From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from bobcat.rjmcmahon.com (bobcat.rjmcmahon.com [45.33.58.123]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.bufferbloat.net (Postfix) with ESMTPS id 3CF243B29D for ; Fri, 13 Oct 2023 11:55:52 -0400 (EDT) Received: from [192.168.1.66] (c-69-181-111-171.hsd1.ca.comcast.net [69.181.111.171]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bobcat.rjmcmahon.com (Postfix) with ESMTPSA id 2ED8A1B258; Fri, 13 Oct 2023 08:55:51 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.11.0 bobcat.rjmcmahon.com 2ED8A1B258 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rjmcmahon.com; s=bobcat; t=1697212551; bh=2OlcJh5iiFhO2hSaNDoAOmBmaoYf5wusvNE0sHy76z4=; h=In-Reply-To:References:Subject:From:Date:To:CC:From; b=qGskDxmLxTCICgQT2xtMV/ph+R17CAsOeYTnTeh8r4MS1vu1b2o14inAmuHwRVoHn jtLKrT8Mr6a+FXmroMJSQNwLAMFyoDDD7hduX1QS7eDXvQdDQn0LDvYiDGTxmePf7M CVp3SsjqiyCmV2H9gSGqDx9kQT8ojdg/oTDKhsbs= In-Reply-To: References: <9f79b6f4b45c45c6d2fd2a43783f0157@rjmcmahon.com> <6a03ab3b-8e1c-4727-9fd9-07a38db4fb73@rjmcmahon.com> <589a1dbc49063b7e494d686ad9d71193@rjmcmahon.com> <167c8eec66fcda1b2c48833c4dd654de@rjmcmahon.com> <307264096640fab70a4c6ab983884f05@rjmcmahon.com> X-Referenced-Uid: 00011492567702d5 Thread-Topic: Re: [NNagain] Internet Education for Non-technorati? User-Agent: Android X-Is-Generated-Message-Id: true MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----SKZFP042P99DXJ4JYIKYQW7JWHSGOD" Content-Transfer-Encoding: 7bit From: Robert McMahon Date: Fri, 13 Oct 2023 08:55:45 -0700 To: David Lang CC: =?ISO-8859-1?Q?Network_Neutrality_is_back!_Let=B4s_make_?= =?ISO-8859-1?Q?the_technical_a_spects_heard_this_time!?= , Dave Taht Message-ID: Subject: Re: [NNagain] Internet Education for Non-technorati? X-BeenThere: nnagain@lists.bufferbloat.net X-Mailman-Version: 2.1.20 Precedence: list List-Id: =?utf-8?q?Network_Neutrality_is_back!_Let=C2=B4s_make_the_technical_aspects_heard_this_time!?= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Oct 2023 15:55:52 -0000 ------SKZFP042P99DXJ4JYIKYQW7JWHSGOD Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 That's interesting=2E It's basically saying the security risk is openwrt sw= =2E The chips themselves aren't, and signal processing is not either=2E I= 'll add that to FiWi's remote radio head argument, i=2Ee=2E it's inherently= more secure=2E Security is a huge problem for everyone=2E =E2=81=A3Bob O= n Oct 13, 2023, 1:34 AM, at 1:34 AM, David Lang wrote: >O= n Thu, 12 Oct 2023, rjmcmahon wrote: > >> I think we're looking at differen= t parts of the elephant=2E I perceive >huge >> advances in WiFi (phy, dsp,= radios, fems, etc=2E) and residential >gateway chips >> of late=2E > >My = point is that the chips behavior doesn't change when you switch to a >newer= >release of openwrt on the same chipset=2E When you do a new hardware >v= ersion, you >need to do all the testing that was mentioned (and more) but = if you are >looking >at updating the opewrt image, you have far less that = you need to check=2E > >David Lang > >> Not sure the state of chips used by= the openwrt folks here, though >> they may be lagging a bit - not sure=2E= >> >> >https://investors=2Ebroadcom=2Ecom/news-releases/news-release-detai= ls/broadcom-announces-availability-second-generation-wi-fi-7 >> >> Broadcom= =E2=80=99s Wi-Fi 7 ecosystem product portfolio includes the BCM6765, >> BC= M47722, and BCM4390=2E >> >> The BCM6765 is optimized for the residential W= i-Fi access point >market=2E Key >> features include: >> =2E=2E=2E >> The = BCM47722 is an enterprise access point platform SoC supporting >Wi-Fi 7, >= > Bluetooth Low Energy, and 802=2E15=2E4 protocols=2E Key features include:= >> =2E=2E=2E >> The BCM4390 is a