The prpl Foundation

Making Connections

Article from Issue 227/2019

Mirko Lindner of the prpl Foundation discusses how vendors and chipset makers are coming together to make IoT more interoperable and secure.

The prpl Foundation [1] is a non-profit consortium of hardware vendors, software vendors, service providers and developers. It describes itself as an open source, community-driven organization whose members [2] collaborate to develop standards and software to enable security and interoperability of embedded devices. We talk with the group's recently appointed Program Director, Mirko Lindner, to better understand the objectives of the foundation and how they'll impact end users like us.

Mayank Sharma: Let's start with your role in the project and how you got involved with prpl. You were once the Project Lead at OpenMoko?

Mirko Lindner: That was my first job in an open source company, basically running the development of the open source UI for the phone. After that I went to work with Vodafone in different capacities – first built some mobile applications, then joined their innovations team and ultimately ended up in the fixed-net department, which is the team that builds all of the routers and gateways. There we realized that if you look at how ISPs and service providers in general build devices, especially in the router space, that they work with a large number of different suppliers and there is no standardization.

Basically think back 15-20 years where every mobile phone manufacturer had their own operating system. Applications like WhatsApp weren't even on the horizon and the best online messenger was the Blackberry Messenger. The situation on embedded devices today is very similar. We did a huge analysis and ultimately we came back with the need for standardization and open source development. Out of that we started talking to the prpl Foundation, and we worked out how that effort could manifest in a project that would involve not only Vodafone but many other service providers as well as software vendors, hardware vendors, and chipset makers.

I worked for a while with the prpl Foundation from Vodafone, and then I left Vodafone because I wanted to explore Asia and work a little closer with hardware manufacturers. Then about 15 months ago, the prpl Foundation was looking for someone to take up more of an operational position, and I joined prpl part time as Program Director to bring the different working groups and projects into shape. This July I took the next step, switching perspective yet again, this time to the software vendor side. I joined one of prpl's members, SmartRG, who have made quite a substantial contribution to the foundation both in resources and product development. My role is to serve as a bridge between a vendor with a very strong background in open source and a foundation on the other side. So now I do both – I take some daily work items here at SmartRG, but also run the operational side of things in prpl for many of the working groups. I try to think of myself more as a product manager than a program manager.

MS: What prompted the formation of the foundation and how has it evolved?

ML: When the foundation was created about six years back, it was created with a strong focus on silicon and software that powers systems on a chip. But over the last two years, the prpl Foundation has become more of an Open Source CPE (customer-premises equipment) software foundation. If you look at our current membership, you'll find lots of hardware manufacturers from Asia and all around the globe that build devices for ISPs, you'll find the ISPs themselves and of course software vendors alongside the chipset vendors. So it's more about CPE, which is basically an evolution of the foundation.

The problem was that if you want to move a whole industry, one service provider, one chipset manufacturer, or one software vendor is never big enough to have the scale of impact you need. So what you need is basically an alliance, a place where people and companies can come together and solve common problems in an open and standardized way. That's why the prpl Foundation is so powerful, because it is a place where technical people from different companies who usually wouldn't meet each other can [discuss] what their problems actually are. That's the whole point of the prpl Foundation.

MS: Why would competing companies want to get together and collaborate?

ML: Very often those companies are not in direct competition but rather have the same problem that they all need to solve. Like WiFi for example. So they all need to make sure the WiFi connection is stable and that you can connect 20 devices to your router in the home and still do your WhatsApp'ing and chatting while watching Netflix or IPTV streams. Those are common problems that every company's R&D department has to solve before they can productize. And the reason for them to come together is then they can solve this problem once and everyone can benefit from the common solution. Each company can then focus on building features that only they have, what we call the "differentiating features," where you can see that one company focussed on routers for IPTVs, while others are focussed on the gamer market and things like that.

MS: How do your efforts translate to bettering the experience for the end user?

ML: For the end users two things are going to happen. One is that service quality is going to improve. For example, let me stick to WiFi as that is a problem that is relevant to all users. Right now you have a maximum of 100-200 engineers per company that are trying to solve all of these WiFi problems that we are talking about – common things like speed of client's connection. But we are also talking about less common use cases – what happens if I have three different smartphones and my IPTV setup box connected and someone begins a download? In this case, whose service gets downgraded in the service performance?

With prpl, we might have thousands of engineers working on the same set of problems, that will definitely translate into an increase in quality and security. It might take two to three years before it reaches a large number of customers, but by then you'll feel the difference.

