None of the IoT crap can open ports but I don't need to use a web UI to temporarily open a port on my computer.
I know plenty of shitty routers have terrible security on it and should have it disabled by default, but the protocol itself is pretty useful.
The first thing I would do with a typical residential Internet connection is to ask the ISP to give me an ONT so that I can use my own router, a commodity x86 PC running Linux. Their underpowered plastic boxes simply won't cut it when it comes to complex firewall rules and high VPN throughput. I also don't want to deal with their shitty web UIs and would rather script the setup I want.
I bought my Fritz!Box. My ISP has no control over it. TR-069 and other upstream management protocols have been disabled completely.
So far, I'm easily getting gigabit+ speeds across both IPv4 and IPv6. VPN is too much to ask (beyond emergency LAN access, I suppose) but that's what the home server is for.
The web UI is kind of nice, actually. Maybe not to everyone's taste, but the firewall management is a lot less of a clusterfuck than trying to properly configure simple port redirects over the command line. Heaps better than OpenWRT in my opinion. I've run my own Debian router box for a few years and I can say I'm doing just fine without.
Not at all. They had security bugs, sure, but not constantly. Each device has a randomized admin password from the factory. Some changes require physical hardware access because one needs to press a button to confirm. They support the hardware for ages. Their 7490 model just got a feature firmware update. The model is 13 years old!
In Germany, if you ask someone where his router is he might not know what you talk about. But he understand if you asked about "your fritzbox". (Even in cases where they have something else.)
But enough of the glazing. In 2024 they got sold to private equity. Lets see how the enshittification will treat them.
I'm most curious about the fact that this program has ~30,000 lines of included headers to simply generate a static string (the XML output).
Obviously if you were generating large XML payloads repeatedly, then including a dependency would be a good idea, but this implementation is using "inja.hpp" which in turn requires "json.hpp" to output what is effectively a concatenated string.
Why not just use Qt's built in QStringLiteral and feed it the (short) bit of XML to it along with your 4 variables, similar to a sprintf?
The official SDK installer GUI does require a login, but you don't have to use it in order to download or use Qt at all.
Not only can you download all the individual components that the GUI fetches via download.qt.io yourself, there's also third-party installers like aqtinstall, as well as many different OS package managers that provide Qt binaries.
git clone --branch v6.10.1 https://code.qt.io/qt/qt5.git .
They do require a login to download precompiled binaries, but what self-respecting Hacker News reader wants those?!
Ok, I'll admit, I've done it. And yes, I received Qt marketing at that email alias for a while, but they've stopped.
And remember, Qt has an LPGL license too, not just Commercial and GPL.
EDIT: Ah, ranger_danger pointed out that https://download.qt.io/archive/qt/6.10/ hosts binaries with no login required as well!
even then, they're freely accessible and there's a simple CLI to get them.
uvx --from aqtinstall aqt install-qt linux desktop 6.10.1
If this is a problem with a home connection then you'd want to use a relay. A small 1C CPU box at some cloud provider.
Make that the "hub" that everything connects to and then you don't have to worry about the residential connection changing IPs
But if you don’t have it on, software just falls back to STUN, which achieves the same exact result as upnp, just an order of magnitude slower and less reliably (though doesn’t require any router configuration or cooperation)
Source: https://github.com/lostmsu/PortForwarding/blob/lost/PortOpen... (uses a custom fork of Mono.Nat).
Having said that, I still disable UPnP on my routers if it's enabled by default... just feels safer that way. Even if the intended use of the port forward is legitimate, other non-legitimate folks on the public internet could presumably use that port forward as well to exploit a vulnerability in the software in my network that's on the other end of that port.
I'm also not sure how relevant UPnP is these days, with many people on the internet behind CGNAT, not even getting a publicly-addressable IPv4 at their home router. I suppose many of those people have routable IPv6 addresses, though, assuming UPnP port forwarding supports IPv6.
jeffbee•10h ago
vablings•9h ago
matt_kn•9h ago
jeffbee•9h ago