Slashdot Mirror

← Back to Stories (view on slashdot.org)

High-Security, Open-Source Router is a Hit on Indiegogo (Video)

Posted by Roblimo on from the everything-but-an-open-source-kitchen-sink dept.

The device is called the Turris Omnia, and its Indiegogo page says it's a "hi-performance & open-source router." Their fundraising goal is $100,000. So far, 1,191 backers have pledged $248,446 (as of the moment this was typed), with 49 days left to go. They've shipped 2,000 pieces so far but, says interviewee Ondej Filip, "95% of them are in the Czech Republic."

This is not only an open-source project, but non-profit as well. A big motive for it is heightened security, as the interview (and transcript) make clear. It's also apparent that the hardware here is overkill for a router; it can run a complete Linux distro, no problem, so it can function as a server, not just as a router. Interested? You might want to put a reservation in soon. This isn't the cheapest router (or even server) out there, but a lot of people obviously think a Turris Omnia, with its crypto security, automatic updates, and server functions would be nice to have.

112 comments

  1. High security? by Anonymous Coward · · Score: 0

    Did y'all just make that up? It doesn't say it on the page just that the default config is "secure" with no mention of what that means. Maybe it's in the video? A router with powerful hardware sounds great but the extra features don't scream "security" to me with built in servers and smartphone app administration.

    1. Re:High security? by Immerman · · Score: 1

      You parallel my own thoughts. There have been a large number of "secure" router projects funded on indiegogo and kickstarter, but most (all?) proved to be laughably bad in that regard under competent close examination.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
    2. Re:High security? by meadow · · Score: 0

      Does it have a DSL modem?

    3. Re:High security? by GlennWaller1963 · · Score: 0

      No, it's has no modem capability.

  2. Meh by Anonymous Coward · · Score: 0

    10W is quite a bit for an idling home router, no 802.11ac, no SFP for fiber connections. I'll stay with Mikrotik RB2011.

    1. Re:Meh by Anonymous Coward · · Score: 0

      I know words are hard, but really? It's got an SFP and 802.11ac. Dumbass.

    2. Re:Meh by Anonymous Coward · · Score: 0

      >Mikrotik RB2011

      A router so good, they can't label the port numbers right?

    3. Re:Meh by Anonymous Coward · · Score: 0

      I think it has a niche as a router appliance with server capability, so if someone wants an appliance that can have a lot of features tacked onto it, this would probably be idea.

      However, it is entering into a field with many other routers, firewalls, and appliances. The OS may be quite stable on this device, but it still will have to go through growing pains and bugs.

      This is just me, but I prefer having the router/firewall as thin as possible, such as a PFSense device, which needs a fraction of the CPU/RAM/disk space, but provides a decent platform, and can have additional software installed (Snort, VPNs, proxies, Squid, etc.) if needed.

    4. Re:Meh by Anonymous Coward · · Score: 0

      Sure, just manage using your "encrypted" proprietary Winbox connection or manage it using SSH which has only just started supporting keys over 1024 bit and don't even get me started on the web server (let's serve a page with JS which speaks the same crappy proprietary protocol). Top of the line security there. Try fuzzing your Mikrotik router and watch it implode... and don't get me started on the shitty "Let's just piggy back a switch with a gigabit link to the router and call the whole thing a router, who cares about bottlenecks" design for all their low-cost high-port count offerings.

      You use Mikrotik when you need the cheapest bit of kit available that has support for enterprise protocols but using it for it's security credentials is a joke. Also, RIP The Dude.

    5. Re:Meh by Anonymous Coward · · Score: 0

      Also, RIP The Dude.

      What are you talking about?

    6. Re:Meh by 3.5+stripes · · Score: 1

      The Dude is a bit of proprietary Mikrotik software.. IIRC for router management and discovery?

      --


      He tried to kill me with a forklift!
  3. It comes with an integrated face system. by Anonymous Coward · · Score: 0

    The router comes with an integrated face system for routing networks with ease.

  4. automatic updates ... lifetime of the device by Anonymous Coward · · Score: 1

    Or the company whichever goes up (or just fucks off for something better to do) in smoke first.

    1. Re:automatic updates ... lifetime of the device by davecb · · Score: 5, Informative

      The supplier is CZ.NIC, a non-profit organization that runs the .CZ top level domain of the Czech Republic. This is their second Turris, and they probably will be around for day or two.

