I agree with Eric, but the problem is that even if you own your router (many residential users have provider-provided hardware), and run Tomato or DD-WRT, etc ... You have only one next hop, and zero control over that router.
So yes, don't invite Cisco into your living room, obviously. (Nor Cisco/Scientific Atlanta, but that's another discussion..!)
But you're still powerless and privacyless, sorry. Get a VPN box and tunnel everything (I do), but that's just kicking the can a few years down the road (less if you pick a cheap host).
Also, the bigger message from this fiasco is that Cisco is feeling revenue pressure even in their protective low margin consumer networking business. Cisco has never been a good consumer company, but they've just never cared enough to get "creative" before.
That's a bad bad sign for Cisco. Chambers, like Ballmer, has presided over ten-plus years of sideways, and this move seems desperate.
> many residential users have provider-provided hardware
Yep. Even if I bothered to find a replacement for my combination cable modem/router, I don't know if the ISP / cable company would "talk" to the new hardware. Probably not contractually required to do so.
I'm reminded of the liberation of phone handsets from the phone company - up until the 1980s, most everywhere, it used to be that one could only connect to the network a phone leased from the carrier.
The issue of who controls (has root) on all the computers we supposedly own, starting with internet access routers and going on to printers, smart-phones, e-book readers, game consoles, disc players and TVs, is a vexing one.
> Even if I bothered to find a replacement for my combination cable modem/router, I don't know if the ISP / cable company would "talk" to the new hardware. Probably not contractually required to do so.
You plug the vendor provided hardware into your hardware.
> I don't know if the ISP / cable company would "talk" to the new hardware
I honestly, no-ulterior-motive wonder how often this happens. I mean, isn't ADSL governed by real-world written-down standards? Isn't DOCSIS an actual standard? If so, and given the absolute standardization of things like ARP, RARP, DHCP, and so on, where could the problem possibly come in? Do they scan routers and refuse to talk to ones that don't respond with the right software version numbers?
I've got comcast, and I recently bought my own cable modem because the provider given one was dropping packets.
To get it to connect at all, I needed to call them up and tell them the model number and the the MAC address (or something that seemed analogous) of the router. I had two models to choose from (fewer than usual because I needed DOCSIS 3 I think), and they made it very clear that these were the only models they would allow you to use.
(it almost goes without saying, despite using their business support, it took three or four days, most of which I was without usable internet)
I started Comcast service about a year ago. They have a page of approved hardware on the web, and I bought a new modem off of that page. It seemed there was plenty of choice even then.
I happened to pick a Motorola SB6150. What surprised me was that there was not a shred of technical information or any management screen. After the cable was installed in my house, my brand new modem was attached to the cable infrastructure and then downloaded Comcast firmware for about twenty minutes. After my modem had completely joined the Borg, only then was it allowed to offer me internet service. Sigh...
sadly, that is DOCSIS. You get to see very little (some modems provide signal levels, some debug info, etc) if anything at all. Everything else comes from/is controlled by the CMTS. Even in the enterprise grade modems like cisco hwic's, the docsis portion is almost entirely hidden from you.
I had the same experience. I have comcast and I bought a Motorola SB6121 on amazon because it was $85 and comcast charges you $7/mo to rent a cablemodem so you save money after only one year. Anyway, I plugged the modem in, it downloaded some config, rebooted, and started talking to comcast. It was pretty painless. And I just picked the cheapest docsis 3 modem off a list of probably 25 approved models.
I, on the other hand, hand a completely different experience with my provider (Mediacom). Their rules (at the time - about 5 years ago) seem to be:
1. We do DOCSIS 2.0, be aware.
2. We will not support your third party modem (i.e. if it doesn't work on our network, there's nothing we'll do about it)
3. We do access control, and service level determination based on MAC. Fill out the silly web form with your account number and CM MAC.
If you own the first hop, you can run Tor or a similar proxy from it. There are also local "mesh" networks which are available, though I haven't played with them. They have some level of applicability in oppressive regimes, and if I understand properly are not quite as poorly performing as Tor can be / is.
The same person announcing in this blog post that Cisco is "doing evil" and that it's not true that "Open systems and networks aren't always better for consumers" is the person who wrote this blog post last month:
wherein he described how he's not at all like RMS, because RMS frames his advocacy "as a moral crusade" and because "his rhetoric and his thinking became dominated by terms like 'evil'" and RMS doesn't use "pragmatic argument about engineering practices and outcomes".
I think ESR is really telling us that he wishes we'd all start listening to him tell us about how we should stop doing evil things instead of listening to RMS do the same.
What I see in this case is evidence that RMS is not as deluded as his opponents paint him to be.
This case shows that "evil", "good", "moral" aren't some vague abstract concepts that only matter to graybeard philosophers. You might think they are somehow detached from "practices and outcomes". Until Cisco bricks your router and holds it hostage until you sign off your privacy rights.
Seriously, if I heard RMS rant about "what if Cisco bricks your router to force you to bend over" I'd wave him off as being unrealistic and exaggerating beyond common sense. Not anymore.
