Distributions

The EFF launches a router project

The Electronic Frontier Foundation is probably best known for its work in the political arena. But the EFF also occasionally tries to make change happen more directly by releasing interesting technologies of its own. The organization's July 20 announcement of the Open Wireless Router project is an example of this type of initiative. Your editor has long been concerned about the state of home (and small business) router software, so it made sense to take a look. What was revealed is a project with some interesting potential — but that potential may take more resources than are currently available to realize.

There are many reasons to want better router software, including improved functionality, performance, security, and more. While the EFF is working toward those goals, the primary impetus behind the Open Wireless Router is something different: to support the Open Wireless Movement. The idea behind Open Wireless is that if we all set aside a portion of the bandwidth on our wireless networks for anybody who might happen by, the world as a whole will be a better place. The Open Wireless Router project intends to make it both easy and safe for people to do exactly that.

By its own admission, this project is in an early stage of development at this point. It only works on one hardware platform, the Netgear WNDR3800 router. The WNDR3800 is beginning to show its age, but it is a relatively open device that is easy to experiment with. The stock Netgear firmware makes it easy to flash a replacement, so installing the Open Wireless software on this device is really just a matter of downloading the image and feeding it to the right administrative page. Once the router reboots, it advertises a wireless network called "Setup Open Wireless" where a minimal amount of configuration can be performed. After that, the router is up and running.

The router is set up to offer two wireless networks to the world. One is the private network set up during the configuration phase. The other, which is set up with openwireless.org as its SSID, is unencrypted and available to anybody who wants to use it. The default setup has the private net on the 5GHz radio, while openwireless.org lives in the 2.4GHz band.

There is a web-based administrative interface to the router, but it really only has two pages. One of them is the "dashboard," giving an overview of the status of the router and how much bandwidth is being used by each of the two wireless networks. The ping time to eff.org is maintained there for users who are concerned about how quickly they can get back to the mothership (or, more seriously, whether they have connectivity to the Internet at all). This screen also has a toggle that may be used to turn the openwireless.org network on or off.

The second screen enables minimal tweaking of the router's settings. The basic parameters for both networks can be changed (though openwireless.org cannot be renamed). This screen can be used to upload an SSH public key to the router; after that, it is possible to use SSH to log into the router with the corresponding private key. Once the key has been set and used, it cannot be changed again via the web interface.

The settings screen demonstrates the attention that has been paid to the open wireless objective. The administrator can configure how much of the network's total bandwidth can be used by open wireless users; there is also a monthly bandwidth cap that can be applied (though that feature does not appear to work yet). The idea, once again, is to make it easy to offer an open network without compromising the functionality or the security of the private network.

Given the priority that supporting open access wireless seems to have, it is somewhat ironic that the openwireless.org network does not actually work in the initial release of the router software. It seems that the firewall rules are not correct, preventing DHCP requests from making it to the daemon on the router. The problem is fixed easily enough, but it is somewhat discouraging that this project shipped its initial version with the headline feature not working properly. It gives the impression that the release was put out in a hurry, an impression which is reinforced by rough edges elsewhere in the distribution.

Beyond open access, this project has goals that include bufferbloat avoidance, a minimal and secure configuration interface, and to improve the state of home router security. The first of those goals has mostly been met by basing the Open Wireless Router distribution on CeroWrt, an OpenWrt derivative designed to support work on bufferbloat issues. With regard to the second goal, the interface is certainly minimal. The fact that an administrative login over HTTP never times out suggests that the security side of the equation has not yet been fully thought out. But one has to start somewhere.

What about security in general? CeroWrt has done a little work in this area, but a fundamental problem remains unsolved: there is no mechanism for distributing security updates to these routers. In most configurations, the only practical way to apply an update is to reflash the entire firmware image. So these devices, once installed, tend to be deployed for years and forgotten about; there must be no end of outdated and vulnerable software running on small routers all over the world. The EFF is right to want to address this problem; in the long run, it may turn out to be one of the biggest security problems for the net as a whole.

For now, it does not appear that much has happened in this area, though. The dashboard page does have an indication of when the last check for software updates was done. Evidently the router can perform a full-image upgrade when an update is made available; that is useful for users who have not customized anything, but will be painful for those who have installed their own packages. If there is any mechanism for verifying the provenance and integrity of an update image, though, it is not mentioned anywhere. (As of this writing, a bug-fix update is planned for around August 1). There is also no way in the administrative screens for the user to install a new firmware image of their own choosing; hopefully this feature will be provided in the near future.

