Storage on WiFi

tldr: it’s the software. Routers are notoriously insecure.

Like the LCD TV suggestion I once gave, my info is probably out of date.

Consumer routers are notoriously insecure. Back when I used a Linksys WRT54G, I flashed it with DD-WRT (community-created firmware) because it offered better security and stability.

My brother recently got an Asus router off Craigslist. Funny enough, it came flashed with community-created firmware. In the copious release notes, this stuck out (because my brother complained that his Brother Laser Printer was no longer a member of the network):

WARNING: FEATURES NO LONGER AVAILABLE:

  • WPS/WSC (completely disabled due to the serious security hole).

Yet so many consumer routers continue to ship with glaring security holes. Not just as in “convenience features” like the one above (the one-button WiFi setup is notoriously insecure), but many unpatched security holes. It’s easy to blame it on laziness, but partly the reason is the economics of the market. The routers compete in a race to the bottom for cramming in more features at a lower price point. Do you really think the 7-antenna monstrosities really work better, or is it just a tacky “more antennas looks better - and we can artificially jack up the price” ploy?

Software engineers in Silicon Valley are already very well paid. Hardware engineers, by virtue of being more rare, and often require a lot of low-level knowledge, and are tasked with far more constraints, cost even more. As we on the forum all personally know, good firmware is very design-intensive and very time-consuming to develop, so it’s very expensive to do correctly. How would Asus do it right when they ship no less than 12 different lines of routers at the same time, across at least 3 different hardware platforms?

Now these routers tack on all these extra features: hard drive support and NAS-like features, media sharing, some hook you up to cloud services, some throw in a VPN. The list goes on and on. They can barely have routers without vulnerabilities - so how can they pile on that much more without serious exposure surface?

I trust the Time Capsule more than other consumer routers, because, well, Apple is different. They write their own firmware, write their own operating system (time and again), and are very familiar with that territory. Their ability to compete lies in having deep knowledge of those areas, and their reputation depends on strong security. Not “most features for the dollar, let’s hope nobody uncovers the vulnerabilities, and if they do, pay them hush money”.

Apple shows good judgement in intentionally omitting “features” which are broken by design, like the 6 digit codes required by that one-button WiFi setup. What a serious joke! So you won’t find a button for that. If Apple has to support it (because maybe your printer manufacturer really sucks and that’s the only way to put your printer on the network) then they hide that so it isn’t the first place you go.

They wrote their own app just to make configuring the Airport Extreme and Time Capsule easier. That app does a lot more than meets the eye. It is a non-trivial issue to detect a new Base Station, and make it a partner in your existing network.

They sweat the details when it comes to software. Well, they used to. They still get things mostly right, but back in 2014 when your Time Capsule was made - oh yeah, they got things right.

Security with consumer routers is so bad, I use an ancient Cisco router which is very slow compared to the Gigabit network that it’s on. But I don’t care because my internet connection is 25mbit anyway. The router is so old it doesn’t have the embedded Java app that the newer Cisco small business routers come with - which, no surprise, is chock full of security holes.

Security is very, very important.

1 Like

On the Time Capsule, the WAN port looks like the Wal*mart asterisk, whereas the LAN ports are <-> arrows.

In the photo, the WAN port is near the bottom, and the top 3 are LAN ports. When in Bridged mode, the software treats the WAN port as though it were a 4th LAN port, but in hardware there may be differences in speed.

First, on the security front, is most of the threat to the router going to come through the wifi part? Just wondering since, once I get back into the settings again and assuming I can turn off the wifi part, I’d only have the Time Capsule for Wifi - though the TC is connected directly to the Zyxel router.

Also, if turning off WiFi reduces the risk, I’d also mention that I live in a highrise condo. It is possible my wifi signal doesn’t travel to the ground outside (though I haven’t gone outside with a device to check for sure.

Since at some point my Time Capsule is bound to fail, what routers would you recommend? I have gigabit service from the cable company.

Also, I can’t avoid using the cable company router since I have their TV service and however they have created things, it only works with their router/modem.

Yeah, the asterisk thing is where I have it plugged in. Later I might experiment with a different port, but it sure seems to me that the speed of the hard drive is so slow when connected to the TC that a little more speed just isn’t going to matter.

