Slashdot Mirror

← Back to Stories (view on slashdot.org)

'I'm Admin. You're Admin. Everyone is Admin.' Remote Access Bug Turns Western Digital My Cloud Into Everyone's Cloud (theregister.co.uk)

Posted by msmash on from the Very-Digital-Inc dept.

Researchers at infosec shop Securify revealed this week a vulnerability, designated CVE-2018-17153, which allows an unauthenticated attacker with network access to the device to bypass password checks and login with admin privileges. From a report:This would, in turn, give the attacker full control over the NAS device, including the ability to view and copy all stored data as well as overwrite and erase contents. If the box is accessible from the public internet, it could be remotely pwned, it appears. Alternatively, malware on a PC on the local network could search for and find a vulnerable My Cloud machine, and compromise it. According to Securify, the flaw itself lies in the way My Cloud creates admin sessions that are attached to an IP address. When an attacker sends a command to the device's web interface, as an HTTP CGI request, they can also include the cookie username=admin -- which unlocks admin access. Thus if properly constructed, the request would establish an admin login session to the device without ever asking for a password. In other words, just tell it you're the admin user in the cookie, and you're in. The researcher told TechCrunch that he reported the vulnerability to Western Digital last year, but the company "stopped responding."

74 comments

  1. Jagger Put It Best by alvinrod · · Score: 1, Offtopic

    "Hey, you, get off of my cloud."

    1. Re:Jagger Put It Best by Anonymous Coward · · Score: 0

      Hey, McCloud! Get off of my ewe!

    2. Re:Jagger Put It Best by Gravis+Zero · · Score: 0

      "Hey, you, get off of my cloud."

      When I was your age, kids got yelled at for being on lawns and that's the way we liked it! Now I gotta yell at kids on clouds? I don't like it!

      --
      Anons need not reply. Questions end with a question mark.
    3. Re:Jagger Put It Best by knorthern+knight · · Score: 1

      >> "Hey, you, get off of my cloud."

      > When I was your age, kids got yelled at for being on lawns and that's
      > the way we liked it! Now I gotta yell at kids on clouds? I don't like it!

      I think you missed the reference. This is about the Rolling Stones song https://www.youtube.com/watch?...

      --

      I'm not repeating myself
      I'm an X window user; I'm an ex-Windows user
  2. by design by zlives · · Score: 1

    this is a feature not a bug, quit bugging us
    WD bug Support Team

    1. Re:by design by Anonymous Coward · · Score: 0

      PROTIP: Do not buy consumer grade product.

  3. Ask! A! Ad! Min! by Anonymous Coward · · Score: 0

    Well I am Admin, you are Admin, she is Ad-min too! I am Admin, he is Admin, ooont I believe that you are Admin too!

  4. I have one of these by wierd_w · · Score: 5, Informative

    First up--

    There are at least 3 kinds of MyCloud out there, not counting the multi-bay devices, which are probably likewise vunerable-- stay with me.

    First are the two generations of mycloud "personal cloud" devices. The last is the "Mycloud Home" device, which is more of a personal media server than an actual NAS. Of the first two, the generation 1 is possibly fixable by the end user easily. It uses a REAL root file system on persistent storage, meaning you can go in and make changes to the web UI and pals if you want to. The second generation, however, is a real bitch. I will wax philosophical on this latter model, as the multi-bay devices (EX2, EX2 ultra, and pals) are likewise afflicted, and based on the same codebase. In fact, you can poke at a system identification value, and enable features on the single bay units that are selling points on the more expensive dual bay versions, because they run the exact same software.

    The gen 2 MyCloud uses an initial ramdisk backed root file system, into which a cramfs container is mounted by the init script. The web UI and pals are hosted by this cramfs container, so unless you want to bake a brand new container to fix the CVE, you are boned.

    Also, the single bay mycloud units are now End of Life, as WD is no longer making them. They have switched whole hog to the MyCloud Home device, which is not a NAS appliance at all.

    Now, why I really dont give a flying rat's ass about the CVE:

    The MyCloud units DO NOT perform any signature checking against the kernel and ramdisk that the bootloader starts.

    SO-- You can TOTALLY replace that epic clusterfuck WD put on it, and replace it with a completely sane and sanitary minimalist debian installation, which lacks a web GUI to attack in the first place.

