Hi all,
Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September.
The intent is to add this as a detailed attachment to a short (paper) letter I intend to send to Paul McAleese, president of Shaw Communications, outlining my disappointment with the BlueCurve service and asking him to follow up with his residential internet division to implement improvements.
Also, after much discussion with various Shaw technical support departments, it looks like I finally have a way forward:
1. Switch out the current WiFi-only TV player device for an older coax unit 2. Put the BlueCurve gateway into bridged mode and use the D-Link router Alberto gave me to act as my home router.
For those willing to wade through its 1,250 words, I'd appreciate any comments you have. Remember, it's intended to be an attachment to the main letter. I'm not expecting Paul McAleese to read through it, although he may glance at it. I am hoping he'll pass it along to the residential internet services division.
Brian
Issues Encountered with the Shaw BlueCurve Gateway and App
* I was supplied with a CGM4141SHW gateway with custom Shaw firmware; the device's Hardware page reports it's a CGM4140COM and the Software page says it's running CGM4140COM_5.3p16s3_PROD_sey.
* The gateway's built-in DHCP server cannot be disabled. This is a big problem for me because I want to run my own DHCP server that tracks devices to which it has assigned IP addresses, and supplies the IP address of my ad-blocking DNS server instead of Shaw's servers. I've managed a partial work-around by running my own DHCP server along side Shaw's, but giving the Shaw DHCP server a range of only two IP addresses and ensuring both of them are assigned. However, often times my devices end up getting no IP address, Shaw's DNS servers, and a bad default route. (The inability to disable the DHCP server is probably needed for the Shaw BlueCurve Home app to work—much more on that later.)
* Some very important configuration items on the gateway--SSID and password, port forwarding, DMZ, parental control--are not available through its web interface and must be managed using the Shaw BlueCurve Home app. The app is available only for Apple iOS and Android devices, and specifically not available for Windows, MacOS, or Linux.
* Using an Apple/Android app is suboptimal because the standard way to configure a modern gateway/router device is to use its built-in web interface. This works for pretty much any modern small computer operating system such as Windows, MacOS, Linux, BSD, legacy UNIX (HP-UX and AIX), VMS, Android, and iOS, because they all have access to capable web browsers. But this is not an option with the CGM4141 because its web interface has been eviscerated.
* The app is available only on Apple's App Store or (officially) Google Play. However, the only way to get the app from Google Play is to set up a Google account and link it with an Android device. This is a problem for me because I see Google as a huge user-hostile American advertising company that's not subject to Canadian privacy laws, and I desire to do as little business with them as possible. To me it is unacceptable that Shaw, a Canadian company, is compelling its customers to business with American companies in order to use basic functionality for its services.
* There is an unstated assumption that all users have access to a device that will run the app. While it's likely a safe assumption for today's parents and computer-savvy users, as usual it fails to take into account various edge cases: - People who are uncomfortable with smartphones and use a feature phone instead - People who have a supposedly compatible device but its operating system has fallen behind and can't run the app - People who value their privacy and don't want to download an app that can't be audited so see if it's sending information to servers outside of Shaw, or even sending information to Shaw that's not related to the application's use
* Shaw support can set the SSID and password for the customer, but by policy cannot assist with port forwarding and DMZ issues. For this they always tell the customer to use the app.
* Additionally, the app has issues: - It's enormous! It weighs in at 204 megabytes, making it one of the largest non-game apps I've ever seen. By comparison: - WhatsApp: 41 MB - Facebook: 56 MB - Instagram: 63 MB - Facebook Messenger: 72 MB - SnapChat: 126 MB - TikTok: 183 MB - As a seasoned programmer, the app's size in relation to its capabilities raises red flags: - It looks like the development team has pulled in a huge number of libraries from all over the Android development ecosystem. I wonder why they used so many libraries instead of developing at least some of the functionality in-house. It makes me wonder about the overall capability of the development team. - The large number of libraries runs the risk of becoming a maintenance nightmare down the road because inevitably some of these libraries will become outdated, deprecated, and possibly disappear altogether. The development team could end up spending as much time or more trying to keep on top of the library dependencies as they will making improvements to the app. - Bug: Setting port forwarding in the app appeared to work, but packets were not getting through to the forwarded device (more on this 3 points down the list.) - Bug: Attempts to set up a DMZ were consistently met with "We're Having Some Trouble. Please try again. If the problem persists, check back later." (more on this 3 points down the list)
* On Google Play, complaints about the app are legion: - Overall, the app is buggy, difficult to use, and does not work as advertised - Users are often unable to sign in - App often shows the BlueCurve gateway as being offline when in fact it is not - App forgets configuration options that were previously set - Parental controls are unreliable - A video showing how the app works has not been updated for newer versions
* Google Play gives the app a score of 3.5/5. Independently, I computed an overall approve/ disapprove score based on 1,318 reviews. Reviews with 1, 2, or 3 stars were "disapprove" (even three star reviews had a tendency to point out problems) while 4 and 5 star reviews were "approve." The result was 287 approve and 1,031 disapprove, for an overall disapproval rate of 78%. The average rating from those 1,318 reviews was only 2.1, well below Google's 3.5.
