From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oa1-x35.google.com (mail-oa1-x35.google.com [IPv6:2001:4860:4864:20::35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id CEE013B2A4 for ; Mon, 23 Oct 2023 13:43:40 -0400 (EDT) Received: by mail-oa1-x35.google.com with SMTP id 586e51a60fabf-1eb39505ba4so1639286fac.0 for ; Mon, 23 Oct 2023 10:43:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1698083020; x=1698687820; darn=lists.bufferbloat.net; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Nxwz4sk/KqJuOwCkgjdx1RZRVPEgEg+B8X5f/uv/ZKw=; b=apA/QdZtCrdBAkYw/CILRJa2OIolWXgkxOWBGPNpEJUDtYA048eKlhAhR+VpO5JhTr YEAfSz0z0KsCh/EXtypxvI6rWSXwITphg+tjYr1Z4kS4FO/uQi2DCShugqkp409uFn3a Dh/w9rM95EejjdwEOtrEzqrC4Qh3x3DwkVbOMms8qag2ogFoqYYTIXnFsM/PJumRQSTJ fuAaf4D6l7STTYrAUlpQgQRdUT0MNlsQwUYIKk4GamJeB9Ymxi+GsoVJBpQ4Ijb0wkDC L7/66qOW4bV1D7uq95hIlg3hDY65PaqGbx4iR9UTvt/ty7O2KYbY7k9lHls1YhXY6FSM /Chw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1698083020; x=1698687820; h=to:subject:message-id:date:from:reply-to:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Nxwz4sk/KqJuOwCkgjdx1RZRVPEgEg+B8X5f/uv/ZKw=; b=QCZuQIRSvh9NX9URzNdovSwwgWHTHwAa09n3QpfBu8ZUyuqcXMDOCiDzuKkxXBPgQm i5hqLEE3Dro4mobDiaZi3mUmJfSYV0QhvTV4xvvHLx5hc8LRK36kC7IBtnV6hIS7mvmS 4i/fGLqRLI5lBN/1TCCt1e9J7WepK9+IPLIO5WdBsLp8sIrmddY0Woq4gj3i2UrH46TF d8kJekiHIkZ3YOfcniul89UHus6yIGneFKf9IifapquCtYilSWMvxz7WX3MBu3VWVH3U QEzm47K8UGmaF2DRHtCLcz3xcXYHPKdfW4Jtt07yjVzuPL5wmHgeSBrhyHjnUZRm3Tu7 H9ig== X-Gm-Message-State: AOJu0Ywem3jCKGHEnNY+Xod9Ui62VS4i4pp4kHol1LJH3KRWKmY9I10i nLzKGwiWDJpwSSmeevxfkhANtItCXG4L24ZoIw/e7xHvCfWvqigM X-Google-Smtp-Source: AGHT+IGcp2faAL/i3N1nXAqVy/bD7fjbW9NlRb0stTRZyW8HLyk2Y3miHZ+v+FpgJj/tzcgvvN5ERv8OXg6TcP3fGEY= X-Received: by 2002:a05:6870:f622:b0:1d5:eb1:c587 with SMTP id ek34-20020a056870f62200b001d50eb1c587mr10147096oab.19.1698083020080; Mon, 23 Oct 2023 10:43:40 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Reply-To: thejoff@mail.com From: le berger des photons Date: Mon, 23 Oct 2023 19:43:31 +0200 Message-ID: To: =?UTF-8?Q?Network_Neutrality_is_back=21_Let=C2=B4s_make_the_technical_asp?= =?UTF-8?Q?ects_heard_this_time=21?= Content-Type: multipart/alternative; boundary="0000000000003617d9060865c3a2" Subject: Re: [NNagain] upgrading old routers to modern, secure FOSS X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Oct 2023 17:43:40 -0000 --0000000000003617d9060865c3a2 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable you've convinced me to go see libre qos. thanks. On Mon, Oct 23, 2023 at 7:04=E2=80=AFPM Dave Taht via Nnagain < nnagain@lists.bufferbloat.net> wrote: > I loved that this guy and his ISP burned a couple weeks learning how > to build openwrt, built something exactly to the need, *had it work > the first time* and are in progress to update in place 200+ routers to > better router software, that just works, with videoconferencing, IPv6 > support, and OTA functionality. No need for a truck roll, and while > the available bandwidth deep in these mountains in Mexico is meager, > it is now enough for most purposes. > > > https://blog.nafiux.com/posts/cnpilot_r190w_openwrt_bufferbloat_fqcodel_c= ake/ > > I have no idea how many of this model routers were sold or are still > deployed (?), but the modest up front cost of this sort of development > dwarves that of deployment. Ongoing maintenance is a problem, but at > least they are in a position now to rapidly respond to CVEs and other > problems when they happen, having "seized control of the methods of > computation" again. > > OpenWrt is known to run on 1700 different models, already, (with easy > ports to obscure ones like this box) - going back over a decade in > some cases. > > Another favorite story of mine was the ISP in New Zealand that > deployed LibreQos and had all their support calls (from gamers and > videoconferencers) cease overnight. The support tech, formerly drowned > in angst from the users, set to work automating an reflashing 600 old > agw routers they had "retired" on the shelf, and then distributing > them to customers as extenders because the wifi finally worked right > with the fq_codel stuff now in that release. > > I feel like I am tooting my own horn here a bit too much, but solving > the right problems like MTTR, MTBF, bufferbloat, and taking back > control of your software infrastructure while being able to customize > it for purpose, and turning what otherwise would be ewaste into > something that will last a decade more, is my inner "green", my inner > stewart brand. > > Compare that to so many others being marketed to, to death, that buy > the latest (and often inferior) thing, every few months, perpetually > fooled by promises that do not pay off in the field, and often, really > lousy MTBF. Good embedded software takes many years to develop, say, > oh, 7, while the hardware cycle is closer to 2, nowadays, and requires > many eyeballs to fully debug and get to lots of 9s of reliability. > > Back when I was even more radical about good, open, embedded, software > than now, I used to say: "Friends don't let friends run factory > firmware.". I do wish somehow the long term maintence costs of > hardware with a decade plus service lifetime would be adaquately > covered. Insurance? by law? a formal setaside from the purchase price? > Otherwise we run the risk of turning the world's internet into a giant > toxic waste dump that will require Superfund levels of cleanup, one > day, and ever more contributions to trillions of dollars of fraud, and > persistent actors having first broken down the front door, perpetually > on the inside, wreaking more havoc. Somehow preventing that mess, up > front, seems cheaper. > > Take this string of vulns: > https://www.google.com/search?q=3Dcisco+router+vulnerability > > (try that search string with *any* manufacturer - juniper, netgear, tplin= k, > > There is a new vuln going around about some very old software in a > cisco mx series which is ancient and yet 100k+ are vulnerable - (I > worked on this while at montavista in the early 00s!) - abandonware, > toxic waste... > > Anyway, in Mexico at least, 200+ routers are going to be a lot better, > through the actions of all that contribute to linux, openwrt, and one > smart and caring engineer. > > -- > Oct 30: > https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html > Dave T=C3=A4ht CSO, LibreQos > _______________________________________________ > Nnagain mailing list > Nnagain@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/nnagain > --0000000000003617d9060865c3a2 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
you've convinced me to go see libre qos.=C2=A0 thanks.= =C2=A0=C2=A0

