its clear where its all going.
Gagging orders and then commands to doctor the firmware and then sell it you because its good for u.
And should you change it, disseminate it etc, then NSA trolls would be discovered.
And so these routers would have to be certified against being used in any other way
than prescribed by NSA trolls, in any other country. In short the router firmware chip
will have be welded with a plasma torch to the PCB in case someone dared
to challenge US based NSA troll nation and run their own free software on their
own routers. Wow, think of how many people you could arrest for changing
firmware on the back of that illegal US legislation.
just paste, hit a key, then delete so that keystrokes are registered.
If it's actually a ban against modifying the firmware does that prohibit outright replacing the firmware altogether?
The comment period is actually open until sometime in October, but promptly entering your comments is more likely to be effective (call now before you forget). The FCC has responded to mass commenting before on the net neutrality issue - it's time to do it again before the FCC lays us all open to having wireless devices with massive security failures that we can't fix ourselves.
First thing I tried. Didn't work as expected.
Perhaps it's an example showing that DD-WRT does not do any enforcement of radio transmissions? I mean, DD-WRT will happily let you use illegal WiFi channels (e.g., 13, which is Japan only), so they want to enforce that hey, if your unit is sold in North America, it only uses 1-11 or whatever the complex mess is on the 5GHz band, and no matter what third-party firmware you install, that is the plan in force.
The problem being that DD-WRT and the like have been pretty much letting anyone use anything, which is what the FCC is going after.
I submitted a comment to the FCC outlining several significant security concerns regarding the proposed rule.
Based on 18 years of professional experience in network security, in both the private sector and government, the proposed rule causes significant concern for information security posture. There are three primary reasons. The legitimate goals of the FCC could be achieved in an alternate manner which does not cause the same widespread security vulnerabilities, by instead requiring that output power levels and any other critical parameters be limited to legal levels by a separate chip. This approach would be far superior to effectively banning proper security practice for the ENTIRE operating system and all utilities on the device, as the current proposal does.
1
The proposed rule which requires that manufacturers disallow firmware updates (other than signed manufacturer updates, typically provided for only a very short time), makes it much more difficult to prevent incidents such as the $45 million loss at TJX and the Target breach. In both cases, the victim companies were initially targeted because insecure wifi devices were in use. To reduce future occurrences of such breaches, it is imperative to be able to update devices which use wireless networking. Especially when a vulnerability such as Shellshock is discovered, it is imperative that risks be mitigated immediately.
Updates provided by the manufacturer may at first seem to be a possible solution, but are not actually a viable solution for two reasons. Manufacturers generally do not provide long-term updates, updates for devices more than about one-two years old. In many cases, no updates are offered at all to handle issues after the date of sale. It is not reasonable to anticipate that organizations and families will replace their network gear every year or two - firmware updates are needed, including for devices which are a few years old. Perhaps ESPECIALLY for devices which are a few years old.
Secondly, updates from the manufacturer are not a viable solution for more sensitive government and private organizations due to the response time required. In the first 24 hours after the release of Shellshock, thousands of systems were compromised. For many networks, it is critically important to mitigate the threat during this initial time frame. Manufacturer full updates were not available for several days to several months, as we first discussed the best long term solution and that solution propagated downstream from the authors, to the subsystem maintainers, distribution maintainers, OEM repackagers, and finally out to customers after testing at each level. In the meantime, temporary MITIGATIONS were performed on-site by network engineers and security contractors. These vital mitigations which protected sensitive networks in the interim would be illegal and prevented by manufacturer locks under the proposed rule. In simple terms, the proposal makes it illegal to manufacturer equipment which can be _quickly_ protected against new threats to our cyber security.
2
Another reason that the proposed rule is problematic is that the manufacturer default firmware, with all available features designed to be as easily accessible as possible, is not appropriate for any environment in which security is a concern. A central tenet of information security, and security in general, is that the attack surface should be as small as possible - services not needed for a particular installation should not be installed and enabled. The only software which definitely cannot be exploited is software which is not installed or not enabled. Therefore, the most secure firmware tends to be that with as many features _removed_ as possible, with only those items required for the current role installed.
Manufacturer firmware does the exact opposite, for ease-of-use by ordinary consumers. All services which might be of use to any customer are installed, enabled, and wide open for
You're wrong.
The parameters can be set by the bootloader and a digitally signed. There is no need to make 3 different chips for 3 different units. Just put the parameters in a payload with the target serial number then digitally sign it.