Fixing the home router security problem is a laudable goal. Creating a more friendly administrative interface to OpenWrt-based (or CeroWrt-based) devices is also a worthwhile effort; these distributions can be somewhat intimidating to those who don't want to learn about how routers work in great detail. One can only wish the EFF luck as it works toward achieving these goals. A certain amount of luck would appear to be needed; the goals are ambitious, while the development community, at this point, seems to be tiny. The commit stream shows few developers actively working on the project at this point.

In other words, there is a reason why the EFF's announcement was titled "Calling all hackers." There is a clear desire to attract a development community to help push this project forward. By putting the focus on interface and security development while basing its work on a solid technical foundation provided by others, the EFF might have hit on a winning strategy. This is an important area that has been somewhat neglected to date; a handful of dedicated developers working on these problems could make a real difference.

In the short term, the Open Wireless Router distribution is not quite ready for mainstream use, even for those who own the requisite hardware. But it is not that far away from that point. Many users simply want to connect their router to their Internet link and have a functioning wireless net; the Open Wireless Router makes that quite easy to do. Those who want to dig in further will need to learn command-line administration, a skill that makes the full capabilities of a CeroWrt-based system available to them. All told, the Open Wireless Router could easily evolve into a useful tool that could greatly increase the reach, performance, and security of the open network.

Comments (46 posted)

Distribution quotes of the week

— Michał Górny

— Gerald Pfeifer

— Smilee B

Comments (none posted)

The first stable CoreOS release

The CoreOS developers have announced the release of version 367.1.0 of the CoreOS distribution; this is the first version deemed to be stable and ready for production. "Please note: The stable release is not including etcd and fleet as stable, this release is only targeted at the base OS and Docker 1.0. etcd/fleet stable support will be in subsequent releases." LWN looked at CoreOS last April.

Comments (4 posted)

Ubuntu 14.04.1 LTS released

The Ubuntu team has announced the release of Ubuntu 14.04.01 LTS for its Desktop, Server, Cloud, and Core products, as well as the following flavors: Kubuntu, Edubuntu, Xubuntu, Mythbuntu, Ubuntu GNOME, Lubuntu, Ubuntu Kylin, and Ubuntu Studio.

Full Story (comments: none)

Fedora 21 delayed three weeks

At yesterday's Fedora Engineering Steering Committee (FESCo) meeting, the release of Fedora 21 was delayed by three weeks (FESCo ticket), with the final release now scheduled for November 4. There are some problems with "test composes" of the release (creating test ISO images) that mean the deadline for the alpha release would be missed. The original plan was to delay for two weeks, but that put the freeze just before the Flock conference, so it was decided to push out an additional week.

Comments (4 posted)

The Fedora Security Team

The new Fedora Security Team has announced its existence. "The Security Team's mission is to assist packagers in closing security vulnerabilities. Once alerted to a vulnerability on a package, the security team can help work with upstream to obtain a patch or a new release of a package. Once we have a patch or a new release we attach it to the vulnerability bug and work with packagers to get the fix pushed." They have their work cut out for them: they have identified 566 open vulnerabilities in Fedora.

Full Story (comments: none)

openSUSE Factory becomes a rolling-release distribution

The openSUSE project has announced that the "Factory" development distribution has been reworked into an independent distribution using a rolling-release model. "With a daily fresh Factory distribution making it easier for those who want to preview and test, we hope to see more users and contributors, leading to faster fixes and even higher quality. Factory is critical as it provides the base technology for openSUSE and SUSE Linux Enterprise, which is used by tens of thousands of organizations around the world."

Comments (35 posted)

Distribution newsletters

• DistroWatch Weekly, Issue 569 (July 28)
• 5 things in Fedora this week (July 22)
• Ubuntu Weekly Newsletter, Issue 376 (July 27)

Comments (none posted)

FreeBSD quarterly status report

The FreeBSD project has released its quarterly status report for April through June, 2014. "In May, a new release policy was published and presented at the BSDCan developer conference by John Baldwin. The idea is that each major release branch (for example, 10.X) is guaranteed to be supported for at least five years, but individual point releases on each branch, like 10.0-RELEASE, will be issued at regular intervals and only the latest point release will be supported."

Comments (none posted)