I don't understand why people say there are no firmware updates.
Between my house, my parents' house and my girlfriend's parents' house, I have set up 4 different types of TP-Link routers. To my surprise, all of them continue to receive firmware updates years after launch. Most recently last month on some models.
I don't get the hate. They're cheap, they work and they have SOME security features which make them more than adequate for home use.
They're not perfect, but then again, for the price point, what do people expect?
Agreed. Are TP-Link the bastion of advanced security/tech/features and futureproofing? No. But they do what they say they do on the box, and do it reliably which unfortunately is more than you can say for a lot of things these days, no matter the price/payment model.
If you just need a basic ass device for simple non-critical shit without a bunch of proprietary bullshit and dark patterns, it's hard to beat TPLink for the money.
The fact that they still get support/updates long passed the typical lifespan of competing devices several times their price point is just icing on the cake.
The "hate" is the same as the backlash to Huawei, which is the suspicion that there's Chinese government-accessible backdoors that can cripple infrastructure.
However, as far as I'm aware none of that has been found yet. And since multiple countries have state-level and state-funded hackers / IT security experts who have the time, budget, and capability to completely dismantle and disassemble these devices (plus enthousiastic hobbyists), you'd think they would have found concrete evidence already. If there was any.
I have faith in "our" capacity to uncover backdoors.
I suspect its likely because TP-Link tells/is forced to tell the Chinese government about 0days that are still unpatched which would give them the advantage to conduct large scale espionage and recon before its fixed.
Very similar to how Microsoft gives the same info about 0days to the NSA to use for the same exact reason.
> I suspect its likely because TP-Link tells/is forced to tell the Chinese government...
I think if we are there, then we should assume all 0days are known by various states before patches are available regardless of whether companies are setup to share that information or not. You don't need to get the company to share that information, just one person in a company, and I don't really see that as being a challenging task for a state to do.
I dunno if they're the next biggest, but they are one of the largest in the consumer space. They've been the best selling networking devices on Amazon for nearly a decade and ISPs use their products when bundling WiFi setups with ISP service (although those are usually centrally managed by the ISPs themselves)
Why take that chance, for some slightly cheaper routers?
I have respect for human creativity, and the limits of public servants. Its not easy to keep constant vigilance against all possible backdoors. Easier to restrict core infra devices from openly hostile areas.
Why take the chance that the food you buy from the grocer may be contaminated? I have respect for human creativity, and the limits of farmers. It's not easy to keep constant vigilance against all sources of contamination. Easier to restrict food to only what you produce yourself.
Glibness aside, there's clearly a continuum to the concept of 'we live in a society', and to how far the monkey brain's tribe extends. But the argument against routers is clearly arising from a biased set of priors, whether fairly or unfairly.
Because it's a strategic issue. The internet is critical infrastructure. While TP-Link might not have contracts with ISPs and datacenters, it doesn't take a lot of imagination to think what damage you could have with 30% of the home / small business routers under your control.
This could range from plausible deniability stuff (like the examples in the article), to targeted investigations / attacks (Bob who works at the Gov Accounting office for Miliary Spending), all the way to a 100-million unit botnet turning to provide a few days of distraction ("Bad hackers compromised our OTA system. Sorry!") on while a certain island is being eminant-domained.
Your food example is not the same. You can't trojan-horse an apple pie, or target an individual customer from the supplier-side (yet). If you decided to poison them, that's pulling the pin from the grenade right now.
> Why take the chance that the food you buy from the grocer may be contaminated?
Food doesn’t have the incentives here, and because the FDA is involved with food production they regularly discovers issues and issues recalls etc. Even better manufactures can no longer influence food after it enters a distribution center limiting their ability to hide issues.
Now suppose you deploy a home router with automatic updates, that’s not necessarily malicious but means the device can be under the manufacturer’s control whenever they wish. Saying we haven’t discovered malicious activity is therefore meaningless here.
Because I don't think the chance of getting a compromised router is any greater than any other router. Chance probably higher there's a US government backdoor in other routers.
> which is the suspicion that there's Chinese government-accessible backdoors that can cripple infrastructure.
Which is real rich coming from the US after the Snowden leaks showed Cisco was willingly cooperating with the NSA and planting NSA backdoors in their hardware destined for overseas.
Them wanting to ban TP-Link (and Huawei) have nothing to do with cybersecurity and more to do with "We don't want to allow anyone else to play the same game we are playing."
