Got a email today promising something nifty coming…
Anyone have an insider info 
Jerry
I know
… and told me that the list is too long to put on here. Seriously. I’m actually quite conserned that should I decide to update my MBL that the drive does not end up being bricked.
Have your tech guys figured out why come people are having problems updating to the current version, with the update return an MD5 checksum error with the update file?
Anyway… Be a sport Tony and give us some hints.
The key part of your statement is “some people”. We have had thousands of people upgrade with no issues. There were a few that did, and yes, we figured out what that issue was.
There will be an update that comes out next week. It will have no fixes in it, but rather it will be a preparotory update for the major one. You will need to do this update in order to get the one later in the month.
Just one tidbit - How do I make a backup copy of the My Book Live?
Hey Tony,
I know you don’t like to talk about this, but I got a question:
I ssh’ed into my MyBookLive and installed a MySQL-Server. Will I loose this feature when I update the firmware? Do I need to install it again and do I have to backup my MySQL-DB on the drive beforehand?
Thank you for your (inofficial) help!
EmKay
I’ve just got the email too about the new firmware update
I hope they get rid of MioNET and have a proper Twonky Server that I can access externally.
Ah yes… Making a back-up copy of the MBL to somewhere else. I do have another NAS that I use as a back-up except it’s half the capacity of my MBL so “unique and irreplaceable” stuff gets copied across. Now it would be cool to tell the MBL to FTP to the other NAS and do the back-up without the intervention of any other computer. 
Unlike others I mess carefully. My only personal concerns is a hard drive that just constantly ramped and un-ramped the drive heads. I’m aware about the statement that the drive can handle so many unloads and loads but in my mind reducing the number of head ramps and unramps is, simply put, one less mechanical issue to be concerned about.
The second one is the mandatory enforcement where ANYONE can read and write to the “Public” folder. Simply put… I want to decide if the “Public” folder is read only or read/write to anyone authenticated by AFS, SMB, FTP, etc…
On a security and hacker standpoint, it would be an attack vector I would consider. Find a “Public” folder and place a virus or malware in there because any user can read/write to that folder. Especially FTP where I may with to allocate a few friend and family members their own folders and don’t want anyone who can FTP into my NAS un-fettled read/write access to a “Public” folder.
Tony, I guess my concerns about the latter is because my last job for a few years was network administration and one thing I took VERY seriously was device and data security. When I first noticed there was a open to all “Public” folder my jaw dropped through the floor.
Could you tell me if the modifications I have made can interfere with future updates? I have backups of the untouched configuration files so I can put them back before applying any update.
/etc/samba/overall_share:
## BEGIN ## sharename = Public #
[Public]
path = /shares/Public
comment = Public share
public = yes
browseable = yes
writable = yes
guest ok = yes
map read only = no
## END ##
… changed to …
## BEGIN ## sharename = Public #
[Public]
path = /shares/Public
comment = Public share
public = yes
browseable = yes
writable = no
guest ok = yes
map read only = no
## END ##
That small change did not break the Dashboard UI, which continues to function correctly even though the UI insists that the Public share is still read/write which just shows whoever did the programming for the Dashboard UI must have been under pressure to get the job finished as quickly as possible or was simply lazy and likes making assumptions. I’ve also been put under such management pressure where the people up-top just want to get it out there as quickly as possible and take the flack and sort out the issues later once the problems begin to appear that should have been fixed. I do sympathise with programmers. I’ve also been at the **bleep**ty end of the management stick.
Anyway…
/etc/vsftpd.conf:
Because I don’t wish hackers to see they are connecting to a Western Digital MyBook Live I changed the banner to:
ftpd_banner=Squirrels are so happy that they don't know how miserable they are.
The official documentation states that this next option should be set to NO as setting it to YES presents a potential security issue:
# pasv_promiscuous=YES
pasv_promiscuous=NO
To frustrate zombies looking for an FTP server to compromise I added a delay (not present in the default configuration as shipped by WD) so VSFTPD does not tell the intruder that there is an authentication failure for 62 seconds.
delay_failed_login=62
I have also denied access to any FTP user to the “Public” folder.
deny_file=Public
hide_file=Public
… as it does not matter who signed in by FTP, all users authenticated by FTP can read/write/amend/delete anything within the Public folder.
Also, the drive Idle3 parameter is set to 131 (0x83). That’s 90 seconds before the drive’s firmware put it’s heads on the ramp.
I have also noticed that the hidden Samba share SmartWare is configured like the Public folder (in it’s original state). Any virus or malware that is aware of this fact can place it’s evil code in the SmartWare share without the users/owners knowledge. Why a hacker would want to utilise this? Pass… I’m working on the methodology of…
- Secure the stable door before the horse can bolt out of it’s stable.
- Do not assume.
Two reasons why the network I administered never got hacked and I didn’t have to spend a small fortune on corporate Anti-Virus software solutions. (Where some people may now be thinking… “Well, whoopee for you!”)
This lot is just meant to be positive comments. 
Can you imagine if the MBL has it’s own simple PPTP server how popular it could be?
Part of the sales patter could be: “… and the MyBook live even has an remote access server that allows the user to connect to their network as if they were at home from anywhere on the Internet through a PPTP secure virtual tunnel.”
chriscuk18 wrote:
I’ve just got the email too about the new firmware update
I hope they get rid of MioNET and have a proper Twonky Server that I can access externally.