    Gen2 (and similar units) use uBoot. There are lots of good tools for making uBoot images and ramdisks. This system is easily made full-custom.

    1. Re: I have one of these by Anonymous Coward · · Score: 0

      The only sane alternative is to not purchase one of these pieces of shit and to stand up your own file server.

    2. Re: I have one of these by Anonymous Coward · · Score: 0

      Open Media Vault! Runs on any old hardware, just slam in a pile of large disk drives and voilà! Instant NAS.

    3. Re:I have one of these by bobstreo · · Score: 2

      Or you could just shut off http services on the device. I don't think I've done anything but ssh into mine for like 4 years.

    4. Re: I have one of these by viperidaenz · · Score: 1

      Open Media Vault can be put on these NAS devices too.

    5. Re:I have one of these by wierd_w · · Score: 5, Informative

      Not really.

      The hardware is:

      1) Small. It fits neatly on a shelf, and is about the same size as a book.
      2) Very low power (electricity wise). It uses 12v @2A. Wooo. Such consumption.
      3) Not that weak really. It has a dual core Armv7 SoC running at ~1ghz, with 512mb of RAM, a SATA controller, a gigabit ethernet controller, and a USB3 controller.
      4) Not that expensive. Especially now that it is an end of life clearance item.

      It makes a pretty decent minecraft server, for instance. It would also make a good collection point for video surveillance systems using IP cameras (with backup to a better remote host at regular intervals).

      When planning *ANY* purchase, you should know exactly what you are getting, and why you are getting it. The advertised "persona cloud" functionality is *JUST* openvpn, being wrapped by WD's server front endpoints. (The MyCloud opens a stateful connection from inside your NAT firewall to the WD server farm, which then presents an accessable entrypoint to other users.) It is TOTALLY just a gimmick.

    6. Re:I have one of these by ColaMan · · Score: 1

      The web UI and pals are hosted by this cramfs container, so unless you want to bake a brand new container to fix the CVE, you are boned.

      It's not that hard - especially if you're already know how to tinker with the web UI. Lift container off device, expand filesystem to a directory tree, do mods to tree, compact again. A few extra lines to type while doing your changes.

      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
    7. Re:I have one of these by Anonymous Coward · · Score: 0

      Yeah, sounds liked a waste of money. Worse than that, it's a waste of time. Much better to purchase a NAS that's actually good.

      But I found your first post interesting enough, so thanks.

    8. Re:I have one of these by Anonymous Coward · · Score: 1

      "you should know exactly what you are getting,"

      Except that there's actually no realistic way to do this. For most devices the implementation is completely opaque and it's only because you 'suspect' it's just a Linux distro that you can make these assertions. You might be able to look at all the other people being pwned and act after the fact but there's no way to know in advance if the thing you're buying even fits the definition of "secure".

      Hindsight is 20/20. It's easy to say someone should have known better after you learn the truth.

    9. Re:I have one of these by Anonymous Coward · · Score: 0

      Would the WD "Mybook live" series of devices be part of these generations? It runs on Debian Lenny afaik.

    10. Re: I have one of these by Cederic · · Score: 1

      I don't have one of these devices, but do own something comparable.

      It cost less than buying the component parts to build my own, came pre-built, pre-configured, with a warranty and designed to operate at low cost for years. It's also a fully functional linux server to which I have root access via SSH (and have disabled root login via SSH).

      The sane alternative is to buy one and use it, but for those that want to tinker buy one anyway then wipe it and install your own OS of choice for use as a file server on the perfectly capable hardware.

    11. Re:I have one of these by Cederic · · Score: 1

      Ah, that's why you let somebody else buy one first, and read their description of it.

      Unless you want something on the day of release, sites like https://www.snbforums.com/ will almost certainly give you enough information to understand what you're buying.

    12. Re:I have one of these by Anonymous Coward · · Score: 0, Interesting

      It's bitztream the autism-hating, custom EpiPen-hating, Musk-hating, Qualcomm-hating, Firefox tabs-hating, Slashdot editors-hating Slashdot troll!

  5. README.TXT by devslash0 · · Score: 5, Insightful

    Hey. Your friendly neighbour hacker here. I've noticed that you have terrible taste when it comes to porn so I've uploaded a few gig of some good stuff to your drive. You're welcome.

