Yet again another reason why I won’t buy proprietary systems like this. Make your own, if you know what a NAS is I’m sure you van handle it.
I van handle everything… Honk Honk.
A NAS, a router or Storage server all of the are computer. Just use old computer as nas instead of throwing them away.
Welp, looks like I’m changing brands next time I buy a router.
Banana Pi R3 or R64 (OpenWRT). Some DIY assembly required but it will probably last you over a decade.
Lenovo did this when they bough Iomega NAS devices. The final firmware before they ended support added google ads to the web admin interface. So now I have it booting Debian and OoenMediaVault, bye bye Lenovo.
Yup, doesn’t surprise me.
I also have a NAS box that’s out of support. Turned off all of the nifty services and firewalled the shit out of it so it won’t be visible outside the LAN even by accident. Will replace it with a FreeBSD box as soon as I get a new hard drive.
Alright, I’ll just buy another one… from a brand that isn’t shit.
“buy another one you
richmotherfuckers”How is this PC gaming? Are people playing games on the NAS?
I’ll allow it (my authority: some jerk that doesn’t even have an account on this instance).
Part of Reddit culture was hyper narrow focus on the topics of subreddits. I wouldn’t be surprised if the mods of r/samsung_galaxy removed “Overall I like my Pixel better” for being off-topic, even if it was a reply in the comment chain “I have both a Pixel 5 and an S22 and the S22 has the better camera.” “Other than the camera which of the two phones do you like best?” 7 day ban, rule 4: mentions another brand of phone without also mentioning a Samsung.
That doesn’t happen here on Lemmy as much and I don’t mind it. While a NAS isn’t necessarily directly a piece of gaming hardware, I think a lot of gamers might have one. Any who stream might save video of their play sessions to a NAS, etc. So I think this article is of peripheral interest to PC gamers.
Laughs in TrueNAS
Laughs in uGreen NAS with TrueNAS.
I hate these clickbait headlines
Oh, I have exactly one of these models. Discovered a longer time ago that when you enable ssh and look a bit around in config files, the root password is actual hardcoded and clearly written out. That’s why I only have it available in a vlan without internet access since long time.
Never dlink again when the thing dies
Just YSK, vlan is not a security measure. It enumerates Ethernet packages with a number different than zero, and you can see all vlans if the network card decides it. So if some other device on your net is compromised, there is a chance traffic to your vulnerable box can be too. ( it gets a little more complicated with vlan aware switches in the middle. But not impossible)
Edit: BTW I feel you I too have a bit of older hardware thats on their own net where I just hope nothing bad happens til I come around to replacing it…
Just looked it up and the DNS-320 Version 1.00 is from 2010. I get it on the company side thats old and was a given to be out of date. People who own it should take more mitigations to protect against any unwanted connections. Or use something that doesn’t rely on proprietary firmwares like truenas or unraid.
Opensource after EOL. Vote for parties that care, write to your representatives, sign petitions, and vote with your wallet.
I’m a little bit torn on this one, we’re talking 10-15 year old devices here. The number of companies that will continue to produce emergency security patches for their hardware so old and having reached EOL four years ago in 2020 are few and far between. Caveat Emptor most definitely, but if you’re someone who likes to keep their tech running forever, you’re going to need to get creative, when the manufacturer eventually stops patching. For this particular instance, I’d recommend placing the unit behind a vpn on the lan.
Most honest person in this discussion.
Yeah, I mean…what IS “end of life” / “end of support” other than not patching newly found issues, after long enough? Not enough info in the article to indicate any kind of bait and switch or annoyingly short support window, and the support window didn’t end recently either. Seems pretty reasonable TBH.
Then again it’s a lot of vulnerable devices, and doesn’t sound like too hard of a fix. But for all I know they’ve dismantled their tooling for testing patches on those devices, etc. Would be nice if they addressed it, but I can’t exactly condemn them for not.
It looks like they just didn’t neutralize/sanitize controllable input data so it should be a pretty easy fix. I think if a security researcher gives you a layup by identifying an easily fixable vulnerability a company should just take it, even if the product is old. If for no other reason than it’s bad marketing when news articles like this come out.
Yeah, I know what you mean, and yep it looked like just input sanitization on a very specific thing. I don’t disagree, headlines being headlines, and even just broad benefit vs. overall level of effort seems pretty positive to me from an outsider’s perspective.
But then again, issuing a firmware update is also an implicit guarantee that no (unrelated) functionality will degrade, which really needs a degree of testing in order to be a responsible business decision. And then on the optics side, I can see there being a benefit to a hard line in the sand regarding EOL, vs getting into the weeds of determining on a case by case basis what merits violating their own policy, and all the implications such granular judgment calls would entail (although they and all others probably must do something similar, to some degree).
Idk, I don’t own much or any of their stuff these days, no real skin in the game, nor do I have any particularly relevant info or opinions on the company. Just rambling lol.
“Okay, I found a great NAS made by another company.”
D-Link: “No, wait!”
Doesn’t matter to the D-Link bean counters. Either case is a non-sale to them. Never mind that they tank whatever is left of their already terrible reputation, all they care about is immediate shareholder revenue generation, and spending money maintaining software for older hardware is a loss to them.