* Attempts to engage various Shaw support departments on the port forwarding and DMZ portions of the app were consistently met with "Port forwarding/DMZ is something we don't support because we haven't been trained on it," even though the problem I was attempting to report was with the failure of the app to work as advertised.
On Monday, November 21, 2022 10:31:25 P.M. CST you wrote:
Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September.
(remainder snipped)
I accidentally wrote my original message as plain text and HTML, and my email client truncated the plain text part. If you usually read only in text mode, you'll need to switch to HTML to see the entire message. Sorry about that.
Brian
I put my own gateway/firewall behind the Bluecurve device, which forwards all incoming WAN data to my gateway/firewall. It means I'm double natted, but I haven't seen an issue so far. My gateway does DHCP and DNS, port forwarding, etc. My TV still works, and I use the Bluecurve device as an access point only. I don't care what Shaw does anymore, they just supply bandwidth.
Gerald
On 2022-11-21 22:31, Brian Lowe wrote:
Hi all,
Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September.
The intent is to add this as a detailed attachment to a short (paper) letter I intend to send to Paul McAleese, president of Shaw Communications, outlining my disappointment with the BlueCurve service and asking him to follow up with his residential internet division to implement improvements.
Also, after much discussion with various Shaw technical support departments, it looks like I finally have a way forward:
- Switch out the current WiFi-only TV player device for an older coax
unit
- Put the BlueCurve gateway into bridged mode and use the D-Link
router Alberto gave me to act as my home router.
For those willing to wade through its 1,250 words, I'd appreciate any comments you have. Remember, it's intended to be an attachment to the main letter. I'm not expecting Paul McAleese to read through it, although he may glance at it. I am hoping he'll pass it along to the residential internet services division.
Brian
Issues Encountered with the Shaw BlueCurve Gateway and App
- I was supplied with a CGM4141SHW gateway with custom Shaw firmware;
the device's Hardware page reports it's a CGM4140COM and the Software page says it's running CGM4140COM_5.3p16s3_PROD_sey.
- The gateway's built-in DHCP server cannot be disabled. This is a big
problem for me because I want to run my own DHCP server that tracks devices to which it has assigned IP addresses, and supplies the IP address of my ad-blocking DNS server instead of Shaw's servers. I've managed a partial work-around by running my own DHCP server along side Shaw's, but giving the Shaw DHCP server a range of only two IP addresses and ensuring both of them are assigned. However, often times my devices end up getting no IP address, Shaw's DNS servers, and a bad default route. (The inability to disable the DHCP server is probably needed for the Shaw BlueCurve Home app to work—much more on that later.)
- Some very important configuration items on the gateway--SSID and
password, port forwarding, DMZ, parental control--are not available through its web interface and must be managed using the Shaw BlueCurve Home app. The app is available only for Apple iOS and Android devices, and specifically not available for Windows, MacOS, or Linux.
- Using an Apple/Android app is suboptimal because the standard way to
configure a modern gateway/router device is to use its built-in web interface. This works for pretty much any modern small computer operating system such as Windows, MacOS, Linux, BSD, legacy UNIX (HP-UX and AIX), VMS, Android, and iOS, because they all have access to capable web browsers. But this is not an option with the CGM4141 because its web interface has been eviscerated.
- The app is available only on Apple's App Store or (officially)
Google Play. However, the only way to get the app from Google Play is to set up a Google account and link it with an Android device. This is a problem for me because I see Google as a huge user-hostile American advertising company that's not subject to Canadian privacy laws, and I desire to do as little business with them as possible. To me it is unacceptable that Shaw, a Canadian company, is compelling its customers to business with American companies in order to use basic functionality for its services.
- There is an unstated assumption that all users have access to a
device that will run the app. While it's likely a safe assumption for today's parents and computer-savvy users, as usual it fails to take into account various edge cases:
- People who are uncomfortable with smartphones and use a feature
phone instead
- People who have a supposedly compatible device but its operating
system has fallen behind and can't run the app
- People who value their privacy and don't want to download an app
that can't be audited so see if it's sending information to servers outside of Shaw, or even sending information to Shaw that's not related to the application's use
- Shaw support can set the SSID and password for the customer, but by
policy cannot assist with port forwarding and DMZ issues. For this they always tell the customer to use the app.
