North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Open Letter to D-Link about their NTP vandalism

  • From: Chris Kuethe
  • Date: Wed Apr 12 15:34:38 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WNl8UCGwew9Ts0If3+kC494/+jmS3fEDae7RU1jdTBHM6Sp7PVINLg79XYTLKrdmgur+yebsHoN41yUxCfCJc5X9tY3KGt3km6ED4PUDbAGjSo/OvCC45Y1w97YgQ/w2cPILOS5/NBgJlBIrLOHHw/851fjP/8l2WBn2yMTSJz0=
On 4/12/06, Steve Sobol <[email protected]> wrote:
> On Tue, 11 Apr 2006, Steven M. Bellovin wrote:
> > By the way, since we're talking about D-Link, it's instructive to read the
> > warnings on their firmware update pages.
> >
> >       Do NOT upgrade firmware on any D-Link product over a wireless
> >       connection. Failure of the device may result. Use only hard-wired
> >       network connections.
>
> Cisco/Linksys says the same thing.

Who here hasn't been burned at least once by changing packet filters,
routes or interface configurations over the wire/air? Or maybe getting
your userland and kernel out of sync on a *NIX machine?

It's not really that surprising that they put that in there, other
than maybe the fact that it's useful advice. And maybe it'll reduce
support costs.

Loading a new firmware is a risky operation - I don't know of too many
consumer network widgets with a reflash safety protocol to prevent you
from destroying the device with an aborted upload. Heck, that's still
a pretty rare feature in pee-cees. Sure it's easy to implement such a
thing, but that would cost money. I think this thread has done a good
job of demonstrating that those who would choose the right (and maybe
slightly more expensive up front) solution are outvoted by those who
would just take a quick, cheap and easy hack.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?