highly-integrated Wi-Fi 7 and Bluetooth 5= combo chip > >> optimized for mobile handset applications=2E Key features = include: >> =2E=2E=2E >> >> Bob >>> On Thu, 12 Oct 2023, rjmcmahon via Nnag= ain wrote: >>> >>>> I looked at openwrt packages and iperf 2 is at versio= n 2=2E1=2E3 which >is a >>>> few years old=2E >>>> >>>> The number of CPE= /AP systems to test against is quite large=2E Then >throwing >>>> in versi= ons for backwards compatibility testing adds yet another >vector=2E >>> >>= > for the market as a whole, yes, it's a hard problem=2E But for an >>> ind= ividual manfacturer, they only have to work with their equipment, >>> not a= ll the others=2E The RF side isn't changing from release to >release >>> (a= nd usually the firmware for the Wifi isn't changing), so that >>> eliminate= s a lot of the work=2E They need to do more smoke testing of >>> new releas= es than a full regression/performance test=2E Some >>> incompatibility cree= ping in is the most likely problem, not a subtle >>> performance issue=2E >= >> >>> For the Scale conference, we have a Pi tied to a couple relays >hoo= ked >>> to the motherboard of the router we use and it's tied in to our >gi= thub >>> repo, so every PR gets auto-flashed to the router and simple check= s >>> done=2E Things like this should be easy to setup and will catch most = >>> issues=2E >>> >>> David Lang >>> >>>> Since it's performance related,= statistical techniques are required > >>>> against multiple metrics to mea= sure statistically the same or not=2E >Finally >>>> with WiFi, one needs t= o throw in some controlled, repeatable RF >>>> variability around the d-ma= trices (range) & h-matrices (frequency >>>> responses in both phase and am= plitudes per the MIMO spatial >streams=2E) >>>> >>>> I can see why vendors= (& system integrators) might be slow to adopt >the >>>> latest if there i= s not some sort of extensive qualification ahead >of that >>>> adoption=2E= >>>> >>>> Bob >>>> >>>> PS=2E Iperf 2 now has 2=2E5+ million downloads (= if sourceforge is to be > >>>> believed=2E) My wife suggested I write a boo= k titled, "How to create >>>> software with 2=2E5M downloads, a zero margi= nal cost to produce, and >get >>>> paid zero dollars!!" I suspect many ope= nwrt & other programmers >could add >>>> multiple chapters to such a book= =2E >>>> >>>>> On Thu, Oct 12, 2023 at 9:04=E2=80=AFAM rjmcmahon via Nnaga= in >>>>> wrote: >>>>>> >>>>>> Sorry, m= y openwrt information seems to be incorrect and more >vendors use >>>>>> op= enwrt then I realized=2E So, I really don't know the numbers >here=2E >>>>>= >>>>> There are not a lot of choices in the market=2E On the high end, >l= ike >>>>> eero, we are seeing Debian derived systems, also some chromeOS >>= >>> devices=2E Lower end there is "buildroot", and forked openwrts like >>>= >> Meraki=2E >>>>> >>>>> So the whole home router and cpe market has some,= usually >obsolete, >>>>> hacked up, and unmaintained version of openwrt at= its heart, on >>>>> everything from SFPs to the routers and a lot of iOt, = despite many >>>>> advancements and security patches in the main build=2E >= >>>> >>>>> It would be my earnest hope, with a clear upgrade path, downstr= eam >>>>> manufacturers would release within a few months of the main >Open= Wrt >>>>> releases, or even at the same time, having worked with their >cus= tomers >>>>> through the 6 month release candidate cycle=2E Microsoft >acco= mplishes >>>>> this, at least=2E >>>>> >>>>> >>>> >https://www=2Ereddit= =2Ecom/r/openwrt/comments/175z8t9/imminent_release_of_openwrt_2305/ >>>>> = >>>>>> I do agree with the idea that fixes should be pushed to the >mainlin= e and >>>>>> that incremental upgrades should be standard practice=2E >>>>>= >>>>> +1000 >>>>> >>>>>> Arista's