I didn't realise there was so much TP-Link hate - as consumer networking gear goes I think they're pretty good and trustworthy. Vs. say Tenda or XGFHIU.
(I use mainly Mikrotik at home, but my only AP currently is a TP-link 'extender' (it's 'extending' via ethernet, and the only AP doing so), it's ok.)
Kind of like Anker in batteries and earphones: maybe at some point it was the 'dodgy Chinese brand', but now a solid contender/front-running third-party.
I don't if there's any connection (no pun intended) but in my head TP-Link kind of took over from D-Link at some point as a sort of low-end-Netgear/Asus competitor.
Absolutely. I have an older unmanaged switch that is still getting updates MANY years later. I've been consistently impressed with TP-Link. I even picked up a WiFi 7 router with all this talk of banning them. Just feels like politicians removing players from the market so the companies they can invest in do better since they are the only choice available.
It would be great if someone had compiled some data (with sources) on home routers based on release dates and date of last firmware update received. That could be translated into a “sw sustainability index” for home router vendors which I believe would be useful.
I just brought a new TP-Link (Omada brand) to replace a (also fairly new) D-Link router that would just stop working, every couple of weeks; requiring a reboot.
The performance of my network immediately jumped up.
The D-Link might have a hardware issue (but it’s not worth trying to get them to address it, as it’s intermittent by weeks, and they’ll just gaslight me, if I try), or it could just be crap firmware. A lot of hardware companies treat their firmware teams like shit.
Doesn’t matter. I’m avoiding their routers, in the future. I have had good luck with their switches, though.
As someone from Europe, I certainly am at least equally uncomfortable with products from the US. Made in USA to me equals zero concept of privacy protection but plenty state surveillance (CLOUD Act, Cisco having hard coded back doors every two weeks etc.) and recently even lack of rule of law and even threats of annexation of European land and interference in domestic elections.
Sure, China will probably also spy and conduct industrial espionage, just as the US, but they appear to be a rational actor and have never threatened the sovereignty of European countries.
the US has a recent history of extra-terrestrial law enforcement, both in ally countries (kim dotcom, meng wanzhou), and non-ally countries (bin laden). that's the main fear. w.r.t. the US, everybody is at risk, all the time.
if you don't do anything wrong, you won't get into trouble, and out of 8 billion people in the world, only a handful of people get in trouble. the problem is, the definition of trouble can change.
Who can guarantee that the Cisco/UniFi or whatever Made in USA gear won't be a host to a state sanctioned "lawful interception software" politely pushed to many devices with the help of a National Security Letter?
Is this supposed to be some kind of gotcha? Of course this can happen. and not only I support it but I think they should do it more and use it to get a shot on any criminal or foreign power.
We can do it, but we shouldn’t expose ourselves for the possibility of our opponents doing it. That simple
I'm neither from US nor from China, so I don't belong to either "we". So in my case no hardware is safer unless I design the board and develop the firmware on top of it.
Even then, I'm not sure whether there are hardware vulnerabilities baked in.
I think it’s safe to say that by “We” we can assume it would be your country and its allies.
War and spying has been a thing for a long time now. I think it’s unreasonable to expect countries to not make use of their respective industries and enterprises to get an edge on each other.
The fact is that this kind of hardware is just very good for that so as I a costumer, I feel you and I think the best we can do is buy a custom hardware and install a custom OS. Like open-wrt.
But I will not complain of my country doing that because when I see adversaries doing it, it’s completely reasonable that it also do. In fact, game theory, mandates it.
Sometimes your own government is the most likely to spy on you.
> Yeah, the most realistic trade-off might be installing OpenWRT and some tripwires to see whether anyone is trying to do something nefarious remotely.
I agree with that, but its beyond the reach of most people.
I think zero trust or low trust within your LAN is also a good idea. So is firewalling ISP supplied routers.
If a government has a backdoor it can be exploited. What if your US made router's backdoor is discovered and abused by a Chinese party? No backdoor can be made to only exclusively be unlocked by its creator.
I do not know those countries, but in South, South East and East Asia the US is not the threat, its a potential ally against China. In most of Europe it is an important ally.
Allies to spy on each other, but they are not a threat in the way actual or potential enemies are. The fact the the US spied on Germany, and Britain spied on Belgium does not really make them threats.
It was an important ally, Europe is currently investing billions in uncoupling its reliance on both Russia (for natural resources) and the US (for defence and natural resources) because neither party can be trusted anymore.
