[megous]

One of the reasons to not be excited about ISP provided cable modems with WiFi functionality and to have good endpoint/service security on your LAN. (TLS, DNS over TLS at least accross the modem/ISP)

I just put it in bridge mode, disable wifi, and all network functionality is served by my own devices.

The last modem I rented from ISP, the ISP didn't bother with any firmware updates for ~10 years. It was rock stable because of that, though. :)

[phh]

Counterpoint: ISP with over 1M customers have the incentives of upgrading their HGW "forever" to reduce Capex. My employer (Free, French ISP also shipping HGW to Italia as Iliad) still upgrade their HGW released in 2011 (though if you have yours dating back from 2011, have it replaced (your oled screen is probably dead ;) to get more recent wifi cards). It runs a modern Linux 6.4. You get modern nifties like airtime QoS, got upgraded mobile apps if you wish, and uh lots of software features.

[distances]

In Germany one of the more popular modem/router/wifi devices among ISPs is FritzBox. You can also buy these devices yourself, which gives you both: you're using your own hardware instead of renting, and you benefit from long support thanks to aligning incentives from their big customers.

[mschuster91]

FritzBox are also very famous for getting service on lines where other vendors will just crap out. Their chipsets and tunings are top-notch.

In addition, the backwards compatibility is amazing. It's 2024, and to my knowledge most of their models still support pulse dialling on the analog telephone frontend.

[tecleandor]

Although expensive, they've always had good fame (and I even had a friend working from them years ago), but something "funny" was going on with their routers some months ago...

https://news.ycombinator.com/item?id=40106336

[mschuster91]

Yeah that's because they used .box as a custom TLD for decades and either didn't get the introduction of .box as a legitimate TLD or failed to secure fritz.box in time.

Not the first time this has happened, and likely won't be the last either.

[ale42]

Currently the fritz.box domain seems to be owned by AVM (the makers of the FritzBox). Maybe it was just not existing and the local resolver on the box got confused? The domain was created in January and updated only a few days ago so things might actually have changed in the meantime...

[_joel]

.dev entered the chat

[ale42]

Are they still? I did try on a 5490 a few years ago and it totally ignored the pulses... an older one accepted the pulse dialling but it was not working all the time. Just tried with a single phone so maybe it was the phone ;-)

[themoonisachees]

I'd like the record to show that the upgraded mobile apps are significantly worse than the old ones. The old ones are currently still available to download, for now.

[bootsmann]

Routers are the most exploited IoT devices on the planet, often vulnerabilities in the router firmware persist for years without getting patched because most endusers don't patch their routers. The ISP having a way to play patches onto router and recall unpatchable ones (because they own them) is a net gain for cyber security.

[megous]

Yes, I agree that routers are key and critical.

Otherwise I would not be managing my own high quality one, based on the latest Linux kernel, and a standard, well supported and maintained software and carefully selected wifi HW with active manufacturer provided support.

I also would not be trying to isolate and disable most of the ISP provided HW/FW mess, if I believed otherwise. I don't trust ISP that did not upgrade their modem in 10 years, one bit with security of key entry point to my home network.

[mrguyorama]

But ISPs DON'T patch routers. Plenty of spectrum modems still run a decade old firmware

[matheusmoreira]

> I just put it in bridge mode, disable wifi, and all network functionality is served by my own devices.

Same. Somehow I got them to install a simple modem, one without all of the router and access point features. I thought those single purpose devices didn't exist anymore.

Bought a relatively good router, installed OpenWRT on it then bridged it to the ISP's network via their equipment. It's working well. I even have HTTPS in my LAN now.

[megous]

One interesting thing I found was that the newer Vodafone cable modem with 4 ethernet ports, after switching to bridge mode, assigns public IPv4 address to at most 1 network node connected to each wired port. So it's possible to get 4 stable public IPv4 addresses assigned to my home network and use them for whatever.

It's not a great idea to host services (especially if they can be used to identify you) on a home IP address you browse the internet with, and this is one way to get 1 IP address for browsing the net, and different 1 for serving services from home, pretty much for free.

[yonatan8070]

I just told my ISP, either I use my own router, or I switch to a different ISP.