Slashdot Mirror
ESR On Why the FCC Shouldn't Lock Down Device Firmware (ibiblio.org)
An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."
If they're going to mandate locking down, lock down the WiFi radio, as that's the part that uses the radio waves. The WiFi radio can be a "black box" with it own firmware, much like on cellular phones, where the cellular radio is a similar black box.
This keeps the FCC happy, because people won't be able to violate FCC rules, and it keeps users happy because they can keep running custom software. The WiFi firmware isn't typically something you want to mess with anyway.
Dave Taht (best known for "bufferbloat") is working on one, as are others.
To make your own comment, go to https://libreplanet.org/wiki/S...
davecb@spamcop.net
Assuming that the routers require signed firmware images (or will in the near future), the law should require that everything needed to load new images into the router by the user should be made available (including any signing keys). Of course there should be safeguards in place to prevent malefactors from using the same information...maybe physical presence should be required for firmware re-loads?
In the same way that modern man is a 'copy' of Mr and Mrs Neanderthal's happy child: we've come a long way since then.
Time for bed, said Zebedee - boing
So.
So it's no longer a copy - it's a distant reation, much evolved.
Time for bed, said Zebedee - boing
Any computer with a WiFi card can become a "router" and have the ability to exceed FCC power requirements. Furthermore, the violations of FCC policy possible with standard router hardware are pretty limited and innocuous, no matter what you do with the firmware; I can't imagine that they have ever even detected this in the wild.
Anybody who seriously wants to boost power will just stick a hardware amplifier on their router. A 2W amplifier will cost you about $25, and an 8W amplifier about $60.
Look folks.. these things are something that sells retail for $50 in an *extremely* cost competitive market. The bill of materials is probably $10. Most of the design cost was long since recouped, and the new versions are just respins with fewer parts with higher integration.
Adding a chip, or even a jumper, would be prohibitively expensive in terms of losing the market share.
And it's going to get worse, because they way they get lower cost (driving to IoT models) is by increasing the level of integration. The fewer parts, the cheaper the manufacturing cost. If they could do it with one chip, they would.
This isn't like a $500 iPhone with a BoM cost of $200, where adding a $5 chip (chip+board realestate+test time+pick and place time) is a viable strategy.
Exactly. Similarly, Windows is simply a rip-off of CP/M.
The problem seems to be that some few airport weather radars are interfered with by existing home routers on the same frequency. They supposedly fail to detect the channel is busy doing safety-critical radar stuff, and sit there creating interference.
However, we can't confirm that. We don't know the brand of router, the specific frequency in question, the number of airports that have the radars or the prevalence of the problem: we just got a proposed mandate that the vendor “describe in detail how the device is protected from flashing and the installation of third-party firmware such as DD-WRT.”
davecb@spamcop.net
Give them the choice; perpetual security updates or open source. You want to keep your stuff closed source, you make sure it stays secure. You don't want to maintain it indefinitely, you open source it. You're welcome to migrate between those options at your convenience, but those are the only acceptable states.
Won't happen, of course, but it's got better odds than "force everyone to open source".
Log in or piss off.
I want to know who is really lobbying for this and why. I suspect the cell phone carriers who, desparetely clinging to their cell data plan cash cows, are trying to make sure wifi falls into line when their next generation of 'G' comes out and stomps all over it. Wifi access is becoming more and more widespread, to the point I think the carriers are worried about its (mostly free) usage as an alternative to (wildly overpriced) cellular data causing people to abandon cellular companies outright in favor of wifi-only devices. I live in a rural area in the middle of all the green on a map of Pennsylvania and the only place I don't have some sort of wifi coverage is during my 20 mile commute to work.
Assuming no changes were made to the FCC's rules, and if a router manufacturer were to do this.... that is, they lock down the radio portion of their router so it can't possibly be modified by the end user, but still leave the firmware of their router otherwise ordinarily modifiable as it is currently, would the manufacturer still be in violation of the current rule proposal?
File under 'M' for 'Manic ranting'
This fuss is over milliwatts?
If that is the actual truth we need some creative types who know the dynamics involved to reach an equitable compromise and no one party gives up everything.
Otherwise call the fuckers on their BS.
When they outlaw X, only criminals (and government agencies) will have X.
This issue is a bit more complicated than you think.
It is not a copy; it is a reimplementation.
Il n'y a pas de Planet B.
I would like to learn more, what is a starting point for someone who has flashed multiple routers with open firmware, has opened up other devices and has soldering experience, but has never opened a router/other radio device. It would be much appreciated! Meanwhile I will Google, but anything from someone experienced would be great. Thanks.
So based on a few vague comments, I managed to track down what the issue is since neither this nor the previous /. article nor the sites opposed to it (who seem to want to portray it as a Big Evil Government conspiracy to take away your freedom) delve into it.