SW VP gave a talk where he said that 8= 0% of their >customer >>>>>> calls about bugs were already fixed but their = customer wasn't >following >>>>>> an upgrade policy=2E This approach applie= s to most any sw based >product=2E >>>>> >>>>> +100 >>>>> >>>>>> >>>>>> = Bob >>>>>> > Hi David, >>>>>> > >>>>>> > The vendors I know don't roll thei= r own os code either=2E The >make their >>>>>> > own release still mostly b= ased from Linux and they aren't tied >to the >>>>>> > openwrt release proce= ss=2E >>>>>> > >>>>>> > I think GUIs on CPEs are the wrong direction=2E Con= sumer network >>>>>> > equipment does best when it's plug and play=2E Consu= mers don't >have all >>>>>> > the skills needed to manage an in home packet= network that >includes >>>>>> > wifi=2E >>>>>> > >>>>>> > I recently fixed= a home network for my inlaws=2E It's a combo of >>>>>> > structured wire a= nd WiFi APs=2E I purchased the latest equipment >from >>>>>> > Amazon vs us= e the ISP provided equipment=2E I can do this >reasonably >>>>>> > well bec= ause I'm familiar with the chips inside=2E >>>>>> > >>>>>> > The online tec= h support started with trepidation as he was >concerned >>>>>> > that the h= ome owner, i=2Ee me, wasn't as skilled as the ISP >technicians=2E >>>>>> > = He suggested we schedule that but I said we were good to go w/o >one=2E >>>= >>> > >>>>>> > He asked to speak to my father in law when we were all done= =2E He >told >>>>>> > him, "You're lucky to have a son in law that know wha= t he's >doing=2E My >>>>>> > techs aren't as good, and I really liked worki= ng with him too=2E" >>>>>> > >>>>>> > I say this not to brag, as many on th= is list could do the >equivalent, >>>>>> > but to show that we really need = to train lots of technicians on >things >>>>>> > like RF and structured wir= ing=2E Nobody should be "lucky" to get >a >>>>>> > quality in home network= =2E We're not lucky to have a flush >toilet >>>>>> > anymore=2E This stuff= is too important to rely on luck=2E >>>>>> > >>>>>> > Bob >>>>>> > On Oct = 11, 2023, at 3:58 PM, David Lang wrote: >>>>>> > >>>>>> >= > On Wed, 11 Oct 2023, rjmcmahon wrote: >>>>>> >> >>>>>> >>> I don't know t= he numbers but a guess is that a majority of >SoCs >>>>>> >>> with WiFi >>>= >>> >>> radios aren't based on openwrt=2E >>>>>> >> >>>>>> >> From what I'v= e seen, the majority of APs out there are based >on >>>>>> >> OpenWRT or on= e >>>>>> >> of the competing open projects, very few roll their own OS >fro= m >>>>>> >> scratch >>>>>> >> >>>>>> >>> I think many on this list use open= wrt but >>>>>> >>> that may not be representative of the actuals=2E Also, t= he >trend is >>>>>> >>> less sw in >>>>>> >>> a CPU forwarding plane and mo= re hw, one day, linux at the >CPEs >>>>>> >mayhttps://investors=2Ebroadcom= =2Ecom/news-releases/news-release-details/broadcom-announces-availability-s= econd-generation-wi-fi-7 >>>>>> >>> not be >>>>>> >>> needed at all (if we = get to remote radio heads - though this >is >>>>>> >>> highly >>>>>> >>> sp= eculative=2E)Peregrine - 112G PAM4 >>>>>> >> >>>>>> >> that is countered by= the trend to do more (fancier GUI, media >>>>>> >> center, etc) The >>>>>>= >> vendors all want to differentiate themselves, that's hard to >do if >>>= >>> >> it's baked >>>>>> >> into the chips >>>>>> >> >>>>>> >>> From my exp= erience, sw is defined by the number & frequency >of >>>>>> >>> commits, an= d >>>>>> >>> of timeliness to issues more than a version number or compile = >>>>>> >>> date=2E So the >>>>>> >>> size and quality of the software staff= can be informative=2E >>>>>> >>> >>>>>> >>> I'm more interested in mfg nod= e process then the mfg location >& >>>>>> >>> date as the >>>>>> >>> node p= rocess gives an idea if the design is keeping up