<font face="arial" size="3"><p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;">Well, pots and kettles - I bet there are, amongst the huge numbers of LEDE/OpenWRt packages, some very useful DDoS amplification concerns. So it's really not a strong proof of the claim that "factory firmware" is bad.<br /><br />My own home border router I built myself, and yet it acquires new problems with new updates (as well as having some fixed).<br /><br />And, one thing that scares the bejeezus out of me is the passion for stuff like code allowing injection of binary code into the kernel (eBPF) being thrown into the Linux Kernel for "performance reasons". Hacking the clever network developer has never been easier - just throw them some complicated and subtle code that runs in the kernel that "everybody thinks is the coolest new thing". Here's the description of eBPF from the documentation I use: "The extended BPF (eBPF) variant has become a universal in-kernel virtual machine, that has <em><strong>hooks all over the kernel.</strong> </em>" Lovely. So userspace can make the kernel do completely untestable things.</p>
<p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;">There are lots of great things about creating the freedom to experiment, modify your own devices' firmware, etc. I think the existence of that community makes the world generally safer (more eyeballs, more innovation, etc.).</p>
<p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;">But this idea that everybody benefits by running some non-standard firmware they choose for themselves? That's bizarre to me, unjustifiable by any very good argument.</p>
<p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;"> </p>
<p style="margin:0;padding:0;font-family: arial; font-size: 12pt; overflow-wrap: break-word;">UBNT here seems to be doing the right thing - developing an update and distributing it to all its customers.<br /><br />-----Original Message-----<br />From: "Dave Taht" <dave.taht@gmail.com><br />Sent: Monday, February 4, 2019 3:41pm<br />To: "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net><br />Subject: [Cerowrt-devel] friends don't let friends run factory firmware<br /><br />https://www.zdnet.com/article/over-485000-ubiquiti-devices-vulnerable-to-new-attack/<br /><br />-- <br /><br />Dave Täht<br />CTO, TekLibre, LLC<br />http://www.teklibre.com<br />Tel: 1-831-205-9740<br />_______________________________________________<br />Cerowrt-devel mailing list<br />Cerowrt-devel@lists.bufferbloat.net<br />https://lists.bufferbloat.net/listinfo/cerowrt-devel</p></font>