Page 1 of 1

Becoming unhappy

Posted: Sat Jan 09, 2021 5:10 pm
by deljones
I have just upgraded my QNAP NAS to the latest firmware 4.5.1

I have owned a QNAP device for 8 years and during that time had two machine's that in whole have been very good.

However I do find myself becoming more unhappy with each upgrade as with almost each upgrade in the past 12 months QNAP remove more apps from the store.

All that we are left with is a bunch of poor QNAP apps with strange names and lots of sync apps that might be OK for "enterprise" but what about small buisness and home users?

The reasons given for these removals are

"To improve customer experience"
"Compatability issues"
"Security"
"Something about Google doing something or other"

I'm minded to move to a dedicated NEXTCLOUD box and not replace my NAS next time around.

Just saying

Dj

Re: Becoming unhappy

Posted: Sat Jan 09, 2021 9:26 pm
by spile
I understand your frustration but I see it as necessary due to the current environment and the price we have to play in order to keep our devices free from malware.
Perhaps the angst should be aimed at those that are writing disruptive code rather than the vendors?

Re: Becoming unhappy

Posted: Sat Jan 09, 2021 9:38 pm
by syncthing
which apps did they remove?
I didn't upgrade yet - is it already safe to do so? I am aware of the extra program before the ssh login already

Re: Becoming unhappy

Posted: Sun Jan 10, 2021 4:23 am
by jaysona
spile wrote:
Sat Jan 09, 2021 9:26 pm
I understand your frustration but I see it as necessary due to the current environment and the price we have to play in order to keep our devices free from malware.
Perhaps the angst should be aimed at those that are writing disruptive code rather than the vendors?
That's a pretty silly notion. Here a practical world analog:

Automobiles are equipment with keys and locks to prevent easy automobile theft. What QNAP provides is like an automobile with a key and lock where any key can can be used to unlock the locks and start the car. QNAPs response is effectively like saying you need to remove the battery and gasoline to prevent the car from being stolen.

QNAP just needs to employ secure coding and the majority (aside from very targeted) of attacks would be rendered useless.

Re: Becoming unhappy

Posted: Sun Jan 10, 2021 5:40 pm
by deljones
I understand your frustration but I see it as necessary due to the current environment and the price we have to play in order to keep our devices free from malware.
Perhaps the angst should be aimed at those that are writing disruptive code rather than the vendors?
I understand all the security issues and that the "holes need to be plugged" etc. But the answer is not to remove good quality apps from the store and replace them with what are really inferior QNAP apps.

I'm just pointing out that as time has gone on QNAP has removed good apps.

With respect your response is lazy. I do aim my frustration at the vendor if the vendor is pushing me away from apps that I used to use and trust by either removing them completely or replacing them with apps that do not come up to scratch.

Look at the readme before installing new firmware, the list of unsupported apps is large and it grows with each firmware update.

Dej

Re: Becoming unhappy

Posted: Mon Jan 11, 2021 6:03 pm
by spile
jaysona wrote:
Sun Jan 10, 2021 4:23 am
Here a practical world analog:
Automobiles are equipment with keys and locks to prevent easy automobile theft. What QNAP provides is like an automobile with a key and lock where any key can can be used to unlock the locks and start the car. QNAPs response is effectively like saying you need to remove the battery and gasoline to prevent the car from being stolen.

QNAP just needs to employ secure coding and the majority (aside from very targeted) of attacks would be rendered useless.
Meanwhile from the Ministry of Silly Analogies...

The Wireless Key Problem
Most remarkable, perhaps, is that five years after the Swiss researchers' paper on the amplification attacks, so many models of car still remain vulnerable (secure coding?) to the technique. When WIRED contacted the Alliance of Auto Manufacturers, an industry group whose members include both European and American carmakers, a spokesperson said that the group was looking into the ADAC research but declined to comment for now. The VDA, a German automakers' group, downplayed the ADAC's findings in response to an inquiry from WirtschaftsWoche, pointing to decreasing numbers of car thefts in Germany and writing that "action taken by the automobile manufacturers to improve the protection against theft were and are very effective."

None of that is particularly comforting to the many millions of drivers with wireless key fobs. In fact, vulnerabilities (ring any bells?) in these systems seem to be piling up faster than they're being fixed. Last year researchers revealed that they'd cracked the encryption used by the chipmaker Megamos (secure coding again?)in several different makes of luxury car owned by Volkswagen. And at the Defcon security conference, hacker Samy Kamkar unveiled a tiny device he calls "RollJam," which can be planted on a car to intercept and replay the "rolling codes" vehicle locking system manufacturers developed to stay ahead of earlier replay attacks.

The ADAC researchers warn that there's no easy fix for the attack they've demonstrated. Yes, car owners can use Bilton's solution and store their keys in a freezer or other "faraday cage" (why are users being inconvenienced by poor coding?) designed to block the transmission of unwanted radio signals. But ADAC researcher Thiemel warns that it's difficult to know just how much metal shielding is necessary to block all forms of the amplification attacks. Far better, he says, would be for manufacturers to build defenses into their wireless key fobs, such as timing constraints that could catch the long-range attacks. "It is the duty of the manufacturer to fix the problem," Thiemel says. "Keyless locking systems have to provide equal security [to] normal keys." Until then, plenty of cautious car owners will no doubt be keeping their own key fobs well chilled.

Ref https://www.wired.com/2016/03/study-fin ... tion-hack/

Re: Becoming unhappy

Posted: Mon Jan 11, 2021 6:11 pm
by spile
Analogies aside, I understand the frustrations that removing apps and functionality cause deljones and I am sorry if my curt response was dismissive.