| ▲ | myself248 4 days ago |
| > If you have an EOL device, it may not be necessary to throw it away, but you should consider the risks of continuing to use it. For consumers, this necessitates careful consideration not just of a device’s features but its entire security lifecycle, including manufacturer support commitments and community firmware options. Which I read as "Don't buy it in the first place, if it's not already supported by OpenWRT." Simple enough. |
|
| ▲ | sidewndr46 4 days ago | parent | next [-] |
| I find the EOL aspect of this discussion out of place. These devices shipped like this. They didn't gain these vulnerabilities due to aging or something like that. You can have a device that is 100% supported by everyone from the chip vendor, board assembler, and an OEM that is still trivially vulnerable. |
| |
| ▲ | Hilift 4 days ago | parent | next [-] | | It's probably relevant due to companies usually dump EOL hardware, and some of it gets a new life in a non-business environment. But if it needs a firmware update for a security vulnerability you're out of luck. There is legitimate commercial market for used EOL hardware as parts for people that keep old hardware a bit longer, but that's probably short term until it can be replaced. | | |
| ▲ | bee_rider 4 days ago | parent | next [-] | | There really ought to be an “open source your drivers or offer a refund” law for companies that want to EOL devices. It isn’t the 90’s anymore, hardware innovation has really slowed, a chip could be good for decades. | |
| ▲ | Zigurd 4 days ago | parent | prev | next [-] | | I bought a TV on deep discount. The Android TV OS was already trailing-edge and soon went unsupported. Being just a little paranoid, I monitored the network for continued activity after I removed the network configuration from the built-in software, which I replaced with an external device that's fully supported. I doubt many of the other customers for this cheap TV are as vigilant. | |
| ▲ | sidewndr46 4 days ago | parent | prev [-] | | But no one should be buying or using these devices when they are brand new. Why would I care about them when used? |
| |
| ▲ | nickpsecurity 4 days ago | parent | prev | next [-] | | The differences are vulnerability disclosure, vulnerability class, and patch availability. The device is most-vulnerable between the moment common hackers know how to exploit it and when a patch (or mitigation) for that vulnerability is applied. Older hardware has had longer for vulnerabilities to be found. Some might not mitigate new classes of vulnerabilities. The EOL hardware will not receive patches for any vulnerabilities. So, they're at higher risk of attack. From there, the attack will be either malicious input to that machine over the network or a file that embeds an attack. Many problems can be mitigated by running secure software, esp for input validation, on that hardware. One might also use them offline or on trusted networks with software that's hand-chosen for them. (That's what I do.) | |
| ▲ | swinglock 4 days ago | parent | prev | next [-] | | My thought too. They are not insecure because they won't be patched, they are just insecure. Even if patched, what's to say there are not 99 other vulnerabilities lurking, even in their supported products? | | |
| ▲ | sidewndr46 4 days ago | parent [-] | | I seem to remember at least one case where a manufacturer attempted to patch an issue like this and managed to actually introduce another one in its place. |
| |
| ▲ | yjftsjthsd-h 4 days ago | parent | prev [-] | | If it's supported, then as soon as somebody finds a vulnerability (and notifies the vendor) it should get fixed. | | |
| ▲ | sidewndr46 4 days ago | parent | next [-] | | Why would I care if I have already been compromised? It's like I was murdered and the prosecutor leaves a "got em!" note on my grave after a conviction. I don't think I'm going to care very much. | | |
| ▲ | kej 4 days ago | parent [-] | | It would matter quite a bit to the next person on the murderer's hit list, just like it matters to people whose devices haven't been compromised yet. |
| |
| ▲ | tonyhart7 4 days ago | parent | prev [-] | | or they sell them to blackmarket as 0 day exploit |
|
|
|
| ▲ | ge96 4 days ago | parent | prev | next [-] |
| I'm wondering if not upgrading from Win 10 to Win 11 will be considered EOL I have a powerful gaming desktop but says not eligible to upgrade to win 11 |
| |
| ▲ | mbs159 4 days ago | parent | next [-] | | You can upgrade to Windows 11 LTSC Enterprise IoT - it has leaner hardware requirements, but also less bloatware | | | |
| ▲ | gnopgnip 4 days ago | parent | prev [-] | | After Oct 14, yes. You won't receive security patches | | |
| ▲ | ge96 4 days ago | parent [-] | | sucks gotta dump the box, excuse to get an SFF I guess | | |
| ▲ | gnopgnip 3 days ago | parent | next [-] | | 10th gen intel should be compatible with windows 11. Might need to change a bios setting | |
| ▲ | yjftsjthsd-h 3 days ago | parent | prev | next [-] | | Make sure to dump via eBay or such so us Linux users can take advantage of the cheap hardware:) | | |
| ▲ | ge96 3 days ago | parent [-] | | Yeah idk, I need a windows computer, I do use all 3 to develop on but yeah I'm not a PC builder myself, nice to see the designs people come up with | | |
| ▲ | yjftsjthsd-h 3 days ago | parent [-] | | That's my point: You might need Windows, but some of us don't have that problem and would like to take that hardware off your hands. |
|
| |
| ▲ | 01HNNWZ0MV43FF 3 days ago | parent | prev [-] | | It's only really the CPU and motherboard that need updating, right? Uh I mean if you're gonna throw a big GPU in the trash I'll haul it away for only ten bucks... | | |
| ▲ | ge96 3 days ago | parent [-] | | I thought it was some TPM thing My rig is not that impressive, i9 with 4070 what sucks is the ram is locked for some reason at 2400mhz even if I buy ram that is faster than that so idk. I swear it that was the specific cpu (10th gen) I did go through a bunch of steps checking trying to get it to work, stuff in bios enabling settings | | |
| ▲ | 01HNNWZ0MV43FF 3 days ago | parent [-] | | I think the TPM lives in the mobo somewhere. Might as well reuse the HDD, SSD, GPU, PSU, and chassis | | |
| ▲ | ge96 3 days ago | parent [-] | | Good point, find same size/socket You can have my Windows 10 from my cold dead hands ha |
|
|
|
|
|
|
|
| ▲ | iszomer 4 days ago | parent | prev [-] |
| This was my baseline 20 or so years ago starting from the WRT54G. Now, it's just a bullet point in the miscellaneous section of my cv. |
