D-Link refuses to patch yet another security flaw, suggests users just buy new routers — D-Link told users to replace NAS last week
Routers join NAS in the trash.
I mean, some of those EOLed nearly a decade ago.
You can argue over what a reasonable EOL is, but all hardware is going to EOL at some point, and at that point, it isn't going to keep getting updates.
Throw enough money at a vendor, and I'm sure that you can get extended support contracts that will keep it going for however long people are willing to keep chucking money at a vendor -- some businesses pay for support on truly ancient hardware -- but this is a consumer broadband router. It's unlikely to make a lot of sense to do so on this -- the hardware isn't worth much, nor is it going to be terribly expensive to replace, and especially if you're using the wireless functionality, you probably want support for newer WiFi standards anyway that updated hardware will bring.
I do think that there's maybe a good argument that EOLing hardware should be handled in a better way. Like, maybe hardware should ship with an EOL sticker, so that someone can glance at hardware and see if it's "expired". Or maybe network hardware should have some sort of way of reporting EOL in response to a network query, so that someone can audit a network for EOLed hardware.
But EOLing hardware is gonna happen.
all hardware is going to EOL at some point, and at that point, it isn't going to keep getting updates
EOLing hardware should be handled in a better way
Both of these are solved by one thing: open platforms. If I can flash OpenWRT on to an older router then it becomes useful again.
Definitely don’t this in the past (Linksys WRT54G!) but let’s be honest, the kind of people running 10yo Dlink routers aren’t going to flash new firmware, let alone OpenWRT or even know to look for it. It would have to come that way from the factory. And even then I doubt most people even do regular updates, sadly.
If I can flash OpenWRT on to an older router then it becomes useful again.
well, only if it has more than 4 MB storage, 8 MB RAM. I'm practically swimming in older routers that can't even pass that requirement, and even today the cheaper, that is, more affordable options are still near that for some fucking reason.
This is the correct reaction to old home equipment.
I think there should be a handoff procedure, or whatever you want to call it.
As EOL approaches, work with whatever open router OS maker is available (currently OpenWRT) to make sure it's supported, and configs migrate over nicely. Then drop one last update, designed to do a full OS replacement.
Boom, handoff complete.
I’d support a regulation that defines either an expiration date or commitment to open source at the time the hardware is sold.
EoL of anything should mean open source code. You don't want to open source your code? Then you must keep servicing your products and must keep your servers up
EU is cooking something with EU Directive on Liability for Defective Products. I've read only part of it, but basically companies are liable for bugs in software unless they opensource it.
When the users are in control of the software running on their devices then "EOL" is dependent the user community's willingness to work on it themselves.
I can still use a 2003 AMD Opteron with the newest builds of Linux. It's an open standard. As long as the hardware still physically works. The only reason these pieces of hardware are EOL is because they chose to lock them down.
The ones with EOL 2015, fair play. But May 2024 isn't all that long ago.
Edit: Looks like those were launched in early 2015. I guess requesting users to update devices after 8+ years might not be too far fetched.
When we're they last sold though, eol 8 years after last up for sale is fine, but if they were still on sale up to last month that is a different issue.
I agree. Buy a new router that isn't Dlink.
Yeah after gettin screwed by the DLink you might as well use the TP-Link
The DSR-150 is still being sold on Amazon under the D-Link store. Why the hell would you end of life something you still sell.
Don't want to get lumbered with a bunch of old stock now, do you?
Technically most if not all Amazon sellers are third party who sell to the warehouse and then it sits there until its listing contract expires.
Thats why Rode Microphone refuses to sell on Amazon.
Then recall all the end of life stock.
They have a page on there though
Just say you are from the Middle East.
Product Status (Revision Series_v1500): Live - The product is actively being manufactured and sold."
Okay so the 2015 EOL ones, yeah I can understand telling the customer to update their shit. They shouldn't have to support nearly 10 year out of date stuff.
May 2024 EOL ones? Bruh. C'mon now.
I would love to know when they stopped selling it compared to the EOL. EOL should be at least 5 years past the last time the models were shipped out, maybe more. So if May 2024 was EOL I sure hope they weren't selling them after 2018.
Hopefully there’s a mistake in the article.
Be nice if companies had to open source firmware they are going to EoL.
Be nice?
It must become.law. we want to lower e-waste? Yen if companies stop supporting their products, het must open source all of it
Not going to hold my breath that anything like this will happen in the current political climate, but yeah, that should be mandatory. Even ignoring the exploitive nature towards their customers, it creates a ton of unnecessary waste.
Exactly. As a consumer, when I buy a product, I'm not just buying the state of things at the time, I'm buying with an expectation of ongoing support. If they choose to not support it themselves, I should be able to support it myself.
