Corporate Routers & Open Source – GET REAL!

I’m pushing back!  Why?  Because you dear reader NEED to be enlightened (possibly).  Perhaps you’re already an enlightened digital soul…?

MOST ROUTERS ARE OPEN SOURCE:

Did you know most routers controlling corporate networks or even your home are “open source”…here’s a list?  Open Source shouldn’t be a dirty word anymore, it shouldn’t be considered “less than”, home grown, dodgy or anything but business class or enterprise class.

Note on that link that “Sonicwall” is indeed open source although they keep their cards close to their vest.  They use a Linux Kernel, they adhere to the GPL although which version I’m not 100% sure and ultimately who cares?  They make a declaration about it on EVERY manual they publish…because they have to.

Sonicwall & Watchguard are both ridiculous about it and should just come out of the closet and stop hiding their feelings 😛

Sonicwall’s declaration page says you need to pay them $25 dollars and they’ll ship you a CD with the source…LAUGHABLE!  What a barrier…really Sonicwall?  You’re a tech company using the postal service?  LOL LOL LOL…I can’t stop LOL’ing!!!  Link

“Dell SonicWALL will provide a machine-readable copy of the GPL open source on a CD. To obtain a complete machine-readable copy, send your written request, along with a certified check or money order in the amount of US $25.00 payable to “Dell SonicWALL, Inc.” to:

General Public License Source Code Request
Dell SonicWALL, Inc. Attn: Jennifer Anderson
5455 Great America Parkway
Santa Clara, CA 95054″

Who is this mysterious “Jennifer Anderson” in charge of burning source code to CD’s…?  I want that job!  Maybe she’s married to Neo from the Matrix *Mr. Anderson”…?

Watchguard is just as ridiculous and they ask you to pay them $35 dollars for a shipped CD with the source…EQUALLY LAUGHABLE but then they say you can download it…BUT THEY PROVIDE NO LINK and they have nothing on their current website about it!  They took a page out of the Sonicwall playbook and stepped up their game!  Link to the manual with this language – page 4:

“Licensing:
Some components of the WatchGuard SSL software are distributed with source code covered under one or more third party or open source licenses. We include below the full text of the licenses as required by the terms of each license.
To get the source code covered by these licenses, contact WatchGuard Technical Support at:
877.232.3531 from the United States or Canada +1.360.482.1083 from all other countries
You can download the source code at no charge. If you request a compact disc, there is a $35 charge for
administration and shipping.
GNU General Public License (GPL)
Each of the following programs are wholly or partially licensed under the GPL: binutils-2.18, bpalogin-2.0.1, busybox-1.12.1, e2fsprogs-1.41.0, gcc-4.1.1,gdb-6.6, glibc-2.4, hostapd-0.6.8, iptables-1.4.1,iputils-20071127libiconv-1.9.2, linux-2.6.21.7, lxml-2.1.1, readline-5.0, sysklogd-1.5, termcap-1.3.
Specific copyright information for the above software, if any, can be found in subsequent pages of this guide.”


Even great and mighty Cisco uses Open Source software.  On the Cisco Nexus 7000 for example (just one I looked up randomly) they use (Reference):

– GPL open source software because they mention the GPL and have the full wording in the documentation for the license
– BSD
– Apache
– OpenSSL


An interesting thing about Cisco’s Nexus Series is that it supposedly uses an embedded Linux from a company called “MontaVista“.  I say “supposedly” because there needs to be a proper citation on the WIKI entry for it but I don’t doubt it at this point.  Further reading about MontaVista talks about their team contributing code to the Linux Kernel and their passion for “100% pure Linux”.  If it’s true that Cisco uses the MontaVista embedded Linux then Cisco is closer to Open Source than I first imagined!  They also offer source but you have to pay for it.

TRYING TO GET THE SOURCE:

I called Watchguard as their documentation stated.  I was on hold for 26 minutes.  I then chatted with the support person and he said he hasn’t ever gotten a call like this before requesting a download for the source code.  We discussed the SSL 100 product which is older but still supported then I asked about the FireBox M200…something more contemporary and right on their website.  He asked to give him a moment and I waited.

A shocking turn of events…
I spoke with “Michael” who was cordial.  He asked if I had a serial number though and I said, I do not.  I’m asking about the software not the hardware.  This is in reference to the GPL and Open Source software you’re supposed to make available for download.  He said that he couldn’t put a ticket in about this issue if I didn’t have a hardware serial number.  Grrrrrrr…I had to hangup and call back.  “Welcome to the Watchguard Support Center”…oh gawd!

He did also say I could “log a case” in their online support portal BUT Michael…I don’t have a device nor do I have an account.  I had to get a serial number from a colleague to move forward BUT I soldiered on!

The serial number I was given from my colleague was from an XTM-330, the migration path was to the Firebox M200/M300.  In my view then my request for the source code used on the M200 was appropriate.  What’s also appropriate is just asking them for the source regardless of hardware because the GPL doesn’t discuss (I don’t think) that I need to have hardware!  Furthermore, their own documentation doesn’t require you to have the hardware AND they say you can download it…which you can’t!

