Netgear responds to open source concerns for WNR3500L router

Robert Hallock (Thrax) Netgear claims that the WNR3500L router is open source, but the open source community alleged that the product might be illegal, in addition to being unsafe and unethical. We contacted Netgear to receive their perspective on the issue.

October 10, 2009 12:49 AM ET in News, , , , , , ,

WiFi_transparentYesterday we offered word that the open source community was up in arms regarding Netgear’s WNR3500L router. Netgear claimed that the product was open source, but the open source community alleged that the product might be illegal, in addition to being unsafe and unethical. We contacted Netgear to receive their perspective on the issue, and they wrote back to let us know that their Senior Product Line Manager Som Pal Choudhury has written a post which describes Netgear’s stance.

The open source community’s primary point of contention is that the WNR3500L is in violation of the GPL license. While the router’s kernel is open source, Netgear uses proprietary modules in the OEM firmware which hook into the kernel. This represents a GPL violation as anything that hooks into or modifies a GPL-licensed body of code must also have its source published, and this has not yet happened, says the OSS community. Choudhury disagrees, saying that he believes Netgear has complied with applicable GPL stipulations.

“With respect to the default firmware, we have used our best efforts to comply with and believe we have complied with the applicable GPL requirements,” he said. “Nevertheless, we understand that the open source community generally takes exception when factory loaded firmware written in Linux that is placed on routers or other hardware includes binary only kernel.”

“We always work diligently to review our GPL compliancy. As a consequence, we comply with the GPL requirements, and we strive to hold our partners and suppliers to the same standard. In that regard, we think NETGEAR’s goals and position are aligned to the Opensource community,” he continued.

The open source community also accused Netgear of fostering insecurity. By hamstringing the router’s Linux kernel with proprietary module attachments, the kernel can never be updated unless Netgear takes the time to update its modules as well. Choudhury suggests that this will be a passing issue, saying “As for use of Linux kernel 2.6 on WNR3500L drivers, we are already working on it. Please stay tuned for more updates in the next few months.”

Likewise, Choudhury claimed that the binary modules are a result of regular users who have to use the router “as-is.” These customers don’t have time to tinker with firmware or tweaking, and they expect the router to simply work. The binary modules make life simple for those types of users.

He also said that the company is working on providing hardware block diagrams, more source code, and hardware details to more effectively write firmware.

Despite these positions, the OSS community may still have a valid point. The GNU GPL page dedicated to identifying and submitting GPL violations lists the following:

Is the available source code complete, or is it designed for linking in other non-free modules?

OSSers claim that the WNR3500L source code is not complete with respect to this stipulation. The OEM firmware’s code is designed to link binary (non-free/proprietary) modules.

To summarize: The open source community is complaining about the condition of the router as it ships from the factory. The dispute is not over whether the hardware can accept open third-party firmware (it can), but rather that proprietary code is used out of the box. The OSSers say that it violates the spirit of a GPL product which should be open end-to-end, not just after someone tinkers with it to make it open.

If this sort of (alleged) GPL violation doesn’t perturb you, then the WNR3500L is still a perfectly capable router which runs any of the popular firmwares which have kept you anchored to your WRT54G for the last five years.

13 Comments:

  1. ardichoke
    10 Oct '09, 9:03 am

    I love how companies make the claim that they don't release the source code because most people don't need it as if that makes any sense. If you're going to claim something is open source, you kinda need to make the source code available. Making it available has no adverse effect on the average consumer. These companies act as if to be open source they have to provide only the source and have the consumer compile and install it. Just put the bloody source on your web site or stop claiming your device is open source Netgear.

  2. lordbean
    10 Oct '09, 10:27 pm

    They claim they're not in violation of the GPL license because they're updating the binary in the spirit of compatibility with the open source piece of the router?

    I think they need to re-read the GPL license. After all, it's a legal agreement. If it says any application hooking into another application which is licensed under GPL must also be open source, then that application must be open source, period. They're potentially going to get themselves into legal hot water if they keep going the way they're going with this.

  3. drasnor
    11 Oct '09, 5:29 pm

    I honestly don't see what all the fuss is about. The GNU Foundation has been historically tolerant of this sort of behavior, the interpretation being that if your code uses existing symbols and doesn't modify core functionality then you're good to go (this is the case for nearly every hardware driver.) It's so common that there's even a word for running a kernel with such modules: tainted. Other proprietary, binary-only modules you might unknowingly be living with on a day-to-day basis: the Nvidia graphics driver, the ATI graphics driver, and the madwifi Atheros-chipset wireless NIC driver.

    So you don't want to use the binary modules? Fine, go get the reverse-engineered open source versions. If you're a device OEM though, why should you settle for less (reverse-engineered drivers) when you've got access to the best (device manufacturer drivers?)

    -drasnor

  4. Thrax
    11 Oct '09, 5:32 pm

    On a personal note, I don't see what the fuss is about either. If you don't want the binary modules, flash an open firmware and go on your merry way.

