Survey on the impact of software regulation on DNS systems

Michael De Roover isc at nixmagic.com
Sat Feb 1 19:54:32 UTC 2025 

On Saturday, February 1, 2025 3:33:35 PM CET Peter 'PMc' Much wrote:
> I tried to, but got the impression that the target audience is
> rather commercial providers of infrastructure services, like
> domain registrars and dns service providers. Not somebody like
> me who just runs a cloud infrastructure for their own purposes.

In all fairness, that is more or less how I currently run the software too. 
The end goal is commercial, sure, but it's still a few years off to get the 
legal kinks sorted out. Until then, this is a small individual operation just 
like yours.

> Exactly, that is the idea! And I love it - it allows me to NOT
> depend on service providers, to run my infrastructure in the way
> I like it, and to be in control. I don't like it when people want
> to tell me what is best for me to eat, or what is best for me to
> buy, or what is best for me to run my computers. I don't like it
> when people think they know better than me what is good for me.
> And anyway, what qualification do these people have?
> 
> But this is exactly what will disappear, and the road map is clear.

That is a sentiment that I share, strongly so. We should be able to use our 
computers however we want. And if we can perform the protocols involved, we 
should be able to go on the internet ourselves to perform them. Gate-keeping 
that should never be the norm. I'll return to this later.

> Because, for ordinary people, regulations are not necessary. Already
> now, if you want to get affordable prices at the supermarket, you
> have to buy a smartphone from one of only two software providers -
> and none of them gives you root access. (Or more cleariy, if someone
> doesn't get it yet: you DON'T OWN the thing, you merely pay for it).

This is something that I think deserves a bit more nuance. What you're 
referring to (rooting) is something I do think is by and large missing in the 
mobile market. Whether that is for security reasons or otherwise is a debate 
in its own right. Personally I share the sentiment of LineageOS on this 
matter. Keep root access available over ADB, but do not support root access 
managers like Magisk. It's just too easy for people to ruin their systems with 
those, because they don't necessarily see or even understand the commands 
being executed. It's hard to argue against that being risky, but that doesn't 
mean that it should be excluded entirely.

Another point worthy of nuance is that even if you do have root access to the 
device, you still don't necessarily control it. The argument I'm going to make 
here is the Tivo case. It's the "look but don't touch" argument. Even if you 
have root access, that doesn't necessarily mean that the system is open 
source. So you're still looking at unmodifiable binary blobs. Or even if you 
have the source code, it may not be able to build.. looking at you Mediatek, 
for what little source code of theirs is public to begin with. Or even if it 
is open source and it builds, you may not be able to flash it. That would be 
the case with Tivo, Samsung, and AVM to name a few.

With Samsung, there's hardware in place now (so-called e-fuses) that trip when 
the bootloader is unlocked. That, in turn, voids your warranty.. even for 
hardware failures that the software had nothing to do with. Even Google pulled 
that stunt before with their Nexus 6P fiasco. Lawsuit forced Google to issue 
refunds, but only to Americans with a receipt, and on devices that could prove 
the fault on official firmware. You had to disable half the CPU cores in a 
modified recovery to boot at all, so that was a catch-22. And it was vile. 
Those phones were a disaster.

With AVM meanwhile, I have one of their Fritz!Box 7490 routers. The firmware 
for that is based on Linux, and source code is available. Some people have 
even hacked on that firmware to create Freetz, a modified version of AVM's 
original firmware. But the forums are dead, were all in German, and the version 
of Ubuntu that was used to build the firmware is well out of date. So I 
couldn't build that firmware, much less flash it. And it's not like I can 
replace that router, because it's one of the few devices that Belgacom (the 
50%+1 share government-owned company that owns the phone lines) has 
whitelisted. Needless to say, that is next to their own devices which are even 
more locked in.

So yeah... Even if you have the source code, there are many compounding 
factors that still make it a case of "good luck using it". Look but don't 
touch.

> So, at some point not so far in the future, I imagine, running your
> own computer will simply become prohibited.
> Just like, you can be perfectly able to build a helicopter, but you
> will not be allowed to fly it. So why should one be allowed to run
> their own computer on the internet, and potentially pose a risk
> to the other users?

Now, to be fair, when actual safety is involved, that's perhaps a case where 
regulation is justified. It's more or less like that with the radios in mobile 
devices too. Not sure if that firmware should be proprietary, but allowing 
everyone to have an SDR in their pockets might not be a great idea either.

Granted, recently I did take apart a tablet of mine. It had an issue where the 
battery sat for too long and has discharged beyond recovery. The tablet boots 
up when an external power source is connected, but displays a "battery dead" 
message and just.. stays there. So I soldered some wires on the motherboard, 
which were test pads for the battery's connector. Positive and negative, and a 
mystery pad that could've been a thermistor in a past life. Monitoring the 
battery temperature would be a good idea. But that is apparently not what that 
pad does, because it refused to boot even with both the original battery and 
mine connected. It also refused to boot at all with a 10k resistor between it 
and ground, with only my healthy battery connected. So my guess is that that 
tablet has been chipped. And at that point, well... I could reverse engineer 
it I guess. But I don't have that kind of oscilloscope. Realistically, I could 
hope that replacement batteries for an obscure cheapo Medion tablet exist.. or 
I could just dunk it in the bin and go for the next tablet that's going to do 
exactly the same. I went for an iPad Air 2. That's something I've seen a lot 
in both tablets and laptops, and that kind of hostile engineering is something 
I strongly object to. Heh, maybe I should just go ahead and do that myself 
too. Electronics, sysadmin, development... shit never ends, does it.

-- 
Met vriendelijke groet,
Michael De Roover

Mail: isc at nixmagic.com
Web: michael.de.roover.eu.org

More information about the bind-users mailing list