Then in secure code (either in ROM or loaded from flash by a ROM and checked before running) you load those parameters into the radio before proceeding.
This would add no cost (or trivial at best). All you need is an unchangeable unique ID. Everything else can be in the existing flash storage. It would add some complexity.
Why would a manufacturer do this? Because the FCC would mandate it.
You do not need a separate firmware for the radio, you design the radio so that these values become read-only after set. Then the entire driver can be modifiable (open source) it just can't modify that data.
This can be done relatively simply and for no additional cost. So no, the FCC wouldn't be banning open source, simply changing how the systems which use open source must work. And in a way that is really easy to roll out.
http://lkml.org/lkml/2005/8/20/95
I agree with your assessment, but shouldn't the FCC then be going after the radios, not the rest of the board? If the radio is licensed for channels 1-11, it shouldn't be capable of operating on channel 13 at all (also legal in the EU, btw). That would still allow us to flash the firmware without allowing the illegal operation you're talking about.
Essentially, installing DD-WRT should still not let you enable channel 13 in the US, but it should still be possible to install DD-WRT.
The main concern here is with the interference that 5Ghz devices can cause with Terminal Doppler Weather Radar. Your little wireless router can overwhelm a radar looking for radar weak echos from clouds and rain, making the radar useless. If the radar doesn't work, you might have a plane crash because of wind-shear that the radar couldn't see.
The FCC does not simply need to prohibit interference with TDRWs, they need to prevent the interference from occuring in the first place.
I read a lot of stuff here from people who can't stand the Government telling them they have to do something, or not so something. Normally I'm fine with that, but here's a case where the Government's concern is legit. If you have a better way to prevent TDWR interference (not simply prohibit it), I'm sure the FCC would be happy to hear the details from you.
Indeed. In my long comment I submitted to the FCC, I mentioned that their legitimate purpose could be implemented by a rule requiring a separate chip which limits power and frequency, rather than prohibiting important updates to the OS or utilities.
The FCC is getting ready to let the phone co's have a chunk of the spectrum I summarize.
None of the major manufacturers are happy about people installing third-party firmware on their hardware, or make it easy to do so. It is only possible because of dedicated developers and hobbyists spent countless hours painstakingly reverse-engineering the hardware. All these rules are likely to do is kill the pre-installed third-party-firmware market.
A physical switch would be fine. The USB key has some pros and cons.
Pros: another hurdle on the physical access of device, not just anyone can update it, you could use the key possibly on other devices (PC motherboard/parts, car firmware, etc.), you could make copies of it for people you trust, you could use a USB key with more security (encrypted with fingerprint lock)
Cons: more complicated, someone could steal/copy your key, you could lose your key
Fix the summary. This affects far more than just routers. From TFA:
This means not only routers, but also many phones, tablets, laptops, and any number of new devices that are wifi capable would now be required to implement a low level DRM system that prevents users from re-flashing or modifying the operating system and/or firmware on those devices.
If the radio is licensed for channels 1-11, it shouldn't be capable of operating on channel 13 at all (also legal in the EU, btw). That would still allow us to flash the firmware
You've just moved the problem one level along. The cost of manufacturing a different radio for each regulatory jurisdiction would be prohibitive, so the operational limits will be either set in firmware (in the radio) or, as is very common in amateur radio gear, through jumpers. Others have already pointed out that the right place to lock a router down is in the radio firmware, but what about routers where the radio function is part of the overall router firmware? I.e., the selection of channel is tested in the router firmware before it is passed on to the radio? That reduces costs because the radio firmware doesn't need to have a way of being flashed to different limits, only the main router software (which has to be flashable for updates anyway).
Funny how I posted this story 3 days ago and funny now I do not get credit. Same sources, just a little different opening statement.
Ya, fuck you slashdot editors, fucking wankers who get paid to lick each others balls.
Be seeing you...
It's just a geeky wish that we control the devices that we've bought.
But yes... this FCC rule is about taking away control. It looks like too many people have been modding their routers to do illegal things... use foreign frequencies in the USA, changing the broadcast power above what is allowed in the USA, etc. Instead of tracking people down and charging them, which would admittedly be a fool errand, they've proposed some drastic changes to stop the problem. These changes in my opinion do more harm then good and I will be contacting them and my reps. to try and stop this from happening.
The harder solution will be one that router makers will not like... make different routers for different countries. Or more specifically- one for the USA, and one for the rest of the world. The USA ones would be hardware fixed to the max broadcast power, and allowed frequencies for the USA.