Several airports use Terminal Doppler Weather Radar for high-resolution maps of storms, rainfall, and most importantly (for airports) microbursts. TDWR operates at frequencies from 5.60 - 5.64 GHz. That's smack dab in the middle of the 5 GHz band used by 802.11a, n, and ac. You'll notice use of those specific frequencies (channels 120, 124, 128) are prohibited in the U.S. and Canada for this reason.
Based on that, it sounds like the issue is that you can buy a 5 GHz device off the shelf, then hack the firmware to re-enable those frequencies. And the FCC is proposing this action because people have been doing exactly that and the FCC has received reports from the airports of such interference on those frequencies.
d7d1 4d57 5439 596c
3471 c3b8 52d3 5e69
f7bc 804d e0c8 71a0
1c2d 6658 95f4 99bd
0e3f 4d8a 2a04 e5bc
9cbb f05e 4b8d 4410
8794 2075 29d0 283c
5a37 1a30 8c69 b4f2
There are a few sites people need to read:
Explains the problem in detail and why you need to care with accurate information:
http://prpl.works/2015/09/21/yes-the-fcc-might-ban-your-operating-system/
The main coalition to stop the proposed rules (and get rules already passed repealed):
http://www.savewifi.org/
The Electronic Frontier Foundation (part of the Save Wifi coalition) site making it easy to send in comment against the proposed rules:
http://www.dearfcc.org/
October 9th is the last day to send in comments during the FCC's open comment period for the proposed rule changes.
Have gnu, will travel.
Two reasons:
One, the open-source community will find a way to work around it anyway.
Two, it'll be about as effective against criminal or terrorist hacking as the lock on a sliding glass door is at keeping out burglars: It'll deter the casual criminal, but it won't even slow down the professionals.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
of requiring firmware to be modifiable by external developers. Firmware isn't software. With software we have to jump through a lot of hoops to make sure that the programmer can't do any physical damage and that he or she has a relatively clean and sane way to program the machine. Firmware is much lower level and it's where we hide all sorts of nasty stuff. In many cases it is virtually impossible to write the firmware if you aren't sitting next to the guy who designed the hardware (sometimes it's the same guy). In some cases you can cause physical damage to the device or to people. Engineering teams have careful validation methodologies for firmware--random hackers are the amongst the least careful people on the planet.
It's better to put any compliance burden (FCC, security, etc.) squarely on the manufacturer and let them use signed binary blobs.
Wifi power abuse isn't an actual problem anywhere in the world, not even in the FCC's jurisdiction. You need to look beyond the words issued for public consumption and examine who would benefit from this legislation to understand what it going on here.
Who would benefit from non-replaceable firmware containing a weakness or a backdoor in every commodity router throughout the US and in every other US-friendly country? It would provide universal Internet surveillance hardware paid for by the taxpayers themselves. It would also be completely outside of voter control since neither the general public nor politicians care one iota about "wifi power abuse" --- the perfect excuse.
The FCC has a perfectly valid reason to want to 'lock down' the radio portion of wireless routers/APs, just as they did when they blocked scanners from picking up cellphone calls or linear amps from being used on CB channels.
The issue isn't what the FCC wants locked down, the issue is the manufacturers that choose to make the radio AND the computer firmware user-modifiable. The thing that has spurred innovation and creativity was the ability to load alternate software on the router/APs, NOT the ability to over-drive the radio portion and create RFI and other problems.
ESR should be going after manufacturers, not the gov't.
Ken
Engineer here.
Chip: yes (adding to assembly complexity typically incurs additional manufacturing costs, reliability costs, and inventory costs), jumper: not necessarily.
This is where the jumper comes in, more or less for free. This is because a "jumper" can be nothing but a trace on the board that can be cut (closed jumper), or conversely (open jumper), a couple extra through-holes in the PCB where a wire or a pin rack can be soldered in later. Which doesn't have to come WITH a pin rack, nor, really, does it have to have pins at all, although that tends to imply a bit more commitment about adding the jumper, especially on modern PCBs. And if this a logic input to an SOC, it makes no difference if you choose open or closed -- the software can see it as true or false in either physical state with no penalty at all.
The only question is, at the time of "increasing the level of integration", will they have an input available on the SOC (or wherever) that can read the state of the jumper and respond accordingly?
That's harder to say, but it is probably safe to say that if the SOC has been respun for any reason, odds are excellent that this can also be added for an extremely low, one-time cost. This is because as integration climbs, more is inside the chip as opposed to outside it, and so pins that were in use can be repurposed, presuming more-or-less the same SOC/pinout configuration, which is also a somewhat reasonable assumption if we are actually talking about "lower cost (driving to IoT models) ... by increasing the level of integration."