      --
      davecb@spamcop.net
    2. Re:automatic updates ... lifetime of the device by dsmatthews9379 · · Score: 2

      It is an open system, in the case of the company going under there is nothing to stop a group of users continuing to support each other. I think that the design is very well thought out, if you can trust them with that level of access to your "digital front door", but even that is partly addressed with the containers idea.

    3. Re:automatic updates ... lifetime of the device by Anonymous Coward · · Score: 0

      It is an open system, in the case of the company going under there is nothing to stop a group of users continuing to support each other.

      Except in practice that doesn't happen.

    4. Re:automatic updates ... lifetime of the device by Anonymous Coward · · Score: 0

      Exactly!

    5. Re:automatic updates ... lifetime of the device by Anonymous Coward · · Score: 0

      It is an open system, in the case of the company going under there is nothing to stop a group of users continuing to support each other.

      Sure. But I can do that with a $50 router and don't need to spend $200 to get that.

      Don't get me wrong. I like what they are doing and I like that it's all open source -- which mitigates my (admittedly only slight) doubts about "lifetime of the device), but I just tend never to put much stock into "lifetime updates" claims.

    6. Re:automatic updates ... lifetime of the device by KGIII · · Score: 3, Informative

      Err... I just ran HTOP a minute ago to see what was spiking a CPU core. I snapped a screen shot with Shutter just to make a record of it. I stored it on an ext4 formatted disk drive. I used inxi -Fxz to check some specs a little while before that. Slurm is giving me a nice display of my network activity. Leafpad is open with my notes. Terminator stands idle awaiting my commend.

      Nope, you're right, in practice that doesn't happen. None of that open source code is ever maintained and nobody ever puts any work into helping the community. Those old hacked wifi drivers that didn't initially work? Those were written by underpants gnomes or magic - I don't know which. They keep updating those realtek drivers to work with the newer versions and that hardware is still useful. Hell, I just clone git and use a little make magic and I'm good to go. But no, you're right! It never, ever, happens.

      --
      "So long and thanks for all the fish."
    7. Re:automatic updates ... lifetime of the device by Anonymous Coward · · Score: 0

      None of what you wrote has anything whatsoever to do with an open source consumer electronics device being abandoned by its vendor and then maintained by "the community". But that is obvious, you already know that.

    8. Re:automatic updates ... lifetime of the device by Anonymous Coward · · Score: 0

      nobody is saying there are no open source projects or that there is no open source software that gets maintained but what open source products have been supported by the community when the company went under? very very few, if any.

  5. IPv6 support by unixisc · · Score: 1

    Is this router based on Linux, or one of the BSDs? How good is its IPv6 support, and does it have any IPv6 specific security features, such as not automatically assigning IP addresses to anything that may just be loitering about in the vicinity of the network?

    What exactly is the hardware that this router is based on? Maybe it's not the cheapest, but I'd like to get an idea about whether the firepower of this router is worth it.

    1. Re:IPv6 support by Anonymous Coward · · Score: 0

      Did you actually go read the offer at https://www.indiegogo.com/projects/turris-omnia-hi-performance-open-source-router#/ or do you want us all to do that and just answer your questions, because your time is more valuable than ours?

    2. Re:IPv6 support by aitikin · · Score: 3, Informative

      Is this router based on Linux, or one of the BSDs?

      OpenWRT based per the project's site, which should answer a number of your question, albeit not all of them. I'm curious for more details as well.

      --
      "Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
    3. Re:IPv6 support by Anonymous Coward · · Score: 0

      Your questions are answered on the company's website. From your questions about IPv6, I think you'll need more knowledge of IPv6 and how it works to make sense of it.

    4. Re:IPv6 support by unixisc · · Score: 0

      No I didn't, I'll do that now. But you know about /. readers and RTFA ;-)

    5. Re:IPv6 support by Anonymous Coward · · Score: 0

      Seriously? Are you that reading-comprehension impaired? Did you actually read or did you just see one thing on the page and assume the rest?

      $250K is the fund raising goal for the whole project you fucking moron. Each router is U$189.

      I can't believe I am even taking the time to explain this to you.

      You really are quite IQ-impaired (i.e. mentally retarded) in which case, my apologies, or you really are just a lazy shit who can't even take a few minutes to read and answer his own questions.

    6. Re:IPv6 support by Anonymous Coward · · Score: 0

      Sorry, but you're a fucking idiot.

    7. Re:IPv6 support by Anonymous Coward · · Score: 0

      $250k is all of the money they have raised so far. The actual routers cost $189.