In the old days, hardware came with schematics, so when the manufacturer warranty ended, customers could repair things themselves. That should extend to software as well, since software is just as much a part of the functioning of a device as capacitors and whatnot.
Welp never buying anything D-Link ever again
I had a couple of dlink gigabit desktop switches. Two failed so far, one has taken down the whole network, not just devices directly connected to it, and the other one fried 2 router ports when it died. I learned my lessons about buying crappy network hardware.
Edit: that happened within a few months, so these switches also have a very clear EOL.
Because they won't support routers that were EOL a decade ago?
May 1st 2024 was a decade ago? (The article has a list and only two are old as you mention, though not quite a decade yet)
There right you and i should just buy a new one
Of a diffrent brand
Yup, my Mikrotik router is doing great years after I bought it, and I expect to keep getting updates into the future. I used to use a LinkSys router w/ DD-WRT and later OpenWRT, and I think those are still supported to this day.
Yeah openwrt and ddrwrt are just perfection. I recently switched out my isp eero router for a gl.inet flint 2. Adgaurdhome and setting up services have been a dream! And i could actaully see what my devices where sending packets.
MY SAMSUNG TV WAS PINGING TIKTOK WTF. blocked everything on my smart tv minus netflix and amazon. Because samsung tv uses AWS for channels
Had me in the first half
Long ago, D-Link was good but then they sold the company. Just like Alienware, Farbreware, Oaklies, etc.
Oakley, like the sunglasses company? What happened to them?
Luxottica. I've visited their HQ in soCal, people aren't having fun and coming up with wacky designs anymore.
RubberElectrons beat me to it, but EyeMed Vision Care, LensCrafters, Pearle Vision, Sears Optical, Sunglass Hut, and Target Optical are all the same company, Luxottica.
Glasses from Armani, Brooks Brothers, Burberry, Chanel, Coach, DKNY, Dolce & Gabbana, Michael Kors, Oakley, Oliver Peoples, Persol, Polo Ralph Lauren, Ray-Ban, Tiffany, Valentino, Vogue, and Versace, are all from the same company, Luxottica.
don't buy shit unless it runs openwrt or whatever
Except ISPs dont give you modems anymore, they give router/modems you can have the router you want but you are forced to use the one they give you
How are you forced to use their modem?
My old ISP gave me a router/modem combo and wanted to charge me a fee for it, so I just bought my own modem and returned the router/modem after transferring the config over. There are tons of modems for all kinds of stuff online, just look around and find something compatible.
My current ISP is just Ethernet at the wall (pretty odd setup), and it's been well over a decade since I dealt with a modem, so maybe things have changed. But it's probably worth checking out, especially if they're charging you for use of the modem (check your bill).
Unfortunately this is the case I'm seeing happening more. I would love to use a router of my choice, but then I would lose the TV service (Telekom, Hungary). And it's not just about the freedom of mine to choose the hardware, but the features their one is lacking.
Also with the TV box I got from them 2 yrs ago, I can feel and see that's is miles behind my 2015 (!) Shield TV.
So yeah, ISPs giving out crappy hardware and force you to use it, is my nr. 1 gripe.
Our shit sucks. Buy more lol
there should be list of companies that should be avoided and why, its impossible to keep track of everything like this
An idea for an app I came up with for a class once was one that let you scan a barcode of a product in like Walmart and get what parent company owns it, like how Nestle doesn't like to put their name on companies they bought (or not in big text anyways).
So if you want to avoid Coca Cola you could scan it and see who it's owned by and if that company matches one of the ones you have blacklisted
Fun fact, 'peace tea' is owned by coca cola
There's an app called 'buycott' that does exactly that!
Unfortunately, that list would be almost complete. It would be much easier (and realistic) to maintain its complement.
I mean this is pretty standard in all industries regardless of whether it's a software flaw or a physical flaw in any other kind of product. What's the likelihood of a vacuum manufacturer replacing a part in a 15 year old product that had a 1 year warrantee even if it's a safety issue?
I work for a manufacturer with part catalogues going back to 1921, and while the telegraph codes no longer work, you could absolutely still order up a given part, or request from us the engineering diagram for it to aid in fabricating a replacement. You can also request service manuals, wiring diagrams, etc. Don't all half-decent manufacturers do this?
Don't all half-decent manufacturers do this?
No. That is phenomenally uncommon. To the point it's almost unheard of.
Yes they do, but half decent manufacturers are extremely rare.
That's assuming you're looking for a replacement part. This is redesigning the product to work differently to fix a flaw. Like if you made a vacuum company use a different gear because the existing one was too fragile. That's likely not something you can just swap out. First you need an engineer to decide what kind of gear and redesign everything around it to make the gear fit properly as well as creating a way for it to be easily installed by the end user or their repair service. You're ultimately changing the functionality of the original product. Yes it's flawed functionality, but there are tons of flawed products out there.
