My Book Live Software For Mac
My Book Live Software For Mac --->>> https://urluso.com/2sXpEk
Today we have the 1TB My Book Live from Western Digital, a single drive NAS of sorts, but not in the traditional sense. Normally NAS appliances are a bit confusing to set up with all the advanced RAID features and software add-ons. Western Digital chose to simplify things taking their My Book chassis, throwing in a Gigabit powered Ethernet port and developing their own backup software called WD "SmartWare". Essentially this backup solution pulls all the traditional confusing clutter out of a NAS, making it simple and straight forward to use, even for the novice.
The My Book Live was delivered in a blue box with clouds in the background, depicting its "cloud" capabilities. You will find a photo of the My Book to the right, with its features listed across the bottom.
Within seconds, the software picked up the presence of our My Book on the network, and began to install. As you can see, the software will take the pain out of mapping a network drive and even gives you a desktop shortcut to the device.
As Ars Technica reports(Opens in a new window), a growing number of users are discovering that their My Book Live data has been wiped without warning(Opens in a new window). Western Digital believes malicious software is causing the drive wipes and has issued the following advisory(Opens in a new window) on its community website:
Although Western Digital stopped selling the My Book Live devices in 2015, they proved popular due to their inclusion of an Ethernet port allowing files to be accessed from anywhere. Now it seems that feature has come back to haunt the company, but it's unclear if the malicious software is targeted at Western Digital or individual owners at the moment.
One way to route around device makers and their arbitrary life-cycledecisions would be to create and maintain an alternate firmware for thedevice. It is, after all, simply a Linux system under the covers. Thereis someinformation on the WD support site about how to build and install customfirmware, but there does not seem to be an active existing project for MyBook Live. Firmware based on free software would at least be possible tofix, of course, even in the absence of a project keeping things up to date.
The moral of this story: don't use vendors who can't write good software. WD is very much among them. An unpleasant surprise for My Book Live owners Posted Jun 30, 2021 10:32 UTC (Wed) by nix (subscriber, #2304) [Link]
What quality is this almost-invisible software? (Likely terrible, though not so terrible that data loss from it is common). What about the other drive vendors? What about the much more complex firmware needed on zoned devices, particularly firmware-zoned with caches? Why is there not even a single free-software alternative to this stuff on which all our data ultimately depends? An unpleasant surprise for My Book Live owners Posted Jun 30, 2021 12:56 UTC (Wed) by pabs (subscriber, #43278) [Link]
But why? You're buying Synology because you want a complete solution. A stand-alone server would be cheaper, because you won't be paying for Synology software. An unpleasant surprise for My Book Live owners Posted Jun 30, 2021 6:29 UTC (Wed) by felixfix (subscriber, #242) [Link]
This, of course, is why NICE (or, more formally, the relevant review panel within NICE) exists: to rule out the use of medication whose cost is excessive with respect to its benefit (which is surprisingly often nil for extremely expensive medication, which is often benchmarked against placebo but not against the current best medication just so that its manufacturer can get another nice expensive patent money coiner to replace the previous one, even if it's no better).This works except when NICE's decisions run up against people who disagree loudly enough. Then you get expensive messes like (IIRC) the Cancer Drugs Fund, which was introduced by Cameron explicitly to pay for cancer medications NICE had said no to. This was completely stupid: the money that was spent on those medications could just as well have been spent to save many *more* people who just happened to have slightly different diseases. Worse, it spent well over a billion quid but collected *no* data at all on whether the money spent had any effect. (This was, naturally, intentional).Eventually, under a tsunami of criticism from senior oncologists, NHS England itself, the Public Accounts Committee, the National Audit Office and every other body you can think of whose remit was to actually *help* people or not throw money down the toilet, and after Cameron had gone so there was no longer face-saving involved, the fund was closed. It probably cost about 50,000 lives all told, through grossly misallocated resources. An unpleasant surprise for My Book Live owners Posted Jun 30, 2021 18:52 UTC (Wed) by marcH (subscriber, #57642) [Link]
What does "go out of business" even mean for a non-business? Replaced with... anarchy? Replaced by a violent revolution? Neither sounds like a remotely desirable outcome.Democracy provides a fairly good approach here: a government that destroys its reputation (while its opposition(s) have a better one) is replaced at the next election. It seems to me that we have a perfectly good analogue there, and governments "go out of business" a lot, smoothly, routinely, and are replaced by others -- usually with no or minimal disruption to services, which is crucial because *lives* depend on these services and they can't just go away when their (often) monopoly provider is replaced.Monopoly providers in the business world are more or less never replaced so neatly -- at least, not without government action to ensure it. An unpleasant surprise for My Book Live owners Posted Jul 1, 2021 23:29 UTC (Thu) by jschrod (subscriber, #1646) [Link]