    8. Re:IPv6 support by dave420 · · Score: 1

      Reading's not your strong suit, is it? No wonder you believe the bizarre things you post on Slashdot. It all makes sense now.

    9. Re:IPv6 support by Bengie · · Score: 1

      The normal state of IPv6 is to never assign IP addresses. If you want network device security, lock down your Layer 1 and 2.

    10. Re:IPv6 support by unixisc · · Score: 1

      I overlooked it, since most places would boldly announce the price of their products, rather than how much money they've raised! That has nothing to do w/ my views on other topics

    11. Re:IPv6 support by unixisc · · Score: 1

      Of course, it's perfectly expected that when you see a $$$ figure highlighted in bold, it refers to the amount of money they have raised rather than the price of the product

    12. Re:IPv6 support by RockDoctor · · Score: 1

      IPv6 specific security features, such as not automatically assigning IP addresses to anything that may just be loitering about in the vicinity of the network?

      I didn't see any mention of this being a wireless router, so I'd expect the simples way of not having random devices connect to it would be to not plug a cable into the router.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
    13. Re:IPv6 support by Anonymous Coward · · Score: 0

      Except that's not what you did. You took that as the price of the router.

  6. High power? by Anonymous Coward · · Score: 0

    I have my doubts. High power dual core arm with PC like performance? So much power it's waste using it just as router and they suggest server?

  7. Waste of time and effort by LDAPMAN · · Score: 4, Insightful

    If you want a secure router just use pfsense.

    1. Re:Waste of time and effort by jofas · · Score: 1

      Agree. I also wonder what about this project makes it more attractive than picking up a $59 Asus router and throwing open-wrt on it.

    2. Re:Waste of time and effort by Anonymous Coward · · Score: 0

      you are soooo kewl!

    3. Re:Waste of time and effort by QuietLagoon · · Score: 1

      That motherboard might be nice if OpenBSD ran on it. :) It's almost worth looking into....

    4. Re:Waste of time and effort by kimvette · · Score: 1

      > Agree. I also wonder what about this project makes it more attractive than picking up a $59 Asus router and throwing open-wrt on it.

      wrt is still very limited. Want multiple WAN IPs? Command line. You may as well just run Linux on a cheap box from goodwill at that point.

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    5. Re: Waste of time and effort by RR · · Score: 1

      I also wonder what about this project makes it more attractive than picking up a $59 Asus router and throwing open-wrt on it.

      All the Asus routers I've looked at use Broadcom SoCs, which means closed source drivers and pathetic performance in OpenWRT. Also, for $59, you're not getting 802.11ac, plenty of RAM and storage for other tasks, or even enough processing power to route more than double digit Mbps (except maybe with hardware acceleration and no security).

      --
      Have a nice time.
    6. Re:Waste of time and effort by phantomfive · · Score: 1

      The purpose isn't security, the purpose is to have a multi-function router. It's a router, and a print server, and a (http?) server.

      By 'secure', they mean 'has automatic updates.' Which is cool, but it's kind of like bandaid security.

      --
      "First they came for the slanderers and i said nothing."
    7. Re:Waste of time and effort by dave420 · · Score: 1

      That's entirely not what they mean by security. Not even close. I suggest you read the project's description again, as you seem to have missed most of it.

    8. Re:Waste of time and effort by jofas · · Score: 1

      This Turris Omnia *is* based on openwrt. I'm guessing by their marketing material that they will not be overwhelming the router "enthusiast" with gui options for multiple WAN ips. "You may as well just run Linux on a cheap box from goodwill at that point." Yep.

    9. Re: Waste of time and effort by jofas · · Score: 1

      So you're buying a Turris Omnia, then?

    10. Re:Waste of time and effort by phantomfive · · Score: 1

      It has a hardware random number generator. Woohoo, so secure.
      It's still vulnerable to SSID spoofing.

      --
      "First they came for the slanderers and i said nothing."
    11. Re: Waste of time and effort by redpola · · Score: 1

      I'd be interested in helping with an OpenBSD port. I own a Turris device and mentioned porting OpenBSD to it when I picked it up. The response was eager and interested. If you search the OpenBSD mailing lists you can find an offer to provide Turris hardware for this purpose which is largely ignored by the obsd community...

  8. Data Collection? by Anonymous Coward · · Score: 0

    "In order to participate in the project, the user is required to commit to using the Turris router as the main internet gateway for his network for a specified period of time, and not to intervene in collection of data." NO THANKS

    1. Re:Data Collection? by naughtynaughty · · Score: 1

      Wrong product, that is for the Turris Project which uses a different box, not the Turris Omnia.

