Hi David,

The vendors I know don't roll their own os code either. The make their own release still mostly based from Linux and they aren't tied to the openwrt release process.

I think GUIs on CPEs are the wrong direction. Consumer network equipment does best when it's plug and play. Consumers don't have all the skills needed to manage an in home packet network that includes wifi.

I recently fixed a home network for my inlaws. It's a combo of structured wire and WiFi APs. I purchased the latest equipment from Amazon vs use the ISP provided equipment. I can do this reasonably well because I'm familiar with the chips inside.

The online tech support started with trepidation as he was concerned that the home owner, i.e me, wasn't as skilled as the ISP technicians. He suggested we schedule that but I said we were good to go w/o one.

He asked to speak to my father in law when we were all done. He told him, "You're lucky to have a son in law that know what he's doing. My techs aren't as good, and I really liked working with him too."

I say this not to brag, as many on this list could do the equivalent, but to show that we really need to train lots of technicians on things like RF and structured wiring. Nobody should be "lucky" to get a quality in home network.  We're not lucky to have a flush toilet anymore. This stuff is too important to rely on luck.

Bob
On Oct 11, 2023, at 3:58 PM, David Lang <david@lang.hm> wrote:
On Wed, 11 Oct 2023, rjmcmahon wrote:

 I don't know the numbers but a guess is that a majority of SoCs with WiFi 
 radios aren't based on openwrt.

From what I've seen, the majority of APs out there are based on OpenWRT or one 
of the competing open projects, very few roll their own OS from scratch

 I think many on this list use openwrt but 
 that may not be representative of the actuals. Also, the trend is less sw in 
 a CPU forwarding plane and more hw, one day, linux at the CPEs may not be 
 needed at all (if we get to remote radio heads - though this is highly 
 speculative.)

that is countered by the trend to do more (fancier GUI, media center, etc) The 
vendors all want to differentiate themselves, that's hard to do if it's baked 
into the chips

 From my experience, sw is defined by the number & frequency of commits, and 
 of timeliness to issues more than a version number or compile date. So the 
 size and quality of the software staff can be informative.

 I'm more interested in mfg node process then the mfg location & date as the 
 node process gives an idea if the design is keeping up or not. Chips designed 
 in 2012 are woefully behind and consume too much energy and generate too much 
 heat. I think Intel provides this information on all its chips as an example.

I'm far less concerned about the chips than the software. Security holes are far 
more likely in the software than the chips. The chips may limit the max 
performance of the devices, but the focus of this is on the security, not the 
throughput or the power efficiency (I don't mind that extra info, but what makes 
some device unsafe to use isn't the age of the chips, but the age of the 
software)

David Lang

 Bob
 On Wed, 11 Oct 2023, David Bray, PhD via Nnagain wrote:
 
 There's also the concern about how do startups roll-out such a label for
 their tech in the early iteration phase? How do they afford to do the 
 extra
 work for the label vs. a big company (does this become a regulatory moat?)
 
 And let's say we have these labels. Will only consumers with the money to
 purchase the more expensive equipment that has more privacy and security
 features buy that one - leaving those who cannot afford privacy and
 security bad alternatives?
 
 As far as security goes, I would argue that the easy answer is to ship
 a current version of openwrt instead of a forked, ancient version, and
 get their changes submitted upstream (or at least maintained against
 upstream). It's a different paradigm than they are used to, and right
 now the suppliers tend to also work with ancient versions of openwrt,
 but in all the companies that I have worked at, it's proven to be less
 ongoing work (and far less risk) to keep up with current versions than
 it is to stick with old versions and then do periodic 'big jump'
 upgrades.
 
 it's like car maintinance, it seems easier to ignore your tires,
 brakes, and oil changes, but the minimal cost of maintaining those
 systems pays off in a big way over time
 
 David Lang

 Nnagain mailing list
 Nnagain@lists.bufferbloat.net
 https://lists.bufferbloat.net/listinfo/nnagain
 

 Nnagain mailing list
 Nnagain@lists.bufferbloat.net
 https://lists.bufferbloat.net/listinfo/nnagain