|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Open Letter to D-Link about their NTP vandalism
On Tue, 11 Apr 2006 10:28:32 -0400, "John Underhill" <[email protected]> wrote: > > It seems to me, that the only *real* solution is for these manufacturers to > implement a [responsible] strategy of automatic firmware upgrades, as it > pertains to these (simple eu type) devices. > How difficult would it be to have the router test a server periodically, > (say once a month), and in the case of a critical flaw in the software, > silently update the device? > I suspect it is cost/benefit skepticism that is keeping them from doing just > that. > It would be a disaster. My (cable modem) ISP does that to my cable modem/NAT box. A few months ago, a buggy update made the NAT part drop all connections after 30 minutes. It took me a week or so to get enough data to nail down the problem precisely. I then had the fun of trying to get through the phone droids to reach someone who understood what "NAT" or "TCP" meant. What unusual combination of features will random upgrades break? By the way, since we're talking about D-Link, it's instructive to read the warnings on their firmware update pages. Do NOT upgrade firmware on any D-Link product over a wireless connection. Failure of the device may result. Use only hard-wired network connections. This firmware is engineered for US products only. Using this firmware on a device outside of the United States will void your warranty and may render the device unusable. Other warnings I've seen include warnings that all configuration options will be reset, version incompatibilities, and the suggestion that one should connect to a UPS before doing the upgrade, just in case. (Hmm -- there's a vicious thunderstorm approaching, and the lights are flickering. And it's time for the monthly autoupgrade!) --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
|