the cloud was a mistake • Aaron Parecki

Internet of Shit https://twitter.com/internetofshit • Jun 25
love buying external hard drives to put my stuff on and having them randomly wiped over the internet https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-devices-prompts-warning-from-western-digital/

the cloud was a mistake

Portland, Oregon • 80°F

Thu, Jun 24, 2021 10:02pm -07:00

23 likes 1 repost 13 replies
- Tomasz Wegrzanowski
Have you written a response to this? Let me know the URL:
- rankest choice voter twitter.com/karabaic
  
  And we can see from the CVE report that it wasn’t a vulnerability in the cloud service at all, but in the drive itself. If you know the IP of the drive, you can wipe it. No firewall? An argument for open sourcing EOL’d copyrighted software, not against the cloud.
  
  Fri, Jun 25, 2021 3:49pm +00:00 (via brid.gy)
- rankest choice voter twitter.com/karabaic
  
  All good points. There’s no evidence that this was a failure of that sort, though. My point stands: it’s unrealistic to expect the vendor-provided cloud service for a product to work 6 years after EOL date. REMOVE THE ETHERNET CABLE. The disk working 5+ years is heroic, too.
  
  Fri, Jun 25, 2021 2:16pm +00:00 (via brid.gy)
- Are you gonna eat that? twitter.com/CoyoteDen
  
  This is just a NAS. One with a great big hole that lets you factory reset it from the internet if it is exposed. Now, if you were syncing it to some cloud service and got hit, your data there would be safe because the wipe also kills sync.
  
  Fri, Jun 25, 2021 1:49pm +00:00 (via brid.gy)
- Shane twitter.com/techtvrocks
  
  Off shore programmers are cheaper and project managers don't care as long as it "works". Its 100% on ed for not checking their shit
  
  Fri, Jun 25, 2021 1:06pm +00:00 (via brid.gy)
- RealGene☣️ twitter.com/RealGene
  
  The data is stored on the device. WD provides a cloud-hosted control panel that allows you to access your local files remotely via a web browser. It appears someone figured out how to bypass authentication, & will use these for botnets or mining.
  
  Fri, Jun 25, 2021 10:53am +00:00 (via brid.gy)
- Torgie, +2💉, but still 6+ feet away twitter.com/torgie
  
  DUDE. The fallback behavior for any "cloud-enhanced" hard drive should obviously be: "a normal hard drive". If the network connection is down? Be a hard drive. If the API calls fail? Be a hard drive. If every single cloud enhancement fails catastrophically? Be a hard drive.
  
  Fri, Jun 25, 2021 8:41am +00:00 (via brid.gy)
- Torgie, +2💉, but still 6+ feet away twitter.com/torgie
  
  I'd accept this argument for something purely software, like an API. Hey, the API is old, it's not maintained, things break. 6 years is a long time. For a physical device? For hardware? No. That device should perform, as expected, for as long as the components can operate.
  
  Fri, Jun 25, 2021 8:35am +00:00 (via brid.gy)
- Torgie, +2💉, but still 6+ feet away twitter.com/torgie
  
  I'm just totally baffled how a downstream, effectively read-only service could get so incredibly fucked. WD is giant... there had to have been dozens of engineers who interacted with this system. None of them caught a "synchronization is going in the wrong direction" error??
  
  Fri, Jun 25, 2021 8:29am +00:00 (via brid.gy)
- Torgie, +2💉, but still 6+ feet away twitter.com/torgie
  
  I'm confused... what does the device do if the data is stored in the cloud? Or - is the premise that the data is stored on the drive & backed up in the cloud... but then the cloud became authoritative & corrupted at the same time, and synced "emptiness" back to the drives?
  
  Fri, Jun 25, 2021 8:26am +00:00 (via brid.gy)
- rankest choice voter twitter.com/karabaic
  
  Did the users have it plugged into ethernet? I would not have any expectation of that interface working reliably at all, especially if it calls out to cloud infra that is not being maintained via some sort of fee…
  
  Fri, Jun 25, 2021 6:02am +00:00 (via brid.gy)
- Aaron Parecki twitter.com/aaronpk
  
  The hardware "not working" is very different from the hardware still having an active connection to the cloud that can be exploited to wipe the drive. If it "didn't work" I'd expect it to be effectively offline.
  
  Fri, Jun 25, 2021 5:56am +00:00 (via brid.gy)
- rankest choice voter twitter.com/karabaic
  
  It’s a drive discontinued 6 years ago, and users expect the cloud-based infrastructure to still work? I think it’s 6 years past the time to use it as anything but a dumb usb drive …
  
  Fri, Jun 25, 2021 5:53am +00:00 (via brid.gy)
- Randall Degges twitter.com/rdegges
  
  Such a sad story :(
  
  Fri, Jun 25, 2021 5:46am +00:00 (via brid.gy)

Posted in /replies using indigenous.abode.pub/ios