Voxel
Part of the Furniture
Well, Orbi firmware. There are a lot of questions from Orbi owners regarding my version of firmware. I do support Orbi not so long time so let us clarify. Something like FAQ regarding Voxel firmware.
1.
Q: Is it firmware modification of binary stock firmware? Something like KoolShare mod made with Firmware Mod Kit or something similar?
A: No. I do the real compilation of my version from source codes by GCC compiler, it is not mod. I use as a base GPL source codes from NG. The only: I have to use limited set of pre-built modules included into NG’s GPL in binary form i.e. w/o source codes.
2.
Q: Is it just a modified version of the stock firmware?
A: Yes and no. We can say that stock firmware is just a modified version of OpenWRT Chaos Calmer, see e.g. the text file of your stock firmware /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Chaos Calmer'
DISTRIB_REVISION='unknown'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='ipq806x/generic'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1'
DISTRIB_TAINTS='no-all'
with the proprietary enclosed drivers from QCA optimized for this concrete version of hardware and with WebGUI made by NG/DNI. Yes, I use modification of the sources from NG to provide the real compatibility with stock firmware extending router’s functionality, fixing CVE, bugs, optimizing the performance of these Orbi gadgets and renewing old GPL open source packages (what de-facto also means fixing bugs and CVE). So yes and no. But very initial source is OpenWRT CC, isn’t it?
3.
Q: “It confuses me that one guy could magically fix a premium product like Orbi from a big company like Netgear with own big development team”.
A: First, Netgear is using outsourcing company DNI for development their firmware builds:
http://www.dninetworks.com/
and does not have its own development team. IMO (I stress: just IMO) the only advantage to use outsourcing company is to save the money for support of Company’s consumers. On the other hand the primary goal of outsourcing company is to release the contracted ordered software product as soon as possible maximizing profits and minimizing own efforts plus expenses for developer’s resources. This (again IMO) does not assume acceptable level of the quality for resulting software product.
Second, it looks for me that there is a lack of synergy and re-usability of what was already done among DNI development teams. No centralized software development management. I have to proceed with firmware for R7500, R7800, R9000 and now Orbi and it very often happens that bug or CVE was already fixed for one model but it is left not fixed or even vice versa introduced for other model of router in the new release of firmware. And when initial firmware for very new router is released, there is common part of software/packages used. But after some time everything inside (internally) is too different. Looks as every team is performing their own independent development and is not aware that this was already developed in the neighboring office room. For example R7500/R7800, R9000, R8900, Orbi firmware are compiled by three (!) different (and old) versions of compiler instead of centralized unified software tools common for all QCA based routers support. Kernel’s vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed for R7800/R9000/R8900 but not for Orbi. Etc, etc, etc.
I am alone really and I have to maximize the re-usability of what I did already for one router to avoid duplication of my job. I have to use the same set of build tools (compiler, assembler, host tools) and most fresh versions of build tools for all router I support (to simplify the maintenance of my versions for these models).
Third, I am professional researcher, developer and scientist. I worked dozens of years in the Japanese Software Company producing extremely high quality software: Computer Graphics applications (famous Japanese quality of 90s with multiply levels of quality checking and testing) as a senior development manager. Our customers were not private persons but huge serious companies such as Toshiba, Toyota, Matsushita, Sony, Sekisui, NEC, Airbus etc. Dissatisfied customer means no contract and thus no money for us.
On the other hand I am just one of you, i.e. I am consumer of NG production, I do use these routers for myself. I started with firmware because of my own dissatisfaction by the quality of the stock firmware incomparable with the quality of the applications what my team had to release. So I release it for myself as well (vs outsourcing) applying my knowledge and experience to the builds of my versions. If I develop something I have to do this perfectly (because I’ll use it as well
). I should not feel the dissatisfaction by my work.
4.
Q: Why aren’t they just hiring him to fix it if they’re incapable?