    2. Re:Data Collection? by Anonymous Coward · · Score: 0

      That's from the website in the first link.

    3. Re:Data Collection? by naughtynaughty · · Score: 1

      The website discusses two things, the Turris Omnia with a link to their Indiegogo page and the rest is about their Turris project which is something different. The Turris router is not the Turris Omnia.

  9. Only Time Will Tell by CastrTroy · · Score: 1

    High Security? Only time can tell. Until the router has been out in the wild for a bit and people have had a chance to look for vulnerabilities, it's impossible to say whether or not the router is actually secure. It's similar to the "Blackphone" which was touted for people who wanted a very secure phone. Once they released it, they found all sorts of security problems with it.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    1. Re:Only Time Will Tell by Anonymous Coward · · Score: 0

      High security doesn't have to mean 'no vulnerabilities.' I'd love an open-source option where the vulnerabilities that are found get promptly addressed and have constant eyes looking for more.

    2. Re:Only Time Will Tell by LDAPMAN · · Score: 1

      It's called pfsense...

  10. Sounds like a great idea by Anonymous Coward · · Score: 0

    To place an x86 or x64_86 compatible device running ANYTHING on your edge. Sounds like you're WANTING to get hacked...

    1. Re: Sounds like a great idea by Anonymous Coward · · Score: 0

      I run it on Sparc V9.

    2. Re:Sounds like a great idea by jofas · · Score: 1

      Cause arm is sooooo cutting-edge secure.

    3. Re:Sounds like a great idea by LDAPMAN · · Score: 2

      Why would you assume you can only run pfsense on x86? Besides, if you have a successful FreeBSD hack you could make yourself famous by sharing it now. What processor you run has very little impact on security.

      https://www.freebsd.org/platfo...

    4. Re:Sounds like a great idea by Anonymous Coward · · Score: 0

      ...Yes??? It is??? Duh. You did know they have software core ARM processors, right? You can run it on an FPGA. (You could audit all of the software core because it's open source.) After that, you have to move your paranoia level outside of the core microprocessor and to the FPGA or possibly the RAM. (Kind of hard to have those in a secure way without them also being open.)

    5. Re:Sounds like a great idea by Anonymous Coward · · Score: 0

      "What processor you run has very little impact on security."

      What the hell? Do you not know a processor is essentially a very large black box? Do you not get that? Anything can be hiding inside. Governments would NEVER NEVER NEVER tell you. They'd fight it to the death. It would be their LAST secret to be revealed. And also, the crazy part is - if they aren't currently inside chip fabs holding a gun to a critical engineer's head and saying "you'll put this back door in or else", they COULD do this at any point in the future and just catch you years later when you decide to upgrade!

    6. Re:Sounds like a great idea by unixisc · · Score: 1

      Is pFsense ported to the same variety of CPUs that FreeBSD is?

    7. Re:Sounds like a great idea by kimvette · · Score: 1

      Right, because running the same code compiled for ARM or similar processors is any more secure?

      --
      The Christian Right is Neither (Christian nor right). See: Matthew 23, Matthew 25, Ezekiel 16:48-50
    8. Re:Sounds like a great idea by Anonymous Coward · · Score: 0

      Hardware architecture is very low on the ladder of common threats. If you are worried about the closed source instruction sets on your CPU but you're running a f*cking virtual server on your edge device, you're doing it wrong.

      Mitigating threats by worrying about what hardware is in your machine is navel-gazing best left to 2005-class network security. It's well-known that many organizations are running hardware with pre-installed back doors, we have to live with it.

      Inspect the traffic, analyze, correlate and act. How you get that done is up to you. No amount of feel-good open-source HW/SW combo will save you by itself.

    9. Re: Sounds like a great idea by Anonymous Coward · · Score: 0

      Yes

    10. Re:Sounds like a great idea by KGIII · · Score: 1

      You're bordering on insane! I like that. I'm gonna help you out. See, the same is true with an ARM CPU as well. What? You say!!! No way! They will let you view the source. True. That doesn't mean there's no other source that is purposefully kept hidden.

      I think, if you want to be safe - safe enough to be this paranoid without being hypocritical, you should absolutely turn off your computer and stop using the internet. It's the only way to be sure! You're just asking to be hacked by using an ARM CPU that's providing an illusion of security by giving you a false sense of safety. The reality is that it'd be trivial to include code that you can neither access nor read on the chip. The same is true with every single chip out there. How do you know that FPGA is the size it says it is? That's the reported size. It may have hidden space and hidden code and the government would never tell you!