- Additionally, the app has issues:
- It's enormous! It weighs in at 204 megabytes, making it one of the
largest non-game apps I've ever seen. By comparison:
WhatsApp: 41 MB
Facebook: 56 MB
Instagram: 63 MB
Facebook Messenger: 72 MB
SnapChat: 126 MB
TikTok: 183 MB
As a seasoned programmer, the app's size in relation to its
capabilities raises red flags:
- It looks like the development team has pulled in a huge number of
libraries from all over the Android development ecosystem. I wonder why they used so many libraries instead of developing at least some of the functionality in-house. It makes me wonder about the overall capability of the development team.
- The large number of libraries runs the risk of becoming a
maintenance nightmare down the road because inevitably some of these libraries will become outdated, deprecated, and possibly disappear altogether. The development team could end up spending as much time or more trying to keep on top of the library dependencies as they will making improvements to the app.
- Bug: Setting port forwarding in the app appeared to work, but
packets were not getting through to the forwarded device (more on this 3 points down the list.)
- Bug: Attempts to set up a DMZ were consistently met with "We're
Having Some Trouble. Please try again. If the problem persists, check back later." (more on this 3 points down the list)
- On Google Play, complaints about the app are legion:
- Overall, the app is buggy, difficult to use, and does not work as
advertised
Users are often unable to sign in
App often shows the BlueCurve gateway as being offline when in fact
it is not
App forgets configuration options that were previously set
Parental controls are unreliable
A video showing how the app works has not been updated for newer
versions
- Google Play gives the app a score of 3.5/5. Independently, I
computed an overall approve/disapprove score based on 1,318 reviews. Reviews with 1, 2, or 3 stars were "disapprove" (even three star reviews had a tendency to point out problems) while 4 and 5 star reviews were "approve." The result was 287 approve and 1,031 disapprove, for an overall disapproval rate of 78%. The average rating from those 1,318 reviews was only 2.1, well below Google's 3.5.
- Attempts to engage various Shaw support departments on the port
forwarding and DMZ portions of the app were consistently met with "Port forwarding/DMZ is something we don't support because we haven't been trained on it," even though the problem I was attempting to report was with the failure of the app to work as advertised.
- With respect to the port forwarding, it works only when packets
arrive on the WAN port; that is, from the internet at large. The gateway is unable to route packets from the local network to the WAN port. It can route to any other available IP address on the internet except for the IP address of the WAN port. Those packets never arrive at their intended destination (confirmed by tcpdump.)
- Another option is to put the gateway into bridged mode. However,
doing so stops the TV player device from working because it uses a special WiFi connection with the gateway, and putting the gateway into bridged mode disables WiFi altogether.
- A conversation with one Shaw department revealed there would be an
additional charge if I wanted to swap out the gateway I was supplied with for a more capable device. From a customer point of view, the company is punishing its customers for being an advanced user. Perhaps that's deliberate: such customers can be difficult to deal with.
- In the end, it took a considerable amount of time working with
various support departments to determine the solution to my problems was the following:
Swap out the WiFi TV player device with one that uses co-ax instead
That done, put the gateway into bridged mode and use a third party
WiFi router to regain functionality lost with the BlueCurve gateway
- The gateway has plenty of firmware space. It's using only 143 MiB of
the 2 GiB available, so there is plenty of room to add advanced functionality.
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
I think that's a good approach in general, since you're no longer relying on the ISP or their hardware vendor to properly secure anything. There is plenty of precedent out there for the ISP consumer-side devices to have things like:
- UPnP, or as I like to think of it, "how to get your dodgy IoT devices found on Shodan"
- Default credentials to the device admin interface
I don't use my router's Wi-Fi, so nothing but my firewall talks to it at all. behind the firewall, there is a switch that supports VLANs, a couple access points, and whatever wired stuff is plugged into the switch. Internal DHCP is all done by the firewall.
Cheers, Tim
Gerald Brandt gbr@majentis.com writes:
I put my own gateway/firewall behind the Bluecurve device, which forwards all incoming WAN data to my gateway/firewall. It means I'm double natted, but I haven't seen an issue so far. My gateway does DHCP and DNS, port forwarding, etc. My TV still works, and I use the Bluecurve device as an access point only. I don't care what Shaw does anymore, they just supply bandwidth.