The second thing that comes right after is more innovation. You'll see more new services being rolled out, more integration between different companies. Basically something similar to the smartphone ecosystem where you can think of third-parties being able to roll their services on top of devices that you already have in your home. If you have security services in the home, or parental control services, those usually come with their own set of devices. That means if you add even one more device to your home that increases your electricity bill and takes space; it's just clunky and inefficient. All of that is going to go away and we're going to see a service ecosystem in the home that can run on already existing devices. So I think there are lots of advantages to what we do, and I do hope we'll be able to communicate to consumers how that is better for them, because that's why we're doing this.

MS: One of your missions is to "enable the interoperability of embedded devices." Could you explain what these words mean to prpl?

ML: Probably the most obvious example is something we call prplMesh [3]. You see over recent years how different companies came up with a combination of several devices to give you perfect WiFi coverage in your home. We used to have a single router creating the WiFi for the whole home, now you have a main access point and a couple of satellite devices the extend that main WiFi. Until recently, you could only buy the whole pack from one company.

What the Wi-Fi Alliance has done is come up with the standards, working with all of these companies, that allow you to mix and match solutions and make the different WiFi satellites talk to each other. So you can get a device from your ISP that supports mesh, and then you can decide if you buy the mesh extender from Company A or Company B. prplMesh is the open source reference implementation of exactly that. So we are taking this one step further and saying that instead of only having the standards, let's then implement those common features. Let's make them available in open source to every vendor and anyone who wants to build anything on top and thereby increase the interoperability.

MS: What are the major action areas that prpl's working on to get us to that ideal world?

ML: Prpl's efforts largely fall into one of two areas. One is API definition and API standardization work. Here our low-level API efforts, we will simplify and dramatically shorten the time it takes to integrate different chipsets and new hardware features while our high-level API layer will enable software modules to be developed more quickly and exchanged more easily between vendors and solutions. The other work area is the open source implementation of those APIs and specifications.

Those are the two main groups and these unfold into different flavors. One of these, on the implementation side, is prplMesh. Then we have a project where we are taking OpenWRT [4] and basically adding features that we then upstream as much as possible. This allows vendors of commercial software stacks for CPE devices to work directly with the open source project without having to build their own set of tools around OpenWRT. This enables more software and more patches and fixes and security fixes from company development into the open source project that they all utilize for their products.

MS: Your objectives are translated into action by the Working Groups. Could you give an overview of what these are and why they are important?

ML: We have five or six active working groups depending on how you count. We have one for each of the APIs that I've just mentioned. Then there's prplMesh, which is one of the largest working groups. Then we have a working group for our OpenWRT related efforts and CPE stack. And a Security working group [5] that's specifically looking at how we can make the home more secure and how we can use the devices like Internet access gateways and WiFi routers to make the whole network more secure.

MS: The Security Working Group gets the most attention from what I could tell.

ML: It depends on who you talk to. There's a lot of talk about the Security Working Group because it's a very important topic for all parties involved, but prplMesh and prplWRT [6] are very prominent projects. Maybe less so publicly, but certainly when you look at the size of these working groups and the amount of work that is being done inside them. For security to receive the attention it needs and deserves, it takes a lot of education and conversations. We have to make sure everyone puts security as their number one requirement and that means we have to talk to everyone. In contrast, the other working groups involve more negotiations between the companies, so it's a bit more collaboration and writing software. But all of our working groups are well-staffed and quite active.

MS: Consumer use of smart devices, particularly with IoT, has already come a long way in the last couple of years. What are the major challenges that you think still need to be addressed to usher in the next generation of IoT devices?

ML: I can only speak for the router and the CPE side of things and not so much about the individual end devices. The biggest challenge is the integration of different services and how you can ensure, a lightbulb, for example, can be used by any software services that you choose as a consumer instead of you having to buy into a whole ecosystem. We need those cross-company ecosystems that you find in most other industries. I think that will unlock IoT going forward because the innovation cycle of a software company is completely different from that of a hardware company, and right now those two are too tightly coupled. That's what we are working on, and once we unlock that you'll see a whole new breed of hardware.

MS: What can we expect from prpl in the near future?

ML: In the near future, I do hope that we get to harmonization on the CPEs. So from a consumer perspective, you'll find more third-party services on the devices at home, dramatically increased security, and an improved overall customer experience.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More