    1. Re:README.TXT by G00F · · Score: 1

      Good start, don't forget to leave a autorun.inf with something along the lines of
      [autorun]
      shell\readme\command=notepad README.TXT

      Or rather, point them to an html page.

      --
      The spirit of resistance to government is so valuable on certain occasions that I wish it to be always kept alive
  6. Don't put it on a network... by VeryFluffyBunny · · Score: 1

    ...if it's too important to risk being ransom-wared, doxed, or generally abused in some way. If you must share files on a network with colleagues/friends/family, do it properly with a server, appropriate software, and hardened security.

    --
    Debate is a form of harassment. Do not question my truth.
    1. Re: Don't put it on a network... by Zero__Kelvin · · Score: 2

      If your computer can access it then it is "on the network", so unless you plan on disconnecting your computer NIC, connecting the cable to the NAS, accessing your data, unplugging the NAS, clearing your cache and rebooting your system, then reconnecting your NIC every time, you are not following your own advice. Nice try at sounding like you are a security expert, but you made it pretty clear that you don't understand how networks work.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    2. Re: Don't put it on a network... by Snotnose · · Score: 1

      I've been on /. for 15-20 years years now and I still don't understand how moderation works, nor how to moderate. That said, I would mod parent "computer can access it then it is "on the network"," way up.

      I have a small home network, main items being my WD NAS (which I now learn is insecure due to stupidity), my Plex box that plays media off that WD NAS, a printer, and, surprise! My laptop, which is where I control everything from.

      As time marches on I am less and less inclined to manually format my posts via point left br point right. It's fucking stupid.

    3. Re: Don't put it on a network... by VeryFluffyBunny · · Score: 1

      Do you mean that the USB drive that periodically use to back-up my laptop is "on the network"? -- I find your definition overly broad and unhelpful.

      --
      Debate is a form of harassment. Do not question my truth.
    4. Re: Don't put it on a network... by Zero__Kelvin · · Score: 1

      If your computer is connected to the internet then when you have your USB drive plugged in and mounted it is on the network. No need for quotation marks, nor is it "my definition". If your computer has not been compromised then neither has the data on your drive, but if it has then your data on the FLASH drive is compromised as well, because when your computer is on the network, then so is any device to which it has access. This is actually the definition of networking.
      The OP likely meant "Don't open port 80" on the WD device, but ... not understanding networking ... called blocking port 80 "not on the network", or alternatively believed that if there wasn't a direct connection from the WD NAS NIC to his router or gateway, that it was somehow not "on the internet."
      I'm glad to help anyone learn, but try to avoid the snark. I assure you I know exactly what terms mean, how networking works, and what it means to be on the network. No air gap == on the network.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  7. This isn't the first time by MobyDisk · · Score: 1

    The last time they were told of a trivial exploit like this they ignored it for 6 months.
    Clearly Western Digital doesn't care whatsoever about security. (That vulnerability is also mentioned at the end of the article.)

    1. Re:This isn't the first time by wierd_w · · Score: 3, Informative

      Indeed. This CVE has been known about, and known by WD for at least 2 firmware updates.

      WD seems staunchly unwilling to fix it. For whatever reason.

      Personally I find the software that runs on the MyCloud units to be... Sub-par on a wide assortment of levels, and have gone full custom debian some time ago. The device is MUCH more responsive without running ufraw-batch all the fucking time, and without a huge chunk of memory getting gobbled up by the ramdisk or WD's proprietary indexing daemon.

      I also get the benefits of a much more modern kernel (really, these things run a 3.x kernel! Blech!) with zram support (so the disk can actually go to fucking sleep, and not wake up when there is a paging operation).

      Sure, it requires you to know how to manage a linux server--- but the benefits! :P

      The Gen2's hardware is really not that bad for something the size of a small book, and which uses very little electricity. It can do a surprising number of tasks.

      (~1ghz dual core ARMv7 processor, 512mb RAM, gigabit wired ethernet, USB2 port-- for those interested)

    2. Re:This isn't the first time by Anonymous Coward · · Score: 0

      Indeed. This CVE has been known about, and known by WD for at least 2 firmware updates.

      WD seems staunchly unwilling to fix it. For whatever reason.

