top | item 17645753

(no title)

Telling that the summary advice is “change the default password”, even if some of the other ideas are deployed user involvement is near zero if not completely zero. I wonder how impactful it would be to roll out a totally read-only router, or if the necessity of updates and maintenance would generate too much headache for the user

discuss

kyrra|7 years ago

(I'm a Googler, opinions are my own).

I think this is one of the awesome things about Google Wifi (aka: OnHub). It's fully managed from a phone app (via "the cloud"), so you get the authentication tied to your gmail account. It's also based on ChromeOs (chromebook OS), and follows a similar auto-update that Chromebooks get. So you are always running the latest firmware.

(There are obviously downsides to Google Wifi, my primary issue being that it doesn't have many of the advanced features that something like UniFi has. But for most people, it works well.).

billions|7 years ago

While your points are valid, it is a bit disconcerting to have the world's largest data monetizer watch all of a home's traffic. Google's promised benevolence may be temporary

chungy|7 years ago

Perhaps it's just because I'm not in the target demographic, but this is exactly the reason that Google Wifi is completely out of consideration if I ever need to buy a new router.

Give me local ssh and WebUI. No cloud, no phone apps.

dsr_|7 years ago

It will be particularly awesome on the day that Google's complaints system decides to close your account without recourse.

Not that that has ever happened, of course.

securityn0w|7 years ago

I installed Google WiFi for a friend.

I found aggravating that:

- I need a smart phone and install an app to set up and configure the router.

- I also like the effort of simplifying the router configuration but I found it is lacking an "advanced mode"

- why if the Internet is down, the internal network does not work at all?

amaccuish|7 years ago

Sorry but cloud is not an option on routers for me. I've had too many from various manufacturers that completely break if there is no internet.

Fnoord|7 years ago

UniFi products also work from the cloud, if you enable that (it is optional) and you're not tied into the system of one of the largest data gatherers in the world.

Microsoft with Windows 10 uses machine learning to figure out when its most convenient for the user to update (latest Insider build has this function). Either way, Windows has come a long way from 9x randomly crashing and every other piece of software requiring a reboot.

jdlyga|7 years ago

If only Google Wifi worked with wired connections, I would've considered buying one. I ended up going the Ubiquity route, and couldn't be happier.

h4b4n3r0|7 years ago

Can you elucidate just _why_ it is necessary for a router to be managed through the cloud?

Operyl|7 years ago

AT&T and a few others currently deal with this problem by having a random password assigned for the admin user printed on a sticker on the side of their Modem/Router combo boxes. It seems to work pretty well.

ryanianian|7 years ago

Got a new netgear router the other day and it used this. Default admin and default wpa2 key were randomly-generated at the factory and printed on the back of the router. If/when my parents need a new router I'm going to have them get one of these and never have to guide them through the security gui again.

paulie_a|7 years ago

While I do like the idea, att boxes are very low quality and drop wifi connections constantly. I've always installed a ubuqiti router and AP. Apparently it's impossible to disable the firewall on the att box also. I've actually called att and had the conversation: "can you enable some ports". CSR, which ones? Tcp and udp 1-65,535...

SubiculumCode|7 years ago

imo, it's none of my isp's business what I have on my network and so use my own network equipment.

noja|7 years ago

Print the randomly generated password on a sticker on the router. Problem solved.

Mister_Snuggles|7 years ago

This is what my ISP does for their router/cable modem combo. There's a sticker that tells you the SSID, the password for the SSID, the URL for the web interface along with the user ID and password. The passwords are both randomly generated.

They will also put it into bridge mode for you where none of that stuff applies.

thomastjeffery|7 years ago

The problem with that is that they pick awful sets to generate from.

Instead of a string of random letters and numbers, they should be a string of words.

It's frustrating to visit someone's home, and have to enter (on a phone keyboard, no less) some lengthy gibberish that they never bothered to change.

frockington|7 years ago

The only con I can think to that is the initial influx of support questions. I have no idea why this is not the default now, its simple, user friendly, and way more secure

bradenb|7 years ago

The idea of a completely read-only router is really interesting. I used to buy hardware that would only work with open firmware -- I used to love to constantly update and mess with DD-WRT. But in more recent years I've just started buying high-performing hardware and skipping the customization beyond SSID and passwords. With faster connections, UPNP, and decent default QoS policies I pretty much never have to configure my access points or routers anymore. I'm pretty sure the average consumer has no desire to configure anything.

brandonsometig|7 years ago

UPNP can be an absolute security nightmare however, it's the sole reason so many IP cameras, NAS drives and IOT devices are internet accessible.

It's your network of course but it would be the first thing I'd turn off.

dev_dull|7 years ago

I don’t know how it’s possible to be read only. It needs to update things like routes and arp tables. That’s exactly the type of stuff that gets poisoned when attacked.