On Mon, Oct 23, 2023 at 7:04=E2=80=AFPM Dave Taht via Nnagain &= lt;nnagain@lists.bufferblo= at.net> wrote:
I loved that this guy and his ISP burned a couple weeks learning how<= br> to build openwrt, built something exactly to the need, *had it work
the first time* and are in progress to update in place 200+ routers to
better router software, that just works, with videoconferencing, IPv6
support, and OTA functionality. No need for a truck roll, and while
the available bandwidth deep in these mountains in Mexico is meager,
it is now enough for most purposes.

https://blog.nafiux.com= /posts/cnpilot_r190w_openwrt_bufferbloat_fqcodel_cake/

I have no idea how many of this model routers were sold or are still
deployed (?), but the modest up front cost of this sort of development
dwarves that of deployment. Ongoing maintenance is a problem, but at
least they are in a position now to rapidly respond to CVEs and other
problems when they happen, having "seized control of the methods of computation" again.

OpenWrt is known to run on 1700 different models, already, (with easy
ports to obscure ones like this box) - going back over a decade in
some cases.

Another favorite story of mine was the ISP in New Zealand that
deployed LibreQos and had all their support calls (from gamers and
videoconferencers) cease overnight. The support tech, formerly drowned
in angst from the users, set to work automating an reflashing 600 old
agw routers they had "retired" on the shelf, and then distributin= g
them to customers as extenders because the wifi finally worked right
with the fq_codel stuff now in that release.

I feel like I am tooting my own horn here a bit too much, but solving
the right problems like MTTR, MTBF, bufferbloat, and taking back
control of your software infrastructure while being able to customize
it for purpose, and turning what otherwise would be ewaste into
something that will last a decade more, is my inner "green", my i= nner
stewart brand.

Compare that to so many others being marketed to, to death, that buy
the latest (and often inferior) thing, every few months, perpetually
fooled by promises that do not pay off in the field, and often, really
lousy MTBF. Good embedded software takes many years to develop, say,
oh, 7, while the hardware cycle is closer to 2, nowadays, and requires
many eyeballs to fully debug and get to lots of 9s of reliability.

Back when I was even more radical about good, open, embedded, software
than now, I used to say: "Friends don't let friends run factory firmware.". I do wish somehow the long term maintence costs of
hardware with a decade plus service lifetime would be adaquately
covered. Insurance? by law? a formal setaside from the purchase price?
Otherwise we run the risk of turning the world's internet into a giant<= br> toxic waste dump that will require Superfund levels of cleanup, one
day, and ever more contributions to trillions of dollars of fraud, and
persistent actors having first broken down the front door, perpetually
on the inside, wreaking more havoc. Somehow preventing that mess, up
front, seems cheaper.

Take this string of vulns:
https://www.google.com/search?q=3Dcisco+= router+vulnerability

(try that search string with *any* manufacturer - juniper, netgear, tplink,=

There is a new vuln going around about some very old software in a
cisco mx series which is ancient and yet 100k+ are vulnerable -=C2=A0 (I worked on this while at montavista in the early 00s!)=C2=A0 - abandonware,<= br> toxic waste...

Anyway, in Mexico at least, 200+ routers are going to be a lot better,
through the actions of all that contribute to linux, openwrt, and one
smart and caring engineer.

--
Oct 30: https://netdevconf.info/= 0x17/news/the-maestro-and-the-music-bof.html
Dave T=C3=A4ht CSO, LibreQos
_______________________________________________
Nnagain mailing list
Nnagain@= lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain
--0000000000003617d9060865c3a2--