      Pretty sure it has even been on slashdot before

    3. Re:This isn't the first time by thegreatbob · · Score: 1

      Can't find anything directly relevant on Slashdot, but here is an example from over a year ago:
      https://www.securify.nl/advisory/SFY20170102/authentication_bypass_vulnerability_in_western_digital_my_cloud.html

      They do claim that it was fixed via a firmware update, so I can't help but wonder if this is just a sloppy regression.

      --
      There is no XUL, only WebExtensions...
    4. Re:This isn't the first time by thegreatbob · · Score: 1

      They did have a hard-coded back door that made it onto /. though.

      --
      There is no XUL, only WebExtensions...
    5. Re: This isn't the first time by Anonymous Coward · · Score: 0

      The EX family run 3.10 kernel, but the PR family run 4.4. The EX are eol so they will never be updated.

  8. Jebus HB Crickey! I find the magnitude ... by Qbertino · · Score: 4, Insightful

    ... large scale n00bie-style f*ckups by professional companies in the data-security field absolutely bedazzling. Isn't something of this type gross neglect or something and can't they be sued into next wednesday for it?

    This is un-fucking-believable.

    --
    We suffer more in our imagination than in reality. - Seneca
    1. Re:Jebus HB Crickey! I find the magnitude ... by Anonymous Coward · · Score: 0

      Those are too-big-to-fail corporations now. Seagate and WD have split the market with Toshiba being in so much financial trouble they will probably sell their HDD business soon.

    2. Re: Jebus HB Crickey! I find the magnitude ... by Zero__Kelvin · · Score: 0

      It's only surprising if you are new to the computer industry. Most of us already know how appalling it is that Windows is still a thing for example. The instances of grand scale incompetence causing this kind of issue where there is no accountability are so many I have to wonder if this is your first day on Slashdot?

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    3. Re:Jebus HB Crickey! I find the magnitude ... by Anonymous Coward · · Score: 0

      One reason is that writing embedded software like this used to have a much higher skill bar. But after the hardware performance/cost ratio went into the stratosphere, suddenly it became an option to just stick embedded Linux on the device and outsource development of the "easy" parts to the lowest bidder.

      Plus these are consumer devices. The manufacturer knows damn well that the intended customers can't recognize software quality, wouldn't pay for it even if they could, and are probably already hacked to begin with.

    4. Re:Jebus HB Crickey! I find the magnitude ... by Cederic · · Score: 1

      Isn't something of this type gross neglect or something

      No, and yes.

      Introducing a vulnerability of this form is merely accidental and/or inexperienced. Even the best software engineers will cock up from time to time, and no affordable review process will catch everything.

      Failing to fix it for many months afterwards is however shitty indeed.

  9. Western Digital by Anonymous Coward · · Score: 0

    Not at all surprising, to me. I had a couple Western Digital Drives years ago, two out of two failed under careful, gentle use, and I have not bought a Western Digital ANYTHING since. I do not fell like I can trust them, and this is just another example, (to me,) of why no one SHOULD.

    1. Re:Western Digital by Anonymous Coward · · Score: 1

      Cool story bro. My anecdotal history with seagate's growing bad sectors probably one-ups that but here we are.

    2. Re: Western Digital by Zero__Kelvin · · Score: 1

      I can only assume you never use Windows then, given your staunch stance on not using crap you can't trust.

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
    3. Re:Western Digital by Anonymous Coward · · Score: 0

      kewl story bra.

    4. Re:Western Digital by Anonymous Coward · · Score: 0

      Well, I have had problems with Seagate AND WD, so I'm sticking with my ultra reliable Connor, Maxtor and Fujitsu HDs for all my systems. What's that chirping/clicking noise? Must be a cricket in my computer again.

      FWIW, I've had Fujitsu SAS drives running the same (Dell) server for well over 14 years. I've only had one 'fail' on me - I was able to put it in a desktop, reset the 'fail' bit and it's worked fine ever since.

  10. Why is software so often bad on good hardware? by Anonymous Coward · · Score: 0

    It hardly matters what type of electronic device I'm looking at: The hardware usually seems fine, but the software is a shoddy mess so often that I have to ask: Why? A cookie that just tells the device that you're admin is a rookie mistake. Whoever wrote that software is a fraud. Western Digital isn't a small mom&pop shop or a fly-by-night outfit. Why are they (and so many other companies) not capable of writing acceptable quality software, but hardware does not seem to have this problem?