Without wanting to start too much of a holy war, this is exactly why I prefer the GPL over BSD variants. The GPL takes ESR's argument in this blog post to its natural conclusion. The only way you (the user) can be completely free is if the code is forced to stay open. There's no other way around it.
Even if Cisco's firmware blob consisted entirely of compiled open source code, if it was all BSD licensed you'd still be no better off.
> OTOH, what's to stop Cisco's firmware blob from including all sorts of GPL'd software, died together by a proprietary program?
I assume that you mean officially GPL'd, not secretly incorporated by Cisco (although this type of abuse also gets detected.) GPLv3 forbids tivoization, so GP would definitely be better off with a router running GPL'd software. With BSD there is nothing preventing the hardware vendor from locking the software away from users.
I don't know about that. Let's say the router is running a GPL'd light-weight web server. Just because you can't lock the person out doesn't mean that the component may be effectively replaceable.
Otherwise you could never effectively use any GPL v3 software in embedded devices unless you add additional update paths.
That's true. It would depend on how deeply (or not) any proprietary software within the blob was linked/derived from the GPL bits.
But for encouraging contribution, if a company goes "rogue", the BSD has no real teeth to force them to give anything back.
I largely agree with your last point though. Good old fashioned competition should normally be enough to ensure the user gets a good deal (providing regulators are doing their job and there are no cartels or monopolies).
BSD contribution is based on a quid quo pro regarding future contributions. It is just more flexible in this than the GPL is.
Consider PostgreSQL for example. Several of the main contributors also release proprietary versions. But they contribute to lower the costs of code maintenance.
Well, the fact that you mention "tied together by a proprietary program" means you guys are talking about two different things. He's talking about BSD vs. GPL whereas you are talking about "something" vs. some GPL/proprietary hybrid. Seems something like a strawman to me.
The GPL is the reason it's easy to replace the firmware on a consumer router. If the GNU userspace tools were BSD licensed then DDWRT, OpenWRT and Tomato would not exist. It's actually one of the best examples of the GPL's power to allow people to do use their devices to their fullest potential.
I don't see the connection. The Linux kernel being under GPL means manufacturers had to release source code for their devices. Where does the userspace come in?
Do OpenWRT and the like even use GNU userspace tools? I would assume they use Busybox.
Well, BusyBox also happens to be GPL. ;P (Also, it should be noted that GPLv3 requires the user not only to have the source code for the software on the device, but the ability to change the software running on the actual shipped device.)
They use the GNU C Library. After a bit of Googling I'm not entirely sure what forced Linksys to open source the code, but it was definitely more than just Linux.
The phrase 'better for consumers' doesn't seem to have any testable meaning. What hypothetical experiment, if performed, would determine whether a proposed rule change would be "better for consumers"?
Let's pretend that we can clone the universe and run an A/B test. Universe A receives the new rule treatment and Universe B does not. In both universes, we inject happiness meters into every living person's head. These meters also inject clones of themselves into fetuses for the next 100 years. So, we can compute the average happiness levels of all people on earth over the next century. Is a net positive change in happiness levels the definition of "better for consumers"? Must we also consider changes in the distribution of happiness among individuals? Is happiness even the right metric to consider? When the word 'consumers' is used, does it imply that everyone's happiness should be considered?
So, back to some reality. It's certainly possible that an Apple-like walled-garden approach might, for some particular technology/situation/problem/whatever set-off a chain of economic events which has a positive net effect on overall human happiness. However, I have no idea if I'm making a meaningful argument to those using the "better for consumers" phrase as no one seems too interested in attaching a strong definition to the term.
W.r.t. anti-trust litigation, the phrase is oft thrown about. What has bothered me is that the "obvious" answer is provided by a static, short-term analysis of current economic conditions. In the short-term, it's better for consumers to regulate the price of electricity. After all, it costs "too much", you know. However, the disincentive to build new power generation facilities likely leads to an outcome very negative for consumers -- shortages, rationing, etc.
tl;dr; Stop using the phrase 'better for consumers' unless you bother to attach to it a testable definition.
Just to add fuel to the fire. AFAIK, there's no established measure of happiness, other than self-reported in surveys, and questionnaires. I should try asking in cogsci.stackexchange, if they have mapped serotonin levels in the brain to happiness in repeated experiments.
They might be technically capable of doing this, but I would enjoy reporting them to the police for possibly having committed criminal offences under the Computer Misuse Act, Regulation of Investigatory Powers Act and others if they ever tried it on me.
I wonder if the much-hyped US-UK extradition treaty cuts both ways in such a flagrant case of unauthorised access...
I really don't think that this has anything whatsoever to do with closed vs. open source. This is definitely a case of Cisco over-reaching. The genesis of the problem isn't really connected to closed source. There are plenty of closed source systems that don't even approach these kinds of issues.
Would open-source prevent this kind of thing? Probably. In this case, someone has to make the hardware, supply and maintain the infrastructure, so the problem is probably a little more complex than the simple contrast between closed and open source. There really aren't a lot of large open-source-everything projects out there (hardware + software + mechanical + whatever else) to know how this would play out.
