HackNight and Sveasoft don’t really mesh.

Published
by
mattw
on July 23, 2004
in Uncategorized
. Comments Tags: .

This is a post that I made to the dev list today. I’m reposting here because I want it on google.

Here’s an interesting story. Well, maybe it’s not, but it’s a story.

Rob and I were sitting at the Drinkmore waiting for people to show up for hacknight. It was July 15th We were trying to figure out what we were going to work on. Matt Peterson had IM’d us earlier in the day that he thought the Linksys WRT54g firmware was based on Linux. He wasn’t sure, but had run strings on it, and it definitely looked familiar. We did some googling and found a link on the linux kernel developers list that said the box was definitely running linux, and it was stored in a CramFS. We walked up to PC-Club on Broadway and bought two. We tore one apart instantly, took some high resolution pictures and posted them on the site. Then we started tearing into the firmware with a hex editor. Our first thought was that we could take a firmware image, decompress it, change things, and put it back on the box. Turns out there was more to it than that. There was a checksum to deal with. It wasn’t a simple computation either, Rob worked on it for about a week, and Chuck Simmons came to the rescue (and he didn’t even have a WRT). Rob blasted some firmware onto the box successfully, took some screenshots and told the world (people actually read stuff he writes down). What happened next was pretty funny. Flashing was dangerous. Although we were able to get a box flashed the first time, and even the second time, it turned into a brick on the third time. There was something wrong with our firmware, and turning a $100 box into spare parts to make a small change seemed pretty lame. So we started looking at it from a different angle. We figured out you could exploit the webserver by running escaped commands where it expected an IP address or hostname on it’s Ping.asp page. We started compiling programs for MIPS and trying to figure out how to get them onto the box. Again, posing the question to the list and the wiki page gave us an answer. Ross Jordan figured out how to get a shell on the box by using ttcp and rob’s faucet binary. This led to CJ Collier writing a tool in perl that not only got you the shell, but copied over a bunch of utilities and started up a telnet daemon. Jim Buzbee compiled a snort binary to run on his, and started putting together a mini-distribution The thing had picked up some serious momentum.

On the 26th of November, sveasoft is first mentioned in the wiki, Jim is attempting to figure out the broadcom build process and is looking for someone to mail him about it (rather than attempt to use the wiki). About a month later, he announces new firmware as well as a forum to discuss WRT related topics.

This is what we call a fork. And sort of a nasty one.

By putting up a forum as well as his firmware, Jim co-opted all the movement behind the development of open firmware for the LinksysWRT54g. All of the people who were working on open firmwares stopped working on them. You see, up until this point, each step of the process had been completely open. People were putting together tools and distributions so we would all have a better AP. Once there was a distribution that would bake into a firmware, there seemed to be no reason to keep working on your own, just contribute to the one that everyone else is working on.

What happened next just blows me away. He started charging. Completely within his rights under the GPL, Jim (or James, or whatever he likes to be called) took a pretty hard line. If you want “The Latest Firmware”, you have to pay a subscription. And if you distribute it, you’re cut off. If you question him, you’re cut off, If you question him on the SeattleWireless wiki, he’ll erase your post.

You’re perfectly allowed to have at the source (since it’s your right under GPL), but anything that is non-sveasoft-approved is a fork. By being the first to fork, he somehow became the de-facto standard of the ‘alternative firmwares’. There are many alternatives to Sveasoft, but nearly all are -based- on Sveasoft. Does it matter? In a world of branding, yes. Does it bother me. Obviously. Do I know what to do about it? I know what I’m going to do about it, I’m not going to give him $20 (I’m certainly not going to give him $50 for source on a CD). I can’t really see me suggesting anyone else give it to him either.

-matt

Linux kernel Mailing list.
http://www.cs.helsinki.fi/linux/linux-kernel/2003-23/0035.html

July 15th HackNight (with pictures)
http://seattlewireless.net/~mattw/index.cgi/seattlewireless/hacknight/20030715.html

Chuck’s success!
http://www.seattlewireless.net/pipermail/dev/2003-July/012954.html

Ross Finlan’s Shell!
http://www.seattlewireless.net/pipermail/dev/2003-July/013109.html

Jim Buzbee’s snort binary
http://www.batbox.org/wrt54g.html

First revision of LinksysWrt54g page to mention Sveasoft (Wed Nov 26 16:35:39 2003)
http://seattlewireless.net/data/backup/LinksysWrt54g.1069893339

First mention of Sveasoft forum. (Wed Dec 24 05:11:11 2003)
http://seattlewireless.net/data/backup/LinksysWrt54g.1072271471

–Revision History only goes back to the last 200 edits. these are on disk.

Speaking of Revision History
http://seattlewireless.net/index.cgi/SveaSoft?action=info&history=1

http://seattlewireless.net/index.cgi/LinksysWrt54g?action=info&history=1

Cringely defends the $50 CD
http://www.pbs.org/cringely/pulpit/pulpit20040722.html

0 Responses to “HackNight and Sveasoft don’t really mesh.”

Feed for this Entry Trackback Address
  1. No Comments

Leave a Reply