Been there done that. Got the tee shirt.
While good support to customers is very valuable, trying to support a product that is decades old and shares nothing in common with current products is a plain waste of time energy and money.
It would require someone to search out all the documentation needed to make that one part, then you need to figure out the correct process to make said part, determine if you have material on hand or need to special order something, then try to find that one old jig/fixture needed amongst a building full of 100's of such items for the right one. Then you need to be sure that the the complete fixture is there and nothing is worn out beyond use. Then you need to make time to insert this one-off semi-custom part into the manufacturing process.
By the time you do all this, that one 20 year old obsolete part will have perhaps cost you thousands of dollars and you still haven't made the first piece of swarf. Imagine the shock and surprise that customer would have when they get the bill that accurately reflects the true cost.
This is why a number of countries have laws saying spare parts must be made available for a number of years past being sold. Well beyond what the warranty is.
How is this significantly different?
I'd also settle for releasing 3D models of out-of-production parts so they can be 3D-printed by enthusiasts.
Story time: in my second-gen Mazda Miata, I closed the centre console lid on a piece of cardstock by accident and it snapped the plastic piece that latches the lid shut. The part previously sold for ~$10 but they stopped producing it as a standalone part at some point and the only way to acquire it was to buy the $100 centre console lid assembly.
This isn't spare parts. This is asking for a new part to be designed and manufactured to replace an existing part. That takes time and money. Granted software doesn't require mass production, but creating the initial version does take expertise and resources that may no longer exist in addition to the time and money.
What you're saying is perfectly reasonable, but also doesn't apply here because they're still selling this router new on the D-link Amazon store.
If you're going to stop supporting a product, you should also stop selling it.
As far as I can tell, those aren't from authorized resellers or even from Amazon itself which they might have some ability to stop selling them. These are just people who are using amazon marketplace to sell off old stock like any other product. D-link hasn't sold them for a while. But I could be wrong, I just haven't seen any evidence that they are selling them. If Bissel had a vacuum that had a faulty gear that would break after a few years of use and they stopped making them, that wouldn't stop someone from buying them up from Walmart or other store warehouses that no longer sold them and listing them for sale on Amazon or Walmart or whatever marketplace. That's very common.
Someone can generally make 3rd party fixes for hardware flaws of discontinued products without the same kinds of threats software gets. Like replacement antennas or vaccuum bags.
Compiled software can't be legally decompiled for use in distributing software fixes.
That's not necessarily true. That's a copyright issue. Now if d-link was to say that the product was not abandoned and thus the copyright is still theirs, then you might have a case that they need to fix the issue. That doesn't mean they need to give you the code, but decompiling should be OK. But copyright laws vary quite a bit. So that's a totally separate issue.
But you are welcome to write your own firmware and install it on the device in most localities. You just need write it from scratch, just like replacing a custom gear or motor in a vacuum would require engineering it to fit inside the case and connect with all the appropriate parts. Which you are welcome to do.
but does it run openwrt?
e: no it doesn't, only one model had half-baked image made and available for download from some sketchy forum post made in 2014
Can highly recommend ASUS, most of their models can be flashed with custom firmware that is supported beyond EOL. And their EOL cycle is also pretty long.
Or just get a GLi.Net router, and get the OpenWRT firmware right out of the box without even needing to flash it manually.
As a bonus, if you ever have the need for one, they also have some badass travel routers that can use your phone as a modem, take a SIM card natively, or just connect to an Ethernet/public WiFi to create your own secure network. Super handy if you do a lot of traveling, because they can be used in hotels or cruise ships. Know how cruise ships sell internet access per device? Yeah, your travel router only counts as one device. Set that bad boy up, and now all of your devices have internet.
It's way cheaper to just set up your own device with openwrt, not that difficult, and with the added benefit of having open source code. Why half-ass it.
its not openwrt. its openwrt based, with proprietary modifications, from a country where saying no to planting a backdoor is not an option.
everyone is better off just flashing the open source firmware themselves. both with gl.inet and other brands, but I would say the same for openwrt's own router-like device too due to supply chain attacks
Seconded. I didn't know the life cycle of a router but I replaced my asus router with another asus router recently. Not because it stopped working but because we have so many devices for our iot and I wanted some vlan. The old one is being repurposed at someone else's house
Cool, so what brand is a good one to replace D-Link with?
Tplink is widely supported by openwrt
Mikrotik and Ubiquity
I have a fourth generation I7 with 8gb of ram running pfsense. Its free and you can't beat it for baked in capabilities. I run pfblocker ng and snort to block ads maleware and useless(to me) telemety that my non linux machines send in regularly. Microsoft, Amazon and others. I also have wiregurad for vpn access to my home. You can also install the ntopng package and get really good realtime information on what is going on on your network. For years I used open wrt but the two don't really compare. If you had to compare, openwrt is like a geo metro and pfsense is like a sports car.
