pull down to refresh
119 sats \ 2 replies \ @ZezzebbulTheMysterious 3 Jan \ parent \ on: Posting Self Hosted Audio Files On Nostr? nostr
No, this is too reductionist. All software is not equivalent. You can mitigate risk by controlling exposure.
Yes, all software has vulnerabilities. Some software is worse than others. A vuln in your local printer driver is unlikely to lead to remote code execution. A vuln in the web interface you are exposing to the internet from your 10 year old NAS has a high probability of being exploited.
I am suggesting to not expose software with a track record of remote code execution vulnerabilities to the internet.
A 10 years old hardware it doesn't means is running also a 10 years old software. Your assumption is wrong and misleading.
reply
I'm not saying YOU are wrong -- I am saying that it is a risky action to expose a NAS to the internet, especially given Synologies track record and the last RCE vuln was only last month...
True about patching! However, in general Synology only supports their hardware for the warranty period (4 or 5 years). So there is a betting chance that a 10 year+ old NAS might unsupported and vulnerable. They have no clear policy here. Sometimes are patches for 5y, some are 9y.
In this particular case, It looks like Synology back-ported the fixes to DSM 6.2 (must have been a very bad vuln, as these end of life). Yes, occasionally for really bad vulns, end of life things are patched. Absolutely no guarantees tho.
DSM 6.0 is end of life 2024. DSM 7.2+ needs a 2015+ model
reply