A: Well. I’ve suggested NG to cooperate (to increase the quality of the stock firmware versions). For free BTW. My suggestion was silently ignored by NG. So I do not touch them, they do not touch me. I am open for cooperation but I think they are not interested. DNI outsourcing is enough for NG. I decided to stop issuing my bug reports and passing them to NG and the way how to fix because of ignoring these reports by NG. Waste of my time.
(And regarding hiring. If they would intend to hire me, there should be attractive for me offer. I am not jobless person seeking for a job).
5.
Q: What is a difference Voxel vs stock? What’s new functionality?
A:
(1) Optimization of performance. Stock firmware is not optimized for this concrete device, does not use all the power, capabilities and specific of the target platform, but it use generic target ARM. Voxel FW is optimized for concrete Orbi CPU (Cortex-A7 with extended instructions set), is using its FPU (not used at all in the stock), uses both: NEON acceleration of OpenSSL (twice faster vs stock) and hardware acceleration of OpenSSL with PCI crypto device (up to seven times faster vs stock, and stock does not use this device at all). OpenSSL is used for backhaul connection as well BTW. So now it should be faster because of this double acceleration.
Plus general optimization of total performance because of optimal compiler options and most fresh compiler (CGG 9.3.0 with its increased level of optimization). Software should force hardware to use its full capabilities and power.
(2) Fixing bugs and CVE. Software should be up-to-date. Reliability and safety.
(3) New functionalities . Such as WireGuard client, OpenVPN client, DNSCrypt Proxy and Stubby (your privacy), possibility to share your USB drive attached to Orbi in your LAN (NAS, fileserver), possibility to map the network drive (client of fileserver/NAS), access by SSH and … Entware of course. I.e. possibility to install more than 2.5 thousands additional packages such as your own web servers, performance monitor, bittorent downloader, whatever you want… Most of users do not need all this but they can continue to use Orbi as with stock firmware…
(4) Possibility to disable extra not used by owner functionality such as Armor, Disney Circle, etc. All these above when enabled decrease the performance of Orbi thus the speed of Internet.
(5) Well, I see your feedbacks and bug reports. NG has a lot of staff for support but firmware developers (outsourcing) are too far from your feedbacks and bug reports.
Regards,
Voxel.
1.
Q: Is it firmware modification of binary stock firmware? Something like KoolShare mod made with Firmware Mod Kit or something similar?
A: No. I do the real compilation of my version from source codes by GCC compiler, it is not mod. I use as a base GPL source codes from NG. The only: I have to use limited set of pre-built modules included into NG’s GPL in binary form i.e. w/o source codes.
2.
Q: Is it just a modified version of the stock firmware?
A: Yes and no. We can say that stock firmware is just a modified version of OpenWRT Chaos Calmer, see e.g. the text file of your stock firmware /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='Chaos Calmer'
DISTRIB_REVISION='unknown'
DISTRIB_CODENAME='chaos_calmer'
DISTRIB_TARGET='ipq806x/generic'
DISTRIB_DESCRIPTION='OpenWrt Chaos Calmer 15.05.1'
DISTRIB_TAINTS='no-all'
with the proprietary enclosed drivers from QCA optimized for this concrete version of hardware and with WebGUI made by NG/DNI. Yes, I use modification of the sources from NG to provide the real compatibility with stock firmware extending router’s functionality, fixing CVE, bugs, optimizing the performance of these Orbi gadgets and renewing old GPL open source packages (what de-facto also means fixing bugs and CVE). So yes and no. But very initial source is OpenWRT CC, isn’t it?
3.
Q: “It confuses me that one guy could magically fix a premium product like Orbi from a big company like Netgear with own big development team”.
A: First, Netgear is using outsourcing company DNI for development their firmware builds:
http://www.dninetworks.com/
and does not have its own development team. IMO (I stress: just IMO) the only advantage to use outsourcing company is to save the money for support of Company’s consumers. On the other hand the primary goal of outsourcing company is to release the contracted ordered software product as soon as possible maximizing profits and minimizing own efforts plus expenses for developer’s resources. This (again IMO) does not assume acceptable level of the quality for resulting software product.