I would make backups of anytihing you have changed. As I have said, we don’t support user modification of the configuration of the MBL. We have made extensive changes to the whole system, so I can pretty much guarantee that anything you have changed will probably be overwritten.
Your last statement is interesting. Something like that would be cool for this device …
Thanks Tony,
if I’m not able to install the needed MySQL-Server after the update, can you confirm, that I can downgrade using an older firmware-file?
EmKay
We are making no changes to the ssh configuration. You will be able to access it like before.
Once you upgrade to the new version, you cannot go back. Like I said, there are significant internal changes that prevent downgrading.
Thanks Tony for clearing that up.
As long as you still build the firmware from Debian Lenny I think what I want to do will still work.
EmKay
Thanks for the hint. I shall certainly make a note of the changes I made and revert them to original before applying any update. It’s not my intention to customise my MBL like a few others who have added feature packs and other apps like BitTorrent clients. I got the MBL to be a network storage device.
As more positive feedback, I really use SSH to quickly access individual log files and the odd look at the output from smartctl. It’s quicker and more convenient then getting the Dashboard UI to collect every log file. Because I do use VSFTPD I use tail /var/log/vsftpd.log quite a lot.
If there reallty is any issue it’s of security. I would like ultimate control over who has access to what and it’s the Public share that was the issue. I know I could have moved the Public folder to another location on the data partition what was out of the way of VSFTPD’s sight and also tweak Samba’s configuration file but then I am guessing that would break the Dashboard and also break any future updates so settled for making the simplest of changes.
Hope your R&D staff have tested the new firmware’s FTP server to make sure it’s hardened against hacking. I quite like VSFTPD and even if I did move the Public folder (which I didn’t) it would be possible to enable access to it and as quickly remove access simply by creating and removing a symbolic link in right place.
As to a simple PPTP server? Yes. That would be awesome and could complement the FTP server. Either use the FTP service through the router as normal and unencrypted or have a PPTP server which will allow normal FTP utilities to be used over an encrypted tunnel and with access to the LAN, the user many have dedicated web-cams or a PC is turned on. All can be accessed remotely.
Might be a good idea to put in an account lock-out mechanism where, say after three attempts at accessing an account the account is locked out for one minute and MUST be left alone for that minute before another thee attempts are allowed. An option that can be turned on and off by the user as some people may not like such a security feature. but it’s there to be used and if their MBL is hacked because of a ■■■■ password then it’s their problem.
Yep. A PPTP service for the MBL would be a good. Put that in and I bet Western Digital is gonna get a good review in the technical press. 
WDTony wrote:
I would make backups of anytihing you have changed. As I have said, we don’t support user modification of the configuration of the MBL. We have made extensive changes to the whole system, so I can pretty much guarantee that anything you have changed will probably be overwritten.
Your last statement is interesting. Something like that would be cool for this device …
Sounds to me like its gonna be a cloud solution update for our drives. Regardless of what it is, if the track record compares to the wdtv live firmwares…i think i might skip an upgrade or 2 or 7.
Stupid questions… Normal FTP will still be available as my phone can only do FTP and I do not plan changing the phone because it does what I want? Also, will I be able to restrict (aka. Read only) the Public folder without having to SSH into the device and do this by the backdoor? Will the configuration of the FTP server be set to the software designer’s settings to thwart automated hacking attacks?
By the latter by setting the promiscuous setting to NO and a setting to report back a failed login after a 62 second wait my MBL’s FTP servce is no longer suffering a barrage of attempts. Seems the bot/zombie seems to give up waiting after the first attempt and goes not try a repeated attempts.
(I wonder if this major update will make the reset button reset more than the network configuration, clear the admin password and reset the root password?)
Good point… Does the root password need to be reset to the default welc0me for the imminent updates to work or can it stay as is?
A cloud solution? What’s on your mind? I did not use MioNET because it was simply too slow. I use FTP because primarily because my phone has an FTP client. It’s a Symbian OS 9 device. I also have other plans which will use FTP.
As to Cloud storage? I don’t really trust them. Anyone notice how DropBox recently change their terms and conditions of use regarding privacy. With a correctly updated network storage device, a security hardened FTP service and difficult to guess passwords, well, I would put more trust in that as opposed to the likes of DropBox, as good as it is. Also, that the NAS has my data is within my own four walls, accessible from anywhere, and not spread out all over the globe.
Writing that… It would be curiously interesting if the MyBook live could have a DropBox client and for it to be possible to select which folders to synchronise with a DropBox account.
Nehptis wrote:
Sounds to me like its gonna be a cloud solution update for our drives. Regardless of what it is, if the track record compares to the wdtv live firmwares…i think i might skip an upgrade or 2 or 7.
Any word on whether Twonky will go to a 6.0 version in this new fw?
No updates to Twonky.
We are looking at media server options for this fall.
neat… I luckily own a twonky license (and am a senior linux sysadmin) so installing 6.0.34 was a snap, but i would rather not have a solution that gets killed every time i do a FW update
Tony, what I would LOVE to see is some sort of TiVo streaming or server… The netgear readynas can do this now i believe, and Western Digital already has a relationship with TiVo for the MyDvR eSata drive Right now I can run pyTivo or Streambaby on my mac, and share video from my mounted MBL, but it means my laptop must be running at all times for tivo streaming… If I had a desktop that wouldn’t be as much of an issue I suppose…
Interesting. Looks like there is a build already for NAS’s on sourceforge. I will talk to the dev team about this.