Unless there is some setting I’m missing (certainly possibly since I really don’t understand the settings), it just isn’t going to work that way.

Which leaves the question about whether it can be connected to the Zytel USB instead. When I was looking at its settings before, I saw a USB section. I was surprised that there was some options about using it for media. Yet when I had the itunes drive connected to the TC, I could access the media via itunes. It was just slow as stuttering. So I’m not sure how that all works out.

For years I’ve heard people talk about a separate hard drive for a media server. Since I can’t believe anyone would be satisfied with the speeds I’ve seen, I assume they are using a completely different approach.

Maybe I should just go big - if I can figure out how to do it - and do a server? I mean, I have an 21.5 inch iMac available (2013) and even the first aluminum Macbook.

The iMac isn’t even a base unit. It has 16 gb ram, a 1 TB drive, and I’m pretty sure I bumped up the cpu and graphics too.

With 4 usb 3 ports, 2 thunderbolt (not sure what version, but it sure isn’t version 3) and a gigabit ethernet port (though not sure how I could set it where it would be easy to get a cable to it!), it should have plenty of power and all my external drives could be connected to it.

How complicated is that process?

Oh, and would I be correct that even if I use it as a server (leave screen off normally), if I ran into an emergency (Mini dies), the server could still be used as a normal computer?

The TC probably does not WiFi and routing at Gigabit speeds. My brother has 300mbit internet and noticed the Asus Router was much, much faster. His TC might be one model older than yours (his is a 2TB model).

I should back down from my paranoid stances. Try the media server option on your router. Or do some google searches on your router make and model and see if the script kiddies are laughing about how easy it is to break in. And if not, just use it as-is. You probably cannot opt for community-developed firmware because it might break some of the features provided by your cable company.

If I need to use a NAS (or cloud service) that I don’t trust, I would be fine putting movies and music onto it (I’m not concerned if those get stolen), but I would think twice before putting more sensitive documents on it (tax records and the like).

@dabigkahuna I wish I had thought of this earlier, but instead of counting the total time for a large file you can use the Disk tab in Activity Monitor to actually see what is happening for your transfer speeds. The total transfer time can hide a lot but with the monitor you can see whether it’s a steady transfer at a certain speed, whether it hiccups or pauses sometimes, whether it goes faster and slower during the activity etc.

(as always, apologies if this has been discussed already I’m not always following the entire thread)

While I’m here I’d love to plug iPulse. It’s a beautiful activity monitor I’ve been using for maybe 15 years. It shows everything about your status in a visual format all at once, rather than one thing at a time. Visually even time is a dimension as the colors expand and saturate then retreat and fade over time to show trends in activity. Once you get used to it your brain can subconsciously synthesize the information to get a feel for how your machine is doing overall and the different problem modes that come up.

You can hover over any part of the graphic to see the typical deep details about that part of the picture you would get from more traditional activity monitors. For instance this screen shot is when hovering over processes, but you can hover over network activity, disk drives, memory caching activity, etc

The product has been supported on and off over the years and is reasonably up to date.

image

1 Like

I tried plugging the Seagate into the Zyxel instead, but I can’t find it listed anyplace (when plugged into the TC, I found it under “network”. So that’s confusing.

But I ran into another problem which is making me a little leery about doing these tests. I got a message popup when I entered Time Machine about relaunching the Finder, which I did, but when I went back in, it came up again in short order.

Then I got a message about having no room for all my open apps! Never ever saw that before. And when I tried to shutdown to reboot, I got one about not having room in iCloud - but I only use a fraction of my total icloud. It asked me to optimize. Also it wouldn’t let me shutdown because BBedit wouldn’t quit (I ended up doing a force quit).

Everything is back up now and, hopefully, all is well. But it definitely makes me nervous!

I’m looking at that. It is mostly close to a straight line for both IO and Data. IO has two huge peaks but I can’t tel exactly when they happened - one might have been around the reboot time. Data had two also, but presently shows one big one, one mid-size one, and one small bump that goes down rather than up. When I click to switch from one to the other, I may see a big peak that is apparently newer. In fact, I just switched back and forth several times and now IO shows a LOT of “downward” peaks (troughs?) and so does data. No upward peaks at all.