or >not=2E >>>>>> >>> Chip= s designed >>>>>> >>> in 2012 are woefully behind and consume too much ener= gy and >>>>>> >>> generate too much >>>>>> >>> heat=2E I think Intel provid= es this information on all its >chips as >>>>>> >>> an example=2E >>>>>> >>= >>>>>> >> I'm far less concerned about the chips than the software=2E >Sec= urity >>>>>> >> holes are far >>>>>> >> more likely in the software than th= e chips=2E The chips may >limit the >>>>>> >> max >>>>>> >> performance of = the devices, but the focus of this is on the >>>>>> >> security, not the >>= >>>> >> throughput or the power efficiency (I don't mind that extra >info, = >>>>>> >> but what makes >>>>>> >> some device unsafe to use isn't the age = of the chips, but the >age of >>>>>> >> the >>>>>> >> software) >>>>>> >> >= >>>>> >> David Lang >>>>>> >> >>>>>> >> Bob >>>>>> >> On Wed, 11 Oct 2023, = David Bray, PhD via Nnagain wrote: >>>>>> >> >>>>>> >> There's also the con= cern about how do startups roll-out such a >>>>>> >> label for >>>>>> >> th= eir tech in the early iteration phase? How do they afford to >do >>>>>> >> = the >>>>>> >> extra >>>>>> >> work for the label vs=2E a big company (does = this become a >regulatory >>>>>> >> moat?) >>>>>> >> >>>>>> >> And let's sa= y we have these labels=2E Will only consumers with >the >>>>>> >> money to = >>>>>> >> purchase the more expensive equipment that has more privacy >and = >>>>>> >> security >>>>>> >> features buy that one - leaving those who cann= ot afford >privacy and >>>>>> >> security bad alternatives? >>>>>> >> >>>>>= > >> As far as security goes, I would argue that the easy answer is >to >>>= >>> >> ship >>>>>> >> a current version of openwrt instead of a forked, anc= ient >version, >>>>>> >> and >>>>>> >> get their changes submitted upstream= (or at least maintained >against >>>>>> >> upstream)=2E It's a different p= aradigm than they are used to, >and >>>>>> >> right >>>>>> >> now the suppl= iers tend to also work with ancient versions of >>>>>> >> openwrt, >>>>>> >= > but in all the companies that I have worked at, it's proven to >be >>>>>>= >> less >>>>>> >> ongoing work (and far less risk) to keep up with current= >versions >>>>>> >> than >>>>>> >> it is to stick with old versions and th= en do periodic 'big >jump' >>>>>> >> upgrades=2E >>>>>> >> >>>>>> >> it's l= ike car maintinance, it seems easier to ignore your >tires, >>>>>> >> brake= s, and oil changes, but the minimal cost of maintaining >those >>>>>> >> sy= stems pays off in a big way over time >>>>>> >> >>>>>> >> David Lang >>>>>>= >> >>>>>> >> ------------------------- >>>>>> >> >>>>>> >> Nnagain mailing= list >>>>>> >> Nnagain@lists=2Ebufferbloat=2Enet >>>>>> >> https://lists= =2Ebufferbloat=2Enet/listinfo/nnagain >>>>>> >> >>>>>> >> -----------------= -------- >>>>>> >> >>>>>> >> Nnagain mailing list >>>>>> >> Nnagain@lists= =2Ebufferbloat=2Enet >>>>>> >> https://lists=2Ebufferbloat=2Enet/listinfo/n= nagain >>>>>> > _______________________________________________ >>>>>> > Nn= again mailing list >>>>>> > Nnagain@lists=2Ebufferbloat=2Enet >>>>>> > http= s://lists=2Ebufferbloat=2Enet/listinfo/nnagain >>>>>> _____________________= __________________________ >>>>>> Nnagain mailing list >>>>>> Nnagain@lists= =2Ebufferbloat=2Enet >>>>>> https://lists=2Ebufferbloat=2Enet/listinfo/nnag= ain >>>> _______________________________________________ >>>> Nnagain maili= ng list >>>> Nnagain@lists=2Ebufferbloat=2Enet >>>> https://lists=2Ebufferb= loat=2Enet/listinfo/nnagain >>>> >> ------SKZFP042P99DXJ4JYIKYQW7JWHSGOD Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
That's inter= esting=2E It's basically saying the security risk is openwrt sw=2E The chip= s themselves aren't, and signal processing is not either=2E

