I don’t think the commenter was criticizing Linux. Seemed more a comment on the manufacturers who lazily slap these products together with minimal effort. Taking a free OS, sprinkling a thin layer of their software on top, and then abandoning their responsibility to maintain the full software stack being a common example of that minimal effort.
So, yes, essentially you end up with a bunch of devices running vendor-specific unmaintained Linux distros on the wide open Internet. The “unmaintained” part of that sentence is the problem, not the “Linux” part.
I agree, but it also makes me consider what the role of software engineering (as a discipline) is in this disaster.
Shouldn't we design systems that are hard to break by default? Shouldn't the OS assume that terrible things are going to happen anyway, and provide protection from bad faith actors in case the OS is indeed left unpatched for 10 years while being fully exposed to the internet? Is it even possible to design a system that provides this level of security so that we can get away with near-zero additional security expertise from product designers who build on top of it?
I think that, first of all, it's Western Digital's responsibility that things went south here. But shouldn't we build systems that provide bomb-proof security for the many companies that build on top of it? Is it even possible? And if so, how? In the end we would be doing ourselves (as consumers) a favor.
> Is it even possible to design a system that provides this level of security so that we can get away with near-zero additional security expertise from product designers who build on top of it?
I highly doubt it, at least not with 100% certainty. We build bridges to last and to stand weather. These are enormous constructions with large safety margins, teams designated just for security (against weather, earthquakes etc) with peoples lives on the line. Yet, we need to inspect them on the regular to make sure no assumption broke, no safety system was triggered and nothing unexpected happened.
If we can't make this work at this scale, I have no hopes that software for comparatively cheap consumer devices manages to achieve this.
You're correct that this would be very nice to have.
However this is a problem the industry has been struggling with for decades. It's simply not easy (and maybe not even possible) to achieve what you claimed "should" happen. Nobody knows how to produce bug-free software at scale.
I know. I'm just pondering if it's possible to come up with a design that guarantees a secure system even if you assume that all of your protective layers will have security holes in them that you will not be able to patch. Does or can such an architecture exist?
Current mainline Linux still has support for the powerpc SoC in those drives. It may take a week for someone to prepare alternative firmware for the device, that is modern, uptodate and safer. U-Boot dropped the support in 2017.
So if anyone wants to support their 11 year old drive they can do so.
So, yes, essentially you end up with a bunch of devices running vendor-specific unmaintained Linux distros on the wide open Internet. The “unmaintained” part of that sentence is the problem, not the “Linux” part.