In short, I have no idea what it all means. :slight_smile:

In any case, I think I may not be testing this particular thing again after the trouble I had a short time ago. Next thing will probably be digging more into doing a server on the iMac. But I need to figure out where to put it so Ethernet can be connected. I believe it can be done wirelessly too, but from what little I’ve read, it sounded like ethernet was recommended, at least when setting up. Maybe that isn’t true either!

I am going to have other, hopefully smaller, questions going forward. For example, on my Network, it shows my iMac too, if it is on. And I’ve seen something about screen sharing. Then there is the Time Capsule showing on my network which seems to show as disconnected. If I sign into it, it says connected, but I don’t know what that means. After all, I ran a time machine backup on it for hours without being signed in so what the heck is the difference?

Questions like those.

Time Capsule shares out one or more volumes, one of which contains your Time Machine backup data which may be collocated with other files you want shared out.

Time Machine independently stores credentials to log in to the Time Capsule (or NAS).

When you see “not connected” it means you currently do not have a File Sharing connection to the TC.

I’ve seen where, after I connect, it shows the actual backup. And I know it can create that back up even when not connected - though at present it is plugged in with ethernet.

So, if it wasn’t plugged in, would it still backup wirelessly if not “connected”?

Yes, it would be able to do the backup over WiFi, even if not connected. “Connected” means “presently accessing the share”.

This stuff just sounds odd. I mean, to me, if the time machine backup is working, I’d “accessing”.

I tried a test, disconnecting the TC (though it was still plugged in) by dragging a file from my desktop to the TC listing that says “not connected”. A window popup came up saying I had to have an administrator’s name and password. Okay, so I figure that while time machine still works, I can’t copy a file the normal way.

But then, just to make sure I could when it was connected, I tried to connect again. I click the box to connect, but nothing happens. No password box comes up like it used to. I guess I’ll have to reboot.

Time Machine only runs once an hour. So during the rest of the time, it doesn’t need to be accessing the share.

Right, but does that mean it is automatically connecting and signing in at that time? That doesn’t seem logical.

I restarted the computer and I could then click “connect” and enter the password. But when I looked back a couple minutes later, it was no longer connected. I’ve seen this before but was never sure if it was something I did - with all the moving of cables around. This is the first time I’m sure I didn’t do any of that.

I also need to see how to get the TC to show up on the left side of the finder window (like I had with the iMac), so if I want to check it, I don’t have to go through “MacMini/Network”.

Hmmm, it disconnected again! When I connected last night, it was still connected this morning as well as when I got back after being out for about 90 minutes. No idea what is going on.

As a rough idea of the level of security, just look at the publicly disclosed lists of vulnerabilities

Consumer Routers

ZyXEL Security Vulnerabilities 76
Asus Security Vulnerabilities 61
D-link 174
Linksys 69
TPLink 110

Apple Routers

Apple Airport Extreme Vulnerabilities 7
Apple Time Capsule Vulnerabilities 4

Consumer NAS
Drobo - just the 5N2 series 13

Enterprise Routers
Cisco 1841 Router 1

Community-Developed NAS Software
FreeNAS 3

I wouldn’t worry about the File Sharing “Connected” status - it’s no indicator of whether your Time Machine backup is working. Time Machine will connect when it needs to, and disconnect when done. My proxy of whether it’s working is to use the menu widget and check the last backup time.

The reason the connection thing concerns me is that it seems there should be a reason for whatever it is doing and if what happens isn’t right, that may be a sign of something messed up.

I left it connected when I left home about 90 minutes ago. Heading back now to see what it says.

Still connected. BTW, another odd thing, every time I enter the password, it asked about remembering it on the keychain, but even after I do that, the next time I connect, it doesn’t show show that password. Just the empty box.

Hmm, since it was still connected, I again tried to drag a file from my desktop to the Time Capsule - and I got a popup saying if I wanted to do that, I needed to click “authenticate”. Except I don’t see anything that says “authenticate” other than that instruction!

Then I noticed that in the finder, listed right below “Network”, it shows the content (“Data”) that is inside the TC. I could drag it inside of that.

Went back to Network to see the Time Capsule and couldn’t drag it to the TC, but I could drag it to the “Data” listing inside TC. So I guess there is some consistency there at least.