    1. Re:Why is software so often bad on good hardware? by Fly+Swatter · · Score: 1

      Cheap 'copy-and-paste developers' (they are coders since they were told that is where the money is). Surprise, the security division is those same developers. Marketing wants more features, and wants the product out on time regardless since the 'hardware is ready'. Lastly security is hard but those that know that aren't cheap or are retired (sometimes not voluntarily).

  11. Mandatory product recalls? by davidwr · · Score: 3, Interesting

    When will computers be subject to mandatory recalls when they have bugs that effectively prevent them from being used "as designed" or "as marketed?"

    Manufacturers would have a choice: Fix the problem or refund the purchase price.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:Mandatory product recalls? by Anonymous Coward · · Score: 0

      That won't happen until we start voting for folks that actually have an IQ of a functional adult and have no interest in personal financial gain whatsoever. Bonus points if they've ever filed their own taxes, changed their own oil in the car, and had to make real life choices such as deciding whether your kid can go to baseball practice or if you need the money for groceries.

      Our politicians live lives so far from reality that they have no concept how how their lack of decisions impact the world downstream.

  12. What was all that "one in a million" talk? by Anonymous Coward · · Score: 0

    jim carrey, penis fairy?

  13. Wouldn't it be nice... by Anonymous Coward · · Score: 0

    Wouldn't it be nice if we lived in a world where this was not a problem? Why can't we trust people to be honorable, if you can see files why are we compelled to take them and open them, knowing they do not belong to us? Humanity is perpetually doomed.

  14. Fate did me a favor by WoodburyMan · · Score: 1

    My DL4100 NAS died this past weekend. Just the controller. Array, drives, data all fine. Controller just died 3mo after warranty ended. Luckily it used a standard container for the RAID5 set, and EXT4 so I was able to hook all 4 drives up to a system and drag the data off.

    Synology DS918+ now.

  15. I have one of these ... by CaptainDork · · Score: 1

    ... and I don't allow remote access.

    I have the shares disabled, as well.

    I'm a photographer with gigabytes of photos and I store them in multiple locations, including this NAS.

    Every now and then I log in through my WiFi and enable Share to copy new stuff to it.

    Then I disable all Shares.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:I have one of these ... by Cederic · · Score: 1

      ... and I don't allow remote access.
      [..]
      Every now and then I log in through my WiFi

      So all I need to do is get you to open a perfectly innocent web page on your primary computer with a specially crafted payload that connects to your device via your wireless LAN and does the nasty (including enabling remote access, if your firewall doesn't block that).

  16. Holly said it best... by Anonymous Coward · · Score: 0

    'm Admin Dave. You're Admin Dave. Everyone is Admin Dave.'

  17. How can they hire anyone good? by Anonymous Coward · · Score: 0

    WD has had this vulnerability for a while. Thing is: how can they expect to hire ANYONE by advertising how stupid they are? This is like the most dumbass vulnerability. While you can firewall the thing, a malicious site can http-redirect you to your OWN appliance by guessing the private IP and mess with it via URL. Chalk it up to the benefits of outsourcing, I suppose.

  18. Read the TOS by Anonymous Coward · · Score: 1

    ...entirely at your own risk...WD not liable for anything...

    It goes downhill from there. Welcome to the world.

  19. It's not a bug, it's a feature... by Anonymous Coward · · Score: 0

    ... a feature we paid for.

    Signed,
                      The NSA

  20. Personal cloud devices are user laziness by Solandri · · Score: 2

    Though the manufacturing companies are pandering to the lazy users. The proper way to access a device on your LAN from the Internet is to set up your router with a VPN server. When you're away from home, you connect to your home router via the VPN. That'll give you access to your NAS, your security cameras, your media library, etc. while you're away from home.

    But users are too lazy to bother to set up a VPN server (even though many routers now come with one built-in) and manage a dynamic DNS domain name. So manufacturers pander to them by setting up each individual device to be accessible from the cloud. Usually by having the device contact a server via the manufacturer's website, which acts as a go-between for the handshaking between the cloud device when you try to access it from the Internet. That is, the device handles the VPN-like encryption and their server handles tracking your LAN's public IP address (equivalent to dynamic DNS).

    By itself this isn't any worse than using a VPN. But multiply it by a half dozen cloud devices, and the chances that every single one of those devices is secure is substantially lower than the chance that your VPN server is secure.

