From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 762D53CB35; Mon, 4 Oct 2021 12:54:48 -0400 (EDT) Received: by mail-io1-xd2e.google.com with SMTP id r75so21084525iod.7; Mon, 04 Oct 2021 09:54:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=ahgcpbWmxj6DPxe8JBV5Ylo+q0SYQteFgxtWEz4oloQ=; b=NNx5F+s1tHd5ybNUu+o5zCeIEfzyk/Wx44wzvR5hBNa50qTQvkyfqqaXYZ6FQ67Sxf 51xMkp/djc9DlobA9FvLzL41qvBcIT8gl30eylXCuTjJGGL8g4lGcQu4GFnoA9ERkueQ 9hiV2yegyE8Sme5EwExh5d1WQjUAmuMzaX/14S8/UAI2Kd2HMTJxtj+WBsUhGjs9sP/O 3077WF8qfSlmAT7kavUp6Q0QEu5zJEeieBXuMmGJ4GIXZvA1dyiAxpj1FfHLiZgWO9+k P/1Tr2mNCTCMjA4xDLxmK7O04cp61/kE20Cc1lfLbbSLUgyTR/R/08OLPDJwaUdS2X5t ByCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=ahgcpbWmxj6DPxe8JBV5Ylo+q0SYQteFgxtWEz4oloQ=; b=Cmdd9CaY/sq89et4F0HI2al0pVEcSeUla3k9gCvtrqPhs8Cq+5x1Vukypzr42mMSMx TxtDt5zPn5w3k/MoH3MxMNgCTdaMRj0FOvB5cJjNJGRKz44vh6TIyXeyiCs+ci421Mtw zo0B6xCw90wZjdPHGfZtIk8UdhmzmHo+bE/f2eyMxaDlRC0x+iBmhlyI2czDeOtm43Bk rhFOAjiNeyxJ7S5U/C6KcpR2LbPCPbpgNRHVezkv1lXoZqdyze+FMDsvxvNLOpRnPZV0 RXRXhqe0i165zNksKCof+LPMznsrnbPeEUl8KjggefRVcub0rriEE8E2mIIAZzB1Y0eL EH1g== X-Gm-Message-State: AOAM533ja9zjGYi1SLnsG3f551BTNMnyzM1eoZwMNn5XFnJZGZzKfnvv bBWSm107+7DNQZKkxDYQhFnc6U42LFq4fA8SJ77BLoA10Mc= X-Google-Smtp-Source: ABdhPJxCmLrhv/OkQG8mRXeJVR+QT2YXv8sLm6mBhwfzAHZZ87E0CtlamDK5OlTuan6yMUC71/Aae1FNWhwOdnnKGsA= X-Received: by 2002:a05:6638:2415:: with SMTP id z21mr11592487jat.83.1633366487124; Mon, 04 Oct 2021 09:54:47 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Dave Taht Date: Mon, 4 Oct 2021 09:54:35 -0700 Message-ID: To: Make-Wifi-fast , cerowrt-devel Cc: starlink@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: [Cerowrt-devel] resuming the right to repair fight in particular X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Oct 2021 16:54:48 -0000 On Sun, Jul 25, 2021 at 7:48 AM Dave Taht wrote: > > Early on in the FLOSS podcast ( > https://twit.tv/shows/floss-weekly/episodes/638?autostart=3Dfalse ) I > harped on what is basically my biggest issue with the world of IoT - > home routers only being a tiny subset - being able to fix the stuff > you bought, and KNOWING that the stuff you bought isn't going to > betray you. The cell phone universe is about as well handled in this > department as seems feasible I take it back. https://www.vice.com/en/article/z3xpm8/company-that-routes-billions-of-text= -messages-quietly-says-it-was-hacked >, but the rest... ugh! > > I know our lists are mostly technically oriented but does anyone know > of a site, a forum, a slack channel, a linked in group, a faceboook > group, some legal advisory group... somewhere??, where I, at least, > could vent in something in a productive direction? I'm very happy to > finally be in BITAG but that's just about lag. > > I often look back on our 2015 fcc fight with remorse, as we didn't > have enough capital to capitalize on it, and I just went back to > finishing up our research. We knocked 'em down FLAT with that one > broadside but nobody read the filing itself, just the press release, > and the vogons got up again, like a tarbaby, and resumed bad > governance of the future as usual. > > For the record, if you haven't read: > > http://fqcodel.bufferbloat.net/~d/fcc_saner_software_practices.pdf > > Our proposal buried on page 12: > > 1. Any vendor of SDR, wireless, or Wi=C2=ADFi radio must make public the > full and maintained source > code for the device driver and radio firmware in order to maintain FCC > compliance. The source > code should be in a buildable, change controlled source code > repository on the Internet, > available for review and improvement by all. > > 2. The vendor must assure that secure update of firmware be working at > shipment, and that update streams be under ultimate control of the > owner of the equipment. Problems with compliance can then be fixed > going forward by the person legally responsible for the router being > in compliance. > > 3. The vendor must supply a continuous stream of source and binary > updates that must respond to regulatory transgressions and Common > Vulnerability and Exposure reports (CVEs) within 45 > days of disclosure, for the warranted lifetime of the product, the > business lifetime of the vendor, > or until five years after the last customer shipment, whichever is longer= . > > 4. Failure to comply with these regulations should result in FCC > decertification of the existing > product and, in severe cases, bar new products from that vendor from > being considered for > certification. > > 5. Additionally, we ask the FCC to review and rescind any rules for > anything that conflict with > open source best practices, produce unmaintainable hardware, or cause > vendors to believe they > must only ship undocumented =E2=80=9Cbinary blobs=E2=80=9D of compiled co= de or use > lockdown mechanisms > that forbid user patching. This is an ongoing problem for the Internet > community committed to > best practice change control and error correction on safety=C2=AD critica= l systems > > > -- > Fixing Starlink's Latencies: https://www.youtube.com/watch?v=3Dc9gLo6Xrwg= w > > Dave T=C3=A4ht CEO, TekLibre, LLC --=20 Fixing Starlink's Latencies: https://www.youtube.com/watch?v=3Dc9gLo6Xrwgw Dave T=C3=A4ht CEO, TekLibre, LLC