WingNews logo WingNews
top | item 46332683

(no title)

sally_glance | 2 months ago

To me the phrasing seems objective. Making your binaries available to the public is good (though source would be better).

Replace [firmware] with [random popular GitHub repo] and nobody would blink. Replace [firmware] with [customer email address] and it would be a legal case. Differentiating here is important.

discuss

order

opello|2 months ago

I think it fails to be objective because of the repetition. It's an open S3 bucket. No need to state that no authentication was required, it's already open. It's not about economy of writing but the repetition emphasizes the point, elevating the perceived significance to the author or that the author wants the reader to take away.

Furthermore, the repeated use of every when discussing the breadth of access seems like it would easily fall into the "absolutes are absolutely wrong" way of thinking. At least without some careful auditing it seems like another narrative flourish to marvel at this treasure trove (candy store) of firmware images that has been left without adequate protection. But it seems like most here agree that such protection is without merit, so why does it warrant this emphasis? I'm only left with the possible thought that the author considered it significant.

pacifika|2 months ago

If someone DDOSes an open s3 bucket they’ll get a huge bill. If there is something in front of it, they might not.

wkat4242|2 months ago

An 'open S3 bucket' sounds really bad. If it were posted on an HTTPS site without authentication, like the firmware for most devices, it wouldn't sound so bad.

Sure an open bucket is bad, if it's stuff you weren't planning on sharing with the whole world anyway.

jacquesm|2 months ago

No, it clearly has a gloating tone to it. 'A reverse engineer's candy store' is clearly meant as a slur.

When in fact TP-Link is doing the right thing with keeping older versions available. So this risks some higher up there thinking 'fuck it, we can't win, might as well close it all off'.

evilsocket|2 months ago

I just meant that it was very convenient to have the firmware images there on S3, nothing else :D Many vendors make the process of even just obtaining a copy of the firmware much harder than that, so for once I was glad it has been much easier. Also being able to bindiff two adjacent versions of the same firmware is great ... all in all I was just expressing my happiness :D