• irotsoma@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    4 hours ago

    I mean this is pretty standard in all industries regardless of whether it’s a software flaw or a physical flaw in any other kind of product. What’s the likelihood of a vacuum manufacturer replacing a part in a 15 year old product that had a 1 year warrantee even if it’s a safety issue? Sure the delivery and installation is cheaper with software, but the engineering and development isn’t, especially if the environment for building it has to be recreated.

    • SplashJackson@lemmy.ca
      link
      fedilink
      English
      arrow-up
      13
      ·
      3 hours ago

      I work for a manufacturer with part catalogues going back to 1921, and while the telegraph codes no longer work, you could absolutely still order up a given part, or request from us the engineering diagram for it to aid in fabricating a replacement. You can also request service manuals, wiring diagrams, etc. Don’t all half-decent manufacturers do this?

      • SaharaMaleikuhm@feddit.org
        link
        fedilink
        English
        arrow-up
        29
        arrow-down
        2
        ·
        4 hours ago

        Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.

      • tiredofsametab@fedia.io
        link
        fedilink
        arrow-up
        32
        ·
        9 hours ago

        May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)

      • Dran@lemmy.world
        link
        fedilink
        English
        arrow-up
        20
        ·
        9 hours ago

        Because that bug was so egregious, it demonstrates a rare level of incompetence.

        • NaibofTabr@infosec.pub
          link
          fedilink
          English
          arrow-up
          13
          ·
          9 hours ago

          that bug was so egregious, it demonstrates a rare level of incompetence

          I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…

          • BigDanishGuy@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 minutes ago

            Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all

            At the super budget prices Cisco charges, do you really expect quality control to be included? You’ve got to buy a quality control subscription for that. /s

          • Dran@lemmy.world
            link
            fedilink
            English
            arrow-up
            14
            ·
            edit-2
            8 hours ago

            Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    99
    arrow-down
    2
    ·
    edit-2
    11 hours ago

    I mean, some of those EOLed nearly a decade ago.

    You can argue over what a reasonable EOL is, but all hardware is going to EOL at some point, and at that point, it isn’t going to keep getting updates.

    Throw enough money at a vendor, and I’m sure that you can get extended support contracts that will keep it going for however long people are willing to keep chucking money at a vendor – some businesses pay for support on truly ancient hardware – but this is a consumer broadband router. It’s unlikely to make a lot of sense to do so on this – the hardware isn’t worth much, nor is it going to be terribly expensive to replace, and especially if you’re using the wireless functionality, you probably want support for newer WiFi standards anyway that updated hardware will bring.

    I do think that there’s maybe a good argument that EOLing hardware should be handled in a better way. Like, maybe hardware should ship with an EOL sticker, so that someone can glance at hardware and see if it’s “expired”. Or maybe network hardware should have some sort of way of reporting EOL in response to a network query, so that someone can audit a network for EOLed hardware.

    But EOLing hardware is gonna happen.

    • db2@lemmy.world
      link
      fedilink
      English
      arrow-up
      52
      arrow-down
      2
      ·
      11 hours ago

      all hardware is going to EOL at some point, and at that point, it isn’t going to keep getting updates

      EOLing hardware should be handled in a better way

      Both of these are solved by one thing: open platforms. If I can flash OpenWRT on to an older router then it becomes useful again.

      • Rivalarrival@lemmy.today
        link
        fedilink
        English
        arrow-up
        28
        ·
        10 hours ago

        Bingo.

        Either support the device until the heat death of the universe, or provide consumers with the access to maintain it themselves.

      • thejml@lemm.ee
        link
        fedilink
        English
        arrow-up
        8
        ·
        edit-2
        9 hours ago

        Definitely don’t this in the past (Linksys WRT54G!) but let’s be honest, the kind of people running 10yo Dlink routers aren’t going to flash new firmware, let alone OpenWRT or even know to look for it. It would have to come that way from the factory. And even then I doubt most people even do regular updates, sadly.

    • shininghero@pawb.social
      link
      fedilink
      English
      arrow-up
      13
      arrow-down
      1
      ·
      8 hours ago

      I think there should be a handoff procedure, or whatever you want to call it.

