Fork 380.57 HGG-FINAL

[bits]

Please let us stick to evaluations of the HGG FW and features it has to make it an excellent alternative for people who want/need to use it. Like everything else in life, each individual needs to take responsibility for their own actions and make decisions that are in line with their belief systems and culture.

Let's stick to the gpl violation.
I am a strong believer in open source.
This firmware would not exist if not for the gpl code it uses.

It is stealing other people's work (not borrowing).
Until the gpl violation is fixed this problem will not go away and hgg runs the risk of legal action because of his copyright infringement.

Talk about the firmware will always be littered with the gpl issue because it is a huge problem that everyone should be very concerned about.

 

[bits]

This firmware would not exist if not for the gpl code it uses.

BTW this should be the biggest eye opener to people of just how unfair this situation is for the original authors of the large majority(over 99.9% of the code in this firmware) of the code hgg is using.

He depended on a system of sharing that he now refuses to contribute to.
This was a problem from day 1 because from day 1 he broke the gpl rules.

The fact he refuses to participate and release the source code, risking legal action and otherwise showing hgg as an incredibly selfish theif, makes the firmware code appear extremely likely to be malicious.

 

[jomo999]

I purchased the 87u at launch and it has been the worst router i have ever owned. Thanks to this firmware it is actually working quite well. I have 2 WD My Net bridges on my 5ghz and everything else on the 2.4. Performance on both bands is the best experience to date. Even wired seems snappier. 4TB my book on the 3.0 is working well. I do not use qos or security. I port forward so no Nat acceleration. My service is Comcast 100/15 so i wouldn't benefit from it anyway. 2.4 works best for me at 70% tx and 5.0 at 100% tx. My bridges have always hated this router but are playing really nice with this firmware. Not to many posts here on overall performance of this firmware so i thought i would chime in. Big thanks to the developer for this one. Its a keeper. Just so everyone is clear, no one came to my house and held a gun to my head and forced me to load this firmware. I wouldn't know what to do with the source code even if i had it. I think if this guy was shady eric would have intervened by now. Its basically his firmware with the tx and dfs options. I have never seen a post from mr. hggomes stating he wrote this entirely on his own. He does state in his change log that it is based on merlin 380.57. Flash it or don't, its that simple. If having the source code is a priority then don't.

 

[bits]

I have never seen a post from mr. hggomes stating he wrote this entirely on his own. He does state in his change log that it is based on merlin 380.57. Flash it or don't, its that simple. If having the source code is a priority then don't.

It is not about hgg claiming he wrote the code, it is about him using the code without permission due to not supplying the source. If ithe code was BSD licensed then sure what he is doing is almost enough, but the code is GPL licensed.

And it is barely about Rmerlin code either, Rmerlins portion of the code base is absolutely tiny.

There is many many thousands of peoples work over decades that made this software. It is those thousands of people that are all being ripped off by hgg.

 

[jeff288]

I'm also curious why this one is almost 8mb's larger than Merlin's. Did he only change the tx and dfs options or did he use a different driver blob? For those not worried, it's trivial to implement code that stores sensitive data and only sends it out when you're sending other data out to look more legit. Also you can send it to big-name IP hosts such as Microsoft to make it look legit and benign when it could be going to a OneDrive account of the malware author storing that data. Not showing source code is a really big deal and you're opening yourself up to an easy mim attack, at the least. At least Asus has a big name associated so there's a big target to go after if you have financial damages but one guy posting firmware on the internet and refusing to show source, you have little to blame than yourself if you use it.

 

[Nullity]

I'm also curious why this one is almost 8mb's larger than Merlin's. Did he only change the tx and dfs options or did he use a different driver blob? For those not worried, it's trivial to implement code that stores sensitive data and only sends it out when you're sending other data out to look more legit. Also you can send it to big-name IP hosts such as Microsoft to make it look legit and benign when it could be going to a OneDrive account of the malware author storing that data. Not showing source code is a really big deal and you're opening yourself up to an easy mim attack, at the least. At least Asus has a big name associated so there's a big target to go after if you have financial damages but one guy posting firmware on the internet and refusing to show source, you have little to blame than yourself if you use it.