This would only apply to one country anyway. The rest of us wouldn't be affected. Land of the free indeed.
This story and the hackaday story are confusing two different things. The U-NII rules have already been passed and adopted this summer. ' Seperately, there is a new proposal (a Notice of Proposd Rule Making) that the FCC published and is accepting comments on until October 9th. These proposed rules will effect all virtually all computers (laptops, phones, routers, etc) that have software that controls or sets certain parameters on wireless devices like wifi, bluetooth, etc. So for example, if your device could possibly modified so that it spoofs the region code information in the linux kernel so that it will cause the wifi chip to operate as though you were in Japan (and thus in ways not allowed in the US), the propsed rules by the FCC would require that the linux kernel be locked down such that the user can not install their own modifed versions of the kernel. Please join the mailing list and collaborate with us on preparing comments, doing research, and related work on the Save WiFi wiki. You can also email me (jgay AT fsf DOT org) if you don't feel like engaging publicly or if you have any questions.
With NSA hijacking shipments of routers and installing "special" firmware on them wouldn't it be smart of them to have a fellow agency make a law that would stop you from undoing all their hard work. The NSA didn't go to all the trouble of hijacking that truck so you could install clean firmware. I'm surprised this hasn't been brought up in the comments yet. http://yro.slashdot.org/story/... http://tech.slashdot.org/story...
The good/bad about these devices is that you can modify things, including the frequency range. This is potentially bad for non-radio people, but it is great for amateur hams who are legally allowed to do so in order to operate these devices on amateur frequencies.
Here is one such project: http://www.broadband-hamnet.org/
While the above project would still be legal for licensed amateur radio operators, the ability to find cheap hardware will evaporate should the FCC lock down the ability of companies to sell such "hackable" equipment.
Those aren't hams, those are nutcases.
Hams are licensed amateur radio operators and are generally very picky about following each FCC rule to the letter and practice the art of long-distance communications using gear running from batteries. When all of our wonderful communications systems fall apart (which happens), hams will (and do!) find a way to reach the outside world for everyone's benefit.
REAC is a group of baffoons trying to make themselves feel important, often with unlicensed CB radios illegally using linear amplifiers, and in my direct experience are an unsavory sort of folk who would be the last people I would accept help from, much less ask. I teach my daughter to stay away from them.
To conflate the two is brutally both disparaging toward hams, and far more respectful toward REAC than they could possibly deserve.
Kid-proof tablet..
"The vast majority of routers are manufactured as System on Chip devices, with the radio module and CPU integrated in a single package."
.. ref
Except the radio module is disabled as the FM radio stations lobbied against it. That's why you can't listen to FM stereo on your smartphone
Some certainly don't care for it.
On the other hand, the "wrt" in dd-wrt and openwrt refers to the WRT-54 line of routers from Linksys. It was the first one that had widely available third-party firmware.
When Linksys changed their internal architecture to use less expensive parts, they also starting selling a special modder version which retained dd-wrt compatible internals. So that's one example of _catering_ to people who choose open firmware.
On a related note in a different industry, Roomba did the same.
Surely this wasn't lobbied by money-grubbing control-freaks, was it?
> If repairs can be made via software update, the manufacturer may opt to update all affected machines remotely.
Not in my world. The manufacturer may send a representative with physical possession of the update to be installed and *I* will install it.
Under no circumstances whatsoever does an untrusted and untrustworthy third party get access to make changes to my computer equipment that is in my possession.
guaranteed this is to protect a NSA or planned NSA backdoor that is hardware based
a PC is an FCC Part 15 Device....
Sorry but your analogy is a huge fail and has absolutely no bearing on the article. We are happy you worked with netgear and the fcc. The fact a handmade from scratch router with kiddie script firmware was used nbgaf really. The only problem I see is this somehow becoming an indoor for attempting a "realid" scenario by fazing out available hardware that can be hacked at all. Similar to what the cable industry did with cable boxes. Used to you could hack a cable box and get every channel for free. Now try that and I bet you lose service. Shit, I've seen cable retards actually walk around the building looking for coax cables as if those fucks even ever install it correct to begin with, implying they would like every tv to have it's own bill attached.
I digress. This IS tantamount to an internet 'realid' by way of proxy literally. Fuck that shit.
google to the rescue...
google will no-doubt keep their routers updated so they can better spy on you.
"FCC IT systems will be upgraded and unavailable 6PM ET Sept 2 through 8AM ET Sept 8."
