Why Fon should give up to close Fonera and release a open device
This morning , opening up my feed reader , I discovered via Andrea Beggi , that another german guy , has found the way to get the shell access to la fonera , simply using a web browser.
Inspired to the famous , already patched , injection code method , through the fon “user zone” web interface , this new method , use the web gui of the router .
Basically , it consists in creating two html pages in a local computer one to inject the iptable rule , another to make la fonera execute the code , and you get instantly shell access.
The link to the howto is here .
It’s funny anyway that since la fonera has been released , the two exploits has been discovered by german people. It’s funny because Martin elected germans and austrians as worth people for the promise program.
But this is not what I’m intented to focus today ; my point now is a reflection about the need to close la fonera hardware.
In my experience , I have seen the success of an hardware device , as more tweakable or upgradable possible. There are many examples , wrt54G is a good example , as FON used this device to start his business just because it is reflashable and adaptable. And perhaps linksys was happy for the sellings of this router also through fon channel. Other examples could be satbox receivers , like the old humax , and more recently the german dreambox .
What I mean is that perhaps , leaving la fonera open , and freeing the possibility for anybody with skills to reflash it , to enhance it and , why not , to correct bugs along you , could be a great benefit also for FON business.
In my thought , FON has to be a real movement , with many chances to apply. One could become a fonero , giving part of his wifi , in the method more suitable to his wishes. I decided to become fonero as instance , building a linux router with chillispot and fon parameters , and my hotspot is surely 100 times more robust than a fonera one driven.
Think about it fellows and do not merely rush to release a new firmware to patch this new flaw.
intrax, and 1 other are discussing. 
KeKeSeB 11:14 am on November 21, 2006 Permalink |
Woohoo, it worked for me…
I won’t upgrade my firmware anymore until the ssh access is enabled…
intrax 12:06 pm on November 21, 2006 Permalink |
I totally agree with your opinion that these devices should be open and that the fon community should welcome development, improvements and bug-fixing to its firmware by enthousiast fon community members. The ONLY reason it has been closed up is that mr. Martin and his gang want to make big $$$$$ out of the fon movement, remember it’s a company stupid and shareholders like Google&Co. want a return on their investment. In my opinion the idea is GREAT and potentially revolutianary, the business model is old fashioned, industrial age thinking (closed env. central control) and WILL kill the idea and movement if not CHANGED rapidly… The hack worked great ! Thanks man…
AustinTX 7:44 pm on November 21, 2006 Permalink |
The funny thing is, I was musing on this very topic yesterday in the boards.fon.com.
http://boards.fon.com/viewtopic.php?p=14798#14798
I agree that “The Movement” needs to be open source. It is fine for Fon to provide starter hardware and software, but they should just focus on providing basic standards for sharing their database of registered members, and then on hosting the community of Foneros who are volunteering to make their system more user-friendly, profitable and secure.
Fon has taken tools which were intended to provide more features and flexibility (DD-WRT, OpenWRT, …) and subverted them the opposite purpose. They have bent the routers to their will like a botnet of zombies.
But I will defend Fon against a particular accusation made above. It is reasonable for Fon, their investors and partners to hope to make big money on their business. But since they have not secured sucess, their behaviour is not likely due to greed. I feel it is an misdirected act of distress.
Ironically, in so doing, they are ..er,.. “starving” the Goose that lays their golden eggs. By locking down their system and arbitrarily dictating details which need to be flexible (like fees to charge the Aliens) they are driving away the enthusiastic and technically adept early adopters. La Fonera is not yet a product which everyone feels a need to aquire, like cell phones are today. They won’t get far at this stage with a proprietary system run in secrecy. Fon needs to steer back towards being a meritocracy for geeks who take things apart and put them back together better. Instead of setting their jaw, locking the door and closing the blinds, Fon needs to lift their shirt and endure some good-intentioned inspection. My impression is that they take criticism not well at all.
I think I feel a new blog entry on it’s way…
NEW Blog Site – No Popups! http://elfonblog.fondoo.net (intrim URL)
Linux overdose » Blog Archive » Christmas comes early, thanks to Fon 10:07 am on December 15, 2006 Permalink |
[...] The La Fonera is “free” as in “free beer for a limited time only”, but how “free” is it as in “freedom of speech”? (See “Gratis versus Libre” if you are still confused.) The La Fonera wireless router uses the open source OpenWrt firmware for embedded devices. It’s nice to know that my Fonera router is running open source software. If I want to, I can download the source code for OpenWrt, hack it, share my hacks with others, and install it in some other device. The Fonera router is therefore “sort of free” – but it’s not free for you to hack and do whatever you want with it. It’s like a piece of free software locked up in a cage. Anton Demartini writes: “What I mean is that perhaps, leaving la fonera open, and freeing the possibility for anybody with skills to reflash it, to enhance it and, why not, to correct bugs along you, could be a great benefit also for FON business.” [...]