Posts by Eric 9001

Re: Universal basic mobile data access?

>How does this differ from landlines which also have a cost?

Landlines are actually mostly optional - businesses and governments don't seem to have strictly required a landline number and generally if you stop paying for the landline number, all that happens is people can't bother you by calling call you (I haven't heard of a bank you can't login to, or a government form you can't submit, unless you can receive a call on a specific landline number on a 24/7 basis).

Landline's are also significantly cheaper than mobile plans as long as you don't get scammed too hard.

For example, this SIP trunk offers UK landline numbers at scam rates; https://web.archive.org/web/20260220153330if_/https://www.twilio.com/en-us/voice/pricing/gb

A number costs $1.15 USD/month, receiving calls costing $0.01 USD/minute and making calls costs $0.0158 USD/minute.

Assuming you receive 2 hours of calls a month and make 2 hours of calls/month, that would cost ~$5 USD/month.

Even bumping that up to 6 hours make/receive a month, that would be ~$10.50 USD /month - still cheaper than South Korea mobile plans.

>Way less data is needed if you are using a bank application.

"Bank applications" are typically actually a web browser, rather than something native, thus there is a similar data requirement during usage.

The "bank application" also needs to be downloaded and kept updated, which is typically several hundred megabytes in size for each update.

>Yes, that would be dandy. Who would pay for it? I'm all in for free lunches as well!

All offered lunches I've seen have been proprietary.

As far as I can tell, the current taxation policy for things related to telecommunications (such as https://www.theregister.com/2025/11/28/uk_digital_services_tax/) collects enough money to cover the actual costs of installation and providing a connection.

The TV loicence is apparently £174.50 per year to watch TV and I'm sure most households or people wouldn't mind paying say £200 once, or even £200/year to be able to access the internet with a 1000BASE-T connection for 100+ years, instead of paying £395.88/year for a 50Mbit/9.5Mbit connection; https://www.broadband.co.uk/providers/bt/broadband

After all, once the fibre rollout is complete, the fibre will last 100+ years and the ongoing costs would be hosting and maintenance, upgrading transceivers to ones that use less power as those fail after 10+ years.

But for that to be successful, that would require the government to do their job and serve their citizens by throwing rent seekers in prison, rather than giving rent seekers billions, so that's not going to happen.

Re: Linux,

Linux could not have even existed if Stallman didn't have gotten GNU together piece by piece, getting along with others (being a very good developer requires having a strong mind).

Linux only came into existence because of Stallman and GNU.

It is impossible to write a working kernel without at least a compiler, a toolchain and a buildsystem.

Before Stallman decided to sit down and write a C compiler and release it as free software (something that had *not* been done before), there was no free software C compiler - C compilers had restrictions on usage and cost a fortune.

GNU developed and released GCC, GNU binutils, GNU make, GNU diff, GNU patch and much more, making it possible to start developing Linux.

At the start, Linux got nowhere, as Linus's choice to use a proprietary license meant that GNU was not willing to support a new proprietary kernel and due to how GNU and other software didn't run, few were interested (Linus went and did a dirty port of Bash etc, but it didn't run very well).

After Linus attended a speech by Stallman, he decided to relicense to the GNU Public License version 2 ambiguous, which he admits was the best choice he ever made (but he didn't say why).

The reason why it was the best choice he made, as Linux then being free software convinced the GNU developers to port every last GNU program to work with Linux - resulting in GNU/Linux.

While GNU/Linux distributions did boot, those had functionality issues due to deficiencies in Linux - which attracted thousands of developers to go and fix up Linux - resulting in a very successful development model that has made Linux very popular.

After Linus has seen many years of success, he of course processed to pay back GNU by betraying it, by allowing Linux to become proprietary software again, by allowing the first of many proprietary programs to be added in 1996 and then later in 2000 after more development success, betrayed GNU again, by specifying that the license was GPLv2-only(+proprietary).

Linus's kernel is called Linux because of some weird cult of personality formed that saw that you could get Linus and add x on the end to make "Linux", which sounds like "Linus's Unix", which is a convenient mental shortcut, even though that's totally incorrect - Linus's kernel he wanted to call Freax is generally used with GNU's Not Unix.

