[Sodman]

The worst part is this isn't even just going to affect folks that would never think to update their router firmware. The firmware they do push out is frequently a massive downgrade.

About a year ago, I tried to update the firmware on my Netgear router. It was the exact model from the article, the R7000. I assumed "new update" for router firmware would involve some critical security updates, and maybe some stability fixes, but it basically rendered the router unusable. It would crash every few hours with normal usage. I googled around and turns out it was a known issue, the only recommended fix was "roll back to version x.x.x (2 versions prior). I found this fix months after it had been posted, and there had still been no new patch released to fix the issue.

When my relatives call me to fix their wifi, I now have to think twice about updating the firmware. These days I recommend the google wifi mesh router(s), because they just involve the least maintenance effort. They have less fine-tune controls and the wifi speed is slightly slower when you start approaching gigabit speeds (vs other high-end consumer routers), but it's definitely worth the trade off for me. Plus, anyone calling me to help with their wifi won't notice either of those things :)

[kelnos]

> The worst part is this isn't even just going to affect folks that would never think to update their router firmware. The firmware they do push out is frequently a massive downgrade.

I worked there a bit over 10 years ago, so things may have changed, but honestly I wouldn't expect them to change all that much. For that kind of hardware (SOHO stuff), Netgear didn't have any software developers in-house. It was all outsourced to dev shops in Asia. The software was usually whatever generic thing the dev house had built, with customization for branding and enabling/disabling features Netgear wanted or didn't want. Occasionally they would pay to add features that didn't exist.

Netgear usually didn't get source code, and would only get changelogs for new releases (which weren't all that detailed). There were often many regressions, and all bug testing and feature verification was black-box. When something was wrong, it was often a fight to get the dev house to prioritize it, especially if they didn't think it was a critical bug (declaring a bug a shipping showstopper was usually effective, but you can't cry wolf all the time, and that only works for pre-release products, not updates).

I imagine things are better now; at the very least I expect these developers to have at least a little more awareness of common security issues and how to avoid them (definitely was not the case in the 00s), but I assume it's still a mixed bag. On the plus side, most of the current-gen hardware is beefy enough to run Linux, which a lot more developers are familiar with (IIRC a lot of the stuff back then was running vxWorks), which hopefully makes it easier to hire better developers.

If you want high-quality software on your networking gear, go with a company that you know is actually a software company, and not an outsourced hw/sw company. Products that are based on OpenWRT or Tomato or something like that are probably safer, assuming they haven't broken it with their customizations... but don't expect updates to new major releases. Having said that, I still buy Netgear switches and other stuff that's internal to my network and are generally relatively "dumb". They're usually pretty reliable and reasonably priced.

[tw04]

Highly recommend the synology line of routers. I've deployed a few of them for neighbors and have gotten exactly 0 calls. They mesh over wired or wireless, and for all of their faults Synology does a pretty good job of releasing software updates for their products for WAY longer than any other vendor I've worked with.

Just make sure you use the 2600AC as the primary router, the 2200s can technically function in that role but are pretty under-powered.

[clairegraham]

Does the 2600 allow you to set a static DFS channel? It looks like it might support an auto-switch mode but I can’t find anything specific.

[ThePowerOfFuet]

>static DFS channel

This is a contradiction. The whole point of DFS is "if you detect radar on this frequency you must stop transmitting on it". This is typically followed by a change of channel to avoid an outage of the Wi-Fi, hence "dynamic frequency selection".

[clairegraham]

I know how it works. Static was the wrong word, but my current router (Netgear) lets you set a primary DFS channel, and based on my tests, the channel selected does affect performance.

As far as I can tell, there isn’t even a way to perform auto DFS selection on my current router.

[jeffbee]

The best thing about setting up Google wifi routers for your relatives is you can set yourself up as the manager of them, and manage them with the Google Wifi app from anywhere. So before Uncle Bob calls you about the wifi you'd already have got the notification that his cable service is down again.

[londons_explore]

I've had a pretty disappointing run with those Google Wifi routers...

It started with the lack of ability to have an open guest wifi... Like - it's for my guests, I want anyone to be able to connect, and I don't want to be faffing with passwords or guests having to ask me... I have to name my network "My House - Password Is password"

Then every month it seemed to do some kind of update and disconnect wifi devices... Sure - it's only for 30 seconds, but a disconnection is a disconnection. Thats going to boot you off whatever game you are playing...

And now I've got the trouble that as you have a bunch of mesh points, you can't walk between them without glitches in a video call... Like seriously - I should be able to start facetime and walk round my house without random freezes for 5 seconds while it reconnects to a different mesh point.

Google Wifi has been out for years now, and not a single one of these bugs is any better than it was at launch. Not really acceptable for a $400 router setup!

[jeffbee]

Google Wifi just released a new version in June 2020. The one before that was October 2019, and June 2019 before that. That's only 2 updates per year. How disruptive is that?

