2007 27
Silly attempt to hack my blog
Published by MartinVarsavsky.net in Fon with No Comments
I have received comments on the post about the 15 m in which people who criticize Fon’s 15 minute registration trial as hackable, write under the names of Fon employees who supposedly criticize Fon’s policy. We did not publish these comments, of course, as they are fake.
I am sorry to see an organized attempt here, perhaps financed by 3G operators, whose intention is to discredit WiFi in general, and Fon in particular, as unsafe. This has traditionally been the attack of Microsoft on all open source (Fon is open source), namely that if you want to be safe you should use their products. As an Ubuntu user I can tell you that the opposite is true. If you want to be safe use Linux, or the Linux we embrace, which is www.openwrt.org.
Follow Martin Varsavsky on Twitter: twitter.com/martinvars
No Comments
al on June 27, 2007 ·
Just a comment. Your definition of fon as being open source is not correct by any means. fon does not explicitly allow or support the Fonera to be reused with other softwares. fon releases partial code which is useless as it cannot be loaded as is, although it can be hacked. fon may comply with selective open source requirements, but open source, no, it is not. Please stop.
Your attack on MS and 3G operators is bizarre, like they care about fon. You are really going on a tangent here.
andy werner on June 27, 2007 ·
Sad, really. I think people who do that sort of think are bitter, resentful and small.
They should be ignored.
andy werner on June 27, 2007 ·
(Not to mention the fact that any employee who actually had adverse thoughts would not publish under their own names or on their bosses’ website!)
steven on June 27, 2007 ·
check out : http://www.groklaw.net/article.php?story=2007062209235346
Microsoft’s Windows Marketplace: “Ubuntu is perfect!” — Eek!
Martin Varsavsky on June 27, 2007 ·
Mike,
In your particular case, when you comment, you should disclose that you work for an alternative wifi provider that is competitive with Fon and that explains your constant negativity on us. But at least, in your case, you say who you are. The comments I received in my blog were from people who impersonated Fon employees. This is not acceptable. Regarding us being open source my lawyers tell me that we are.
Iurgi - FON on June 27, 2007 ·
Dear Alan,
I am surprised about your view on la Fonera’s software. Please, let me point you out that FON does allow to use external software in la Fonera; actually, FON provides not only the source code for its software (as many other well known supposedly Open Source companies do) but a full buildroot that permits the user to automatically generate the firmware without having any specific skills. It is designed to add external software to it so easily as long as it is Linux compatible and it fits into the flash space. The GPL does not force us to do this, we could just provide the source code for all the parts inside, instead we decided it was a worthy policy: we don’t want to cut the hands of does able and willing to tease with their software.
What we obviously don’t encourage is that users buy our subsidized foneras and modify them without any knowledge on what they’re doing just by installing packages they download from the internet from a source that might be mistrustful. This might end up (as in many cases has already done) in broken foneras that are spoiled and do not contribute to the growth of the community nor benefit the owner.
We do not prevent the use of external software: anyone can open their fonera and replace the software with any other firmware they wished or even modify our own. The counterpart is that they lose the warranty because (you probably understand and share our view) we cannot guarantee the well functioning of the Fonera under this conditions. The warranty is valid for what we deliver: the FON hardware with the FON firmware. The user is still free to replace the software in it.
Actually we are not only fully GPLv2 compliant but will probably also be compliant with the upcoming GPLv3. We are analyzing its implications and we haven’t found any requirements we currently do not meet. In any case we are by no means just “selectively compliant” as you stated.
Coming back to the software we provide: what makes you say it’s not usable? this code is exactly the same our developers use to build the official software: not even a line is different. Even the configuration files are pre-configured (modifiable, of course) so that a fresh compile will end up building the official firmware. We try to be very strict with this. I invite you to download it and try to compile it. It’s as simple as running a command. And do also try to modify the software, it’s so simple. We actually decided to use OpenWrt as the operating system not only for it is powerful but also because of its flexibility and GPL compliance.
I am very upset that we still find people that think we’re not Open Source, mostly because in all the cases it’s been due to misinformation gathered from the Internet instead of for own experience. Anyone who has tried to verify it has completely agreed with us and most of the Open Source world developers that have taken a look at our policy and work have congratulated us for the effort and results.
