←back to thread

The Synology End Game

(lowendbox.com)
452 points amacbride | 1 comments | 29 Aug 25 06:37 UTC | HN request time: 0s | source
Show context
tecleandor ◴[29 Aug 25 08:44 UTC] No.45061701[source]
Not only that, but their security situation is terrible. Their OS is full of EOL'ed stuff.

On products you can buy TODAY, you find:

  - Their Btrfs filesystem is a fork of a very old branch and doesn't have modern patches
  - A custom, non standard, self built, ACL system for the filesystem
  - Kernel 4.4
  - PHP 7.4 (requirement for their Hyperbackup app)
  - smbd 4.15
  - PostgreSQL 11.11
  - smbd 8.2p1
  - Redis 6.2.8
  - ...
They claim it's OK because they've backported all security fixes to their versions. I don't believe them. The (theoretical) huge effort needed for doing that would allow them to grow a way better product.

And it's not only about security, but about features (well, some are security features too). We're missing new kernel features (network hardware offload, security, wireguard...), filesystem (btrfs features, performance and error patches...), file servers (new features and compatibility, as Parallel NFS or Multichannel CIFS/SMB), and so on...

I think they got stuck on 4.4 because of their btrfs fork, and now they're too deep on their own hole.

Also, their backend is a mess. A bunch of different apps developed on different ways that mostly don't talk to each other. They sometimes overlap with each other and have very essential features that don't work and don't plan to fix. Meanwhile, they're busy releasing AI stuff features for the "Office" app.

Edit note: For myself and some business stuff, I have a bunch of TrueNAS deployments, from a small Jonsbo box for my home, to a +16 disk rack server. This was for a client that wanted to migrate from another Synology they had on loan, and I didn't want to push a server on them, as they're a bit far away from me, and I wanted it to be serviceable by anyone. I regret it.

replies(9): >>45061875 #>>45061915 #>>45061964 #>>45062039 #>>45062320 #>>45062512 #>>45067692 #>>45069567 #>>45075740 #
Shank ◴[29 Aug 25 09:11 UTC] No.45061875[source]
The encryption is also broken. If you use encrypted shared folders, you have an arbitrary filename limit (https://kb.synology.com/en-ro/DSM/tutorial/File_folder_path_...). If you use volume encryption, your encryption key is stored on the NAS itself, which is capable of decrypting the data, unless you buy a second Synology NAS (https://blog.elcomsoft.com/2023/06/volume-encryption-in-syno...) to act as a key vault. Synology claims that volume encryption protects if you if the storage drives are stolen, but in what world would the drives, and not the NAS itself, be stolen?
replies(6): >>45061890 #>>45062238 #>>45062529 #>>45066073 #>>45072856 #>>45088929 #
1. tecleandor ◴[29 Aug 25 09:13 UTC] No.45061890[source]
Ah, I forgot about that. I had to take the key out of the NAS too, to a different device. That made no sense at all. And almost all of the implementations of the key server you need cost thousands of dollars in licenses.

Edit: what they deploy on their NAS is an old version of a testing implementation of the KMIP protocol. PyKMIP: https://github.com/OpenKMIP/PyKMIP