[NNagain] Internet Education for Non-technorati?

[David Lang]

On Thu, 12 Oct 2023, rjmcmahon wrote:

> Arista's SW VP gave a talk where he said that 80% of their customer calls 
> about bugs were already fixed but their customer wasn't following an upgrade 
> policy. This approach applies to most any sw based product.

Yes, there is a big "if it ain't broke don't fix it" attitude out there, because 
most software companies don't really care about backwards compatibility (a rant 
of it's own I won't go into here)

But there's a huge difference between "the customer didn't upgrade" and "the 
vendor didn't provide the upgrade". If we are worried about security ratings of 
devices, we need to focus on the latter first.

David Lang

> Bob
>> Hi David,
>> 
>> The vendors I know don't roll their own os code either. The make their
>> own release still mostly based from Linux and they aren't tied to the
>> openwrt release process.
>> 
>> I think GUIs on CPEs are the wrong direction. Consumer network
>> equipment does best when it's plug and play. Consumers don't have all
>> the skills needed to manage an in home packet network that includes
>> wifi.
>> 
>> I recently fixed a home network for my inlaws. It's a combo of
>> structured wire and WiFi APs. I purchased the latest equipment from
>> Amazon vs use the ISP provided equipment. I can do this reasonably
>> well because I'm familiar with the chips inside.
>> 
>> The online tech support started with trepidation as he was concerned
>> that the home owner, i.e me, wasn't as skilled as the ISP technicians.
>> He suggested we schedule that but I said we were good to go w/o one.
>> 
>> He asked to speak to my father in law when we were all done. He told
>> him, "You're lucky to have a son in law that know what he's doing. My
>> techs aren't as good, and I really liked working with him too."
>> 
>> I say this not to brag, as many on this list could do the equivalent,
>> but to show that we really need to train lots of technicians on things
>> like RF and structured wiring. Nobody should be "lucky" to get a
>> quality in home network.  We're not lucky to have a flush toilet
>> anymore. This stuff is too important to rely on luck.
>> 
>> Bob
>> On Oct 11, 2023, at 3:58 PM, David Lang <david at lang.hm> wrote:
>> 
>>> On Wed, 11 Oct 2023, rjmcmahon wrote:
>>> 
>>>> I don't know the numbers but a guess is that a majority of SoCs
>>>> with WiFi
>>>> radios aren't based on openwrt.
>>> 
>>> From what I've seen, the majority of APs out there are based on
>>> OpenWRT or one
>>> of the competing open projects, very few roll their own OS from
>>> scratch
>>> 
>>>> I think many on this list use openwrt but
>>>> that may not be representative of the actuals. Also, the trend is
>>>> less sw in
>>>> a CPU forwarding plane and more hw, one day, linux at the CPEs may
>>>> not be
>>>> needed at all (if we get to remote radio heads - though this is
>>>> highly
>>>> speculative.)
>>> 
>>> that is countered by the trend to do more (fancier GUI, media
>>> center, etc) The
>>> vendors all want to differentiate themselves, that's hard to do if
>>> it's baked
>>> into the chips
>>> 
>>>> From my experience, sw is defined by the number & frequency of
>>>> commits, and
>>>> of timeliness to issues more than a version number or compile
>>>> date. So the
>>>> size and quality of the software staff can be informative.
>>>> 
>>>> I'm more interested in mfg node process then the mfg location &
>>>> date as the
>>>> node process gives an idea if the design is keeping up or not.
>>>> Chips designed
>>>> in 2012 are woefully behind and consume too much energy and
>>>> generate too much
>>>> heat. I think Intel provides this information on all its chips as
>>>> an example.
>>> 
>>> I'm far less concerned about the chips than the software. Security
>>> holes are far
>>> more likely in the software than the chips. The chips may limit the
>>> max
>>> performance of the devices, but the focus of this is on the
>>> security, not the
>>> throughput or the power efficiency (I don't mind that extra info,
>>> but what makes
>>> some device unsafe to use isn't the age of the chips, but the age of
>>> the
>>> software)
>>> 
>>> David Lang
>>> 
>>> Bob
>>> On Wed, 11 Oct 2023, David Bray, PhD via Nnagain wrote:
>>> 
>>> There's also the concern about how do startups roll-out such a
>>> label for
>>> their tech in the early iteration phase? How do they afford to do
>>> the
>>> extra
>>> work for the label vs. a big company (does this become a regulatory
>>> moat?)
>>> 
>>> And let's say we have these labels. Will only consumers with the
>>> money to
>>> purchase the more expensive equipment that has more privacy and
>>> security
>>> features buy that one - leaving those who cannot afford privacy and
>>> security bad alternatives?
>>> 
>>> As far as security goes, I would argue that the easy answer is to
>>> ship
>>> a current version of openwrt instead of a forked, ancient version,
>>> and
>>> get their changes submitted upstream (or at least maintained against
>>> upstream). It's a different paradigm than they are used to, and
>>> right
>>> now the suppliers tend to also work with ancient versions of
>>> openwrt,
>>> but in all the companies that I have worked at, it's proven to be
>>> less
>>> ongoing work (and far less risk) to keep up with current versions
>>> than
>>> it is to stick with old versions and then do periodic 'big jump'
>>> upgrades.
>>> 
>>> it's like car maintinance, it seems easier to ignore your tires,
>>> brakes, and oil changes, but the minimal cost of maintaining those
>>> systems pays off in a big way over time
>>> 
>>> David Lang
>>> 
>>> -------------------------
>>> 
>>> Nnagain mailing list
>>> Nnagain at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/nnagain
>>> 
>>> -------------------------
>>> 
>>> Nnagain mailing list
>>> Nnagain at lists.bufferbloat.net
>>> https://lists.bufferbloat.net/listinfo/nnagain
>> _______________________________________________
>> Nnagain mailing list
>> Nnagain at lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/nnagain
>