Unfortunately I had a conflict the evening when you did your OpenWRT presentation (and I've looked for a link to a video of it) but I don't think the OpenWRT topic is dead by any means. Here are some issues that I doubt were covered but would be interesting - at least, to me:
OpenWRT is heading towards a major release - 24, from the current release 23. How risky will it be to do a version upgrade via the webinterface? I ran into this with some devices with past major version upgrades - the only fix for those was using the tftp server in uboot to do the upgrade - fortunately for the device in use, I didn't have to open it. Is there a compelling reason to move to 24? Are there key features/advantages to it? There is also this advisory: https://openwrt.org/advisory/2024-12-06 Which the response seems to have been glossed over or handwaved - yes, they "fixed" it - but - it doesn't appear to be a vulnerability in the distributed firmware images themselves, thus I really question why it was even given the status of a security advisory at all. To me a security advisory is something that affects tens of thousands of devices in the field. This one seems only to have affected 1 single device on the Internet - the server at OpenWRT - which was quickly fixed. I don't see then why it deserved escalation to the SA infrastructure. SA's can be very political and to me this was more about yucking someone else's yum to score points. And speaking of Sas, more ominous: https://www.msn.com/en-us/money/markets/u-s-weighs-ban-on-chinese-made-router-in-millions-of-american-homes/ar-AA1w51es?ocid=msedgntp&pc=U531&cvid=80581ad4bfb740acb86febe3a64ee658&ei=46 This was another jawdropper and rather dismaying, because although TP-Link is for sure highly sloppy in their distributing of routing software (and I would not doubt that the Chinese military is shedding no tears over them leaving security holes in their OEM firmware) they also seem to favor use of the Qualcomm/Atheros chips and so are a good supplier of cheap OpenWRT-compatible devices. Probably over half of my fleet of 42 OpenWRT running access points are TP-Link models. Netgear seems to mainly favor Broadcom based stuff which limits them to DD-WRT and to FreshTomato although they do occasionally release devices with MediaTek chips in them. I would be VERY put out if the Trump administration in their infinite stupidity destroyed my supply of $10 OpenWRT devices!! Frankly I am VERY personally conflicted by the Secure Equipment Act of 2021. This was what was used to shut Huawei down but when I think of the number of network video camera manufacturers (Reolink, etc.) who have FAR SUPERIOR technology that can be used for spying by China, who have NOT been placed on the Entity List and Foreign Direct Product Rule, it seems to me that this Act is EXTREMELY hypocritical and likely has far more to do with protectionism than anything else. And, even though Trump is supposedly the protectionist and runs around claiming to be so, and laid the groundwork for the Secure Equipment Act - _BIDEN_ signed the damn thing. So this isn't a Republican vs Democrat thing as BOTH parties seem to be playing the protectionist game. There are NO US manufacturers of SOHO router tech. Even Cisco has most of their stuff manufactured in China. But all of the American SOHO router companies (such as Netgear) have virtually everything made in China. So invoking this Act against TP-Link is really going to do literally nothing to increase security and block against spying. And if there are indeed back doors and holes in the TP-Link supplied router software - then the government should be required to publicly disclose all of the ones that they know about, via the SA mechanisms, before instituting a ban. But with Huawei - they didn't. All they did was make a bunch of allegations, then put Huawei on the Entity List, and that was that. Totally screwing over consumers who were buying ultra cheap phones. >From the looks of it, they are preparing to do it again with SOHO routers. Very concerning to me who wants to buy cheap routers and scrape off the manufacturer's crappy firmware and use OpenWRT, DD-WRT and FreshTomato on them. And I am extremely less than enthusiastic about the OpenWRT One router. Sorry but I just CANNOT get behind a $100 device that replaces a $10 device I can buy from Goodwill that does exactly the same thing - runs OpenWRT. Why on Earth would anyone buy one of these? I see no Packet Per Second speed rankings so what exactly is better about it other than it being painted sky-blue? Lastly, For my own projects, I have come to understand that there's a lot more issues with the more advanced flashing of devices like the Cisco MR52 - maybe it's my fate to trigger border cases, but here's the summary of my latest failures with that device: https://forum.openwrt.org/t/help-in-setting-up-a-meraki52/218232/7 I now have a FTDI 3v USB console cable on order and will re-test when that arrives, but my jaw dropped when reading: "Speed 115200 is not a problem when the wires are very short." I am really struggling with how to answer that extreme an amount of just flat out wrongness information without doing a deep dive into handshaking lines. RS232 serial communications - you gotta love it. 1960s' era communications technology built before most techs were even born - yet still with us in the weeds, and still screwing techs over today the same way it was 40 years ago. Yet working with it brings back fond memories of the CBBS scene of my high school youth, and dialup modems.... Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Russell Senior Sent: Saturday, December 14, 2024 7:00 PM To: [email protected] Subject: [PLUG] January speaker? I recall a person who came to the November meeting who worked on Gentoo Linux, who was amused by my pronunciation of "portage". I think I remember they volunteered to do a PLUG talk. We currently don't have anyone lined up for January. I could do a Part II of OpenWrt, but DO YOU REALLY WANT THAT??? I have a few other thoughts as well, so it hasn't reached desperation stage yet. Anyone else who has a talk idea, please get in touch. The January meeting is on the 2nd. Happy holidays! -- Russell Senior PLUG Volunteer [email protected]
