Hacker News new | ask | show | jobs
by kelnos 2192 days ago
> The worst part is this isn't even just going to affect folks that would never think to update their router firmware. The firmware they do push out is frequently a massive downgrade.

I worked there a bit over 10 years ago, so things may have changed, but honestly I wouldn't expect them to change all that much. For that kind of hardware (SOHO stuff), Netgear didn't have any software developers in-house. It was all outsourced to dev shops in Asia. The software was usually whatever generic thing the dev house had built, with customization for branding and enabling/disabling features Netgear wanted or didn't want. Occasionally they would pay to add features that didn't exist.

Netgear usually didn't get source code, and would only get changelogs for new releases (which weren't all that detailed). There were often many regressions, and all bug testing and feature verification was black-box. When something was wrong, it was often a fight to get the dev house to prioritize it, especially if they didn't think it was a critical bug (declaring a bug a shipping showstopper was usually effective, but you can't cry wolf all the time, and that only works for pre-release products, not updates).

I imagine things are better now; at the very least I expect these developers to have at least a little more awareness of common security issues and how to avoid them (definitely was not the case in the 00s), but I assume it's still a mixed bag. On the plus side, most of the current-gen hardware is beefy enough to run Linux, which a lot more developers are familiar with (IIRC a lot of the stuff back then was running vxWorks), which hopefully makes it easier to hire better developers.

If you want high-quality software on your networking gear, go with a company that you know is actually a software company, and not an outsourced hw/sw company. Products that are based on OpenWRT or Tomato or something like that are probably safer, assuming they haven't broken it with their customizations... but don't expect updates to new major releases. Having said that, I still buy Netgear switches and other stuff that's internal to my network and are generally relatively "dumb". They're usually pretty reliable and reasonably priced.