Gerald
On 2022-11-21 22:31, Brian Lowe wrote:
Hi all, Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September. The intent is to add this as a detailed attachment to a short (paper) letter I intend to send to Paul McAleese, president of Shaw Communications, outlining my disappointment with the BlueCurve service and asking him to follow up with his residential internet division to implement improvements. Also, after much discussion with various Shaw technical support departments, it looks like I finally have a way forward: 1. Switch out the current WiFi-only TV player device for an older coax unit 2. Put the BlueCurve gateway into bridged mode and use the D-Link router Alberto gave me to act as my home router. For those willing to wade through its 1,250 words, I'd appreciate any comments you have. Remember, it's intended to be an attachment to the main letter. I'm not expecting Paul McAleese to read through it, although he may glance at it. I am hoping he'll pass it along to the residential internet services division. Brian Issues Encountered with the Shaw BlueCurve Gateway and App * I was supplied with a CGM4141SHW gateway with custom Shaw firmware; the device's Hardware page reports it's a CGM4140COM and the Software page says it's running CGM4140COM_5.3p16s3_PROD_sey. * The gateway's built-in DHCP server cannot be disabled. This is a big problem for me because I want to run my own DHCP server that tracks devices to which it has assigned IP addresses, and supplies the IP address of my ad-blocking DNS server instead of Shaw's servers. I've managed a partial work-around by running my own DHCP server along side Shaw's, but giving the Shaw DHCP server a range of only two IP addresses and ensuring both of them are assigned. However, often times my devices end up getting no IP address, Shaw's DNS servers, and a bad default route. (The inability to disable the DHCP server is probably needed for the Shaw BlueCurve Home app to work—much more on that later.) * Some very important configuration items on the gateway--SSID and password, port forwarding, DMZ, parental control--are not available through its web interface and must be managed using the Shaw BlueCurve Home app. The app is available only for Apple iOS and Android devices, and specifically not available for Windows, MacOS, or Linux. * Using an Apple/Android app is suboptimal because the standard way to configure a modern gateway/router device is to use its built-in web interface. This works for pretty much any modern small computer operating system such as Windows, MacOS, Linux, BSD, legacy UNIX (HP-UX and AIX), VMS, Android, and iOS, because they all have access to capable web browsers. But this is not an option with the CGM4141 because its web interface has been eviscerated. * The app is available only on Apple's App Store or (officially) Google Play. However, the only way to get the app from Google Play is to set up a Google account and link it with an Android device. This is a problem for me because I see Google as a huge user-hostile American advertising company that's not subject to Canadian privacy laws, and I desire to do as little business with them as possible. To me it is unacceptable that Shaw, a Canadian company, is compelling its customers to business with American companies in order to use basic functionality for its services. * There is an unstated assumption that all users have access to a device that will run the app. While it's likely a safe assumption for today's parents and computer-savvy users, as usual it fails to take into account various edge cases: - People who are uncomfortable with smartphones and use a feature phone instead - People who have a supposedly compatible device but its operating system has fallen behind and can't run the app - People who value their privacy and don't want to download an app that can't be audited so see if it's sending information to servers outside of Shaw, or even sending information to Shaw that's not related to the application's use * Shaw support can set the SSID and password for the customer, but by policy cannot assist with port forwarding and DMZ issues. For this they always tell the customer to use the app. * Additionally, the app has issues: - It's enormous! It weighs in at 204 megabytes, making it one of the largest non-game apps I've ever seen. By comparison: - WhatsApp: 41 MB - Facebook: 56 MB - Instagram: 63 MB - Facebook Messenger: 72 MB - SnapChat: 126 MB - TikTok: 183 MB - As a seasoned programmer, the app's size in relation to its capabilities raises red flags: - It looks like the development team has pulled in a huge number of libraries from all over the Android development ecosystem. I wonder why they used so many libraries instead of developing at least some of the functionality in-house. It makes me wonder about the overall capability of the development team. - The large number of libraries runs the risk of becoming a maintenance nightmare down the road because inevitably some of these libraries will become outdated, deprecated, and possibly disappear altogether. The development team could end up spending as much time or more trying to keep on top of the library dependencies as they will making improvements to the app. - Bug: Setting port forwarding in the app appeared to work, but packets were not getting through to the forwarded device (more on this 3 points down the list.) - Bug: Attempts to set up a DMZ were consistently met with "We're Having Some Trouble. Please try again. If the problem persists, check back later." (more on this 3 points down the list) * On Google Play, complaints about the app are legion: - Overall, the app is buggy, difficult to use, and does not work as advertised - Users are often unable to sign in - App often shows the BlueCurve gateway as being offline when in