Linux is still an acceptable name for Linus's kernel, but that just wasn't enough for the cult of personality - they continue to this day obsessively giving credit to Linus, for GNU and software completely unrelated to Linux, that happens to also run on GNU/Linux.

The only thing that Linus doesn't seem to get much credit for is Android, as even though that use the same Linux, that isn't I quote "proper Linux" (it lacks GNU).

Actually, when I think about the "getting along" part, Linus is much worse at that than Richard, as he has many times on the Linux mailing list carried out personal attacks, such as I quote; "Of course, I'd also suggest that whoever was the genius who thought it was a good idea to read things ONE FUCKING BYTE AT A TIME with system calls for each byte should be retroactively aborted. Who the fuck does idiotic things like that? How did they noty die as babies, considering that they were likely too stupid to find a tit to suck on?".

Meanwhile, I don't remember seeing a case where Richard has directed a personal attack at anyone - while he has made many socially awkward comments about things not adequately explained to him and he also often wished for his own death out of despair, that is not a personal attack.

Now I think about it, Richard tries to pull freedom together as best he can, while Linus tries to rip freedom apart and replace it with more and more proprietary software, seeking more popularity.

Re: Linux,

>designed to run Unix applications without having to pay for the licenses, so Stallman could spend those money for himself

It's incredible what slander people make up.

The goal of GNU is eliminating proprietary software, thus you couldn't make a wronger claim than to claim it was about being able to run proprietary software for Unix without extra costs.

Prior to deciding to develop GNU, rms never even used Unix, not for a minute (he used the Incompatible Timesharing System (ITS) until the PDP-10 hardware it ran on stopped working).

The reason he decided to develop a free as in freedom replacement for Unix had nothing to do with money - it was for practical reasons alone - all OS's available for current computers at the time were proprietary, but Unix had a modular design that allowed developing a free replacement, one piece at a time.

While Unix rent cost a fortune, the university had already rented a copy of Unix and while it was the case that the eventual result of the GNU project, was the university no longer needing to pay such rent to have an OS, he never received any of such saved money (he quit his job at MIT prior to starting GNU).

He has never been greedy for money - eventually the Free Software Foundation could pay him a salary for his work, but he determined he didn't need it, so he didn't take a salary.

>Sure, today Linux has diverged somehow, and there aren't only POSIX APIs, but still a lot of APIs are there to run Unix applications.

Linux doesn't implement POSIX API's - what Linux implements is similar but incompatible /proc & /dev interfaces, a custom /sys interface and has a bunch of SYSCALLs that can do tasks POSIX kernel's are meant to do, as well as tasks no POSIX kernel can do.

If there is a proprietary libc that works with a proprietary Unix kernel, it won't work with Linux without it being ported to Linux's incompatible interfaces (such was tactically avoided by the compromise of licensing glibc LGPLv2.1-or-later).

While GNU has implemented the good parts of POSIX, it has not implemented the bad parts and also many GNU extensions are implemented too - GNU's Not posUx - programs for GNU need to support GNU.

Re: Who says this is for anything critical?

It is devastating that on a mission is meant to be the peak of humanities achievements, the astronauts unthinkingly brought along the deepest trench of humanity - windows computers and iphones!

It's too bad I'll get arrested for "missile offenses" for showing them how it's done.

Re: Not space ready

I looked into it and it's a typically used GNU OS, containing software part of the GNU system like grub, wget, perl, ncurses, parted etc, although unlike many GNU OS distributions from microsoft, it actually contains Linux.

If you look at the Acknowledgements; https://github.com/microsoft/azurelinux/blob/3.0/README.md you'll see it credits GNU in first place for a reason and also the list of used software here; https://github.com/microsoft/azurelinux/blob/3.0/LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md

Yes, a big chunk of microsoft's revenue is now from Azure - it was reported as making $75 billion a year in 2025; https://fortune.com/2025/07/30/microsoft-earnings-azure-cloud-computing-artificial-intelligence/

Most of the VM's that Azure runs is GNU/Linux, as unlike microsoft's software, that software actually works (although how well it works degrades with each microsoft program added).