      Seriously, I want to protect you from harm and you don't want them spying on your porn habits so you had better stop using your computer, entirely, and just plain forget about using the internet! You're just asking to get hacked!

      --
      "So long and thanks for all the fish."
    11. Re: Sounds like a great idea by Anonymous Coward · · Score: 0

      Many security vulnerabilities turn out to be limited to specific architectures in terms of practical exploitability; running less common arch ports can reduce your attack surface in some cases. Better yet, run on multiple arches and get the benefit of being able to immediately remove vulnerable systems from your pool without impacting production services. -PCP

    12. Re:Sounds like a great idea by Anonymous Coward · · Score: 0

      No. It only supports x86(_64)

    13. Re:Sounds like a great idea by Bengie · · Score: 1

      Nope. PFSense only officially supports x86 and x64, and x86 is on the chopping block in the near future.

    14. Re:Sounds like a great idea by Anonymous Coward · · Score: 0

      Make your own fab and print your own OpenSparc. ITS THE ONLY WAY

    15. Re:Sounds like a great idea by unixisc · · Score: 1

      They should consider supporting some of the surviving CPUs used in routers - MIPS, SPARC and ARM.

    16. Re:Sounds like a great idea by Bengie · · Score: 1

      PFSense targets servers. The fact that you can use it at home is a coincidence. The most common type of server is x64, and most high end server hardware only uses a select few brands of NICs. They're a small group and focus their efforts with the biggest return.

  11. Is it security theatre or will we get the code? by Anonymous Coward · · Score: 0

    Right now there appear to be major issues with this router. I'm not convinced we'll get access to the complete set of code needed to operate it and without that you can't begin to talk about real security. If you can't examine the code you don't know what its really doing- or might do at some future date. Yes- you can examine the network traffic- but it isn't necessarily transmitting or acting maliciously all the time. It might require knocking on the router to even begin acting maliciously.

    Right now there are few combinations of chipsets that we can begin to depend on in designing a secure router. There is hope I think with this router as there are people who are pushing to get code released behind the scenes. However it doesn't appear to be there yet.

  12. The perfect storm by wjcofkc · · Score: 3, Insightful

    it can run a complete Linux distro, no problem, so it can function as a server.

    Great. So maybe this thing really is pretty secure out of the box. But if your going to stick something that capable\configurable on a business LAN, it is inevitable that some junior admin will be assigned to set it up and in the process create a gaping security hole. I have seen it happen on lesser devices. A secure router should have a limited set of well documented functions, not the ability to run Sendmail.

    --
    Brought to you by Carl's Junior.
    1. Re:The perfect storm by Anonymous Coward · · Score: 0

      This is a consumer device. It should not be run in a business period.

    2. Re:The perfect storm by KGIII · · Score: 1

      I have shared, via torrents, a very large number of distros. I already have a seed box that does nothing but run headless and seed torrents all year long. It consumes more power than it probably needs to and while I could, easily, set up a Pi to take care of this - I'm very unlikely to do so. I could see this being handy a a device that can do things like that. I'd be unlikely to get around to setting up a Pi but I'd probably do it in a browser and just share it to NAS like I already do.

      Meh... I do keep my wiring fairly organized so I'm not entirely lazy. Then again, I keep it organized to prevent additional labor in the future. ;-)

      Anyhow, I don't see this as a good business level device. It'd be something fine for the home if, you know, I didn't already have countless alternatives.

      --
      "So long and thanks for all the fish."
    3. Re:The perfect storm by anarcat · · Score: 1

      so wait, you are unhappy that we can setup our own OS on that thing? And to fix that, you are proposing to *restrict* the software you can run on it so that you can't modify it... that doesn't keep cisco routers from getting owned, or any other proprietary device from getting hacked, as far as i know.

      there are litterally millions of home routers that run a "limited set of well documented functions" that are regularly abused for DDOS attacks to a complete port scan of the entire internet. and there are hundreds of people trying to fix those machines in various ways, either by reverse-engineering the hardware and installing free software on it or by just fixing the proprietary crap that's shipped with those. at least this machine starts on the right foot: it ships with free software and allows you to run your own.

      any machine comes with its own foot shooting device, whether it is its openness or the false feeling of security that it's fine black box that will never fail and never need to be upgraded.

      not understanding and not being able to fix a device isn't a advantage in security, i thought we agreed on that...