Second, it looks for me that there is a lack of synergy and re-usability of what was already done among DNI development teams. No centralized software development management. I have to proceed with firmware for R7500, R7800, R9000 and now Orbi and it very often happens that bug or CVE was already fixed for one model but it is left not fixed or even vice versa introduced for other model of router in the new release of firmware. And when initial firmware for very new router is released, there is common part of software/packages used. But after some time everything inside (internally) is too different. Looks as every team is performing their own independent development and is not aware that this was already developed in the neighboring office room. For example R7500/R7800, R9000, R8900, Orbi firmware are compiled by three (!) different (and old) versions of compiler instead of centralized unified software tools common for all QCA based routers support. Kernel’s vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 are fixed for R7800/R9000/R8900 but not for Orbi. Etc, etc, etc.
I am alone really and I have to maximize the re-usability of what I did already for one router to avoid duplication of my job. I have to use the same set of build tools (compiler, assembler, host tools) and most fresh versions of build tools for all router I support (to simplify the maintenance of my versions for these models).
Third, I am professional researcher, developer and scientist. I worked dozens of years in the Japanese Software Company producing extremely high quality software: Computer Graphics applications (famous Japanese quality of 90s with multiply levels of quality checking and testing) as a senior development manager. Our customers were not private persons but huge serious companies such as Toshiba, Toyota, Matsushita, Sony, Sekisui, NEC, Airbus etc. Dissatisfied customer means no contract and thus no money for us.
On the other hand I am just one of you, i.e. I am consumer of NG production, I do use these routers for myself. I started with firmware because of my own dissatisfaction by the quality of the stock firmware incomparable with the quality of the applications what my team had to release. So I release it for myself as well (vs outsourcing) applying my knowledge and experience to the builds of my versions. If I develop something I have to do this perfectly (because I’ll use it as well
). I should not feel the dissatisfaction by my work.4.
Q: Why aren’t they just hiring him to fix it if they’re incapable?
A: Well. I’ve suggested NG to cooperate (to increase the quality of the stock firmware versions). For free BTW. My suggestion was silently ignored by NG. So I do not touch them, they do not touch me. I am open for cooperation but I think they are not interested. DNI outsourcing is enough for NG. I decided to stop issuing my bug reports and passing them to NG and the way how to fix because of ignoring these reports by NG. Waste of my time.
(And regarding hiring. If they would intend to hire me, there should be attractive for me offer. I am not jobless person seeking for a job).
5.
Q: What is a difference Voxel vs stock? What’s new functionality?
A:
(1) Optimization of performance. Stock firmware is not optimized for this concrete device, does not use all the power, capabilities and specific of the target platform, but it use generic target ARM. Voxel FW is optimized for concrete Orbi CPU (Cortex-A7 with extended instructions set), is using its FPU (not used at all in the stock), uses both: NEON acceleration of OpenSSL (twice faster vs stock) and hardware acceleration of OpenSSL with PCI crypto device (up to seven times faster vs stock, and stock does not use this device at all). OpenSSL is used for backhaul connection as well BTW. So now it should be faster because of this double acceleration.
Plus general optimization of total performance because of optimal compiler options and most fresh compiler (CGG 9.3.0 with its increased level of optimization). Software should force hardware to use its full capabilities and power.
(2) Fixing bugs and CVE. Software should be up-to-date. Reliability and safety.
(3) New functionalities . Such as WireGuard client, OpenVPN client, DNSCrypt Proxy and Stubby (your privacy), possibility to share your USB drive attached to Orbi in your LAN (NAS, fileserver), possibility to map the network drive (client of fileserver/NAS), access by SSH and … Entware of course. I.e. possibility to install more than 2.5 thousands additional packages such as your own web servers, performance monitor, bittorent downloader, whatever you want… Most of users do not need all this but they can continue to use Orbi as with stock firmware…
(4) Possibility to disable extra not used by owner functionality such as Armor, Disney Circle, etc. All these above when enabled decrease the performance of Orbi thus the speed of Internet.
(5) Well, I see your feedbacks and bug reports. NG has a lot of staff for support but firmware developers (outsourcing) are too far from your feedbacks and bug reports.
Regards,
Voxel.