[ndesaulniers]

If it means the software is up to date, then I can live with an interruption. It might be nice to have power controls, but I think they do a fair job keeping the UI simple. That's not to say a power user UI couldn't be added, but it certainly increases the testing burden to add new features that need to be tested for regression.

[antsar]

Sorry to be "that guy", but how about not giving an advertisement company access to all your network traffic (while paying them for the privilege)...

Almost every router supports some form of remote management (or just put TeamViewer on their machine). Most also support dynamic DNS so you can set up a ping check for the "its down" notification.

[Sodman]

The fact that I've paid them for the hardware gives me more confidence that I'm not the product. Ironically, the fact that I can get TeamViewer for free and use it to get remote access others' computers makes it feel like a higher threat attack vector for me.

Before I bought the Google mesh wifi, I already had android, chrome, project Fi, and Google's DNS (router level) at various levels of my request stack. That's not even counting search, gmail, and calendar. If Google are playing shady games with my network traffic, whatever marginal gain they get from having software on my router is negligible. Especially compared to the awful PR backlash they'd get once somebody hooks some monitoring gear up to their hardware and exposes it.

[antsar]

> the fact that I can get TeamViewer for free and use it to get remote access others' computers makes it feel like a higher threat attack vector for me.

I agree. I gave that example because I personally use it, but would prefer to move to a self-hosted or inexpensive paid solution. I've always assumed the free version has sufficient business value as a lead-generator for the enterprise version, but there's no reason to assume they don't also monetize usage data.

> I already had android, chrome, project Fi, and Google's DNS ... whatever marginal gain they get from having software on my router is negligible.

That's a totally fair way of looking at it, and I'd probably use Google Wifi with little hesitation if I were you. But this isn't the case for everyone. IMHO tech folks need to be mindful of privacy implications when recommending tech to non-tech folks, because we have the benefit of understanding those implications. FWIW, my immediate family would be displeased if I installed a Google router for them and they later figured out Google's conflict of interest for themselves.

[sdinsn]

You are concerned about Google having "access" to network traffic, but you have no concerns about putting TeamViewer on someone else's machine?

[antsar]

TeamViewer's publicly-known business model has nothing to do with advertising or otherwise monetizing your private data, while Google's does. There's nothing inconsistent about using one while avoiding the other.

That said, I agree TeamViewer in a position to collect & monetize my usage by nature of being cloud-dependent & closed-source. I'd rather use an open-source self-hosted option. Haven't found a good one yet, but that doesn't mean we should ignore privacy hazards where they can be easily avoided.

[jeffbee]

Sorry to say that you are "that guy" and your comment, in addition to adding nothing to this conversation, also detracts from HN generally and contributes to the perception that it is an unserious place haunted by the deranged and irrational.

"Google Wifi and Nest Wifi devices do not track the websites you visit or collect the content of any traffic on your network."

[antsar]

Disagree about "adding nothing". We're talking about hardware for nontechnical family/friends, who might not understand the conflict of interest. It's not nice to project your apathy/disbelief that Google would abuse the access onto those people.

The name-calling is really not necessary. Why not make your point on its own merits?

The doc[0] you're quoting continues to list a bunch of things they do collect, including some with no opt-out. Way to cherry-pick.

Even the part you quoted does not exclude traffic metadata.

[0] https://support.google.com/wifi/answer/6246642?hl=en

[thoraway1010]

I do this with my elderly parents. Doubles as a "powers gone out - are they freezing" alert.

[moepstar]

Another brand i vouch for is AVM, their routers are all over Germany and they're reliable workhorses for years...

Maybe, just maybe, someone should start a list with vendors that put out shitty software on their devices, never deliver firmware updates and have stupid exploits...

[colechristensen]

>Maybe, just maybe, someone should start a list with vendors that put out shitty software on their devices, never deliver firmware updates and have stupid exploits...

You might as well just list every vendor, the exceptions are rare and don't always last.

[yjftsjthsd-h]

> Maybe, just maybe, someone should start a list with vendors that put out shitty software on their devices, never deliver firmware updates and have stupid exploits...

I don't disagree, but perhaps it would be better to list the vendors that push bad software and whose hardware doesn't let you run a better firmware. After all, if the hardware is decent and can run OpenWRT or such, who cares how bad the stock firmware is?

[mizzack]

One of the redeeming features of the R7000 is that it can run AdvancedTomato, DD-WRT, etc.

[RNCTX]

DD-WRT on the R7000 is flawless.

I even run nginx as a name-based proxy on mine, with load balancing! Works like a champ.

[coronadisaster]

For all software, we need 2 branches... one with feature updates and security fixes and one with only security fixes (Maybe AI will figure out a way to make this happen). That would reduce the number of bugs in one of the branches.

[cptskippy]

> I found this fix months after it had been posted, and there had still been no new patch released to fix the issue.

D-Link isn't any better, many of their firmwares to fix KRACK were in Beta for 4 years and many are still in Beta.