In any case, it's definitely not a given that a jumper is a high-cost change when implemented as part of a re-design that's happening anyway.
I've fallen off your lawn, and I can't get up.
Should I be allowed to modify[1] my (not even a VW!) car to increase my mileage/horsepower at the expense of polluting the air?
In fact, given the sorry state of automotive security shouldn't we require automtive firmware engineers to build a reliable code-integrity protection as a condition for meeting their emissions standards?
[1] No object to read-only access, excepting of course that the code is so awful that you'll surely find a security vulnerability leading to an exploit and then we are back to modification. That's hardly a reason not to allow read-only source access, only an observation on the fact that no one wrote this code for security.
Because people who break the law will suddenly follow the law?
You are just putting a roadblock in the way. They *will* find a way around it. This is part of the 'fun' for them.
Take for example firefox's recent brain dead change of newtab. Somehow the feature they had was being abused. So they removed it. Then put in a different API for the feature. Sure hackers will not use an API. wtf...
All you are doing is inconveniencing me because of your thoughtless process and not actually doing what you want.
Those firmware hackers are the ones who make or break your sales (I am looking at you netgear). I have dozens of old routers that are no good because they have flaky drivers. Guess what they will *never* be patched, ever by the company. But ASUS on the other hand has a dude who is really into their hardware and is cranking useful firmware after useful firmware for them.
The idea here is to 'lock out hackers'. But it doesnt really do that does it? Hell I can BUY the damn modules in bulk from alibaba. Just like the router companies do. I can then do whatever I like. What is this stopping? Other than pissing me off?
That remark is disingenuous tripe.
The heartbleed bug demonstrates exactly why router code should be modifyable. The word "prevention" doesn't address the problem. Heartbleed demonstrates that after-the-fact remediation can help -- a lot. The argument here is essentially that (a) bugs and vulnerabilities happen / turn up, and that when they do, those with the skills (the dd-wrt project is a fine example for this particular instance) can go after it, and that's a good thing.
I've fallen off your lawn, and I can't get up.
but it's not software in any sense of the understanding of the vast majority of software engineers that read slashdot--specifically because they've been sheltered from extremely low-level hardware details by various layers of firmware for their entire lives.
x86 micro-code can be changed via flash, as can the low-level software that controls your microwaves, does that need to be programmable by random C++ hackers?
Unix has evolved too. Stop thinking your pet OS is a unique little snowflake.
If the vendor refuses to fix it, then find a different vendor. A vendor could choose to make their router software modifiable by third parties (presumably at extra expense & liability) and if that is a valuable capability then presumably customers will be willing to pay for it.
We don't allow people to rewrite the low-level software in their microwave, I don't know why we'd allow it for something like a router.
If they've made any modifications to the kernel (for example) then they should make that source available--but they aren't required to give you a way to re-compile that source and load it onto the hardware. And they are perfectly free to use binary blobs for the low-level bits that talk to the hardware, there's no GPL violation there--that's a proprietary executable that runs on top of the kernel.
You'll never get perpetual security updates. Even the FOSS community will abandon you eventually (likely via an ever-decreasing number of updates, with the release intervals stretching out into spans of years). The good news is that perpetual isn't necessary.
Also, the FOSS angle is diversionary and unhelpful. You aren't going to get rid of proprietary firmware and you shouldn't try. Otherwise you wind up telling private entities what their business model should be and how the technology needs to be arranged. While FOSS can be part of the solution it must be an optional part of the solution.
No, all you want to mandate is that these devices be upgradeable, and possibly that the OEM be responsible for upgrades for a set number of years. Then leave it to them exactly how they do that. Anything further is overreach and will have undesirable side-effects.
No access point on this planet has the potential to actually cause any meaningful interference with anything by a simple change in its firmware. Either you have to tinker with the hardware, attach some serious antennas or otherwise boost its rather mediocre power, but nothing you could do to its software alone could possibly create the alleged interference causing device the FCC seems to fear.
Actually, to create such a thing, all I have to do is modifying the hardware. Something that locking down the software will not even remotely address.
So, spill it. What's the deal? You're lying, FCC. What's the real reason?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Linux was a bad example.
Most of these routers with vulnerabilities run Linux
Is that in the mind of most Gov't policy makers, an open source "volunteer"=black hat hacker, and is not to be trusted for anything.
1) It will make them a laughing stock to be mocked. 2) It will make the agency less relevant than it already is. All this pre-crime mentality bullshit needs to stop now. Manufacturers have always needed the freedom to change firmware without spending $10k and waiting months for a response. Taking these rules too far will not serve anyone well.