      --
      Semantics is the gravity of abstraction
    4. Re:The perfect storm by wjcofkc · · Score: 1

      Clearly you have never worked as a high level engineer in a complex environment. Fortunately, I have. With a device like this, the level of ability to modify its complexity becomes problematic. Over time, different admins and engineers will make and unmake radically different changes that they think are clever at the time. When an engineer, who may not have properly documented every change they made to the machine leaves, another comes along and does the same. Sometimes changes are unmade, sometimes they are not and then another change is made that flies in the face of previous modifications. Eventually someone will realize that they are not quite sure of the totality of what the thing is doing. At this point it becomes easier to wipe the machine and start over then perform a complete analysis. That is not how things should work. If you want a router with the ability to do absolutely fucking everything a router has no business doing, toss OpenBSD on a box and go to town.

      --
      Brought to you by Carl's Junior.
  13. OpenVPN support by AHuxley · · Score: 1

    Any news on OpenVPN support or USB downloading? ie a download client for downloading torrent, web and NZB files.
    Great to see an open-source project for the router side of the network :)
    Thanks.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:OpenVPN support by Aczlan · · Score: 4, Informative

      It runs OpenWRT which supports OpenVPN, USB and bittorrent.

      Aaron Z

      --
      "Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote
    2. Re:OpenVPN support by jofas · · Score: 1

      https://wiki.openwrt.org/doc/h...

  14. The unaccomplished always envy achievement, eh? by Anonymous Coward · · Score: 0

    I also wonder what about this project makes it more attractive than picking up a $59 Asus router and throwing open-wrt on it.

    Uh, more powerful, capable and upgradeable plus much faster security updates to firmware and OS? Hardware sourced by a local nonprofit and not a lobbyist-funding zaibatsu? Less work for a non-technical type to set up?

    Oh, right, what was I thinking! I actually read the article! Sorry... I'm new here.

    Um, screw this guy! How dare he make people happy by working on something useful! He sucks!

    1. Re:The unaccomplished always envy achievement, eh? by jofas · · Score: 1

      There is nothing on this device that slapping openwrt on any freescale/arm device with wifi and a couple gigabit interfaces can't solve, and it's *still* twice the price of most of these openwrt-compatible devices: https://wiki.openwrt.org/toh/s... What's that? They have "threat detection"? You can also just run snort on many of those devices. The point you missed is that this project is re-inventing the wheel. Check yo'self.

    2. Re:The unaccomplished always envy achievement, eh? by amiga3D · · Score: 1

      I get the idea that the project makes all of this pretty straight forward for less technically inclined users. Not totally clueless maybe but not elite hackers such as yourself. Sure, if you have the skills you can roll your own set up. This just gives you everything you need in a nice package. Not for everyone for sure.

    3. Re:The unaccomplished always envy achievement, eh? by Anonymous Coward · · Score: 0

      But... It's not just the technical chops to rool your own router; there are already turn-key devices from well-enough known companies like Buffalo that run openwrt out of the box. None of this is new.

      The reason there are many remarking that this project is a waste of development is that it is trying to sell what it doesn't have any more than any other openwrt device: security. In a year, we will have forgotten these ppl because they don't have anything to sell besides cool, open and expensive hardware.

    4. Re:The unaccomplished always envy achievement, eh? by RR · · Score: 2

      There aren't any turn-key devices that run OpenWRT out of the box. There are some Buffalo devices that run DD-WRT, but that's not the same thing at all. DD-WRT's approach to security and updates is even worse than some router manufacturers.

      Also, I did buy a Buffalo router with DD-WRT and Atheros chipset (so it would have open-source drivers), expressly so I could wipe DD-WRT and install OpenWRT. What I discovered is that customizing a router means lots of research, which you have to do again and again when it's time to install updates. This is because you can't really fit a proper system on only 32MB of flash, running on 128MB of RAM, so you have to reflash the whole thing every time. And this is actually a large amount of memory; my Netgear router with the same chipset has 8MB of flash and 64MB of RAM.

      If you don't customize your router, then upgrading it is much easier, but then it still doesn't have automatic security updates and all the fun features.

      The Turris router has 4GB of flash and 1GB of RAM. This is immense. You don't need to play tricks with minimal overlays on top of compressed ROM filesystems. You can install and maintain the router like a normal system.