> Europe is currently investing billions in uncoupling its reliance on both Russia (for natural resources) and the US (for defence and natural resources)
Russia, yes.
I do not see any real expectation of Europe not being reliant on the US. See the many discussion here about reliance on US cloud services. Where else are these natural resources to come from? Where is the technology or the money to scale up to what the US has?
Can you link to a source where that's demonstrated? If these devices have a backdoor surely both HN hackes and the NSA would have found it by now, right?
The same is true of any country, including the USA. Australia & the UK have laws to that effect, and the USA backdoored RSA and Juniper off the top of my head.
Unless you run purely open source, your only choice always has been which country had open slather to spy on you. There are no real contenders for open source phones right now, so for most of us guaranteed privacy was never a choice. (I have high hopes for Halium in the future, as I hate this.)
For those of us in East Asia or some country like Iran or Venezuela that the US likes to bomb periodically, China is the least objectionable spy master. Those of us in the West chose USA, as they were a reliable trusted ally. Then Trump arrived on the scene and make things complicated.
I'm always surprised how few people know as pedestrians to look at me, the driver and not my car. Some don't even look at the car. I developed a habit of looking for their gaze and if they don't look back, assume they're not fully aware and just am more cautious.
This works because I, as a human, know this and can compensate when they just rush the crosswalk without being fully aware of their surroundings.
Just because a pedestrian is looking in your direction, it doesn't mean they can actually meet your gaze. I don't drive and always try to make eye contact with drivers, but tinted windows and windshield glare often make it impossible in reality.
So I will stare at where I know the driver's face ought to be, but I can't actually tell whether they have seen me. Tinted windows darken the inside of the car and that makes windshield glare all I can actually see.
It's probably equally simple for a machine (if not simpler) to figure out if a human has looked at the oncoming vehicle with sufficiently advanced cameras and computer vision. However, we use a lot more hints (change of pace, facial expressions that indicate presence and focus, nodding etc), which, while not outside the realm of AI CV, would surely need lots of training, yet it comes pretty naturally to humans.
The GP was talking about the driver knowing if the "human has seen the machine".
For the inverse problem, we could simply start adding screens (instead of windshields?) to self-driving cars that acknowledge the pedestrians in a particular way (when there's only a few people, in the Black Mirror realm, they'd actually greet them by name using facial recognition and universal DB of everyone :).
What? I was absolutely talking about human cyclists and pedestrians needing to know that the machine sees the human, and not by blind faith, but through some active explicit demonstrable indication.
Of course there is, the behavior of the machine should be the same as of a driver - the car shaped object starts to slow down in a way that will make it stop before hitting me at the pedestrian crossing.
It is not possible for me to see you in your car with any sort of reliability; even if I could the benefits are dubious and again, unreliable.
Looking at your car is all I need anyway - I can tell if you've seen me by your behavior, you're either slowing down to yield to me or you're not. If you're not, the only possible outcome of knowing you're seeing me is being misled into stepping into your path of travel.
It's not all or nothing. A hundred different things all add up and none of them do the entire job, nor are entirely unnecessary simply because they don't do the entire job.
Hey I'm always surprised at how many pedestrians walk around all in black (or dark) with no light, no reflecting stripe, no nothing and no care in the world. Even with the best of intention of drivers, it's a death wish. And it's everywhere.
Everyone's experience is valid, I guess, but way to lose the thread within 2 sentences. You start by saying how COMPULSORY military service would help and end by saying that a military comprised of people who are there because they have no other choice is not ideal. You really don't see the disconnect? Your solution to having less people there with no other choice is by giving EVERYBODY no other choice? Way to solve a problem.
Also, how gracious of you to solve other people's problems. "Youths are having trouble with fitness. Compulsory military service would help them". Cool story. People are too fat? Let them be. Who are you to start solving other people's problems against their will? Did the youths ask for your help? You might think you're being helpful, but what you're ACTUALLY saying is "Yeah, if all you young people would be more fit, it would help ME out in case of a conflict." Mighty altruistic. Thanks for the tip.
They do, desperately so. There is a reason we have an entire internet economy of influencers and hucksters targeting in particular disoriented young men. They're pretty much begging for someone to provide meaning, discipline, comradery the kind of which traditionally you experience in for example military service and instead we leave them to Andrew Tate.
