This is a kudos post to the OpenWRT community. I ran across the following and it is proof positive that the commercial router vendors not only love raiding OpenWRT for OS versions for their hardware - they also hate and fear OpenWRT for cutting into their sales. So if you are a user, or a dev. or someone, and you are wondering if you are making a difference - you absolutely are. And here is the proof of it:
As many know, the commercial hardware vendors use artificial End Of Life and End Of Support dates to encourage customers to throw away perfectly working kit and spend money on brand new kit that does the same thing the old kit did. This isn't confined to high tech, automakers have done this for years - arguing that your 20 year old Ford that still drives you to and from work and has no dents on it, is "an old beat up worthless car" They discontinue parts in an effort to encourage customers to buy new cars - fortunately we have wrecking yards to counter that. High Tech does the same thing but it's particularly egregious since a lot of high tech kit does not degrade mechanically over time, at least not at a very high rate. Maybe a 40 year old radio needs it's capacitors replaced, and so on, as does a 40 year old computer - but otherwise, it still functions.
But many customers don't fall for this nonsense and continue using old kit. So, one of the slimier tricks that's going on is waiting for the Russian Cracker consortium or Chinese Military Cracking group to find some security hole in their products - then trumpeting to the world how "our device is gonna be gunned so you GOTTA REPLACE IT because we aren't patching it anymore" While that might be an issue for a router exposed to the Internet - it's NOT for a NAS that is on a private network that crackers can't get into. But still, the scummier companies try using that sales line of Fear Doubt Uncertainty to FUD the customer into buying new kit to replace their old, working, kit.
One of those companies that engages in this slime is D-Link. Here is a typical example:
D-Link says it won’t fix a serious security flaw affecting 60,000 older NAS devices | TechRadar
In this article from a few months ago D-Link takes great delight in telling the reporter "them there NASes we made are NOW OPEN FOR CRACKERS SO YOU GOTTA REPLACE THEM"
But, that ISN'T the whole story - because the FIRST NAS on that list - the DNS-320 - has a port of OpenWRT to it. So, the fact D-Link is encouraging people by getting their trained monkeys at Techradar to write viral marketing "news stories" like this, to throw away "insecure devices" that could be secured by flashing OpenWRT to them is being ignored.
Does D-Link know that it's a lie that the DNS-320 is insecure? (since it can be made secure by flashing OpenWRT on it?) With 1000% certainty - they do.
Consider the following:
support.dlink.com - /resource/products/
Browse into the DNS-320 and DNS-320L directories there. The EOL notice is there - but so is the firmware. Same for the DNS-340L - EOL notice is there but so is the firmware
(Although there is no OpenWRT port for the DNS-340L, that NAS uses the Marvell Armada S370 and there's a generic OpenWRT image for that, here)
[OpenWrt Wiki] Techdata: Marvell Armada A370 DB
NOW - browse into the DNS-325 directory. That device has no OpenWRT support - and - the directory doesen't exist AT ALL not even an EOL notice.
Why is this significant?
It's because D-Link knows that as long as they keep support and firmware available for the devices that OpenWRT supports, it helps to keep customers "in their fold" so to speak - the reality is that the existence of an OpenWRT build for their hardware keeps them from throwing their customers to the dogs since their customers can just flash OpenWRT and wash their hands of them.
But, for the DNS-325, which there is NO OpenWRT support for - D-Link is perfectly happy to withdraw ALL support and throw their customers to the dogs - upgrade or kiss off.
This is why OpenWRT is so important. It acts as a check on basically unlimited power of manufacturers to force golden handcuffs on customers and force customers to continually buy gear from them. It's critical work you are all doing - since it prevents the tech vendors from degenerating into a series of dictatorships with unlimited power over their customers.
4 posts - 4 participants