=
I'll add that to FiWi's remote radio head argument, i=2Ee= =2E it's inherently more secure=2E Security is a huge problem for everyone= =2E

Bob
On Oct 13, 2023, at 1:34 AM, Dav= id Lang <david@lang= =2Ehm> wrote:
On Thu, 12 Oct 2023, rjmcmahon wrote:

 I think we're looking at diff=
erent parts of the elephant=2E I perceive huge 
 advances in WiFi (phy, =
dsp, radios, fems, etc=2E) and residential gateway chips 
 of late=2E

My point is that the chips behavior doesn't change when y= ou switch to a newer
release of openwrt on the same chipset=2E When you= do a new hardware version, you
need to do all the testing that was me= ntioned (and more) but if you are looking
at updating the opewrt image,= you have far less that you need to check=2E

David Lang

Not sure the state of chips us= ed by the openwrt folks here, though
they may be lagging a bit - not s= ure=2E

https://investors=2Ebroadcom=2Ecom/news-releases/news-release-details/= broadcom-announces-availability-second-generation-wi-fi-7

Broad= com=E2=80=99s Wi-Fi 7 ecosystem product portfolio includes the BCM6765, BCM47722, and BCM4390=2E

The BCM6765 is optimized for the residen= tial Wi-Fi access point market=2E Key
features include:
=2E=2E=2E<= br> The BCM47722 is an enterprise access point platform SoC supporting Wi-F= i 7,
Bluetooth Low Energy, and 802=2E15=2E4 protocols=2E Key features = include:
=2E=2E=2E
The BCM4390 is a highly-integrated Wi-Fi 7 and B= luetooth 5 combo chip
optimized for mobile handset applications=2E Key= features include:
=2E=2E=2E

Bob
On Thu, 12 Oct 2023, rjmcmahon via Nnagain wrote:
I looked at openwrt= packages and iperf 2 is at version 2=2E1=2E3 which is a
few years ol= d=2E

The number of CPE/AP systems to test against is quite large= =2E Then throwing
in versions for backwards compatibility testing adds= yet another vector=2E

for the market as a whole, yes= , it's a hard problem=2E But for an
individual manfacturer, they only h= ave to work with their equipment,
not all the others=2E The RF side isn= 't changing from release to release
(and usually the firmware for the W= ifi isn't changing), so that
eliminates a lot of the work=2E They need = to do more smoke testing of
new releases than a full regression/perform= ance test=2E Some
incompatibility creeping in is the most likely proble= m, not a subtle
performance issue=2E