I was searching for the FCC PDF that specifically calls out of dd-wrt, but I can't find it because the FCC site is in maintenance. Is there another way to get it?
Coincidentally, the maintenance window ends the very same date that the comment and feedback period closes. If I were conspiratorially minded, I'd be very suspicious of the timing.
Many vendors will test and get their products approved at a very low output power. That is all they are legally allowed to output. When power limits are raised years later, it does NOT apply to the previous devices, only new ones (or retested and recertified with new FCC ID and label). There is so much illegal/inappropriate test reports submitted to the FCC. There is collusion between the test labs and the companies because they charge big bucks to do this testing. I've seen WAY more fudged FCC test reports than actual good and properly done ones. For years, our company did the testing properly at "worst case" scenarios, and other companies did not, allowing them to pass at much higher limits. For example, the maximum length of cat5 should be used where others might use 6ft. The difference is huge on the emissions and requiring chokes or filters or not, adding cost and manufacturing complexity. Or they'll use the chipset calibration tool to transmit the wifi frames and have zero Ethernet traffic altogether! Most common, they'll not operate the calibration tool properly, and when using multiple chains, the power per chain will get reduced by 3dBm, but in the final product/firmware, they won't reduce both chains by 3dBm and so will be transmitting double the legally approved power for that radio. The athxk drivers and the Atheros/Qualcomm drivers did not agree on how power per chain is handled. Output max per chain, or reduce power per chain depending on how many chains were active? Then bugs that occur when mixing different modulations and chains and clients, etc.
So they'll limit power during the tests to pass them, but then they'll ship the product with much higher power. I looked at a product today that was certified for 23dBm of power. These are significant jumps. Some companies will produce the reference design, that Atheros proved with 16dBi power, and yet their product will get certified for 23dBm, with no change in PA's or other radio circuitry. They just hid the harmonics or used CTL's to reduce power. Lots of products would get tested for 10-12dBm power on channels 1 and 11, and output 23dBm on channel 6. But the CTL's wouldn't be there in the final product.
Many radios are made for the whole band. Many have very high output power limits in the calibration data (stored in the eeprom) and then limited by the firmware. This allows them to ship the same radio around the world, and apply legal limits by Country. There is a product that programs 28dBm into the indoor band where it was 20dBm EIRP for years. They advertise the product as 28dBm, despite it never legally being able to be set. Its only 24dBm in the usable 5.8GHz band.
I really don't know how the linux guys and the regdb guys are allowed to just use the limits for their country and not the limit of the approved power. I guess because the vendors lied and wrote to the FCC saying that its locked down and impossible to change power, but again, LIES.
For years, to get higher power radios to pass calibration (because they didn't bother to investigate and fix the calibration tool), an offset would be programmed into the calibration losses so that when it thinks its outputting 20dBm, it's actually outputting 26 or 30dBm (many laptops/drivers had hardcoded power caps of 20dBm). Ubiquity was very, very bad for that early on and none of their bare mPCI cards should have ever been allowed to be used in computers and embedded radios (modular approval), as changing pigtail or antenna required new testing, which no end user can afford to do. In the more recent years, Ubiquity's test reports have been better than the other vendors I refer to (testing all the offered bandwidths, all the band edge cases), but the gripe with Ubiquity is that their actual transmit power of a shipped device is more than likely much less than advertised. My testing showed 3-4dBm consistently, to as bad as 9dBm on transmit power. On receive, RSSI accuracy was off by 13dBm in a few cases (small test sample bought from official distributor). I always b
I noticed when I put in my comments that the deadline has been extended by about a month, but still, I put a comment in before the FCC took their system down for a WEEK for a software upgrade. That in itself ought to be an indication of how wrong-headed this regulation is - even the FCC can't write software that doesn't fail and require modification in the field. This regulation will effectively freeze development of wireless routers and other wireless devices that are key to Internet security and ensure that these devices are full of unfixable software defects that when discovered, make these products immediately and irreversably worthless. Not that any of these routers and devices are actually unfixable or irreversably damaged, but they are effectively so, because manufacturers often take no obligation to repair broken software in products that have expired warranties. Unfortunately, it's the nature of these software defects that the entire manufactured base of product become 100% defective all at once upon the discovery of a critical software security defect - that's world's away from the kind of random, slowly developing defects that result in poorly manufactured hardware. For example, all of my twenty or so personally owned routers would have needed to have been thrown away and replaced when "Heartbleed" was uncovered, and again when "Shellshock" was uncovered, except that they were all running open software for which fixes were provided by the open source community. If I had to rely on the kindness of profit-seeking router manufacturers, they'd all be in the garbage bin, so that I could "shell-out" for new routers. Others have written that millions of devices will never be fixed because of effectively abandoned support of these devices: http://www.technologyreview.co... ..or have exposed long-standing vulnerabilties left unfixed: https://www.mocana.com/blog/20...