fact it is not - App forgets configuration options that were previously set - Parental controls are unreliable - A video showing how the app works has not been updated for newer versions * Google Play gives the app a score of 3.5/5. Independently, I computed an overall approve/disapprove score based on 1,318 reviews. Reviews with 1, 2, or 3 stars were "disapprove" (even three star reviews had a tendency to point out problems) while 4 and 5 star reviews were "approve." The result was 287 approve and 1,031 disapprove, for an overall disapproval rate of 78%. The average rating from those 1,318 reviews was only 2.1, well below Google's 3.5. * Attempts to engage various Shaw support departments on the port forwarding and DMZ portions of the app were consistently met with "Port forwarding/DMZ is something we don't support because we haven't been trained on it," even though the problem I was attempting to report was with the failure of the app to work as advertised. * With respect to the port forwarding, it works only when packets arrive on the WAN port; that is, from the internet at large. The gateway is unable to route packets from the local network to the WAN port. It can route to any other available IP address on the internet except for the IP address of the WAN port. Those packets never arrive at their intended destination (confirmed by tcpdump.) * Another option is to put the gateway into bridged mode. However, doing so stops the TV player device from working because it uses a special WiFi connection with the gateway, and putting the gateway into bridged mode disables WiFi altogether. * A conversation with one Shaw department revealed there would be an additional charge if I wanted to swap out the gateway I was supplied with for a more capable device. From a customer point of view, the company is punishing its customers for being an advanced user. Perhaps that's deliberate: such customers can be difficult to deal with. * In the end, it took a considerable amount of time working with various support departments to determine the solution to my problems was the following: - Swap out the WiFi TV player device with one that uses co-ax instead - That done, put the gateway into bridged mode and use a third party WiFi router to regain functionality lost with the BlueCurve gateway * The gateway has plenty of firmware space. It's using only 143 MiB of the 2 GiB available, so there is plenty of room to add advanced functionality. _______________________________________________ Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On Tuesday, November 22, 2022 7:31:26 A.M. CST Gerald Brandt wrote:
I put my own gateway/firewall behind the BlueCurve device, which forwards all incoming WAN data to my gateway/firewall.
What's the setting to have the BlueCurve device forward all WAN data to your device? I tried setting up a DMZ, but the Android consistently gives an error. Did you use a bulk port forward?
Thanks, Brian
This is bridge mode. You will need your own firewall/router for bridge mode.
On Tue, 22 Nov 2022, at 17:29, Brian Lowe wrote:
On Tuesday, November 22, 2022 7:31:26 A.M. CST Gerald Brandt wrote:
I put my own gateway/firewall behind the BlueCurve device, which forwards all incoming WAN data to my gateway/firewall.
What's the setting to have the BlueCurve device forward all WAN data to your device? I tried setting up a DMZ, but the Android consistently gives an error. Did you use a bulk port forward?
Thanks, Brian
Roundtable mailing list Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable
On Tuesday, November 22, 2022 5:42:21 P.M. CST David Milton wrote:
This is bridge mode. You will need your own firewall/router for bridge mode.
Is it, though? Everything I've read and heard from Shaw Support indicates the TV player device no longer works when the BlueCurve modem is put into bridge mode, because the player needs WiFi and bridge mode turns WiFi off.
On Tue 22 Nov 2022 at 18:05:01 -06:00, Brian Lowe brian2@groupbcl.ca wrote:
On Tuesday, November 22, 2022 5:42:21 P.M. CST David Milton wrote:
This is bridge mode. You will need your own firewall/router for bridge mode.
Is it, though? Everything I've read and heard from Shaw Support indicates the TV player device no longer works when the BlueCurve modem is put into bridge mode, because the player needs WiFi and bridge mode turns WiFi off.
Quite some time ago, when I talked to Shaw about the BlueCurve device (both the "6" and "7" models, i.e., 2 RJ45 sockets and 4 RJ45 sockets), they said that it definitely has a full-fledged bridge mode, though we didn't discuss TV matters in that context.
Might the TV player be able to use your own router's Wi-Fi in this case?
Hartmut
On Tuesday, November 22, 2022 6:18:01 P.M. CST Hartmut W Sager wrote:
Might the TV player be able to use your own router's Wi-Fi in this case?
No. I covered that point in the information dump. The TV player makes use of special frequencies from the gateway device. When the device is put into bridged mode, all those frequencies are disabled and the TV player can no longer communicate. Hence the need to get a TV device that uses coax instead of WiFi,
Brian
Ah yes, I now remember reading that. So, you really want the Shaw Motorola/Arris/etc DCX-3510-M TV box, and possibly the Hitron CGNM-2250 Internet modem, which both use the incoming coax RG-6 directly. It's the classic Shaw architecture of the past (and still currently available), and I am a happy user of this arrangement.
Are you resisting this solution? Why? All it requires is pushing through the major resistance the Shaw rep will give you. :)
Hartmut
On Tue 22 Nov 2022 at 18:59:32 -06:00, Brian Lowe brian2@groupbcl.ca wrote:
On Tuesday, November 22, 2022 6:18:01 P.M. CST Hartmut W Sager wrote:
Might the TV player be able to use your own router's Wi-Fi in this case?