I moved to an OPNsense router a couple of years ago and I’ve never looked back. Hell is shitty consumer routers.
This is the way.
Do you have any recommendations on OPNSense routers?
Oh man, it’s a nightmare and I just happened to be lucky. I ended up buying one of those passively cooled router-esque N100 boxes out of China (AliExpress) and while it was a total punt it turned out to be a great experience, and their customer service was actually good too.
Kingdel was the make/vendor and it’s been rock solid.
No mercy from Low Level.
I watched and enjoyed that one yesterday, and he's bang on the money. People here are saying "well it's EoL" but that means it's got all the way through development and its full lifetime with such a prominent set of bugs.
I don't think I'll be buying D-Link if that's what supported means.
Commodity hardware & open source software for the win.
When my Western Digital NAS was never going to get critical security patches, I was so freaking glad to find out that they just used software raid... I threw the HDDs in a Debian server and never looked back.
It's certainly nice to have things that are turn-key, but if you can find your way around any OS, just avoid proprietary everything.
Why do they say they’re prohibited to provide support? That a bad translation?
Is DDWRT still a thing?
OpenWRT is. Not sure if it's supported on that hardware tho.
a new non dlink router. Since the should be named f-link for a number of reasons.
A bunch of juvenile D-Linkuents. Get it? D-Link? Nevermind....
Same website (granted, different author, but), same inflammatory language, same vendor, referencing previous erroneous article...I'm not even gonna read this one. Just going to copy/paste my previous response from the previous post:
At a certain point it's the consumer's (and blog writer's) fault, and that's after EoL. Not patching a supported one and just getting rid of support, saying buy a newer one? Yeah, that's bad.
Continuing to not support an EoL model that you already don't support due to EoL (or even dropping support for an EoL model that no one expected you to support in the first place due to EoL)? Non-issue.
Perfect time for users to buy something that isn't D-Link then innit.
The article also mentions Cisco briefly, who also suck. Almost as much as Palo Alto
Instead of trusting DLink with an off the shelf NAS, it might be easier to build your own with a Raspberry Pi running openmediavault hooked up to a couple of USB hard drives. It's worked well for me for over 6 years now with no issue and could cost way less.
“Easier“, no. Not for the average person on the street.
Don't get me wrong, I've built several NAS over the years (dropped OMV for just Arch and the packages I want) and loaded OpenWRT (etc) on routers
But, building my own NAS, servicing my own car, repairing my own house, felling my own trees, at some point I'll just lack knowledge and buy something simple / pay someone to do it... and that's where cheap consumer electronics fits (unfortunately)
Except a lot of it doesn't fit because tons of it is predatory trash sold as functional when one or two things can go wrong and ruin everything.
It's hard to expect the layman to need something technical, not know enough technically to do it themselves, but have enough surface knowledge to not get ripped off. It's like threading a needle of the perfect level of wisdom.
Like I'd wager the common every dude would look for a connected hard drive, maybe Western Digital because of the market saturation, but there's just so much garbage online that half works.
Then there's interconnectivity issues, software not being available cross-platform after already spending hundreds on hardware, Apple problems.
The average user is just set and ready to be ripped off at like, all angles.
I built my own with an old PC, and it's pretty easy. You can install TruNAS or OMV if you want, but I ended up just installing my distro of choice (OpenSUSE Leap in this case), set up BTRFS on my NAS drives in something similar to RAID 1, and set up a few services (Samba, Jellyfin, etc). TruNAS or OMV will make that initial setup a lot easier, so do that if you're not confident.
The Raspberry Pi is not nearly fast enough for what I want it for, and I had an old PC laying around, so I figured I might as well reuse what I have. I started w/ a Phenom II x4 from 15 years ago, and recently upgraded to my Ryzen 1700. I plan to upgrade my NAS hardware whenever I upgrade my gaming PC to keep things recent-ish. Total power draw is somewhere around 50W, so a fair bit more than a Raspberry Pi, but only like 2x more due to the drive overhead (I use NAS-grade HDDs).
I hate to say it, but depending on manufacturers for this kind of stuff will always inevitably lead to these kinds of situations. This is why I always buy OpenWrt compatible routers and DIY my own NAS.
Over the years, I've experienced:
After that I basically said, fuck it, I'll DIY my own and have been much happier ever since. If you have the know-how and the time, DIY is the way to go for longevity.
I think it's easy to blame a company for how they are handling this, but at the same time, if you're using a router that old you should probably already assume that it has vulnerabilities that haven't and probably won't be patched.