More specifically, their customers wanted an HDD that was accessible over the internet. That's the main selling point of the product - "Connect this powerful drive to your wireless router for shared storage on your home network that you can access within and outside the home. Share files with PC and Mac computers, stream media to your entertainment center and access files on-the-go with secure, remote access and apps for your mobile devices" (from their Product Overview). And that's what they got (apart from the "secure" part). Even these exploits are simply accessing the device over the intentionally-public API; they're not relying on any hidden components of the software architecture that would surprise 'the WD bosses', they're just bugs in the basic features.It's certainly possible for companies to write reasonably secure IoT-like software, and sometimes that actually happens. (That seems more common when they start as software companies that branch out into hardware, than when they start as hardware companies that are used to writing little self-contained firmware and suddenly expand into writing IoT SDKs and cloud services. Some hardware companies are adjusting much better than others, though). I think the basic problem is that customers (even highly technical ones) have no way to judge whether a company is one of the good ones; plus secure software is usually less convenient for regular use cases and is more expensive to develop, so on the metrics that are easy for customers to judge the more secure products are actually worse. That means there's little pressure for the industry as a whole to improve. An unpleasant surprise for My Book Live owners Posted Jul 1, 2021 4:07 UTC (Thu) by NYKevin (subscriber, #129325) [Link]
(For anyone unaware, the Dropbox business model can be summed up as "We will make your data accessible to you anywhere in the world, in exchange for $X per gigabyte-year." It's not sold as hardware or software, it's just a service that you pay for.)Frankly, I find it hard to believe that the consumer comes out ahead in that model. It's probably cheaper per gigabyte than Dropbox, but only if the consumer has the necessary technical knowledge to take care of all of those minutiae. Otherwise, it's just a data loss event waiting to happen.Disclaimer: I work as an SRE for Google, which offers a similar service to Dropbox. I don't know exactly what the Dropbox engineers do at their datacenters, but I can pretty much guarantee that *our* data persistence beats the pants off anything the average nontechnical consumer can do with a simple device like this one. This is not a boast; it is simply the reality of consumer-grade hardware on a consumer-grade network.More generally: When you have an IoT device that is connected to the internet, if you are not paying a subscription fee for it, then IMHO you need to ask yourself whether the product has a reasonable economic model, and compare and contrast that economic model to more traditional subscription services. You may find that the product does not actually make sense. An unpleasant surprise for My Book Live owners Posted Jul 1, 2021 11:10 UTC (Thu) by excors (subscriber, #95769) [Link]
BTW the NAS could be both on local premises for speed _and_ its software maintained and updated remotely. Many homes already have plenty of devices maintained remotely, so why not storage? It could even be split in two: a "premium", resizable area backed up in the cloud for a monthly fee and the rest not for movi... Linux images that don't need backup. An unpleasant surprise for My Book Live owners Posted Jul 1, 2021 11:35 UTC (Thu) by khim (subscriber, #9252) [Link]
Maybe if your data was lost due to the issue, yes, you can claim warranty.But a software bug that you have never encountered, then I don't know.Otherwise 100% devices could be returned for this reason. An unpleasant surprise for My Book Live owners Posted Jun 30, 2021 9:09 UTC (Wed) by shiftee (subscriber, #110711) [Link]
WD posted an update explaining that the commented-out checks weren't the actual problem: ( )> We have heard concerns about the nature of this vulnerability and are sharing technical details to address these questions. We have determined that the unauthenticated factory reset vulnerability was introduced to the My Book Live in April of 2011 as part of a refactor of authentication logic in the device firmware. The refactor centralized the authentication logic into a single file, which is present on the device as includes/component_config.php and contains the authentication type required by each endpoint. In this refactor, the authentication logic in system_factory_restore.php was correctly disabled, but the appropriate authentication type of ADMIN_AUTH_LAN_ALL was not added to component_config.php, resulting in the vulnerability. The same refactor removed authentication logic from other files and correctly added the appropriate authentication type to the component_config.php file.That explanation doesn't reflect any better on their software engineering competence, though - it still sounds like a bunch of cobbled-together PHP and shell scripts with inadequate testing. And it doesn't reflect well on their decision to stop providing security updates for an internet-connected device that is specifically designed for long-term data storage, where it's obvious that people will keep using it for many years after it's been discontinued and will be seriously hurt if the device is exploited.WD also say:> For customers who have lost data as a result of these attacks, Western Digital will provide data recovery services. My Book Live users will also be offered a trade-in program to upgrade to a supported My Cloud device. Both programs will be available beginning in July, and details on how to take advantage of these programs will be made available in a separate announcement.so at least they'll be paying some cost for their mistakes.It's quite possible they've had a cultural change and started taking security a lot more seriously since 2011 when they wrote that buggy PHP code; but it's also quite possible they haven't; so I guess it'll take a lot of effort if they want to earn people's trust in their ability to securely store data. An unpleasant surprise for My Book Live owners Posted Jun 30, 2021 20:49 UTC (Wed) by Paf (subscriber, #91811) [Link] 2b1af7f3a8