  21. Buy a "real" NAS... by ctilsie242 · · Score: 1

    Synology and QNAP have their issues, but one thing I am reasonably assured of with the Synology NAS models I have is decent security. It is very easy to use the onboard firewall, they have logging and reporting, onboard encryption for data (so if the drives or unit is taken, the data is protected), a backup utility to save data to an external drive, another NAS, or a cloud provider (with the option for clientside encryption.)

    On the cheap, I can buy a discontinued, new Synology 115j for $50 or so. Even this model with its slow ARM CPU can handle Samba, backups, even iSCSI if one is that insanely inclined. Of course, it is wise to buy a two drive NAS for RAID, but the cost for a low end model makes it viable to buy a discounted, external USB drive, pull the HDD out of the enclosure, and put it in the NAS, and have a lot more features, including "cloud" access, and backups.

    1. Re: Buy a "real" NAS... by Anonymous Coward · · Score: 0

      QNAPs have plenty of vulns. They just aren't low hanging fruit like setting "username=admin".

    2. Re:Buy a "real" NAS... by Anonymous Coward · · Score: 0

      And you get someones private files for free. might even be pr0n

    3. Re: Buy a "real" NAS... by Anonymous Coward · · Score: 0

      Very true. Synology is similar. However, they get fixed pretty quickly, and if one keeps packages installed to a minimum, usually the bugs won't be an issue. All NAS devices will have bugs, but at least QNAP and Synology will take the time to fix them.

    4. Re:Buy a "real" NAS... by anegg · · Score: 1

      On the cheap, I can buy a discontinued, new Synology 115j for $50 or so.

      I'm curious - where can you buy a Synology 115j (new) for $50 or so? I didn't find one in a quick Google search... I ask because I'm looking for one.

  22. So, by BitztreamNotARealNam · · Score: 1, Insightful

    How's life in the hypocrite lane?

  23. If I didn't know better... by Brett+Buck · · Score: 3, Funny

    If I didn't know better, I might come to the conclusion that storing sensitive data on someone else's hard drive, at random, was a risk and a bad idea.

    1. Re:If I didn't know better... by Anonymous Coward · · Score: 0

      If I didn't know better, I might come to the conclusion that storing sensitive data on someone else's hard drive, at random, was a risk and a bad idea.

      We're talking about people who overshare on Facebook and Instagram here. You grossly underestimate the level of stupid out there friend.

    2. Re:If I didn't know better... by Cederic · · Score: 1

      Thank you for this insight but I am a little confused: What the fuck does this have to do with the topic at hand?

  24. Western digitial is fucked in the head by Anonymous Coward · · Score: 0

    Western digital is amusing. They sabotage their own products and expect people to keep buying anyway.

    Vuln itself is inexcusable.
    Response is criminal negligence.

    We used to buy performance 2.5" (black) spinning platters from WD .. These shit things are still parking themselves to death in a matter of months while tools to stop the insanity no longer work.

    There is something seriously wrong with this company.

  25. Sex by Anonymous Coward · · Score: 0

    unF.

  26. I'm sorry by nnet · · Score: 1

    I'm sorry Dave, i can't let you do that.

  27. Given the quality of the HDDs, it's not surprising by Anonymous Coward · · Score: 0

    look at Backblaze's yearly round-up of HDDs to get an idea just how bad WD and Seagate's drives are compared to Toshiba, Hitachi, HGST etc.

  28. Re: Given the quality of the HDDs, it's not surpri by Anonymous Coward · · Score: 0

    WD owns Hitachi/HGST...

  29. Good thing... by Anonymous Coward · · Score: 0

    The web interface was so buggy and lag inducing (not just the GUI but the entire drive), that the device was all but unusable with it enabled.

    Eventually got the point that to fix the performance I just disabled apache in the startup files and SSH and manually start it up on the rare occasion that I need to change a setting.

  30. Ugh... by Anonymous Coward · · Score: 0

    > 'I'm Admin. You're Admin. Everyone is Admin.'

    Could we *please* drop this dumb meme and all its variants? It serves no purpose here, and isn't even remotely funny. And those lucky enough to not even know what it's in reference to will have no clue of its origin or what the point of its use is in this context. Especially on a site like this--unless suddenly the /. demographic has changed and now includes day-time TV viewers.