I sincerely hope you will see FON as an Open Source company now on because this is one of our goals.
All the best
José M. Alarcón on June 27, 2007 ·
Martin,
The fact that Mike works for a competitor doesn’t mean that what he says about been open source is not true. I also agree that it is a bit paranoid to say that 3G operators may be financing an attack to your blog…
Tom on June 29, 2007 ·
Martin, perhaps you are being misled about FON being “open source”. The provided code cannot be easily flashed. Other sites such as dd-wrt provide detailed instructions on how to do it. It does appear that that FON makes it really difficult on purpose, unlike true open source organizations.
It is the spirit that counts, not some open source pseudo-legalese. Stop the nonsense and La Fonera could become a popular platform.
Martin Varsavsky on June 29, 2007 ·
Tom,
We are an open source company and we use http://www.openwrt.org and many people get foneras and reflash them. We also contribute a great deal to that opensource project.
Mike on June 29, 2007 ·
and many people get foneras and reflash them
Well, this is explicitly forbidden conversation in the FON forums. Any posts about reflashing, hacking, modifications, or even regarding the business model, will get swiftly censored and deleted. I wouldn’t say this is exactly encouraging, or the attitude of an open-source company. Even if you go to #openwrt on Freenode (IRC channel), the guys there (OpenWRT’s developers, such as mbm, nbd, etc.) are visibly aggressive against any suggestion, question or comment about the Fonera, and how to reflash or modify it.
The only reason people get Foneras and can reflash them is because hackers eventually figured out how to do it, not because Fon encouraged or even provided them with instructions on how to do it.
Martin Varsavsky on June 29, 2007 ·
Mike,
Why fight us all the time? Is it because you started a company, Wisher, that you think may be a competitor of ours? When are you going to realize that the competitor of WiFi is 3G, not each other. All of us have to work together to make wifi signal available for all.
Allan Edwards on June 29, 2007 ·
Fake posts are just tedious. The La Fonera’s in the lake is a much more creative protest to raise concerns over the potential for abuse of the access for adverts.
I have not joined the protest as I can see the value to all of grabbing attention with a free trial. Yet I am concerned over the ease with which the system as it stands could be abused. I also think it could restrict growth of the network in high footfall locations such as cafes and pubs.
I am currently due to install a La Fonera in a local pub, a key objection I had to overcome to convince the publican to go ahead was to assure them that their broadband connection could not be abused. I was, a few weeks ago, able to say all users are registered and either paying or sharing a router and hence ultimately identifiable to a reasonable degree.
I cannot now hand on heart say that.
I for one would be a lot more comfortable if either the La Fonera offered the option to disable the Wi-Fi for adverts option or if users needed for example to send a code form the advert via SMS to get a password.
Martin Varsavsky on June 30, 2007 ·
Allan, Fon has checked with our board made of some of the biggest companies in the world, with lawyers, with governmental authorities. The fact that somebody can hack Fon and get 15 minutes of free access and watch a commercial by supplying fake emails, verifying fake e mails, spoofing macs and so on pales in comparison to how easy it is to by a SIM card anywhere anonymously and connect to the internet or how easy it is to go to a truly open wifi router and stay there for hours. Fon found the right compromise between security and functionality and those people who moved their foneras to a lake in the map so nobody can find them are giving up on the possibility of making money showing ads and selling passes and sms. I am convinced they will soon change their mind and realize that everything on the internet security issues is a trade off. We at Fon of course are willing to change our mind but not because of the “protest” but if authorities tell us to change our policies or if somebody reports a true abuse as we are always there to protect the fonero.
olebole on July 1, 2007 ·
“We at Fon of course are willing to change our mind but not because of the ‘protest’ but if authorities tell us to change our policies or if somebody reports a true abuse as we are always there to protect the fonero.”
That means, you say in other words: You (the foneros that feel bad with the decision and thats why moved their foneras into the lake — part of the FON community) are not our discussion partners in this topic.
Is this really true? And how does this compare to the community philosophy of FON?
claudio on July 1, 2007 ·
Martin,
reading your comment posted June 30, 2007 7:17, it seems you still seem to refuse to accept the arguments: the foneras moved to the lake show protest against the policy of fon to move responsibility to the foneros while using their bandwidth and infrastructure.