THE PLOT THICKENS

Michael picked the phone up on my call back!  What are the odds of getting the same tech?  Amazing…the tech Gods are with me.  He put in a ticket for me and referenced the M200/M300 manual that says:

“You can download the source code at no charge.”

They created the ticket (1020155), 07/13/2017.  I still haven’t gotten a touch back on this from support and it’s now 07/26/2017.

On 07/12/17 I also Tweeted @watchguard asking for the full disclosure statement and they got back to me after 24 hours (awesome!).  They linked me to a very nice document here but it’s a real snoozer at 281 pages of Open Source software the Watchguard uses:  https://www.watchguard.com/help/docs/fireware/11/en-US/v11-12_Copyright-Licensing_Guide.pdf?platform=hootsuite

I then Tweeted back at them saying that was awesome and asking what Linux Kernel version they’re running.  They didn’t tweet back about it.

 

My thinking here is that because Watchguard firewalls are so closely held, privately developed (no Open Source Community contributions, etc) that they’re ALWAYS severely behind and “unpatched”.  I suspected they are on average 2 years behind using an old kernel.  This in of itself isn’t “bad” but if you tell someone they haven’t done updates in several years to the core operating system you might get some looks!  You be the judge 😉  Sonicwall is likely in the same boat but I’m picking on Watchguard heavily because I’ve heard a lot about them lately from people I talk to.

Here’s why I’m assuming Watchguard firewalls are always behind and running old Linux Kernel Versions.  I was searching for what Linux Kernel Watchgurads run…nigh impossible to find and I found an odd duck certification blurb from some Canadian Government website that uses Watchguard fireawlls for their network (LOL, anyone using a Watchguard firewall for “security” gets an LOL from me!) (Link).

It states this on June 30, 2005:

“All of the Firebox® X Family appliances employ a hardened Linux operating system that is based on Kernel version 2.4”

OK…so as of June of 2005 what Linux Kernel Versions were available?

Linux 2.6.12 Released 17 June, 2005 (107 days) (Link)

Come to find out (Link) that Linux Kernel versioning can help us better understand what’s what.

In short:

Even numbers mean it’s a stable release

Odd numbers means it’s a development release

Linux Kernel 2.3.4 reads like this:

2 = Kernel Version

3 = Major Revision

4 = Minor Revision

On one of my boxes I run a command:

uname -r

…and get the result:  3.13.0-61-generic (I’m running Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-61-generic x86_64)).

According to kernel.org the current kernel is:  4.12 on 07/02/2017.

Now Ubuntu LTS is “supported” until 04/2019 which means that technically…even though it’s “old” it’s still supported and there’s nothing wrong with running older kernels.  It just might mean you have less functionality than a newer kernel or perhaps better efficiencies (or worse) and bug fixes.

Conclusions:

I guess I’d have to conclude as you should that Open Source & Free Software isn’t a dirty word anymore, that ENTERPRISES use free & open source software ALL THE TIME.  It’s likely they don’t even know it!  That also speaks volumes about the people and companies who pooh-pooh and besmirch open source & free software while unknowingly using it!

The world is run by open source & free software…hands down.  The website you’re reading…running free & open source software, this blog…running free & open source software, your route to get here bounced through free & open source systems (routers, switches, virtual servers, etc)…and I could go on.  You dear reader are immersed in free and open source software and now you know!

Watchguard = open source

Sonicwall = open source

PFSense = open source <– your best option for security & functionality!

The thing that irks me about these highly regarded firewall companies is they market themselves as outside of the framework I’m talking about because they don’t want to be viewed as homegrown or not business class.  The open source framework is actually what makes them enterprise and business class AND THEY SHOULD OWN IT!  Embrace who you are Watchguard and Sonicwall!  You’re open source security companies, for Gods sake Dell even has an open source contribution website where they actively work on projects…own it people!

Dell even says “Transform and modernize your your IT foundation with Linux” LOL (Link).  Linux runs on most Dell platforms in their BIOS, Firmware, it runs their storage products, VMWare is a Linux Kernel…I’m beating a dead horse here.  If you open your eyes you’ll see open source software runs the entire Internet world…you have a fitbit, I suspect open source although I didn’t go look, your phone…open source, your “smart tv”…open source, netflix running on your smart tv…they use open source, Amazon…ALL open source, your toothbrush…not open source BUT it’s likely it was manufactured by computers running open source!

 

If you need any assistance solving technical problems with Linux we’re your shop. We can help companies of all sizes including fortune 100’s. We can augment your existing IT staff in any number of ways with out of the box thinking that can blend your infrastructure where it make sense leveraging open source technology into closed source proprietary systems like Windows.

800-864-9497

Comments or questions are welcome.

* indicates required field

Leave a Reply

Your email address will not be published. Required fields are marked *