I'm not sure about the long term future of Azure, as for businesses that run Azure VM's, it costs a fortune and keeps getting more expensive every year - I figure eventually the forcing effect of natural selection will take place - with businesses either going bankrupt, or changing to self hosting to make the business viable again - severely reducing the Azure revenue stream.

Re: Not space ready

microsoft will be gone eventually, but due to the massive glut of businesses and governments they have chained, I doubt they'll have issue acquiring needed funds to keep the corpse alive even into the 2050's.

Of course they could be gone much earlier if enough businesses and governments had basic financial competence and ended such massive financial and operations liability by changing from microsoft software to GNU/Linux without microsoft software, but I really doubt that's going to happen.

Re: Linux,

It befuddles me that you unflinchingly carried out the insanity of referring to GNU as "proper Linux" (you could even save everyone from the confusion and save yourself the typing too and just write GNU to mean GNU - but you won't).

Android uses more or less the same versions of Linux as GNU/Linux with a few patches - the difference is that Android lacks GNU.

The year of GNU/Linux on the desktop was in 1995 or so - as you could use a recent computer practically in freedom again, alas that freedom was savagely ripped away with the inclusion of the first proprietary program of many into Linux starting in 1996.

Re: Linux,

Linux is not a clone of Unix or even of a Unix kernel - the only similarities it has with Unix kernel's is that it's proprietary software and it uses a monolithic design.

GNU's Not Unix originally started as a free clone of Unix, but now it's almost completely different to Unix.

Re: Letter from MS to former MS Senior Technical Leaders

In reality, both the base of Unix and NT were garbage, although NT is far worse.

If you want a decent OS design, the only OS that has one is GNU's Not Unix.

Re: Forking Hell...

Every single major release of office has used a different file format - with the same document in different versions of office programs, you end up with differences in formatting and certain things being broken.

The whole business idea is to make sending documents between businesses painful unless each business pays the rent every time for the latest version of office (on wait, it's still common for documents to format differently on different WC's with the exact same version of office, as printer setting change the page formatting and probably a bunch of other things too).

Too bad many can't comprehend such a twisted evil scheme and deny it, despite with their own eyes seeing countless documents broken in office.

The US government rather twists itself into knots to serve microsoft.

Re: Pretty sure that

microsoft's ODF support is intentionally broken to ensure failures happen, while also technically meeting a requirement that ODF is "supported".

As ODF is fully specified and the standards document is of reasonable length, there is no excuse as to why microsoft doesn't implement it to the standard.

As for "OOXML", that is thousands and thousands of pages of incomplete specifications (it seems microsoft decided to pretend to make a standard, by going and publishing a redacted version of their internal documentation they don't follow anyway - what Office implements is Microsoft Office XML (MOX)).

There's parts like; https://c-rex.net/samples/ooxml/e1/part4/OOXML_P4_DOCX_autoSpaceLikeWord95_topic_ID0EWPBZ.html where Word 95 auto-spacing needs to be emulated - but of course the documentation intentionally lacks the critical information as the relevant auto-spacing rules.

m$ Office also does things like dumping a C-struct from memory, XML ENCODING IT and then shoving that into the XML mess - which is not documented in "OOXML".

For LibreOffice to be able to process such XML struct required quite a bit of reverse engineering.

m$ Office still doesn't follow "OOXML" either, thus if LibreOffice saves a "OOXML" documentation to what the specification says, Office won't read it correctly.

LibreOffice's reverse engineered MOX support is not complete and MOX cannot encode certain complicated data like dates correctly, thus I wouldn't be surprised to see formatting go missing and things to go wrong (which won't happen with ODF and standards compliant software) and the warning is therefore correct.

But every since the start, m$ office has been known for screwing up formatting - while it seems MOX formatting is less screwed up with LibreOffice!

But that's to be expected of a formatting only every produced for reasons of sabotage - after all, free software and also proprietary document software eventually added pretty good support for .doc and .ppt, thus .docx & .pptx etc were developed in incomprehensible XML (good luck parsing this one), to end such support and also to force the rent of newer m$ office software (sometimes available as an expensive plugin for the "old office version"), in order to be able to view the new format even on windows.