We have huge issues with young people delaying adulthood, not having structure, feeling useless and so on. Demanding someone serve their country is to take them seriously, give them responsibility and to provide them with a good reason to cultivate character.
I've used Logitech peripherals all my life and I stand by them. Specific to the keyboard, here's my experience of switching over to mechanical. I asked around, and people did recommend building my own, which I was cool with, but my needs were pretty specific and informed by my old keyboard (that I had used for 10+ years and had gotten accustomed to). I wanted a very specific layout: US International, the ISO variant (with the square(ish) Enter), but the 104-key, without the extra key next to the left Shift. It's not very common, but it's the one I use, and not many manufacturers use it (especially custom mechanical boards). I also wanted media keys and some programmable keys for macros.
After looking around for a while, I mostly found 10-key-less custom boards, very few full keyboards and none were the exact layout I wanted (they were either ANSI with the small Enter, which I hate, or 105-key ISO, which I would have also hated). Not to mention lacking media keys and/or programmable keys. Then I found my current keyboard. The Logitech G915 Lightspeed.
It is EXACTLY what I wanted. Has the correct layout, has media keys, has programmable keys, it's dual wireless (Bluetooth and their Lightspeed connector, which is definitely more reliable than Bluetooth, I have to tell you; also it works before booting into Windows, which Bluetooth does not, so I don't have to use a different keyboard for BIOS), the battery lasts FOREVER (3-4 weeks, including me turning on the lighting at night) and is replaceable. It uses Kailh Low-profile switches, which although uncommon, can be found online, and, while not hotswappable, can be replaced in the event of failure.
The MRSP is 250 EUR, I got it for 150 new, which is a steal. With that money I basically bought myself a keyboard which I can conceivably use for the next 20 years, no problem (factoring in inevitable key repairs and battery replacement(s), of course).
Don't know about you, but I'm happy with my choice and purchase and would wholeheartedly recommend it to anyone. In fact, after using it for a while, I also purchased the G502 Wireless mouse, which I also love.
So, yeah, for some people, Logitech peripherals are exactly what they need.
Holy effin' moly I am not alone... square Enter, no stupid shift slashes placement. It took me forever to find something (actually didn't - Roccat I have have this idiotic tiny Enter, but good volume control knob which is super useful too), and I don't even want bluetooth since I never move it around.
Logitech G915 looks great if it just used the cable, it seems to have volume knob/roller too. Too bad there isn't wired cheaper equivalent, at least I don't see any.
You're in luck, friend. G815. Exactly the same keyboard, but wired. Unfortunately, I can't seem to find pictures of it with this exact layout (seems to have the 105-key layout).
That having been said, more good news. My model came with the same pictures, but it was the 104-key layout, so it might vary by region, I guess. Look around and see what you can find at your local retailers.
Even more good news, even if you can't find the G815, the G915 DOES work by wire, if you really want to. You can hook it up via micro USB. Even comes with a cable.
Also, might I suggest you at least try a wireless keyboard. OK, so you don't move it. Valid argument. Neither do I, but the lack of one MORE cable on my desk, plus the ability to just yank it off the desk for cleaning, with having to unplug it, well worth it.
What layout has shift-slashes? I'm using a UK keymap with a 105-key ISO keyboard. Slashes are the keys one in from left/right shift. Shift-\ = | and Shift-/ = ?. Is there some common layout where these are reversed as to which is the shift key?
As you can see, in the US variant, it does not have the shift slashes, so it's 104 keys instead of 105. They're not reversed, it's just that the left shift is full size and the slash is near the Enter. From what I've seen, though, it's not merely a US/UK difference, as some manufacturers will keep the left Shift slash button as a double, just to respect the 105-key standard. To me, and apparently @saiya-jin, this is very annoying.
Before I decided on this keyboard, I shopped around found WASD. They do customizable prebuilt mechanical keyboards. Pretty nice. They also have the ISO layout variant, as well as the ANSI variant. Even nicer. But check out these comparison shots I took from their configurator:
It's funny how so many people came here to complain about the state of the internet... on the internet. Maybe it's just me and I don't get it, but if you don't want to be on the internet anymore, just yank the ethernet cable out of your computer and cancel your plan. One less bill to pay, right?
Coming here to complain and not seeing the ridiculousness in it makes me think some of the people in this thread need to take a long look at themselves and ponder if they might, in fact, be part of a certain cohort that actually makes the internet a worse place to be.