For the Scale conference,= we have a Pi tied to a couple relays hooked
to the motherboard of the = router we use and it's tied in to our github
repo, so every PR gets aut= o-flashed to the router and simple checks
done=2E Things like this shou= ld be easy to setup and will catch most
issues=2E

David Lang
Since it's perform= ance related, statistical techniques are required
against multiple met= rics to measure statistically the same or not=2E Finally
with WiFi, on= e needs to throw in some controlled, repeatable RF
variability around = the d-matrices (range) & h-matrices (frequency
responses in both p= hase and amplitudes per the MIMO spatial streams=2E)

I can see why= vendors (& system integrators) might be slow to adopt the
latest = if there is not some sort of extensive qualification ahead of that
ado= ption=2E

Bob

PS=2E Iperf 2 now has 2=2E5+ million downloa= ds (if sourceforge is to be
believed=2E) My wife suggested I write a b= ook titled, "How to create
software with 2=2E5M downloads, a zero marg= inal cost to produce, and get
paid zero dollars!!" I suspect many open= wrt & other programmers could add
multiple chapters to such a book= =2E

On Thu, Oct 1= 2, 2023 at 9:04=E2=80=AFAM rjmcmahon via Nnagain
<nnagain@lists=2Ebu= fferbloat=2Enet> wrote:

Sorry, my openwrt information seems to be incorrect and more vend= ors use
openwrt then I realized=2E So, I really don't know the numbers = here=2E

There are not a lot of choices in the market= =2E On the high end, like
eero, we are seeing Debian derived systems, a= lso some chromeOS
devices=2E Lower end there is "buildroot", and forked= openwrts like
Meraki=2E

So the whole home router and cpe mark= et has some, usually obsolete,
hacked up, and unmaintained version of o= penwrt at its heart, on
everything from SFPs to the routers and a lot o= f iOt, despite many
advancements and security patches in the main build= =2E

It would be my earnest hope, with a clear upgrade path, downst= ream
manufacturers would release within a few months of the main OpenWr= t
releases, or even at the same time, having worked with their customer= s
through the 6 month release candidate cycle=2E Microsoft accomplishes=
this, at least=2E


h= ttps://www=2Ereddit=2Ecom/r/openwrt/comments/175z8t9/imminent_release_of_op= enwrt_2305/

I do agree with the idea th= at fixes should be pushed to the mainline and
that incremental upgrades= should be standard practice=2E

+1000

Arista's SW VP gave a talk where= he said that 80% of their customer
calls about bugs were already fixed= but their customer wasn't following
an upgrade policy=2E This approach= applies to most any sw based product=2E

+100

Bob
Hi David,

= The vendors I know don't roll their own os code either=2E The make= their
own release still mostly based from Linux and th= ey aren't tied to the
openwrt release process=2E =

I think GUIs on CPEs are the wrong direction=2E C= onsumer network
equipment does best when it's plug and = play=2E Consumers don't have all
the skills needed to m= anage an in home packet network that includes
wifi=2E =

I recently fixed a home network for my inlaw= s=2E It's a combo of
structured wire and WiFi APs=2E I = purchased the latest equipment from
Amazon vs use the I= SP provided equipment=2E I can do this reasonably
well = because I'm familiar with the chips inside=2E

= The online tech support started with trepidation as he was concerned =
that the home owner, i=2Ee me, wasn't as skilled as the IS= P technicians=2E
He suggested we schedule that but I sa= id we were good to go w/o one=2E

He asked t= o speak to my father in law when we were all done=2E He told
= him, "You're lucky to have a son in law that know what he's doing=2E = My
techs aren't as good, and I really liked working wit= h him too=2E"

I say this not to brag, as ma= ny on this list could do the equivalent,
but to show th= at we really need to train lots of technicians on things
= like RF and structured wiring=2E Nobody should be "lucky" to get a =
quality in home network=2E We're not lucky to have a flush to= ilet
anymore=2E This stuff is too important to rely on = luck=2E

Bob
On Oct 11, = 2023, at 3:58 PM, David Lang <david@lang=2Ehm> wrote:
=
On W= ed, 11 Oct 2023, rjmcmahon wrote:

I don't know the numbers b= ut a guess is that a majority of SoCs
with WiFi =
radios aren't based on openwrt=2E
=

From what I've seen, the majority of = APs out there are based on
OpenWRT or one of the competing open projects, very few roll their own OS from =
scratch

I think many on this list use = openwrt but
that may not be representative of the a= ctuals=2E Also, the trend is
less sw in a CPU forwarding plane and more hw, one day, linux at the CPEs=
may= https://in= vestors=2Ebroadcom=2Ecom/news-releases/news-release-details/broadcom-announ= ces-availability-second-generation-wi-fi-7
=
not be =
needed at all (if we get to remote radio heads - tho= ugh this is
highly
speculat= ive=2E)Peregrine - 112G PAM4
that is countered by the trend to do more (fancier GUI, media =
center, etc) The
vendors all wan= t to differentiate themselves, that's hard to do if
i= t's baked
into the chips

=
From my exper= ience, sw is defined by the number & frequency of
= commits, and
of timeliness to issues more than a= version number or compile
date=2E So the =
size and quality of the software staff can be informative=2E=

I'm more interested in mfg node proc= ess then the mfg location &
date as the =
node process gives an idea if the design is keeping up or = not=2E
Chips designed
in 20= 12 are woefully behind and consume too much energy and
= generate too much
heat=2E I think Intel provide= s this information on all its chips as
an example= =2E

I'm far less = concerned about the chips than the software=2E Security
= holes are far
more likely in the software than the= chips=2E The chips may limit the
max
= performance of the devices, but the focus of this is on the =
security, not the
throughput or the pow= er efficiency (I don't mind that extra info,
but what= makes
some device unsafe to use isn't the age of the= chips, but the age of
the
soft= ware)

David Lang
Bob
On Wed, 11 Oct 2023, David Bray, PhD = via Nnagain wrote:

There's also the conc= ern about how do startups roll-out such a
label for =
their tech in the early iteration phase? How do they a= fford to do
the
extra <= br> work for the label vs=2E a big company (does this become a reg= ulatory
moat?)

And= let's say we have these labels=2E Will only consumers with the money to
purchase the more expensive equip= ment that has more privacy and
security
= features buy that one - leaving those who cannot afford privacy an= d
security bad alternatives?
As far as security goes, I would argue that the easy answer is t= o
ship
a current version of ope= nwrt instead of a forked, ancient version,
and =
get their changes submitted upstream (or at least maintaine= d against
upstream)=2E It's a different paradigm than= they are used to, and
right
no= w the suppliers tend to also work with ancient versions of
= openwrt,
but in all the companies that I have w= orked at, it's proven to be
less
= ongoing work (and far less risk) to keep up with current versions =
than
it is to stick with old versions = and then do periodic 'big jump'
upgrades=2E <= br>
it's like car maintinance, it seems easier to ign= ore your tires,
brakes, and oil changes, but the mini= mal cost of maintaining those
systems pays off in a b= ig way over time

David Lang
=
-------------------------

= Nnagain mailing list
Nnagain@lists=2Ebufferb= loat=2Enet
https://lists=2Ebufferbloat=2Enet/listinfo/nnagain <= br>
-------------------------
Nnagain mailing list
Nnagain@lists=2Ebuff= erbloat=2Enet
https://lists=2Ebufferbloat=2Enet/listinfo/nnagain =

Nnagain mailing= list
Nnagain@lists=2Ebufferbloat=2Enet
https://lists=2E= bufferbloat=2Enet/listinfo/nnagain

Nna= gain mailing list
Nnagain@lists=2Ebufferbloat=2Enet
https://lists=2Ebufferbloat= =2Enet/listinfo/nnagain

Nnagain m= ailing list
Nnagain@lists=2Ebufferbloat=2Enet
https://lists=2Ebufferbloat=2Enet= /listinfo/nnagain

=
------SKZFP042P99DXJ4JYIKYQW7JWHSGOD--