He updates almost every integrated service, like dnsmasq, miniupnpd, etc, etc.

and thanks for pointing out that scanning with anti-virus and packet-sniffing will prove very little. Just of the top of my head, a backdoor could be installed that only opens a port when an outside host uses a port-knocking sequence or attempts to connect from a certain host. Your router's IP does not even need to be known. A person with limited means can scan (attempt to connect to a port) the entire internet in under 24 hours, or even less than 1hr if they have the resources.


I am not saying this is the case here, I am saying these are things you should be aware of. Nobody can prove that any complex software is invulnerable, but you can logically deduce that some scenerios are more risky than others.

 

[jeff288]

He updates almost every integrated service, like dnsmasq, miniupnpd, etc, etc.

and thanks for pointing out that scanning with anti-virus and packet-sniffing will prove very little. Just of the top of my head, a backdoor could be installed that only opens a port when an outside host uses a port-knocking sequence or attempts to connect from a certain host. Your router's IP does not even need to be known. A person with limited means can scan (attempt to connect to a port) the entire internet in under 24 hours, or even less than 1hr if they have the resources.


I am not saying this is the case here, I am saying these are things you should be aware of. Nobody can prove that any complex software is invulnerable, but you can logically deduce that some scenerios are more risky than others.

Yes, there was at least a couple router manufacturers that used port knocking for their backd..., I mean firmware upgrade implementation. And yes, using AV meant for Windows binaries means very little on linux-based firmware. With no source, HGG basically has your router by the balls, and therefore any possible financial or sensitive transactions you do online if he wants and that's not something I'm comfortable with. And also in fairness, you still have to trust Asus but as I said, they have plenty of collateral for personal damages if they prove malicious or incompetent.

 

[test011]

Each country's Wi-Fi regulation is different and changing rather rapidly. Asus's implementation is outdated and some even violate current regulation. (at least in my country's case, available 5Ghz channels have never been implemented correctly. I can avoid those banned channels, but cannot use some legally available channels and there are over 30 Wi-Fi routers around, it's such a pain)

Why not let the user decide which channel and output power they should use?

If merlin's firmware, bless him for his work, let those options open to the user, would there be a demand for HGG's?

 

[Nullity]

If merlin's firmware, bless him for his work, let those options open to the user, would there be a demand for HGG's?

Merlin actually does leave those open, you just need to be knowledgeable enough (hgg) to know how to do it. Asus/Merlin/John's code, aside from the Asus/Broadcom binaries, are available for anyone to play with & modify.

I like to think of it like a "you must be this smart to ride" type of thing. I am not smart enough.

 

[GGavan]

I'm zero on cooking with Linux and brothers, that's why I like the perfect plate with RMerlin as main course with a bit of HGG as topping, a John side dish and passionate contributors as drinks. I hate when somebody is telling me don't eat and drink this because he didn't seen the recipe of topping. I love challenges and I want to taste it. I like it and I will look again for it. I'm waiting for the new version of this meal.

Just a figure of speech

 

[bits]

I hate when somebody is telling me don't eat and drink this because he didn't seen the recipe of topping.

I hate when someone is free loading off of everyone else's hard work.
Hgg with a smallest of rounding error has done 0% and is free loading off 100% of other people's effort.
He is spitting in the face of actual hard effort everyone but him, all much better than he could ever be, put in.

The guy is a fraud and should be put in jail. All because he refuses to spent 5mins and release source.
The guy is stealing your credit card details or is a horrible person that steals from charitable people.
And you guys support such a horrible person. You guys need your head checked.

 

[lepa71]

I hate when someone is free loading off of everyone else's hard work.
Hgg with a smallest of rounding error has done 0% and is free loading off 100% of other people's effort.
He is spitting in the face of actual hard effort everyone but him, all much better than he could ever be, put in.

The guy is a fraud and should be put in jail. All because he refuses to spent 5mins and release source.
The guy is stealing your credit card details or is a horrible person that steals from charitable people.
And you guys support such a horrible person. You guys need your head checked.

Just wondering do you code and build your own fw?