Re: Pretty sure that

>it's just considered bad to be trying to pitch ideology at someone

Wow, wanting people to not lose their work and also not wanting humanity to continue losing is extreme ideology?

I must exceed extremist! (Oh yeah!).

>someone who neither knows nor cares about file formats beyond just wanting to get their work done

If you want to get work done and for it to stay done, you need to know and care what file formats you are using.

If you use proprietary faux-formats, that are intentionally broken every few years, there is a 100% guarantee after the change, you will at least waste time handling the changes and in the worst case, lose work due to the change and need to start again.

XML is a terrible format, considering that even if the file actually follows a format, it is hard to parse by both humans and computers, but if you save an ODF file with libreoffice today, you can expect it to be perfectly readable for decades.

>except now their software is stopping them until they declare that they truly are a heretic who can't be saved?

Wow, a pop-up box that gives the user good advice to not make a common mistake (for personal files saved to your computer for later use with libreoffice, saving to a microsoft faux-format is always a mistake), but allows the user in only one more action, once, the option to confirm that saving in such faux-formats was not a mistake, is treating the user as a heretic?

What is your opinion on the typical multiple choice dark-patterns to do things the user wants to do, but the master doesn't really want them to do, that are common in proprietary software?

>Telling the user they're wrong is a bad way to do it.

That is not what the pop-up box says.

> Just ask neutrally on first run

Why ask something on the first run that may not be applicable?

It makes more sense to ask neutrally when a mistake is about to be made.

>default to what most users are likely to want (whether you agree with their choice or not), and respect their choice, maybe even just put in a small message in the save window that unobtrusively explains why MS formats are bad whenever saving in that format, giving them a littlenudge, just without getting in the user's way.

Most users seems to want to save files to their computer for later personal usage and thus the default to ODF is correct.

If that is not the case, the user's choice is respected - they can choose whether to confirm saving to the faux-format in one operation, once and the pop-up box also unobtrustively links to why m$'s faux-formats are bad (I'm not sure if it's technically possible to portably add a link to the save window (which is OS-specific in GtK), or at least it takes a lot of work to do so, while a link in a pop-up box is portable and doesn't take too long to implement (is it OS-generic in GtK?)).

>Of course, LO doesn't really want the users who'd pick MS Office format and move on, and that's the real rub here. They don't want to replace MS, they want to cater to a tiny pool of people who care about 'Libre' principles.

They obviously wish to provide a free replacement to microsoft, considering that it has windows and macos builds.

If they only cared about catering to those who care about freedom, there would only be source code available for download that you can go and compile on GNU/Linux-libre.

The users can pick proprietary and move on.

>I send documents to others in the standard MS formats

Anything from m$ is intentionally NOT a format and also NOT in any way standardized.

You cannot reliably send documents from 2 WC's without a chance of the formatting changing, even on the same windows version and the same version of office (printer settings can change how documents render after all).

If I want to send documents to people, I use pdf, as that is standardized and has a specification (that everyone but Adobe mostly follows), thus I can expect it to display correctly no matter the computer or OS as long as the receiver is not using "Adobe Reader" (which most people are smart enough not to use).

I do not send people m$ documents unprompted, as that would obviously be the immoral act of supporting the usage of office (which a lot of people are dumb enough to use).

Re: Pretty sure that

It's not even a matter of having to go into a menu to go and change default - on first trying to save to a microsoft "format", it merely pops up a box advising you to use a real format instead and that box also contains the option to save anyway and you are not reminded again.

That is a "problem", as it's considered bad for there even to be a possibility for the user to learn that there's a problem with microsoft's proprietary "formats".

>Ah, got it. Are you a sovereign citizen by any chance? They also rely on novel interpretations of the law.

No, but I regard sovereign citizens and governments as having the same legitimacy (none).

>On which point, can you cite any case law where this has been successfully argued in courts?

