That’s really a question for Western Digital, but technically yes… But with the vulnerabilty being as bad as it is I highly recommend everyone does it as who knows how long it will take WD to release a patched firmware
I wish WD would post ANYTHING on this matter and especially if SSH and doing this mode voids our warranties. It would be awesome if they would offically offer a fix for this instead of leaving it up to us to fix
I have submitted a ticket on this matter … we’ll see what happens.
It’s great that people can help with these fixes, even before WD can get it done. I see that they have made an official statement about this problem on the main page of the site.
I do not necessarily need remote access at this time, on my local network it is working just fine, so I have turned off remote access until they get a fix, but I’m not holding my breath that they will hurry up with a fix. After the remote access issue I had with my device for about a week or so, I don’t want to lose my warranty by fixing it myself. If there are more serious problems in the future, I want to have the ability to have it fixed with the warranty I have. Each of these issues are piling up on my decision to not purchase another WD product in the future though, unless they start reacting and fixing these problems faster in the future.
nfodiz: Quick correction recommendation: Many users won’t be using port 9444. Mine does only because I booted it after my My Book Live – otherwise it comes up on 443. :)
nfodiz: Quick correction recommendation: Many users won’t be using port 9444. Mine does only because I booted it after my My Book Live – otherwise it comes up on 443. :)
Thanks so much for the heads up on that Tony, I have updated the guide to mention testing both ports
I did the same as you and had booted my MYCLOUD after my MBL
Blah33 wrote:> What do you personally think about the situation that apt-get upgrade for the rest of the kernel has not been done by WD and is not possible for the buyer?
I think the presumption that it SHOULD work is bizarre.
apt only aids dependency resolution for things that are part of the linux distro or things installed via apt itself.
There are so many dependencies in these purpose-built embedded systems which are outside the scope of apt and dpkg dependency checking that to think ‘apt-get upgrade’ should work is silly.
While Python / Perl / PHP / Apache / etc. packages are subject to dependency checking with apt, the actual scripts that use these libraries and/or their configuration files are NOT checked for dependency.
And after all that, you have other third party packages (that are not “apted”) and custom-built binaries to worry about.
So, yeah, you go do an apt-get upgrade on a NAS and all the internal scripts or configurations that were written on the presumption of specific binary versions can (and WILL) break.