No. I covered that point in the information dump. The TV player makes use of special frequencies from the gateway device. When the device is put into bridged mode, all those frequencies are disabled and the TV player can no longer communicate. Hence the need to get a TV device that uses coax instead of WiFi,
Brian
On Wednesday, November 23, 2022 1:30:49 P.M. CST Hartmut W Sager wrote:
Ah yes, I now remember reading that. So, you really want the Shaw Motorola/Arris/etc DCX-3510-M TV box, and possibly the Hitron CGNM-2250 Internet modem, which both use the incoming coax RG-6 directly. It's the classic Shaw architecture of the past (and still currently available), and I am a happy user of this arrangement.
Are you resisting this solution? Why? All it requires is pushing through the major resistance the Shaw rep will give you. :)
At one point I was talking to a Shaw representative and was told there would be an additional charge for using a non-standard piece of equipment on their BlueCurve service. I got quite upset and terminated the call at that point. I should call back to get confirmation on this.
Second, Shaw may discontinue the Hitron and leave other advanced customers in the lurch by giving them the terrible CGM4141 device. I'm trying to get Shaw to upgrade the firmware in the CGM4141 so no other advanced user has to go through this pain. After all, it's their preferred gateway for their BlueCurve service, and it should work as well as or better than the Hitron.
Third, Shaw /claims/ to be a customer oriented company. Here's the profile for Bradley Shaw, Executive Chair & Chief Executive Officer:
Brad is the Executive Chair and Chief Executive Officer of the Company. Since
2010, Brad has led the transformation of the Company from a Western-based cable company to a leading Canadian connectivity company. Brad joined the Company in 1987 as a customer service representative in the call centre where he learned the importance of listening to customers, responding to their needs and delivering an exceptional customer experience. This philosophy of customer service has guided him throughout his career as he assumed senior management and executive responsibilities. Brad was instrumental in building Shaw Direct into one of North America’s leading direct-to-home satellite television providers and he played a key role in the launch of the Company’s digital home phone service in 2005. In 2016, Brad spearheaded the following two transformational transactions: the acquisition of Freedom Mobile and divestiture of Shaw Media to reposition Shaw as a leading Canadian connectivity company.
I'm putting Shaw to the test to see if they truly are customer oriented or if they're just blowing hot air. They made TWO BILLION DOLLARS IN PROFITS last year. I want them to invest some of that money into improving their BlueCurve gateway device.
Brian
Hi Brian,
I had similar problems with the Blue Curve modem in bridge mode with a firewall however there are additional issues.
1. The modem appears to block various tunnel protocols. I was unable to get an IP-IP tunnel up to Hurricane Electric and I was unable to get a GRE tunnel up to MRnet. So IPv6 is not possible through a tunnelling protocol.
2. If you get an IPv6 delegation it’s broken. You get the RA containing the /56 delegation but another RA which should contain your default route is never sent. That means you have IPv6 addresses but nowhere to forward packets. So IPv6 is not available through a delegation. We ultimately verified this with packet traces and were never able to figure out why my firewall never received the RA containing the interface link and next-hop router. Even explicit RA discovery requests were unanswered. Our final take between myself and the Shaw tech(s) was that IPv6 does not work in bridge mode. In router mode you can get a single /64 which it will configure for use with SLAAC but that takes out my firewall, internal network, and apparently also static IPv6 address assignments.
For me, IPv6 is a requirement, not an option so I was completely unable to use the Shaw service with the Blue Curve modem. I cannot remember exactly but I think at the time I started with a version 6 modem and then given a version 7 modem. Neither worked any different.
I found their support was excellent. I spent numerous hours (better part of two days) working with their support to try and resolve the above issues. The first one is apparently a known problem that dates back _years_! The second issue is also likely a bug in the Blue Curve firmware.
I would be open to virtually any alternative modem but it seems this is the only one Shaw will hand out. Instead I’m using a cable modem from TekSavvy where all of the above works fine over the same cable infrastructure. So the basic cable infrastructure is more than capable but the Blue Curve cable modem is junk.
Cheers, Dave.
On Nov 21, 2022, at 22:31, Brian Lowe brian2@groupbcl.ca wrote:
Hi all,
Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September.
The intent is to add this as a detailed attachment to a short (paper) letter I intend to send to Paul McAleese, president of Shaw Communications, outlining my disappointment with the BlueCurve service and asking him to follow up with his residential internet division to implement improvements.
Also, after much discussion with various Shaw technical support departments, it looks like I finally have a way forward:
- Switch out the current WiFi-only TV player device for an older coax unit
- Put the BlueCurve gateway into bridged mode and use the D-Link router Alberto gave me to act as my home router.