I have never been interested to make money with the fonera, I simply liked the basic idea to share what I have and when travelling being able to use bandwidth of others to check my email or fire up google to gather some information.
The system would work perfectly but as always the details show problems. I have no control over what is happening with my account and if something illegal should happen it is my personal ip address that shows up in logs and I’d have all the hassles. Fon could change that providing VPN tunnels (like I suggested earlier and you seemed to understand).
I do not want to face a situation where
– I would have to prove it was NOT me up/downloading stuff,
– I would have to prove that all the mp3’s on my computer are legal,
– I would have the police take away my computer and have them check all my data,
– I would have to explain my friends and family what happened and make them believe it was not me and I did nothing wrong.
You may think I am too much afraid but believe me: I need my reputation and do not want to loose it. Sharing bandwidth to anonymous others and taking responsibility for them is too much of a risk to me.
And even if there are easier ways for hackers to get Internet access it’s wrong to open yet another gate. Believe me: when I had my fonera connected the very first time it only took half a day and I had my network loaded heavily: 250kB upload and 400 kB download and it was not me having data sent or received – it all went through the fonera to someone using my fast connection. I was lucky to have my fonera connected behind another router that allows me to see logs and the sites that had been surfed were all porn sites. This was about half a year back now and I did NOT see that in the logs of the fonera nor did the so-called support of fon answer my requests. The only solution I found was to limit the bandwidth of the fonera using the router it was connected to, so it became less interesting for that guy (all likely not a girl…).
So opening 15 min of free access seems like a very bad idea – I suggest you have your software team think about safe VPN tunneling of the traffic to fon, so fon takes the risk.
best regards
Claudio
Martin Varsavsky on July 1, 2007 ·
Olebole,
Of course we would change our mind if the minority of foneros feel like you did. But very few people do, most are happy making money showing ads, selling passes, and enticing more people to join fon as they see it works and believe that we provide enough security.
Martin Varsavsky on July 1, 2007 ·
Claudio,
Fon will provide evidence to anyone who needs it that it was not you who was connected if ever somebody who, by the ways, knows that they will be cut off every 15 minutes chooses your fonspot and not all the open hotspots nearby to commit an ilegal act.
Claudio, your protest is simply absurd. We have been growing faster than ever since we have the wifi ads cause people can finally test us and become foneros and we have not seen any cases of abuse (although we are closely watching).
And btw Fon is working on a plan that even if you are not interested in making money yourself with your fonera we will donate the money that you make showing ads to the cause of your choice (like throwing our foneras in the lake for example 😉
steven on July 9, 2007 ·
To Iurgi – FON,
I checked the pdf on “http://www.fon.com/images/media/en/en_software_license.pdf”
It’s still talking about a Linksys Fon and FonBasic…
it’s not talking about the Fonera…. so the latest nightly build was.. a few years ago…and not for the La Fonera.
So I guess La Fonera is not conform Gpl v2… ?
Also the Changelog on Fon’s website doesn’t yet reflect the current Fonera+
http://www.fon.com/en/download/changelog
0.7.1 r3 -> 1.0.1 R3
Improvements:
[Web interface] Changed look and feel. Smoother style.
New Features:
[Web interface] the FON dns server is now pushed to everyone…also to the Myplace/lan
This means additional problems to get on certain Google websites …
Leave a Comment
You must be logged in to post a comment.
Mike on June 27, 2007 ·
To hack your blog? You call publishing comments under fake identities “hacking”? I think you are seeing ghosts – if the operators are scared of Fon, they have plenty of recourse to fight, such as lower tariffs (see Yoigo). I think the large amount of offline routers is contributing to them not losing much sleep over this, far less having to “hack” your blog.
On the open source thing – publishing the source of your router firmware does not make you an open source company. Same as TiVo, same as countless others. Linksys publish sources, and allow unfettered access to the hardware. You cannot compile and flash Fon’s sources onto a Fonera, nor change anything at all under penalty of voiding the warranty, or having your rights suspended (see the forums, where any talk about changes, modifications, or even improvements to the Fonera are prohibited). Finally, if you find a way to run OpenWRT on a PC, as an operating system, do let us know. Otherwise, I’m not sure how we are supposed to embrace it, as of course it cannot be (officially) installed on the Fonera…