      As EOL approaches, work with whatever open router OS maker is available (currently OpenWRT) to make sure it’s supported, and configs migrate over nicely. Then drop one last update, designed to do a full OS replacement.

      Boom, handoff complete.

      • Brkdncr@lemmy.world
        cake
        link
        fedilink
        English
        arrow-up
        11
        ·
        8 hours ago

        I’d support a regulation that defines either an expiration date or commitment to open source at the time the hardware is sold.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        14
        arrow-down
        3
        ·
        11 hours ago

        Right?

        Something this old is going to be power inefficient compared to newer stuff, and simply not perform as well.

        I would know, I just booted up a 10 year old consumer router last night, because the current one died. It’ll be OK for a few days until I can get a replacement. Boy, is this thing slow.

        • metaStatic@kbin.earth
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          11 hours ago

          I have a netgear router that isn’t even that old and it doesn’t have gigabit ports.

          even though I was able to throw openwrt on there to mess around with it’s still e-waste

    • tabular@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      10 hours ago

      When the users are in control of the software running on their devices then “EOL” is dependent the user community’s willingness to work on it themselves.

    • TheEighthDoctor@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 hours ago

      Except ISPs dont give you modems anymore, they give router/modems you can have the router you want but you are forced to use the one they give you

      • barcaxavi@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 hours ago

        Unfortunately this is the case I’m seeing happening more. I would love to use a router of my choice, but then I would lose the TV service (Telekom, Hungary). And it’s not just about the freedom of mine to choose the hardware, but the features their one is lacking.

        Also with the TV box I got from them 2 yrs ago, I can feel and see that’s is miles behind my 2015 (!) Shield TV.

        So yeah, ISPs giving out crappy hardware and force you to use it, is my nr. 1 gripe.

  • sunbeam60@lemmy.one
    link
    fedilink
    English
    arrow-up
    7
    ·
    8 hours ago

    I moved to an OPNsense router a couple of years ago and I’ve never looked back. Hell is shitty consumer routers.

  • andyortlieb@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    9 hours ago

    Commodity hardware & open source software for the win.

    When my Western Digital NAS was never going to get critical security patches, I was so freaking glad to find out that they just used software raid… I threw the HDDs in a Debian server and never looked back.

    It’s certainly nice to have things that are turn-key, but if you can find your way around any OS, just avoid proprietary everything.

  • skillissuer@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    13
    ·
    edit-2
    11 hours ago

    but does it run openwrt?

    e: no it doesn’t, only one model had half-baked image made and available for download from some sketchy forum post made in 2014

    • Deebster@infosec.pub
      link
      fedilink
      English
      arrow-up
      9
      ·
      9 hours ago

      I watched and enjoyed that one yesterday, and he’s bang on the money. People here are saying “well it’s EoL” but that means it’s got all the way through development and its full lifetime with such a prominent set of bugs.

      I don’t think I’ll be buying D-Link if that’s what supported means.

  • Someonelol@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 hours ago

    Instead of trusting DLink with an off the shelf NAS, it might be easier to build your own with a Raspberry Pi running openmediavault hooked up to a couple of USB hard drives. It’s worked well for me for over 6 years now with no issue and could cost way less.

    • SayCyberOnceMore@feddit.uk
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 hours ago

      “Easier“, no. Not for the average person on the street.

      Don’t get me wrong, I’ve built several NAS over the years (dropped OMV for just Arch and the packages I want) and loaded OpenWRT (etc) on routers

      But, building my own NAS, servicing my own car, repairing my own house, felling my own trees, at some point I’ll just lack knowledge and buy something simple / pay someone to do it… and that’s where cheap consumer electronics fits (unfortunately)

  • FutileRecipe@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    11 hours ago

    Same website (granted, different author, but), same inflammatory language, same vendor, referencing previous erroneous article…I’m not even gonna read this one. Just going to copy/paste my previous response from the previous post:

    At a certain point it’s the consumer’s (and blog writer’s) fault, and that’s after EoL. Not patching a supported one and just getting rid of support, saying buy a newer one? Yeah, that’s bad.

    Continuing to not support an EoL model that you already don’t support due to EoL (or even dropping support for an EoL model that no one expected you to support in the first place due to EoL)? Non-issue.