While not distributing and encouraging proprietary software, the "Software Freedom Conservancy" does in fact enforce the GPLv2 for Linux and BusyBox and also requires that the GPLv2 and GPLv3 are followed for other packages on such system; https://sfconservancy.org/blog/2021/mar/25/install-gplv2/

Most companies are not stupid enough to lose a lose-lose lawsuit, or let a default judgement happen and instead choose to settle by complying with the license, therefore lawsuits that set precedents are extremely rare.

Precedents have been set in several countries that confirm the GPLv2 is a valid license (and therefore the conditions are valid) and at least once case where a court ruled specifically that installation information is required;

https://sfconservancy.org/news/2010/aug/03/busybox-gpl/ default judgement that confirmed the GPLv2 is a valid license

https://www.theregister.com/2025/01/10/german_router_maker_avm_lgpl/ LGPLv2.1 was confirmed to require installation information (the LGPLv2.1 is the GPLv2 with a few exceptions).

https://fsfe.org/news/2022/news-20221212-01.en.html GPLv3, but confirmed that derivative works must follow license requirements

https://en.wikipedia.org/wiki/Open_source_license_litigation?useskin=monobook (wrong article name - as far as I'm aware, no license that says "open source" or "open" has ever been litigated over).

(Non)Free/Illiad in the past tried to claim that they owned the routers and therefore they didn't need to comply with the GPLv2, but they decided to settle the case and provide source code and installation information, rather than lose the case; https://gpl-violations.org/news/20071120-freebox/

The SFC is now suing Vizio over source code and installation information as a user with the goal of achieving the precedent that there's no excuse to not comply with the GPLv2 even if a non-copyright holder asks.

Despite how error-happy courts are, I expect them to win the case, even though Vizio is really trying to drag it out; https://sfconservancy.org/copyleft-compliance/vizio.html

>I'd love to see this because then it'd mean I could demand the the complete source code & compilation instructions for any sofware that included any GPL code. This could save me, and many other people many billions..

As I pointed out, the GPLv2 only applies to GPLv2 software and derivative works of such.

Typically you don't even want the source code of proprietary garbage, as it's so poorly written it's useless - what you want is installation information, so you can install free replacements instead.

>Settlement then came 6 months after the FSF fired their sueball. No precedent set, the remedy agreed was to publish the offending source code, not the entire package..

The FSF only settled for complete source code, including installation information, which allowed "Open"WRT to be developed.

If you have evidence that Cisco only published partial sources of the GPLv2 software, please link it.

>So many individuals might contribute to a project, but the maintainers (and lawyers) get the cash from any successful litigation. Which might not be much, eg the Westinghouse default judgement where triple damages netted only $90k. Kinda hard to claim losses or damages when the product is given away for free.

$90k is quite a substantial amount of money and the goal of enforcement is not profit - it's license compliance.

It's not hard at all to claim losses and damages when a non-product is given away for freedom - how the users freedom is taken is a huge loss that is far larger than any monetary value (which can only really be compensated with the full source code and not money).

>Or because there's no control plane security and anyone can attempt to load anything on any router, more devices get compromised.

If a single key being published could mean millions of devices being compromised via a backdoor, there was never any security.

To achieve any security benefit, each device would need to use an unique key, or the ability for the user to set an unique key.

There cannot possibly be any security if the user has no control over what can get installed.

If the user has control over what can be installed and the 4 freedoms, that could prevent most cases of device compromise and also allow a device to be cleaned post-compromise.

>Especially as there have been a litany of bugs discovered and exploited in free software. But luckily for the world outside Moroccan travellers, regulators and legislators are typically taking the opposite approach and demanding more security, not less..

Yes, there have been bugs discovered and exploited, but there's no attempt to cover up such bugs and cases of exploitation - the bugs actually get fixed and then can no longer be exploited.

Proprietary software has exponentially more bugs and gets exploited far more often - you just hear about a tiny fraction of them, as businesses focus on covering up such bugs and exploitation as much as possible, while usually never actually fixing the bugs (CVE's were developed for the purpose of embarrassing proprietary software developers about severe vulnerabilities, so many of them would actually fix the bugs).