No, windows is a copy of Mac OS which copied Lisa os which was stolen from Xerox
MS-DOS is a copy of CP/M which was a copy of a DEC os
There are two possibilities:
The point is, either the functionality is fixed for the life of the item, or it should be modifiable (i.e., repairable) by the owner. There is no middle ground. Having it modifiable by "somebody" but not the owner is nothing but a recipe for malicious tampering.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The last time I checked 900 MHz, 2.4 GHz, and 5 GHz was open to the general public. Why is the FCC even trying to dictate what we can do on these bands?
There are very good reasons to make devices for which the firmware is changeable after manufacturing but only by the manufacturer. The manufacturer does a little bit of encryption and signs the binary blob with their secret key and the hardware refuses to run un-signed binaries (pretty much exactly what people are complaining about here with routers). Sure it can be defeated by people with a lot of time on their hands, but you can also re-write your mask ROM with enough effort.
Software people have an incredibly naive understanding of how the world works. It would be funny if it wasn't so scary.
It leads to the simplest and cheapest hardware, the easiest-to-support software stack (no dealing with customers running third-party firmware) and it meets the FCC requirements. It annoys people who want others to subsidize their desire to fiddle with commodity hardware, but that doesn't really matter because statistically those people don't exist.
The "correct response" is for the hacker community to build their own hackable hardware or pay extra to some company that supplies hackable hardware.
but I'm not entitled to one. If the market isn't giving you what you want then you either offer more money or make it yourself, but no one is required to make the product you want for the price you want.
The hacker community wants companies to incur extra expense to make hackable hardware and then pass that cost onto the vast majority of customers who have no interest in hacking their hardware. The market's answer is, "Nope".
Nope. Windows, in the command-line interface, uses backslashes for directory delimiters, and slashes for command-line arguments to commands like COPY, and filenames limited to 8 characters plus a 3-char extension. This is taken directly from CP/M.
Modern-day Linux has about as much similarity with UNIX of the 1970s.
It's not complicated, it's how every industry has ever worked in the history of mankind ever. You just want some special exception where the government forces companies to give you hackable hardware all subsidized by the vast majority of customers who will never hack their hardware.
is beyond the capability of 99.999% of all customers. If that's the standard then you just proved my point for me.
There's no way to 100% block a sufficiently motivated and skilled individual--and you don't need to. We do some due diligence to make it hard for the vast majority of people to modify the software and we call it a day. Your definition of "physically can't" is based on your personal level of skill and motivation and you are [naively] assuming that pretty much everyone on Earth is the same as you.
There are lots of good reasons to prevent the user from modifying their hardware: protecting the user's physical safety (and thus limiting liability of the manufacturer), hiding trade secrets, reducing support overhead, etc. It works like this in every industry--the computer industry doesn't get a free pass just because there's a tiny minority of entitled petulant hackers who think they should allowed to reprogram everything with a microprocessor.
Sounds like you are an expert in hardware design and you have a deep intuitive understanding of the economics of that industry. You'll be able to sell your hackable routers for pennies more per unit than the existing companies--and people will be willing to pay that because you are giving them such a valuable feature (the ability to modify the firmware).
Why are you wasting your time with me? Get to work!
And, by the way, on what planet can you purchase a separate processor with its own flash chip for "pennies"?--even in large quantities that is absurd. You are talking a couple dollars per unit.
The problem is the vendors who lie to the FCC and say they have it locked down in hardware, when they really don't. Sometimes do that changes can be made via software updates, other times because they needed low limits for certification but higher values for marketing.
They want to design the hardware once, and sell it around the world. The problem is, there are power limits and frequency differences in many regions. During radio calibration in the factory, the calibrated frequency range and power limits are set. Technically, they should only be set with the values officially certified by FCC, however, many allow for full 5.1-5.9GHz and rely on the software to provide the channel lists for specific countries. Then there are incorrect and out of date power limits for different countries in these lists, or don't abide by valid/invalid periods when rules change, etc. Looking at the wireless regdb mailing list, it blows me away that people can willy nilly change frequency of allowed bands for products not certified. Products only certified for certain bands getting access to the full band, etc. Products certified for indoor 5GHz only get outdoor and higher power limits through a regdb list update? That's not legal...
I strongly agree that the FCC should not ban aftermarket firmware and I am involved (albeit in a minor capacity) in OpenWRT development. However, I don't buy ESR's argument about why. He states that "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications," and his argument revolves entirely around us needing the ability to fix the situation. Unfortunately, we do have the ability to fix the situation today, with loads of flashable routers out there and many choices for quality after-market firmware, but we're not actually doing it at any meaningful scale. Even among routers that can run a superior after-market firmware, only a tiny fraction actually are. Of the ones that are, even fewer are regularly updated to address security concerns. If we're not solving the problem today when we do have the capability, how are we made weaker if the capability is taken away from us?