This one-week downtime is unfortunate, because the news may be forgotten by this community by the time the FCC restores the ability to provide comments online. Someone needs to ping slashdot back in a week when the FCC restores service, or else this ill-considered proposal may become part of established regulation.
I want to see the PDF calling out dd-wrt, but the FCC site is suddenly down for maintenance (coincidentally until Sept 8). Did anyone get a copy of it before they took things offline?
I think point 3 is EXACTLY why they would want to squash it. After all, the FCC is not immune to regulatory capture
The problem being that DD-WRT and the like have been pretty much letting anyone use anything
The question that you should be asking at this point is: how many real-world issues has it created?
Great link, but you have the bad guys backwards. It's the mobile industry that wants to keep FM inoperable (as it competes with revenue-generating data plans), and the National Association of Broadcasters (along with FEMA and some state actors) who want the FM tuners turned on--any extra ears listening to FM mean extra ad revenue for NAB members.
Nothing posted to
Thank you, I'm glad to see tech experts like yourself taking time to make the world work better!
I would just want to add the fact that many commercial routers/firewalls comes with UPnP enabled - a "nice" little security hole allowing any "compromised" device on the inside to open up the firewall unknowingly to the user.
The maximum emitted power of an RF device can be constrained in hardware so that maximum power can't be exceeded.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
I'm not much for people who think wifi is dangerous, but unless this 1kw antenna was on top of a tall mast to keep the square law strong, that's a lot of energy.
When the license plate on the car is their ham radio callsign, they are hams.
There are three of them in the neighborhood that I work in. I think one of them took it too far, he had gone to the extent of putting large "EMERGENCY Call 911" decals on his quarter panels behind the wheel wells, a few weeks later the seal on the door, the REACT TEAM marking, the lightbar, and the EMERGENCY Call 911 logos were all removed, and "UMBRELLA CORPORATION" had replaced them, painted on the quarter panels between the tail lights and the rear door. The callsign license plate is still on the car.
I don't see that many obvious CB installations around here anymore. Most are on heavy trucks, some are on obviously offroad-used SUVs and light trucks, but never on cars or vans or crossovers. I see non-crown-vic cars with ham radio rigs, obvious because of the number of antennas for different frequencies, and usually with a callsign plate or window decal, or occasionally a simplex frequency decal, and I see a decent number of minivans and trucks with rigs, usually using the roof of the minivan as a ground-plane or a headache rack on a pickup as a mounting point, and occasionally on SUVs too. Probably more ham radio setups than CB.
I only have a tech-no-code license, and I'm only at that point because I didn't feel like learning Morse code. Now that one can go much higher with license class without code though, I suspect that a lot of people that would have been CB users that want to feel like they have some kind of authority have gone the ham route now that it's much easier without the Morse code requirement. It also seems to be quickly becoming a bastion of alternative "news" like infowars and other questionable outlets, which I find ironic given that there is a government licensing requirement in the first place, and that all transmissions are to be unencrypted and listenable to all.
Do not look into laser with remaining eye.
There's a lot I don't know about all of this, but so many different manufacturers had pissed me off due to one problem or another, that I finally bought a Buffalo router.
One thing that relates to this discussion is that the router came with two sets of firmware - Buffalo's and dd-wrt along with instructions for switching from one to the other. Problem solved.
From the fine manual:
1.1. Welcome
This AirStation wireless router comes with two different firmware
packages. You may use either the dd-wrt-based Professional firmware or
the simple User-friendly firmware. By default, the Professional
firmware is preinstalled for US/EU products, and the User-friendly
firmware is preinstalled for Asia-Pacific products.
It sure was. The pin was vaporized.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
We had something like this announced by our current tool Mr Cameron our glorious leader and what in fact he meant to say was were actually going to make it legal for our security services to hack your CPE so decryption won't actually be needed of Winston's thoughts.
The thing is our lot just phrase it better, we have a civil service aka The Ministry of Cunning plans.
Over time this Ministry have quietly introduced laws to make any form of public protest actually illegal. That's two or more people in a public place can be arrested. You need permission from the local Chief Constable to protest in public place...
We wish you luck with your current farm management issues.
The UK