• SaharaMaleikuhm@feddit.org
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 month ago

        Companies should be forced to release all source code for products that are “EOL”. I will never change my mind on this.

      • Dran@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Because that bug was so egregious, it demonstrates a rare level of incompetence.

        • NaibofTabr@infosec.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          that bug was so egregious, it demonstrates a rare level of incompetence

          I wish so much this was true, but it super isn’t. Some of the recent Cisco security flaws are just so brain-dead stupid you wonder if they have any internal quality control at all… and, well, there was the Crowdstrike thing…

          • Dran@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 month ago

            Idk, this was kind of a rare combination of “write secure function; proceed to ignore secure function and rawdog strings instead” + “it can be exploited by entering a string with a semicolon”. Neither of those are anything near as egregious as a use after free or buffer overflow. I get programming is hard but like, yikes. It should have been caught on both ends

      • tiredofsametab@fedia.io
        link
        fedilink
        arrow-up
        2
        ·
        1 month ago

        May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)

  • Stern@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 month ago

    Okay so the 2015 EOL ones, yeah I can understand telling the customer to update their shit. They shouldn’t have to support nearly 10 year out of date stuff.

    May 2024 EOL ones? Bruh. C’mon now.

    • snooggums@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      I would love to know when they stopped selling it compared to the EOL. EOL should be at least 5 years past the last time the models were shipped out, maybe more. So if May 2024 was EOL I sure hope they weren’t selling them after 2018.

  • darkangelazuarl@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 month ago

    The DSR-150 is still being sold on Amazon under the D-Link store. Why the hell would you end of life something you still sell.

  • tal@lemmy.today
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    edit-2
    1 month ago

    I mean, some of those EOLed nearly a decade ago.

    You can argue over what a reasonable EOL is, but all hardware is going to EOL at some point, and at that point, it isn’t going to keep getting updates.

    Throw enough money at a vendor, and I’m sure that you can get extended support contracts that will keep it going for however long people are willing to keep chucking money at a vendor – some businesses pay for support on truly ancient hardware – but this is a consumer broadband router. It’s unlikely to make a lot of sense to do so on this – the hardware isn’t worth much, nor is it going to be terribly expensive to replace, and especially if you’re using the wireless functionality, you probably want support for newer WiFi standards anyway that updated hardware will bring.

    I do think that there’s maybe a good argument that EOLing hardware should be handled in a better way. Like, maybe hardware should ship with an EOL sticker, so that someone can glance at hardware and see if it’s “expired”. Or maybe network hardware should have some sort of way of reporting EOL in response to a network query, so that someone can audit a network for EOLed hardware.

    But EOLing hardware is gonna happen.

    • shininghero@pawb.social
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      I think there should be a handoff procedure, or whatever you want to call it.

      As EOL approaches, work with whatever open router OS maker is available (currently OpenWRT) to make sure it’s supported, and configs migrate over nicely. Then drop one last update, designed to do a full OS replacement.

      Boom, handoff complete.

      • Brkdncr@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        I’d support a regulation that defines either an expiration date or commitment to open source at the time the hardware is sold.

      • BearOfaTime@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 month ago

        Right?

        Something this old is going to be power inefficient compared to newer stuff, and simply not perform as well.

        I would know, I just booted up a 10 year old consumer router last night, because the current one died. It’ll be OK for a few days until I can get a replacement. Boy, is this thing slow.

    • tabular@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      When the users are in control of the software running on their devices then “EOL” is dependent the user community’s willingness to work on it themselves.

    • Rinox@feddit.it
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      EoL of anything should mean open source code. You don’t want to open source your code? Then you must keep servicing your products and must keep your servers up

    • arthurpizza@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      I can still use a 2003 AMD Opteron with the newest builds of Linux. It’s an open standard. As long as the hardware still physically works. The only reason these pieces of hardware are EOL is because they chose to lock them down.

    • db2@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      all hardware is going to EOL at some point, and at that point, it isn’t going to keep getting updates

      EOLing hardware should be handled in a better way

      Both of these are solved by one thing: open platforms. If I can flash OpenWRT on to an older router then it becomes useful again.

    • Phoenixz@lemmy.ca
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 month ago

      Be nice?

      It must become.law. we want to lower e-waste? Yen if companies stop supporting their products, het must open source all of it

      • toothpaste_ostrich@feddit.nl
        link
        fedilink
        English
        arrow-up
        0
        ·
        1 month ago

        I mean, be nice if the US didn’t turn into a dictatorship in a few months. Don’t see any company-unfriendly laws going in effect there any time soon. But perhaps in Europe there’s still some chance of this happening.

        • fxdave@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Hopefully, but it’s easier to tell each company what they should do instead of giving them rules that they try to workaround. There are many examples.

    • Buddahriffic@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      Not going to hold my breath that anything like this will happen in the current political climate, but yeah, that should be mandatory. Even ignoring the exploitive nature towards their customers, it creates a ton of unnecessary waste.

  • reksas@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 month ago

    there should be list of companies that should be avoided and why, its impossible to keep track of everything like this

    • TriflingToad@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 month ago

      An idea for an app I came up with for a class once was one that let you scan a barcode of a product in like Walmart and get what parent company owns it, like how Nestle doesn’t like to put their name on companies they bought (or not in big text anyways).
      So if you want to avoid Coca Cola you could scan it and see who it’s owned by and if that company matches one of the ones you have blacklisted

      Fun fact, ‘peace tea’ is owned by coca cola

    • daddy32@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      Unfortunately, that list would be almost complete. It would be much easier (and realistic) to maintain its complement.

  • viking@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    Can highly recommend ASUS, most of their models can be flashed with custom firmware that is supported beyond EOL. And their EOL cycle is also pretty long.

  • Sproutling@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 month ago

    I hate to say it, but depending on manufacturers for this kind of stuff will always inevitably lead to these kinds of situations. This is why I always buy OpenWrt compatible routers and DIY my own NAS.

    Over the years, I’ve experienced:

    • Netgear refusing to patch bugs like their IPv6 firewall essentially letting all traffic through on the R7800
    • QNAP shipping NASes with Intel CPUs that had clock drift issues so bad they essentially bricked themselves. They then refused to provide any kind of support for them.

    After that I basically said, fuck it, I’ll DIY my own and have been much happier ever since. If you have the know-how and the time, DIY is the way to go for longevity.

  • andyortlieb@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    Commodity hardware & open source software for the win.

    When my Western Digital NAS was never going to get critical security patches, I was so freaking glad to find out that they just used software raid… I threw the HDDs in a Debian server and never looked back.

    It’s certainly nice to have things that are turn-key, but if you can find your way around any OS, just avoid proprietary everything.

  • skillissuer@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 month ago

    but does it run openwrt?

    e: no it doesn’t, only one model had half-baked image made and available for download from some sketchy forum post made in 2014