The reason why there are exponentially more bugs, is for almost all functionally decent proprietary software program, much of the functionality is in fact implemented by libraries that used to be free (typically software released under MIT expat or a BSD license) and such proprietary software developers usually avoid ever updating such libraries - which ensures that any bugs that was in old versions of such free software exist in the proprietary software and then there's also all the bugs in the terribly programmed part that the developer wrote.

Unfortunately for the world, Legislators are demanding more security, by demanding things that degrade security further (achieving the opposite of the goal).

>But there's absolutely nothing stopping you from getting your own SoC dev kit and developing your own 100% free software router.

How many SoC's have only proprietary raminit and a proprietary bootloader available and contain digital handcuffs for the bootloader, are many things that prevent you from developing a 100% free software router.

Although, you can get yourself a 100% free software GNUbooted computer, with a fast AMD64 CPU instead of a CPU and turn that into a router just fine.

>Which I think touches on aspects that have never been tested fully in courts, ie rights to create derivative works and the issues around linking.

Derivative works have been tested in courts a handful of times - but few are dumb enough to go to court and end up with a precedent set.

But that was not what I was discussing - I was discussing the requirements that need to be met to have copyright permission to distribute the unmodified software.

>Plus the exception in that clause. So if you have a dev kit for the SoC used, can a reasonably competent person compile the BusyBox code provided?

The exception only applies to software that already was part of an existing proprietary OS, to allow for GPLv2 software to be used with such OS's, but it is careful not to except rendering the software proprietary by accompanying it with proprietary components.

You can additionally supply sources for a dev kit too, but you still need to comply with the source requirements for the original object code distribution.

>If you want to compile for an AMD64 or any other target, that's up to you and the GPL doesn't place any obligation on helping users create their own derivative work.

The GPLv2 places an obligation on the distributor to provide build scripts that compile for the target architecture for the device.

My point was that the provided "sources" are clearly not corresponding source code, as such in their original state target AMD64.

>Plus there's probable legal ambiguity around complete source code means all the source code for all modules it contains. Which some seem to interpret as all code, including anything that might be proprietary or under seperate copyright. It also doesn't extend to hardware designs, unless they're also open-sourced.

There is no legal ambiguity - it was written to mean all parts of the program - including all derivative works.

Microsoft software has conditions on producing derivatives works - you do not have permission to go and write a proprietary derivative work of say excel without meeting microsoft's requirements (as you do not hold microsoft's copyright) and you also do not have permission to write a proprietary derivative work of GPLv2 software (as you do not hold the copyright of the author(s)).

Unrelated hardware designs aren't relevant to the license and "open source" is even less relevant (considering that the GPLv2 was released in 1991 as a free software license, while the concept of "open source software" and "open sourcing" did not exist until 1998).

>Cisco settled the case six months later by agreeing to several actions:

>"appoint a Free Software Director for Linksys" to ensure compliance

>"notify previous recipients of Linksys products containing FSF programs of their rights under the GPL"

>make source code of FSF programs freely available on its website

>make a monetary contribution to the FSF

Yes, the FSF out of good faith tried to work with them to get license compliance sorted for 6 months, but eventually they got fed up and told them they would sue if they didn't comply.

Suddenly, they complied with the license by supplying a written offer to all customers, additionally supplied the source code for download from the website and paid the FSF for some of their costs.

>BT has a General Counsel and an army of lawyers.

Cisco was a massive company at the time and had an army of lawyers, who were glad to be paid to go on tangents for 6 months, but when there was the threat of getting sued, those lawyers made it very clear to the suits that they would lose and set unwanted precedents if they went to court, thus Cisco complied with the GPLv2 for GNU software and also complied for Linux and the FSF reinstated their license.

>Per Cisco, it has the source for GPL elements freely available on its website.

Cisco only previously complied with the GPLv2 for the Linksys WRT54G (which ran GNU/Linux) - providing the complete corresponding source code - which allowed the "Open"WRT project to be launched, which replaced all the aggregated proprietary programs with free software replacements.

The FSF doesn't hold any copyrights on Linux and the FSF has only a limited copyright claim for BusyBox, thus taking companies to court over BusyBox/Linux without additional GNU programs being distributed, or assistance from copyright holders of Linux and/or BusyBox, is much more difficult.