For those willing to wade through its 1,250 words, I'd appreciate any comments you have. Remember, it's intended to be an attachment to the main letter. I'm not expecting Paul McAleese to read through it, although he may glance at it. I am hoping he'll pass it along to the residential internet services division.
Brian
Issues Encountered with the Shaw BlueCurve Gateway and App
I was supplied with a CGM4141SHW gateway with custom Shaw firmware; the device's Hardware page reports it's a CGM4140COM and the Software page says it's running CGM4140COM_5.3p16s3_PROD_sey.
The gateway's built-in DHCP server cannot be disabled. This is a big problem for me because I want to run my own DHCP server that tracks devices to which it has assigned IP addresses, and supplies the IP address of my ad-blocking DNS server instead of Shaw's servers. I've managed a partial work-around by running my own DHCP server along side Shaw's, but giving the Shaw DHCP server a range of only two IP addresses and ensuring both of them are assigned. However, often times my devices end up getting no IP address, Shaw's DNS servers, and a bad default route. (The inability to disable the DHCP server is probably needed for the Shaw BlueCurve Home app to work—much more on that later.)
Some very important configuration items on the gateway--SSID and password, port forwarding, DMZ, parental control--are not available through its web interface and must be managed using the Shaw BlueCurve Home app. The app is available only for Apple iOS and Android devices, and specifically not available for Windows, MacOS, or Linux.
Using an Apple/Android app is suboptimal because the standard way to configure a modern gateway/router device is to use its built-in web interface. This works for pretty much any modern small computer operating system such as Windows, MacOS, Linux, BSD, legacy UNIX (HP-UX and AIX), VMS, Android, and iOS, because they all have access to capable web browsers. But this is not an option with the CGM4141 because its web interface has been eviscerated.
The app is available only on Apple's App Store or (officially) Google Play. However, the only way to get the app from Google Play is to set up a Google account and link it with an Android device. This is a problem for me because I see Google as a huge user-hostile American advertising company that's not subject to Canadian privacy laws, and I desire to do as little business with them as possible. To me it is unacceptable that Shaw, a Canadian company, is compelling its customers to business with American companies in order to use basic functionality for its services.
There is an unstated assumption that all users have access to a device that will run the app. While it's likely a safe assumption for today's parents and computer-savvy users, as usual it fails to take into account various edge cases:
- People who are uncomfortable with smartphones and use a feature phone instead
- People who have a supposedly compatible device but its operating system has fallen behind and can't run the app
- People who value their privacy and don't want to download an app that can't be audited so see if it's sending information to servers outside of Shaw, or even sending information to Shaw that's not related to the application's use
Shaw support can set the SSID and password for the customer, but by policy cannot assist with port forwarding and DMZ issues. For this they always tell the customer to use the app.
Additionally, the app has issues:
- It's enormous! It weighs in at 204 megabytes, making it one of the largest non-game apps I've ever seen. By comparison:
- WhatsApp: 41 MB
- Facebook: 56 MB
- Instagram: 63 MB
- Facebook Messenger: 72 MB
- SnapChat: 126 MB
- TikTok: 183 MB
- As a seasoned programmer, the app's size in relation to its capabilities raises red flags:
- It looks like the development team has pulled in a huge number of libraries from all over the Android development ecosystem. I wonder why they used so many libraries instead of developing at least some of the functionality in-house. It makes me wonder about the overall capability of the development team.
- The large number of libraries runs the risk of becoming a maintenance nightmare down the road because inevitably some of these libraries will become outdated, deprecated, and possibly disappear altogether. The development team could end up spending as much time or more trying to keep on top of the library dependencies as they will making improvements to the app.
- Bug: Setting port forwarding in the app appeared to work, but packets were not getting through to the forwarded device (more on this 3 points down the list.)
- Bug: Attempts to set up a DMZ were consistently met with "We're Having Some Trouble. Please try again. If the problem persists, check back later." (more on this 3 points down the list)
On Google Play, complaints about the app are legion:
- Overall, the app is buggy, difficult to use, and does not work as advertised
- Users are often unable to sign in
- App often shows the BlueCurve gateway as being offline when in fact it is not
- App forgets configuration options that were previously set
- Parental controls are unreliable
- A video showing how the app works has not been updated for newer versions
Google Play gives the app a score of 3.5/5. Independently, I computed an overall approve/disapprove score based on 1,318 reviews. Reviews with 1, 2, or 3 stars were "disapprove" (even three star reviews had a tendency to point out problems) while 4 and 5 star reviews were "approve." The result was 287 approve and 1,031 disapprove, for an overall disapproval rate of 78%. The average rating from those 1,318 reviews was only 2.1, well below Google's 3.5.
