From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 648383CB38; Sun, 25 Jul 2021 10:49:07 -0400 (EDT) Received: by mail-il1-x136.google.com with SMTP id r5so6303818ilc.13; Sun, 25 Jul 2021 07:49:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=Eh8+TH7ECKSExpVIrkwYfAwyWW82qVhzUXU5AV4AbjA=; b=f77mPh4Yf/XmFawRpmClFoQF8aG5e1TgAYK2SLhm0hGW4DxutJRZfHDMM0DiXsQfWz LyMj1XfZjfhervd0pyq29XgaTLOnCaPo4MHvB9axpBvt+pY/+X7P7cqqZShr1kD5ZBil efPnEAD914ucYUSSAM6daFBWgU5VunSogtZ1kro2KCYuxTILh4I2NKxgrorjMN+cfBxO 2vyilSf60uUMstxrGidhotE09pTsgr6TyVE71RA7pC4vge+tv5GgRvRGBuwbCWsPnj5e XKX/z9xQDju7plAY31STo7Kh3qBwYu+Syj2thdgsH/gu4Tpo69N5EWA7jVZbsANoFMGw Ttxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=Eh8+TH7ECKSExpVIrkwYfAwyWW82qVhzUXU5AV4AbjA=; b=Fd6TDyBAQPfaK/REwjjupiIsjQjS5N3ct9CwaBqCJLbdXNHvTFjGbv178glIMFfiwn bdhDmhIPlJNa2b+w+/ZQesvxlWSwRsRe7DRrkDmTSpIk4nKoA+BUaL0EpsMwoSGjrpm3 FPMiBX8d9OyomW3qWo23PPLPF8FasMRU5WZEP5ylODwavd+6jNE8uSd+9tiKhF3+zrjE pJueFQukZM62N/sioDOSa+hhnOh2otbEFNSKUWonmVTFIFnriJEP7wISWqzdrFAbPxXY y2cov9P8XJz8+8WUJdjwtgihrtaFb1Q2xI7+tl9PWNcBoyluhFigIuD+5D/jNfy4cOIO rlEw== X-Gm-Message-State: AOAM531RlbDqyFlPtUjr81NjkAnmFEh4eXV/savceHRNPS3wuvGA7/0Z WV8DkO5tNrD2YVuKHFm7IbNAFQxxO6Ex3pJtrJIZGAMUbBHQwg== X-Google-Smtp-Source: ABdhPJwubxZyDUDOVQtOSZZgvjDvAOkOMKI6wtZMXUsF6vMlPalfNZmIG7dC1xMRj0GI6LNlo4Q/20q7KaPAtwPWjok= X-Received: by 2002:a92:cd8a:: with SMTP id r10mr9313476ilb.287.1627224546443; Sun, 25 Jul 2021 07:49:06 -0700 (PDT) MIME-Version: 1.0 From: Dave Taht Date: Sun, 25 Jul 2021 07:48:55 -0700 Message-ID: To: Make-Wifi-fast , cerowrt-devel Cc: starlink@lists.bufferbloat.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: [Make-wifi-fast] resuming the right to repair fight in particular X-BeenThere: make-wifi-fast@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 Jul 2021 14:49:07 -0000 Early on in the FLOSS podcast ( https://twit.tv/shows/floss-weekly/episodes/638?autostart=3Dfalse ) I harped on what is basically my biggest issue with the world of IoT - home routers only being a tiny subset - being able to fix the stuff you bought, and KNOWING that the stuff you bought isn't going to betray you. The cell phone universe is about as well handled in this department as seems feasible, but the rest... ugh! I know our lists are mostly technically oriented but does anyone know of a site, a forum, a slack channel, a linked in group, a faceboook group, some legal advisory group... somewhere??, where I, at least, could vent in something in a productive direction? I'm very happy to finally be in BITAG but that's just about lag. I often look back on our 2015 fcc fight with remorse, as we didn't have enough capital to capitalize on it, and I just went back to finishing up our research. We knocked 'em down FLAT with that one broadside but nobody read the filing itself, just the press release, and the vogons got up again, like a tarbaby, and resumed bad governance of the future as usual. For the record, if you haven't read: http://fqcodel.bufferbloat.net/~d/fcc_saner_software_practices.pdf Our proposal buried on page 12: 1. Any vendor of SDR, wireless, or Wi=C2=ADFi radio must make public the full and maintained source code for the device driver and radio firmware in order to maintain FCC compliance. The source code should be in a buildable, change controlled source code repository on the Internet, available for review and improvement by all. 2. The vendor must assure that secure update of firmware be working at shipment, and that update streams be under ultimate control of the owner of the equipment. Problems with compliance can then be fixed going forward by the person legally responsible for the router being in compliance. 3. The vendor must supply a continuous stream of source and binary updates that must respond to regulatory transgressions and Common Vulnerability and Exposure reports (CVEs) within 45 days of disclosure, for the warranted lifetime of the product, the business lifetime of the vendor, or until five years after the last customer shipment, whichever is longer. 4. Failure to comply with these regulations should result in FCC decertification of the existing product and, in severe cases, bar new products from that vendor from being considered for certification. 5. Additionally, we ask the FCC to review and rescind any rules for anything that conflict with open source best practices, produce unmaintainable hardware, or cause vendors to believe they must only ship undocumented =E2=80=9Cbinary blobs=E2=80=9D of compiled code= or use lockdown mechanisms that forbid user patching. This is an ongoing problem for the Internet community committed to best practice change control and error correction on safety=C2=AD critical = systems --=20 Fixing Starlink's Latencies: https://www.youtube.com/watch?v=3Dc9gLo6Xrwgw Dave T=C3=A4ht CEO, TekLibre, LLC