Debating whether to update to 384

[Johnny]

Any significant benefit of updating to the new codebase 384? Like increased performance? Better security?

I've read the changelog, but still on the fence.

 

[adampk17]

Security updates?

 

[Morac]

What are you updating from? I find the wireless to be more stable than the 382 release and there’s more bug fixes in the 384 release than what’s listed in the change log.

 

[Johnny]

I would be updating from 380.68_4 on a RT-AC5300. Right now its stable and haven't had issues for 3 months.

Still dont know if its worth the risk of updating and having to run into stability issues. Maybe I should wait for a few more releases?

I'm thinking I'm willing to update if its a vast improvement due to codebase change or since my boot time is 3-4 mins. If the code base improves the boot time to 1 minute, thats something I'm very interested in knowing to update.

 

[s dr]

I'm in the same boat with a 5300 on 380.65. The main thing we would get would be fix for KRACK vulnerability.

There are several issues still being reported for 5300's in the release thread. So I'm holding off for now.

I don't like having that vulnerability but I don't have anything to steal so it's not imperative it be closed right now. If it was I would have bought a replacement router that was secure already.

 

[RMerlin]

I'm in the same boat with a 5300 on 380.65. The main thing we would get would be fix for KRACK vulnerability.

There are several issues still being reported for 5300's in the release thread. So I'm holding off for now.

I don't like having that vulnerability but I don't have anything to steal so it's not imperative it be closed right now. If it was I would have bought a replacement router that was secure already.

Your router is only vulnerable to KRACK if running as a repeater or media bridge. Your clients are the ones in need of patching.

 

[orion44]

I'm an RT-AC5300 owner on the fence as well. While I can deal with the royal PITA of a one-time factory reset for the 384 codebase, I have no time budget for a stability issues. 380 has been beyond rock solid for me, but I understand if I want to cling to it, I'll be SOL for future security patches.

 

[joegreat]

I vote for "do it"!
Based on my smooth experience coming from 380.69_2 (with a dirty update - no factory reset and re-config).

 

[eastavin]

I'm an RT-AC5300 owner on the fence as well. While I can deal with the royal PITA of a one-time factory reset for the 384 codebase, I have no time budget for a stability issues. 380 has been beyond rock solid for me, but I understand if I want to cling to it, I'll be SOL for future security patches.

If its not broke I generally say no need to 'fix it'. So as long as you are getting security updates stay on 380. While moving to 384 was painless (merlin did a great job) I get the sense that Asus has not attended to a lot of things that needed fixing in the rush to get their mesh f/w to market and this finds it way into Asus-Merlin. If you enjoy what you have then stick with 380 another six - eight months and then think it over again.

 

[s dr]

Your router is only vulnerable to KRACK if running as a repeater or media bridge. Your clients are the ones in need of patching.

Right but it's exactly my clients I'm concerned about. Correct me if I am wrong, but I gathered the security fix in 384 will protect the unit from unpatched clients as well?

 

[RMerlin]

Right but it's exactly my clients I'm concerned about. Correct me if I am wrong, but I gathered the security fix in 384 will protect the unit from unpatched clients as well?

No. Your clients will require fixing, the router cannot protect them. KRACK is a client-side exploit.

 

[s dr]

No. Your clients will require fixing, the router cannot protect them. KRACK is a client-side exploit.

Then there is no fix. It's like accidentally giving the world a master key to every door and lock in your house house then trusting they will give it back and exchange it for a key that just opens your shed as you intended. Asking for the master key back doesn't solve the problem.

Except it's not just one house. Everyone in the world has the master key to everyone's doors.

I know people have implemented checks for the reinsertion techniques the exploit uses, but these are obviously not going to be foolproof, and are beyond the scope of your heroic efforts to implement.

This seems like a nightmare example of why closed source security protocol design is bad.