Attempts to engage various Shaw support departments on the port forwarding and DMZ portions of the app were consistently met with "Port forwarding/DMZ is something we don't support because we haven't been trained on it," even though the problem I was attempting to report was with the failure of the app to work as advertised.
With respect to the port forwarding, it works only when packets arrive on the WAN port; that is, from the internet at large. The gateway is unable to route packets from the local network to the WAN port. It can route to any other available IP address on the internet except for the IP address of the WAN port. Those packets never arrive at their intended destination (confirmed by tcpdump.)
Another option is to put the gateway into bridged mode. However, doing so stops the TV player device from working because it uses a special WiFi connection with the gateway, and putting the gateway into bridged mode disables WiFi altogether.
A conversation with one Shaw department revealed there would be an additional charge if I wanted to swap out the gateway I was supplied with for a more capable device. From a customer point of view, the company is punishing its customers for being an advanced user. Perhaps that's deliberate: such customers can be difficult to deal with.
In the end, it took a considerable amount of time working with various support departments to determine the solution to my problems was the following:
- Swap out the WiFi TV player device with one that uses co-ax instead
- That done, put the gateway into bridged mode and use a third party WiFi router to regain functionality lost with the BlueCurve gateway
The gateway has plenty of firmware space. It's using only 143 MiB of the 2 GiB available, so there is plenty of room to add advanced functionality.
Roundtable mailing list Roundtable@muug.ca mailto:Roundtable@muug.ca https://muug.ca/mailman/listinfo/roundtable https://muug.ca/mailman/listinfo/roundtable
On Tue 22 Nov 2022 at 15:13:19 -06:00, David Milton david@dmilton.ca wrote:
Hi Brian,
I had similar problems with the Blue Curve modem in bridge mode with a firewall however there are additional issues.
I would be open to virtually any alternative modem but it seems this is the only one Shaw will hand out. .....the Blue Curve cable modem is junk.
On Nov 21, 2022, at 22:31, Brian Lowe brian2@groupbcl.ca wrote:
Following is an information dump detailing all the issues I've encountered with the Shaw BlueCurve gateway and app since I got it installed back in September.
I'll contribute here by re-posting what I previously wrote on the subject "On forcing people to get Google accounts", where I did point out, with details, that Shaw still distributes the superb Hitron CGNM-2250 cable modem. I use that, alongside the Motorola/Arris/whatever DCX-3510-M box (also still distributed by Shaw) for Shaw TV. That way, neither my Shaw Internet nor my Shaw TV is afflicted with this space-age BlueCurve junk. And note below just how flexible the Hitron CGNM-2250 is. It also doesn't have the NAT table bugs that prevent the cheap Cisco DPC-3825 from usability with VoIP.
On Thu 03 Nov 2022 at 20:11:05 -05:00, Brian Lowe brian2@groupbcl.ca wrote:
The most egregious offender here is Shaw Communications. In order to make even basic changes to their BlueCurve modem (change the SSID or WiFi password, setup port forwarding or DMZ, apply parental controls, etc) one *must* use their Shaw Home app. They offer no alternative.
On 05 Nov 2022 at 06:42 -05h00, Hartmut W Sager wrote:
Those BlueCurve devices that look like a miniature space-age "Mars Lander" contraption cater entirely to the home entertainment crowd, who want to use their mobile (and an app) for everything. And to add insult to injury, it's "all or nothing" re bridge mode - no selective IP pass-thru per RJ-45 socket.
Shaw still distributes the superb Hitron CGNM-2250 cable modem/router combo, which I've been using for a number of years. It's the finest Shaw modem I've ever had (though the Motorola/Arris/whatever 3848V is probably also excellent), and the Hitron is configured the usual way via 192.168.0.1 from a local computer wired to one of its 4 RJ-45 sockets.
The Hitron CGNM-2250 does have selective IP pass-thru per RJ-45 socket (of its 4 RJ-45 sockets) - 2 of my 3 Shaw IP addresses are passed thru this way, and the 3rd one simply does the normal thing in the Hitron CGNM-2250. And the Hitron CGNM-2250 certainly lets you configure SSID names (2.4 GHz and 5 GHz), Wi-Fi passwords, Wi-Fi guest, several other parameters, and DMZ.
The main problem is, convincing the Shaw rep (on the phone) that you really want this device, and I had to forego a bit of financial incentive when I later added Shaw Limited TV but insisted on retaining the Hitron CGNM-2250 instead of switching to the "Mars Lander".
Hartmut
-
Brian Lowe -
David Milton -
Gerald Brandt -
Hartmut W Sager -
Tim Lavoie