OpenWrt gets update in face of FCC's anti-flashing push The open router Linux disto OpenWrt, 15.05 “Chaos Calmer”, has hit the intertubes. One highlight of the release is an update to Version 3.18 of the Linux kernel, and security has been upgraded with ed25519 package signing support, and support for jails and hardened builds. However, the big news – at least according to the …
"The release is named after a cocktail, apparently, but The Register's networking desk has neither gin nor Grenadine syrup on hand to test it."
Gin is a basic. Grenadine is only optional if space is really tight and vodka or whisky would need to be excluded to fit it in.
Clearly the Vulture Networking Desk of Networking that covers Networking whilst Networking needs to get its act in order if it is to continue functioning effectively.
it's a really poor show when you've already run out by 9:30am on a Monday, too :)
The gin, yes, but running out of grenadine? It's non-alcoholic, isn't it?
Also, minor quibble... all the OpenWRT releases are named after cocktails. The splash screen (motd) when you log in has always given the recipe on any release I've ever used.
...they don't want you to run a secure router.
The track-record of proprietary vendor firmware with regards to security is hardly stellar. This is one of the principal drivers for those seeking a bit more reassurance from the front-door of their network.
Call me paranoid, but it would be mightily handy to have more buggy, insecure firmware out there when the need comes to break down that front-door...
Aye: I'll be recommending to my more security conscious customers to buy their routers from Taiwan or China or wherever, basically not the US. Then put a custom ROM on it.
Oh, I do that already.
Actually it's not that simple: All systems that might be used as routers are suspect and frankly so are all others. Your hard disc has enough stuff on it to run an OS (Linux has been booted on an HD). Anything with a iDRAC/iLO/whatever is probably pwned or could be as required by a suitably funded org. As a security consultant I am under no illusions that whilst I can keep the run of the mill baddies out and some of the more determined naughty people, I have no chance against the pre-embedded govt level stuff.
Luckily, I have nothing to hide.
Cheers
Jon
PS If you missed how dreadful that last line really is, then cancel your next order for tin foil.
...they want routers that have backdoors, and logs that are verbose enough for US authorities to drop by and have a poke around if they need.
The point around security is a good one though, especially as most vendors are pretty careless about keeping their routers up to date, and most don't have an automatic update function that happens without the user triggering it.
The thing around WiFi bands is a convenient excuse to hide the fact that what they really want is control over the point of internet connection in every home across the US.
Interesting idea.
Seeing as the CPU in the Pi is essentially a lower end Broadcom router chip, this could work.
I did have thought about "harvesting" the 5 GHz chip and surrounding antenna circuitry from dead routers and making an add-on card that way (would need serious skill, they are fragile) but it could work.
The router here (defunct, turned off during FW upgrade) actually has separate 2.4/5 GHz antenna clusters so can be easily repurposed if the pins going to the BCM43224 can be accessed.
Fortunately they are on the side so its a matter of tedious though feasible soldering with 30 gauge and wirewrap wire.
No, a stupid idea.
The CPU in a Raspberry Pi is not a router chip. The Raspberry Pi is built around a TV/set-top box processor. Its network I/O, frankly, sucks.
Besides code signing (see how Google OnHub has a TPM chip that prevents third-party firmware from running), the major issue is device drivers. The 5 GHz chip in a typical router is a PCIe add-in chip, and it looks like a lot of the router SoC can also act as PCIe wireless adapters.
If you want extreme customization, I think it's best to get a dedicated board with some PCIe slots, maybe something from Soekris, and carefully research the wireless adapters to find ones with working open-source drivers that support master mode.
Don't - do not - do anything terrible like upgrading and controlling your own WiFi (although we'll reserve the right to hold you accountable for any actions done over it if people download illegal stuff and you cant prove it). What was that you asked? Why, yes, of course. You can buy firearms over the counter in that shop over there, sir.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