For most people here, getting rid of the internet would also mean changing careers to one of the few remaining things you can do professionally without using the internet.
"You criticize thing yet you also use it, how curious" is such a banal take it's literally a meme.
My apologies for the banality. The completely obvious truth that internet is a necessity in 2021 somehow escaped me... Or maybe it didn't and that was the whole point.
Given that these people are here, they are obviously engaging in internet usage that IS NOT part of their job (I've yet to see a job posting where reading HN is a requirement). Nobody is pushing anybody to use certain parts of the internet. Don't like some parts? Don't use them. Don't like any parts of it? Then yeah, yank the cable out and enjoy... or endure, whatever the case may be. Be it career or anything else that's stopping you from yanking the cable, well then... it might be that the internet isn't that bad. Not as bad as losing your job, anyway, so WHY COMPLAIN?
Using the internet strictly for utilitarian purposes is possible. Do that and then use the rest of your time to go out with your buddies. Don't have any? That might just be because (and this was my second point) you're a negative and possibly toxic person. The kind people don't want to be around and that MAKE THE INTERNET A LESS APPEALING PLACE.
Did I adequately rephrase my take to be less banal?
Thanks your position is much more clear to me now.
Why the aversion to complaining? Sometimes things are bad and need changing, and sometimes all you can do is complain. There's a certain alure to saying "don't like it don't use it" and that being the end of it, but at the same time it doesn't acknowledge the fact that these concerns might be legitimate, and sure, something else can always be worse, but that doesn't really address the issues at hand.
The alternative to what the internet is now isn't no internet, change for the better is possible.
There are real structural issues with how the internet is de facto to most people, these are issues of power, governance and capital, turning your back on them doesn't make them go away. I understand why people can feel immense frustration at the current state of the internet (and perhaps the world in general) without making the drastic step to restructure their life around avoiding a utility most of the world runs on.
I have a theory and why the internet is the way it is. It's because it's mainstream. It used to be "better" (as some would put it) because it was niche. Only the passionate and the interested were on it. Nowadays everybody and their grandma is on a social network... literally. Stands to reason the space would "devolve". Why? Because of what Carlin once said (paraphrasing): Imagine how stupid the average person is. Now realize half of the world is even dumber than that.
Most of the complaints here were basically about human behavior on the internet. If it were complaints about actual technical problems or engineering problems related to the internet, I'd get it. I mean, you could argue that Facebook being a walled garden is actually a structural problem of the internet, but really, it isn't. The internet hasn't fundamentally technically changed. You can reach content outside of those silos if you want and search for it (i.e. you're actually interested), but guess what? People don't want to leave that walled garden. They want stupid videos, recycled quotes and propaganda. Propaganda is soothing. Searching outside of your silo would run you the risk of finding conflicting opinions, or God forbid, conflicting evidence.
The internet is "worse" today then it was some years ago because more and more dumb, ignorant and uninterested people are on it. Which is to say the internet now more resembles the real world then it did long ago, when it more resembled a (somewhat) private club for more interested and passionate, educated people.
The way I see it, the world has always been full of dumb people who screw it up for everyone. The internet just makes it much easier to see.
So I don't have an aversion. I understand the frustration as well, I just find complaining about it risible. Given that complaining identifies the problem and nudges people towards a solution, how do you cure mediocrity and stupidity?
P.S. When you have a chance, check out "The basic laws of human stupidity" by Carlo M. Cipolla. It's a 15 minute read and well worth it. You'll get a better understanding of where I come from.
I assume the complaints about "the internet" are mostly referring to the parts of the web people interact with most frequently, which would definitely not include HN comments. facebook.com alone probably serves more page requests in an hour than ycombinator.com does in a year.
The author of the article used the word "patriarchal". And the category for the article is Objectification.
OK, clearly, this "project" is of an inflammatory nature, I'll give you that, but can we please not spiral into a SJW discussion on Hacker News?
From what I can gather it's just a bunch of trolls making fun of fat people (there are men there, too). Not the most noble of pastimes, but not Hacker News worthy neither.
Between my house, my parents' house and my girlfriend's parents' house, I have set up 4 different types of TP-Link routers. To my surprise, all of them continue to receive firmware updates years after launch. Most recently last month on some models.
I don't get the hate. They're cheap, they work and they have SOME security features which make them more than adequate for home use.
They're not perfect, but then again, for the price point, what do people expect?