Hardware, as a business, is really capital intensive. Software isn't. A college student in a dorm can sit down and write software that gets distributed to millions and reaches every corner of the world. And the cost of doing so is virtually nothing.
To replicate this in hardware is almost impossible (yet). There's a lot more to it than just designing and building it. There's support, warranties, regulatory requirements, etc.
Here's a dumb example: Who wants to be responsible for the lawsuit when an ill-designed piece of hardware kills someone because it does not deal with high-voltages in a safe manner?
Or another one: Who wants to be responsible for a recall of thousands or even millions of devices if they are found to be defective in some way?
Again, regardless of the contrast between hardware and software I don't think that this issue can be used to champion the FOSS flag.
> I really don't think that this has anything whatsoever to do with closed vs. open source.
[...]
> Would open-source prevent this kind of thing? Probably.
I don't think I could have made the argument better than you have.
The point isn't that all closed source software does this, or even that most does it. The point is that when you cannot control the software, the abuse can happen. Anyone who has power can abuse it, which means that if you cede control over software in your router to Cisco, you have to trust Cisco not to abuse it. If you don't, then you don't have to worry.
Even if Cisco was running open source code they could still put ALL of this language into this agreement. The difference would be you could see the actual mechanism in work if they had open source code. The egregious part is the language, not the implementation.
Well, even though I'm pretty technically literate and know my way around a compiler, I probably couldn't do this, even with the source. There's so much knowledge that you need to accumulate. I could probably learn how to do it, but that would take me weeks, if not month. So first, somebody would have to do it. Second, he'd have to maintain it. Then, my less-computer-literate friends would need someone who makes them aware of the issue and points them to the firmware, probably even install it. Most won't bother, check the box and accept the TOS, maybe thinking "I'm not planning on doing anything illegal anyways." - that won't be solved with open source.
Open source protects the technical literate people, but it's not the silver bullet that solves this issue. Raising awareness and pushing back is at least as important and that's possible with closed source as well.
While I agree with your point Open-source is not a silver bullet. I don't see anything other than Open-source as a good enabler.
Yes, pushing back is possible with closed source as well.
The real question becomes, which is harder? and for who? To push back at closed source, you'd have to be a big consumer of them or atleast big enough to be able to sue the vendor. If you're an individual, you're in real trouble. Of course, there are people who play both roles.
And I see Open-source as the best enabler for technical individuals. As far as i can see, of course.
I think the main difference is that if these routers came from the factory with FLOSS software that I could recompile and reload onto the device then Cisco would have a much harder time actually enforcing their particular implementation.
Sure, take it all out of context and it sounds like I am making a point for FOSS solving this issue. That is not the case. There are practical hardware and business issues that touch a hardware business that simply create a problem for FOSS.
Again, the problem --Cisco wanting access to your data-- does not have a direct causation link to the fact that their software is closed. No such connection exists.
Eric has about the worst personality you could ask for in a representative of a movement; but i can't fault this post. Likely he doesn't realize that he's parroting RMS's key message more or less verbatim. But there's no reason to make a fuss about that when it's an important message for people to hear, regardless of the source.
I have an open source Buffalo router that shipped with DD-WRT. it has a service onboard where I can run an alternate SSID as a free wifi hotspot, and software on the router will inject a frame into clients web browsers to serve ads.
evil? yep. on by default? no. implemented entirely with open source software? yes.
what would happen if this feature shipped in an open-source router on-by-default and without the software button to click to change it? are you seriously advocating to consumers that they download the source code to their router, change some #defines to remove the code that injects ads, recompile it, and reload it onto their router?
The argument is that downloading a compiled version of the software patched in that way is something that people would be willing to do to remove ads, but that re-implementing the software from scratch just to remove ads is not something that anyone would do.
reflashing router firmware is still something out of reach to most consumers. it would probably not even occur to most consumers that the ads in their web browser would be something they could change.
This reminded me that I owned some CSCO, and I need to sell some stock anyway. Sell sell sell!
(I laughed when I saw how _much_ CSCO I own -- I bought it in high school, also total it's worth about $250, and that is apparently about the same as it was worth when I bought it.)
last a few days Cisco pushed a firmware update to several of its most popular routers that bricked the device unless you signed up for Cisco’s “cloud” service.
It did no such thing, even for very liberal uses of the term "brick."
So yes, don't invite Cisco into your living room, obviously. (Nor Cisco/Scientific Atlanta, but that's another discussion..!)
But you're still powerless and privacyless, sorry. Get a VPN box and tunnel everything (I do), but that's just kicking the can a few years down the road (less if you pick a cheap host).
Also, the bigger message from this fiasco is that Cisco is feeling revenue pressure even in their protective low margin consumer networking business. Cisco has never been a good consumer company, but they've just never cared enough to get "creative" before.
That's a bad bad sign for Cisco. Chambers, like Ballmer, has presided over ten-plus years of sideways, and this move seems desperate.
Run for the exits.