  5. ardichoke
    11 Oct '09, 8:40 pm
    Quoting Thrax

    On a personal note, I don't see what the fuss is about either. If you don't want the binary modules, flash an open firmware and go on your merry way.

    That's assuming the open firmware will have the necessary drivers which is where the problem comes in. It seems from my reading of this situation that they are touting this as an open source router however the hardware doesn't have any open source drivers thus you have no choice but to run the closed source binary modules provided by them. This means no one outside the company can audit/change/improve the code and if any changes are made to the open firmwares we have to wait for them to release new binary modules to make the router compatible again.

  6. drasnor
    11 Oct '09, 9:14 pm
    Quoting ardichoke

    That's assuming the open firmware will have the necessary drivers which is where the problem comes in. It seems from my reading of this situation that they are touting this as an open source router however the hardware doesn't have any open source drivers thus you have no choice but to run the closed source binary modules provided by them. This means no one outside the company can audit/change/improve the code and if any changes are made to the open firmwares we have to wait for them to release new binary modules to make the router compatible again.

    My read is that it's the same old crap that's plagued Broadcom-based Linux solutions since forever: Broadcom doesn't release open source drivers for all their stuff. Broadcom makes some of the best stuff so there's never any shortage of devs willing to reverse-engineer their drivers. If the chips this thing uses aren't already in the Broacom reverse-engineered driver they probably will be in a few months. It's not like there's anything exotic in a router anyway.

    -drasnor

  7. ardichoke
    11 Oct '09, 9:41 pm

    I'm not saying it won't be reverse engineered soon... I'm just saying that if a company is going to go out and tout that their router is open source, it should actually be open source. Otherwise they should just say hey, we made some effing sweet hardware, here ya go.

  8. zqqfsg
    13 Oct '09, 5:11 pm

    Netgear should post the source code or get a lawsuit for misleading advertising.
    They say it's open source, well then it should be open source and they are breaking a legal agreement by not complying.
    It's the 'it's not that bad' attitude from people that let companies get away with this.
    There is no single, valid, logical reason people should be reverse-engineering those firmware drivers. Opening up the source code will actually help hardware vendors, too bad they don't get it.

  9. Christopher Estep
    5 Dec '09, 7:46 am

    Tempest in a teapot!

    The WNR3500L is arguably the most thoroughly-documented (as far as the open-source community goes) new router from anyone, given that OpenWRT (and the X-WRT variant), DD-WRT, and Tomato *all* support it at launch (given how little Broadcom historically documents their products, that is nothing short of shocking).

    I'm considering this router because of the excellent support by third-party firmware (especially DD-WRT and X-WRT) in addition to the feature set (seriously, how many N-ratified routers with gigE wired LAN and WAN port, not to mention USB support for NAS duties, are even available for $100 retail). The only other routers in the *price* range have various minuses (Linksys WRT310N is single-band and has no USB support; WRT400N, while dual-band, lacks gigabit LAN or WAN in addition to no USB support; WRT610N is twice the price and is not as well-supported by third-party firmware; Belkin's N+ has even less third-party firmware support than the WRT400N)

    The reviewer has it right in that the WNR3500L has the capabilities to replace a lot of aging WRT54-series routers (I paid almost $80 on sale for my GS in 2005, and the 3500L fits in the same niche capability-wise that the GS occupied when I bought it, if not sliding a bit upscale with the USB/NAS support) for little more.

  10. Thrax
    5 Dec '09, 9:42 pm

    My personal feeling is that it's a tempest in a teapot as well. This router is the single most compelling and versatile N router on the market, and no open source butt hurt about a tainted kernel is going to change that for me.

  11. mirage
    5 Dec '09, 10:39 pm

    ASUS RT-N16 is also a very compelling device that supports DD-WRT. It has more RAM than Netgear. Recently, I bought a Buffalo WHR-G300N (only 100Mb switch) for just $35 and replaced the firmware with DD-WRT (and installed external antennas). The maximum practical transfer rate I can achieve is ~100Mbits/s with a perfect 300Mb dual-band connection. So, I think Gb ports are not really that important in a wireless router. If needed, a Gb switch can be added separately for fast connection between the wired devices.

  12. drasnor
    14 Dec '09, 5:00 am

    My only complaint is that it doesn't come in the Netgear industrial blue metal chassis. The hardware they put in that enclosure in my experience tends to be more reliable than what they put in the plastic chassis. Something about heat rejection...

    -drasnor

  13. Coool
    31 Jan '10, 3:25 pm

    The main problem in all what is Broadcom Corportaion is big world player in Wi-Fi chipset manafucture which have to deal with much patents to provide us with those Hi-Tech tehnologies shits. So if they deside to provide some manafucture (ASUS, MSI, NetGear, GigaByte, ABIT etc.) with real source code, maybe, they broke some patents rules. In the ending we get that world must be conttroled. Like all our entertaiment stuff on hard drive, what we in ending don't have time to watch etc. People start thinking out of box. Better switch of your PC and go exercise or do something else. Help anothers. Happy day.

Troll-free since 2003 ®