      --
      Have a nice time.
    5. Re:The unaccomplished always envy achievement, eh? by Anonymous Coward · · Score: 1

      I sometimes think that those that make the loudest complaints are those who've never actually done it and have no intention of ever doing so. Well, they may be fooling themselves and telling themselves that they're capable and that they'll get to it someday. But, the people who bleat the loudest aren't actually the target market and don't actually know what they're talking about. Instead, they once read a post where someone described something similar and they've extrapolated and concluded they're capable of doing so and thus have an informed opinion based on a blog article and reading a few comments.

    6. Re:The unaccomplished always envy achievement, eh? by jofas · · Score: 1

      You all make it sound like flashing and running ddwrt/tomato/openwrt is a huge management problem when it really isn't. All 3 offer various update mechanisms that do not require re-flashing. All 3 have proven themselves better than stock firmware and offer enough stability, performance and security to have stayed around many years. As I mentioned, the Turris Omnia hardware is cool, but the project itself has two factors against it: 1) it's claimed "security" remains to be seen 2) for what it does, it's expensive. They are aiming at the non-professional home enthusiast who "even cleans up the icons on your desktop" (quoted from their video). I doubt many of the buyers are going to be examining core dumps and tuning kernel parameters on this thing.

    7. Re:The unaccomplished always envy achievement, eh? by monkeyhybrid · · Score: 1

      I'm a long time OpenWRT user and have been running it on 3 or 4 devices over the years. Admittedly it has been a few months since I have checked out the router hardware market, but last time I checked, you couldn't get comparable hardware specs to this (1.6GHz dual-core ARM, 4GB flash, 1GB RAM, gigabit on all ports, USB3, SATA) for anything close to $95 (half of the cost of this router). I'm doubtful you can get that today for even the full asking price of $189 although I'd be pleased to hear otherwise.

  15. they already fail by Anonymous Coward · · Score: 0

    gateway is never server

  16. And what does that cost for gigabit routing? by Sycraft-fu · · Score: 1

    The problem PFSense has as compared to consumer routers is that running on normal Intel CPUs it needs more CPU power (and thus cost) to be able to forward a given amount of traffic. Plus all the NICs and such are separate silicon. Boradcom makes little all-in-one chips that have a couple of ARM cores that have acceleration for routing and so on. Also they have things like an ethernet switch and ethernet PHYs on the chip so they needn't be added. Have a look at a BCM4709A for an example that is popular in routers.

    PFSense is good but it is not the most economical thing if you are talking features matching a consumer router, meaning gig routing, multiple ports, and wifi, you can have your costs go up a fair bit. Particularly if you also then want it to be fairly small and low power. If you hop over to PFSense's site it would cost about $575 for a SG-2440 with WiFi which would give features roughly on par with a consumer router.

    While I'd much rather have that over a consumer router, a consumer router is in fact what I have because I didn't want to spend a ton of money for a home router.

    1. Re: And what does that cost for gigabit routing? by RR · · Score: 1

      The problem Broadcom has in comparison with other SoC makers is they never open source their drivers except under extreme duress. The practical impact is that you can never fix problems in the firmware and you can never upgrade the kernel. It looks like they're building this thing on top of the Marvell Armada 385.

      I don't know of any 802.11ac WiFi radios with open firmware, but the Qualcomm 9880 at least has an open driver. It looks like this Turris router will have Qualcomm radios.

      --
      Have a nice time.
    2. Re: And what does that cost for gigabit routing? by nyet · · Score: 1

      The problem Broadcom has in comparison with other SoC makers is they never open source their drivers except under extreme duress.

      Broadcom absolutely sucks to work with in every way. They are truly awful, even if you are doing closed source development and sign all their NDAs ad nauseum.

  17. Maybe if it were on kickstarter... by gnoshi · · Score: 0

    It seems like Indiegogo is where tech projects go when they cant meet the criteria of Kickstarter (e.g. having a working prototype). Putting money into optimistic (but plausible) tech projects on Kickstarter seems a lot like betting, but putting money into the same on Indiegogo seems like burning money.

    1. Re:Maybe if it were on kickstarter... by mattventura · · Score: 1

      With some types of projects, it takes way too many resources to have a working prototype before getting funding.

      But with this particular project, this isn't their first router anyway, so there's not much of a question of whether they'll deliver or not.

    2. Re:Maybe if it were on kickstarter... by viperidaenz · · Score: 4, Informative

      Like this criteria:

      Project creation is currently available to individuals in the US, UK, Canada, Australia, New Zealand, the Netherlands, Denmark, Ireland, Norway, Sweden, Germany, France, Spain, Italy, Austria, Belgium, Switzerland, and Luxembourg who meet the requirements below.

