On Dienstag, 14. Februar 2017 11:03:56 CET Petr Štetiar wrote: > Simon Wunderlich <simon.wunderl...@open-mesh.com> [2016-11-17 11:19:48]: [...] > Overflows can substitute soldering > http://blog.true.cz/2017/02/free-your-router-again/
> but even the Open Mesh representative thinks We told you before that we are not OpenMesh employees. So please stop citing us like we are "Open Mesh representative"(s) or spoke persons of OpenMesh. There is a reason why we forwarded you to the official OpenMesh support - because we don't have the authority to speak for OpenMesh. > that locked down U-Boot is a reasonable and solid lockdown solution: > > On the other hand, swapping the u-boot is not so trivial, at least without > > opening/soldering/modifying the flash from outside, which is considered a > > reasonable hurdle. And Simon never said that it is a solid lockdown solution. He only said that it is "is considered a reasonable hurdle" in reference to the requirements OpenMesh got from the FCC (or FCC partner - I don't know the details). And I wouldn't call your solution trivial (cool, but not trivial). To be fair, he didn't mention other ways like software problems which allow you to gain more access. Either because he thought that this is obvious, that he didn't want to list every possible way, just didn't thought that he must provide an extensive list or just forgot about it. But the FCC did seem to have accepted the current solution as "reasonable hurdle" - not sure how long this will be the case. Your reaction seems shows me (I am not talking about or for OpenMesh) that such discussions only end in disasters and only help people like you to attack others. This is especially sad because Simon organized and moderated different discussions on conferences about the FCC lockdown, consequences for open source and possible solutions which make the FCC/EU happy + OSS happy. No wonder that companies usually don't want to take part in such discussions. > Well, to execute the shell commands you need access to the router over > the SSH connection, right. Open Mesh users located within USA or Canada > are treated with more love in the CloudTrax cloud system and as a reward > for their customer loyalty?, they nowadays can’t even connect to their > access points with SSH. How long it’s going to take Open Mesh to treat > all customers equally? When they start rewarding them all with no SSH > access? I don't have the knowledge about any such plans for the EU. But I think you already answered it yourself. The flash is not specially protected on these devices and allowing SSH access to the devices would allow to easily circumvent the signature checks. Either by accessing the mtd devices or by accessing the memory directly. So my guess (not speaking for OpenMesh) I would guess that similar things would be necessary for the EU when the "lockdown directive" [3] is in place. > We’re users and supporters of open source, so we take it almost personally > if some vendors like Open Mesh (BTW since February 2017 it’s Datto company), > which are using open source software in their products and benefit from it > to a great extent, don’t play nice with the open source community and even > violates the copyright law. Yep, the usual GNU GPL license infringement. > > We’ve asked Open Mesh in November 2016 for sources of U-Boot (GPLv2 license) > for OM5P-AC device, but we didn’t received the sources till today, as of > Sunday February 12th, 2017. It is in the same google drive like the other sources [1]. It is called om5p-ac.tar.bz2 and was added in mid December like the rest of the source code you've asked for. And the funny part is that you've already uploaded it to github [2] two months ago. Still you claim that you have not received it. Btw. this is earlier than Simon or I got the source code from OpenMesh. What do you think will such partially ill-founded attacks like you did in the blog post achieve? That companies will talk more or less to the open source advocates? I (talking again about myself not OpenMesh - just in case you didn't notice it in the rest of the mail and want to use my words again to blame them for something) personally want open hardware (actual OSS hardware would be nice but HW which I can use freely from SW is also ok) and open software. And I've already told you how to get them unlocked outside the FCC regions without any extra exploit/soldering. If you want to avoid drastic lockdown on all devices (company independent) in the EU then you should start to attach the EU directive instead of insulting persons/companies [3]. If you want to write about lockdowns and workarounds for lockdowns - fine, and I am even interested in it (you never know what you have to unlock in the future). But are these attacks necessary? Especially when you know that a lot of your attacks are based on things which are not true. Kind regards, Sven [1] https://drive.google.com/open?id=0B8GHi_JcerOJZ000bjZnc2Fad2s [2] https://github.com/true-systems/openmesh-gpl-elx-uboot-sdk/ [3] https://fosdem.org/2017/schedule/event/radio_lockdown_directive/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev