- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@Sandshark wrote:But your premise in that other post, that Netgear has announced that they will not support some OS6 units and will soon do the same for others, has no basis in any actual Netgear announcement.
Every Netgear customer with an EoL-ed ReadyNAS OS 6 system, even those with not yet Eol-ed models are left in space. We have no information about how long Hardware Repair or Replacement, OS and App Updates and Maintenance, and Technical Support and Security Updates will be held up.
Very different fom what the major NAS competitors do.
We can't plan, we can't schedule migrations - we're simply left alone out here.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
ReadyNAS is dead as far as I am concerned, and has been for the past 3 years. We are coming to a cross-roads now where the Debian version, the Rn OS itself and all the apps (including the internal ones, like their version of apache) are so outdated that it makes no sense to keep using it.
Covid might have put a damper on things too but Netgear's silence with regards to the ReadyNAS line-up started long before Covid came around. It is a shame too because these units are quite good hardware wise. The decent thing from Netgear would be to allow us to totally unlock/flash to BIOS which would facilitate much easier install of whatever Linux flavour we wanted, on the box.
The future for me is likely the DIY route. I have already started to plan my move to a DYI Ubuntu server running BTRFS raids. It will give me total control, which I can't get with any vendor NAS units. As for my RN422 and RN 212 units... I don't know what I will do. Probably donate them to someone but they could serve as backup units for another year or so.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
I'm planning to use my ReadyNAS for the foreseeable future.
I'd like to see Netgear upgrade the OS, and if they do exit the business I'd like to see them open things up. But I'll continue to use my ReadyNAS whether they do that or not.
My ReadyNAS aren't exposed to the internet, and I've chosen just to use them for storage (no apps other than SMB plus). I don't see any unmanagable security issues - but I can easily switch to a different vendor (or roll my own NAS) if necessary.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
http://w.cvedetails.com/version/111987/Debian-APT-0.8.11.html that's just the operating system
Not to mention all the outdated packages
https://www.cvedetails.com/vulnerability-list.php?vendor_id=45&product_id=0&version_id=0&...
It's not even funny anymore
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@SignedAdam That's why I sold mine. What I would recommend to anyone wanting to continue using running ReadNAS hardware w/o trying to upgrade Debian, would be to use it with iSCSI only. At the end before I sold it, I was doing exactly that, with rclone/smb/plex/etc. all running on an external Linux host and I shut everything off on the storage except iSCSI. As I migrated data into iSCSI I freed space in my other volumes to grow the iSCSI side. It took a couple of days. Ultimately I ran into speed issues in the RN box that pushed to sell it.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@SignedAdam wrote:
it's definitely got vulnerabilities
I didn't deny that. I only said the risk is managable for me, since I am running the NAS on a closed network (also it is a home network).
I will say that the details matter here - most of the vulnerabilities in your lists don't apply to the current ReadyNAS software (as your lists include stuff that was fixed long ago). But we agree it would be good if they updated the OS (and related packages).
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@SignedAdam wrote:
Give us proof @StephenB
Proof of what?
- One of your links pointed to four APT CVEs. The NAS runs APT 1.2.27 - which was not listed as a vulnerable version for any of the four CVEs.
- Your other link (JSPWiki) points to a package that isn't even running on the ReadyNAS.
So while there are vulnerabilities, your links aren't relevant to the case you are trying to make. I have no idea why you grabbed the ones you did.
In any event, I am not trying to convince you (or anyone else) on what course of action you should take. I'm just saying that I intend to use my ReadyNAS for the forseeable future, no matter what Netgear chooses to do. I don't see any unmanagable security risks in doing that.
But you can do as you like.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@SignedAdam wrote:
My links above are valid, and do apply to Debian 8.11 which is the underlining operating system of readynas, Apache is also the package used for the web interface
It was the base used, you can't imply it still is bit by bit the same as it was years ago.. You would have to look into the source code making up OS 6.10.4. Your links might be valid (leaving alone Apache references applicable when running it on Windows) but not for what is implemented as of today.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
This thread is pointless. You're arguing about worthless nonsense and a dead operating system. I'm unsubscribing. Again though, if you're too challenged to just upgrade to a regular Debian release, your only option is going to be to get a different chunk of hardware. Trying to convince Netgear to roll ZFS code was good for a laugh though. Goodbye.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@SignedAdam wrote:
Apache is also the package used for the web interface.
Yes, but you confused the vendor field with the product field. Your link includes all 198 products from apache, not just the web server. The first one in the list was in fact for JSPWiki - which as I noted doesn't run on the NAS. The apache web server vulnerabilities for 2.4.25 are reported here: https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-218176/
Your first link was to Debian apt, not to Debian Linux. I clicked on the details of the 4 CVEs in that link, and none of them list the version of apt installed on the NAS. Debian Linux Vulnerabilities are listed here: https://www.cvedetails.com/version/182793/Debian-Debian-Linux-8.0.html This list includes all reported vulnerabilities - including the ones that have been fixed.
Another factor here is that Netgear does backport some security fixes - and there is no easy way to tell exactly what they backported, and what they didn't. The release notes aren't complete, and unfortunately don't always list the CVEs that were addressed. They also update the kernel regularly. For example, the 6.10.3 release notes say they updated the kernel (released last May). The kernel updates certainly address many of the CVEs in the debian list. The 6.10.4 release notes say there were security fixes (but they don't say which CVEs were addressed).
I haven't claimed that the security is perfect, only pointed out that your links weren't on-target (and they weren't). My assessment is that it safe enough for my use. The web server (like the NAS itself) can only accessed by devices under my control, so there is little risk that the attacks in the CVEs would ever be made. If my NAS were accessible over the internet, I'd be more concerned. But I don't (and won't) deploy them that way. Malware hitting my PCs is IMO a bigger threat, and I've arranged my backup plan to deal with that threat.
As far as I can tell, you'd already made up your mind about the ReadyNAS before you started your recent posts. If I felt the way you did, I'd just sell it and move on.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
Lots of vulnerabilities are still shown, it would be nice if the Netgear developers for this readynas would get them self-involved, however I understand why they might not because it's embarrassing.
Facts, The web server needs changing because Apache is very difficult to update, and could end at any point, I'm not even sure if it's still going for Debian 8.11 and the whole operating system needs moving up a few versions. And connman, the connection manager is awful. It has no UI what so ever. You can't add extra ips with conman, as the name implies it was probably a con to have it as the (connection manager)
By the way not everything can be updated https://unix.stackexchange.com/questions/404036/how-do-i-update-apache2-to-the-latest-version-on-deb...
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
Some folks here tried to update apache on their own, and ended up breaking the NAS web ui. They weren't trying to build it, just updating it using apt-get. Not sure if that would happen with 6.10.4, but it's not something I would try on my main NAS.
So you do need to be careful when updating packages on your own.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
The features offered are few and between, so it doesn't even have that going for it, I haven't sold it on because I thought Netgear was a brand I could trust and rely on for years. Just like I can rely on Asus and there great wrt based routers, or signology and what they are doing. I'm not feeling the same product support from Netgear here on the readynas brand. It's really sad and disappointing and I paid well over the odds for what this product is, a cheap put together machine with a brand name on it, admittedly at the time it was the best hardware in a nas at the time, but most of the cost was because of the brand, support. Non-existent at the moment.
Yes I could pay money for phone support, but phone support for what? An out dated machine that isn't maintained or had a overhaul in firmware and os in years.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
@SignedAdam wrote:
With out the source code Netgear use to compile Apache for ready Nas I don't even think we could, my Nas rn422 has functionality that wouldn't work with out the source code.
Without what please? There you go -> NETGEAR Open Source Code for Programmers (GPL)
There is much more involved but compiling an Apache2 binary. And yes: ConnMan s***s.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: ReadyNAS OS Dead?
It seems that it´s alive for now : https://community.netgear.com/t5/ReadyNAS-Beta/ReadyNASOS-6-10-5-Beta/td-p/2085347