this post was submitted on 20 Nov 2024
621 points (98.9% liked)

Technology

59518 readers
3576 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
621
D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week (www.tomshardware.com)
submitted 1 day ago by [email protected] to c/[email protected]
113 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 5 hours ago (1 children)

I'm not saying they shouldn't fix the issue necessarily, assuming it's even possible. I'm saying they shouldn't be held to higher standards than any other product just because the engineering effort involved in software is undervalued compared to physical objects. If a product made 15 years ago didn't follow modern safety standards and is no longer being sold by the manufacturer, we don't make them update their old products.

As for tooling, yes, and with software it often requires "tooling" that no longer exists in order to develop the patch including hardware that may no longer be manufactured. It's not like the product manufacturer manufactures all of the parts like circuits and microchips. Just like vacuum manufacturers don't usually make the bearings and gears and such, they just assemble them. So same concept.

We may require them to keep parts with the existing design, but we don't require them to fix safety issues that were not found to be out of compliance when it was originally approved for production. We might make them fix it if they're still selling them, but we don't make them fix these issues if they are not.

[–] [email protected] 2 points 3 hours ago (1 children)

We do take cars that fail safety inspections off the road. You are correct, we don't hold them to higher standards, but that's not a reason why we also shouldn't remove genuine hazards off the roads.

If a car is far more likely to kill someone, it shouldn't be on public roads either. Just like devices that can't be update don't belong on public nets. The risk to the broader public is to big IMO.

[–] [email protected] 1 points 2 hours ago (1 children)

Those are things that get inspected regularly because of public safety issues, not ownership issues, and in the US at least, that only happens in a subset of states anyway. That is about using something you know will likely hurt someone vs using something you know will hurt you and possibly your customers. There's a big difference in liability there.

Vacuums for example do not get regular inspections, and owners are allowed to use any product they want, even defective ones, in their own home or business, even if they pose, say, an electrical shock risk or something else that wasn't something that would have made it fail its initial certification. We don't force vacuum manufacturers to fix old product design issues.

And even if we did, how long back would we make them fix? Would 100 year old vacuums need to be brought up to modern safety standards like grounded plugs and all of the wiring to be redone to ground all the parts or more modern motors that use less power so they don't need to be grounded? What if only one person in the whole world still uses that product?

It's just not a reasonable thing to expect re-engineering old devices when a new potential owner safety issue is found.

[–] [email protected] 1 points 1 hour ago (1 children)

The risk of taking down large portions of the internet has the same risks as a vacuum? Interesting.

Your right not every device has parts availability. But again, why not? Because it it'll cost more?

Your willing to risk tanking the digital economy for what has historically been huge sums of money, because we don't hold vacuum cleaners to higher standards?

I'm being obtuse, but you keep pointing to "well we don't fix that problem over there, so we shouldn't do it over here". It doesn't sway me. We should absolutely fix repability of ALL ELECRONTICS AND CRITICAL INFRASTRUCTURE

[–] [email protected] 1 points 1 hour ago (1 children)

But even the car thing is not the responsibility of the manufacturer to fix. It's the owner's responsibility and only of they actually are using it.

If companies have to update all products to keep up with modern safety standards, it would mean no new products would ever be made and the products would be exceptionally expensive since you'd only buy them once. That's not the type of economic system we live in.

And no, a router that is defective is not going to tank the digital economy just because the manufacturer doesn't fix it. Definitely not a d-link product. That's why enterprise grade commercial products are so much more expensive. They are designed for longer life. If that's what you want, then buy a commercial product and pay the company a subscription fee for support or warrantee in cases like this.

[–] [email protected] 1 points 1 hour ago

Except devices, specifically quoting routers, Do make up bot nets

That's the specfici malware used on unsecured IoT devices and routers.

I was able to find tons of scholarly articles Like this one

That specifically talk about how many of these devices get comprised.

This isn't some theoretical attack vector. This is active now.