 

[lepa71]

Yes, there was at least a couple router manufacturers that used port knocking for their backd..., I mean firmware upgrade implementation. And yes, using AV meant for Windows binaries means very little on linux-based firmware. With no source, HGG basically has your router by the balls, and therefore any possible financial or sensitive transactions you do online if he wants and that's not something I'm comfortable with. And also in fairness, you still have to trust Asus but as I said, they have plenty of collateral for personal damages if they prove malicious or incompetent.

If you are so paranoid then don't use it, but don't tell everybody else to not use it. There are ways to protect your info. Buy VPN services is one of them.

 

[L&LD]

I hate when someone is free loading off of everyone else's hard work.
Hgg with a smallest of rounding error has done 0% and is free loading off 100% of other people's effort.
He is spitting in the face of actual hard effort everyone but him, all much better than he could ever be, put in.

The guy is a fraud and should be put in jail. All because he refuses to spent 5mins and release source.
The guy is stealing your credit card details or is a horrible person that steals from charitable people.
And you guys support such a horrible person. You guys need your head checked.

I would suggest instead that you should be banned from this forum. Unless you have proof of your allegations.

Using freely available code is not stealing. That is the whole basis of source code.

The other issue (not sharing what you've made with that source) is something that hggomes needs to address himself (and he has in the past).

Not by a judge and jury that doesn't see past their own nose.

I believe that if something as serious as what you're suggesting is happening, hggomes would have been off these forums a long time ago. As it is today, making up accusations is not in anyone's best interest.

 

[RMerlin]

Please, be nice. There's no need to turn this into a personal attack festival.

Primary reason for lack of source code is hggomes can't be bothered cleaning everything up, setting up a repo, and updating it. There is no reason to believe there is any malicious motives behind the lack of source code.

I agree that it's legally breaking the GPL. But I have better things to do than enforce a license, quite frankly, which is why I simply avoid getting involved into this situation. People who are annoyed by this can contact the EFF or any other organization that handles reported GPL violations if they wish to force a resolution of this current situation.

 

[shooter40sw]

Where can I download this firmware? Im on merlin from day one on the 66u and love all the features but the wireless performance is poor compared to older drivers, I wanted to try johns but it does not have support for bandwith limiter and dnssec just yet, I have searched but maybe Im not searching correctly, please send me a link thanks.
BTW I updated entware like I do from time to time and it broke dnscrypt, no longer starts, I saw it updated libsodium or something cant recall correctly but since then no dnscrypt.

 

[80A0F4E3F8C61]

Where can I download this firmware? Im on merlin from day one on the 66u and love all the features but the wireless performance is poor compared to older drivers, I wanted to try johns but it does not have support for bandwith limiter and dnssec just yet, I have searched but maybe Im not searching correctly, please send me a link thanks.
BTW I updated entware like I do from time to time and it broke dnscrypt, no longer starts, I saw it updated libsodium or something cant recall correctly but since then no dnscrypt.

https://www.mediafire.com/folder/05psguze7t8gs#myfiles

 

[appleseed]

Compelling arguments on both sides, not being sarcastic.

Some understand the risks and some are trying to protect others who are less knowledgeable and get proper accreditation to individual authors.

What's missing is the opinion of the snbforums site Administrator whose word is final.

For example, if someone were to find and share the 'appleseed' fork which allows even greater range
and shoots rainbows - but no source-code provided - and then another comes along with claims of over 9000 power and also no source-code - I wonder what the Admin opinion would be then.

"You agree to not use the Service to submit or link to any Content which is defamatory, abusive, hateful, threatening, spam or spam-like, likely to offend, contains adult or objectionable content, contains personal information of others, risks copyright infringement, encourages unlawful activity, or otherwise violates any laws."
http://www.snbforums.com/help/terms
http://www.gnu.org/licenses/gpl-violation.en.html

Forum reputation is important but it's not our forum. The Admin either allows this or not - won't matter what any of us have to say.

This thread could have been 7 pages shorter.

 

[test011]

Forum reputation is important but it's not our forum. The Admin either allows this or not - won't matter what any of us have to say.

Nevertheless, we say what we have to say. That's basically what a forum is about, isn't it?

 

[lepa71]

Nevertheless, we say what we have to say. That's basically what a forum is about, isn't it?

No, we need to stay on topic and not to go off.