      No Czech Republic listed there.

    3. Re:Maybe if it were on kickstarter... by gnoshi · · Score: 1

      You make a convincing point.

  18. Over-spec'd != Secure by Anonymous Coward · · Score: 0

    Over-spec'd != Secure ...
    Secure = Many Things + Long Term Support

    1. Re:Over-spec'd != Secure by Anonymous Coward · · Score: 0

      It feels quite over-spec'd for advanced home users, which also implies quite an impact on its price. However given the relatively low production runs (~thousands, rather than millions world-wide) it questionable that reducing the specs would actually reduce prices in practice.

      But being over-spec'd (flash and RAM in particular) also offers a hope for long(er) term support, as you won't hit the hardware limits with future software upgrades that quickly. Compared to that many traditional business router manufacturers (intentionally?!) fall into exactly this trap by spec'ing their hardware with only limited growths (software will only get larger) in mind. Which then 'forces' them to discontinue their high-3-figure appliances just 3-5 years later, when their current baselins firmware doesn't fit into flash and/or RAM anymore.

  19. Why not repurpose an old PC? by Anonymous Coward · · Score: 0

    This is just a mini solid state PC running Linux, and a crippled distro at that.

    1. Re:Why not repurpose an old PC? by Anonymous Coward · · Score: 0

      A random old PC easily draws >100/ 130 watts of power (Intel P4 class, or AMD K7/ s939 class), respectively 70-80 watts of power for anything older than Intel haswell(*). You need well selected, rather modern, hardware (haswell, baytrail, etc.) to get into the 5-15 watts range, which kind of contradicts repurposing any old/ spare computer.

      * older dedicated notebook- or early mITX hardware can be lower power, but there you run into the problem of 24/7 operations (heat) and the limited amount of network interfaces (dedicated WAN & LAN interfaces, concurrent dual-band wifi).

  20. High-security is for cows by Anonymous Coward · · Score: 0

    You are all cows. Cows can't escape. Mooo! Mooo! Moo cows Mooo! moo say the cows. YOU NON-ESCAPING COWS!!!

  21. Needs more RAM ( and CPU? ) to be a decent NAS by haruchai · · Score: 1

    I don't think 1GB & dual-core ARM is going to cut it for respectable NAS performance. That's pretty much what older versions of the LaCie NAS had under the hood and the performance was lame.
    And they'd better get the security right. Nothing like having someone root your router AND have access to your porn stash in one hack.

    --
    Pain is merely failure leaving the body
    1. Re:Needs more RAM ( and CPU? ) to be a decent NAS by Anonymous Coward · · Score: 0

      Well, 1G of RAM is plenty for NAS, important part is USB 3.0 (as USB 2.0 could be quite a bottleneck). Cryptochip can be also interesting, wondering if it could be used to speed up encrypted drive as that was the bottleneck I saw on my old NAS (1 core armv7 with less than 1GHz). But given the raw performance of the board I don't see it as a big potential issue if used with magnetic drive.

      I'm wondering what "lame performance" means in your case as in my experience, specs should be more than enough for NAS.

  22. Re:is this just a repackaging scam? by kubajz · · Score: 1

    No it's not a scam. As pointed out by other posters, the company behind this is CZ.NIC, the administrator of the .CZ top level domain. As a nonprofit, they have done extensive work on this, in large part as enthusiastic volunteers who are at the same time serious professionals. It's about as much scam as this "Android OS" which is just normal phone hardware with Linux installed on it :)

  23. Made in CZ by ThatsNotPudding · · Score: 1

    So when it arrives in the US, the box will be secured with tape that reads "This device was definitely not tampered with by any US TLA. Nope, nosirree bob. Nothing to see here."

  24. Does it have a jtag header? by anwyn · · Score: 1

    Does it have a jtag header so you can reflash in case you brick?

  25. Existing Turris user here by redpola · · Score: 1

    I've run a Turris (predecessor/prototype of Omnia) for a few months now and am very happy with it. Hardware is robust and software is OpenWRT with pushed updates & various mods. All the hardware and all the software is open. I've ordered an Omnia.

  26. It'd be nice if we could see the video... by chaoskitty · · Score: 1

    I guess you folks didn't get the memo - the Internet doesn't like Flash. But even at a laptop which has Flash, the video still doesn't load.

    Would you like help hosting the video?