The FSF prefers to focus on license enforcement on GNU programs, which are mostly distributed under the GPLv3-or-later - but would assist if any substantial BusyBox or Linux copyright holder came forward - but such copyright holders tend to not enforce their license.

Cisco has now mostly changed to BusyBox/Linux and as there is a lack of enforcement, no longer complies with the GPLv2.

>BT seems to be doing the same as Cisco with their FSF-agreed remedy.

The FSF certainly wouldn't have agreed to what BT is doing - BT decided themselves to publish useless non-corresponding sources of BusyBox and Linux, as most people would then assume that they must be complying with the GPLv2 and give up, or even if they tried to compile the sources, give up when it doesn't compile, assuming they must be bad at compiling.

>You assume Cisco would have lost, but there is also the possibility that Cisco may have won and established precedent that the GLP attempts to assert rights that it can't legally enforce.

If Cisco had won on their claims that the GPLv2 was invalid, then they could have still be pursued for damages for distributing FSF copyrighted software without a license.

>Plus BusyBox has been involved in a fair bit of litigatiion, so mitigations are pretty well understood and tested.

Not really - some copyright holders did some litigation over BusyBox only (but not of the other GPLv2 programs), but soon gave up.

>many articles on devices being compromised, botnet C&C servers being taken down etc etc. That can happen when the official C&C servers get compromised.

That applies equally to persistent and non-persistent botnets - the C&C servers being taken down merely means that the botnet no longer receives commands - but not that the vulnerabilities are fixed or the botnet software stops infections (unless the botnet was configured to not infect unless it can reach the C&C servers).

>Those are generaly designed so a new subscriber can plug a router into their NID, and the first thing that will do is download a copy of the latest software, reboot, then grab a standard config, possibly with some subscriber-specific stuff generated by provisioning & BSS.

That is a backdoor that shouldn't be implemented.

>And that has to be secure, otherwise some bot-herder can come along, re-key any signing & cryptographic functions that could lock the provider out of their (and your) routers and potentially brick a few million devices.

As typical with roll-your-own crypto, such backdoors are *never* secure - there has indeed been a case of a few million devices bricked and I figure there was cryptographic signing.

>So asking your provider for their keys is likely to get a polite 'NO!', followed by a 'Hell NO!', then a more strongly worded response that might include a visit from TPTB asking why you want the ability to break a large public network.

If there is some alternative way to install software, the provider can comply with the GPLv2 by providing installation information for that alternative mechanism - which can include an alternative signing key.

The only case the provider would legally need to have to supply the signing keys for such backdoor, is if that's the only way to install software.

>the input from engineering, legal, operations and finance is going to be 'NO!'. Especially when there are externalities like reputational risks, massive costs of replacing millions of routers..

Clearly the world needs heavy litigation over BusyBox/Linux, with court orders with payment of damages and orders to replace millions of routers with routers that do not use BusyBox or Linux, or any GPLv2 or GPLv3 software, if the GPLv2 is not complied with.

>And the prospect of some very large fines when people die. Having no Internet for a few weeks would be inconvenient. Having no phone because the PSTN has been migrated to a VoIP service means that people with a bricked router might not be able to make a 999/112/911 call, and people have died as a resuly of badly designed VoIP services. So then there'd be a large fine from the regulator, plus civil claims for wrongful death from families

I really wouldn't want to rely on a router that runs proprietary software for emergency calls - only routers that run free software tend to be reliable (there's a reason why manufacturers use BusyBox/Linux - there is only a limited amount of proprietary cancer added, so it's that much less reliable than GNU/Linux-libre).

If other router OS's were as reliable, clearly companies would go with those instead, as there's no GPLv2 obligations for the routing parts of BSD's for example.

Therefore, the regulator should be serving the citizens and pursing cases of backdoors and GPLv2 infringement for routers hard and handing out large fines and executing businesses for non-compliance - with the goal of ensuring that all routers end up running 100% free software, which then can have all the bugs worked out and thus can be relied on for emergency calls.