Homes now need data storage as well as closets...

This is part of an ongoing series of longer articles I will be posting every Sunday as part of an experiment in offering more in-depth content.

Along with my professional focus on enterprise storage systems, I’m enamored of home networking, and recently passed the three terabyte mark at home! This got me thinking about where home storage is heading.

As you can see in the photo, my office closet is overflowing with computer equipment (and one sweet guitar), but my data storage is much better organized. I have a hacked Linksys NSLU2 with 500 GB as a file server, a 500 GB PC backup disk, a 160 GB Time Machine disk, 1 TB of TiVo storage, and the rest. But wouldn’t it be nice if this could all be combined into some kind of super home server?

Past Failures: Home Servers

Home storage appliances and servers have come and gone over the year, with none seeming to make much of a mark. The market remains littered with UPNP media servers and home NAS boxes dashed on the shoals of an unappreciative public. Nearly every home network device company has produced one or two home storage servers, none of which have succeeded. Although I use a Linksys NSLU2 at home, I had to hack its Linux software and completely replace Linksys’ features to create a useful device! The un-hacked NAS devices of Buffalo, Western Digital, Netgear, and the rest have generally failed to find buyers as well. So far, consumers seem content with simple USB and FireWire external drives.

The most adventurous home storage servers came from Zetera and Ximeta, both of whom relied on proprietary IP SAN protocols. Note that these were SAN products, sharing block storage over Ethernet, rather than conventional NAS solutions. Both required drivers, limiting client support. The one Zetera buyer I know was pleased by the performance but never used the device as anything but a large hard drive for one PC.

Then there is Microsoft. Recall that the latest Windows Home Server is only their latest attempt to enter this market, and yet I know of no one who has adopted the device. The same can be said of the various media center servers from Microsoft and others. At this point, it seems likely that the future of home storage servers will not come from Microsoft, though their two XBox generations have great potential as clients.

Even EMC has entered the market with their nifty (but largely unnoticed) LifeLine product and Iomega acquisition. Supporting file services and backup for computers as well as audio and video for media players, EMC positions LifeLine much like their Retrospect backup product, but goes further in offering a complete software solution for hardware OEMs wanting to offer a non-Windows home server. Although an impressive offering, it is too early to tell if EMC will have much success with this product.

The Sleek, Shiny Elephant in the Living Room

Of course, there is one company that sells media players and servers by the bushel, complete with sleek, shiny interfaces. Apple’s tremendous success with the iPod has led to their iTunes software becoming the dominant media organization platform, complete with its own proprietary discovery and sharing protocol. Now, with the Apple TV and video iPods, the company is broadening into more media categories. Surely their dominance here puts them in a special position when it comes to setting the stage for a home server or storage revolution.

They also have a strong position in the world of dedicated home storage. Their Airport products are among the only routers to be widely implemented with shared storage. Although many other companies offer similar products, low customer understanding means that these functions are not widely used. And the new Time Capsule device is surely already the most widely-used home NAS product.

But Apple has not yet shown any home server strategy. Administering multiple iTunes servers can be frustrating for users, with no inter-iTunes synchronization or centralization capability. Although the Mac Mini, Apple TV, or Time Capsule could certainly be seen as a home server, the company does not position them as such in the market. Indeed, some iTunes users like myself rely on compatible third party media servers like Firefly and TwonkyVision rather than using iTunes itself. Still, rumors of an Apple home server persist.

One issue for Apple is their reliance on proprietary protocols. Although the Bonjour discovery protocol is certainly simpler than UPnP in practice, Apple stands alone in relying on it. They also steadfastly stick to AFP for NAS and DAAP for remote media streaming. This limits the number of third-party clients and servers that can be used with their hardware and software.

The Future is Friendly

Although Apple has not yet tipped a home storage strategy beyond Time Capsule and Airport Extreme, they are best positioned to deliver a real home storage solution. A simple step would be to create an iTunes media server integrated with Time Capsule and add client/server media synchronization. The company already has OS X backup and file services integrated, and this move would further centralize the digital home around Apple products. But the company’s reliance on closed protocols like DAAP is worrisome, since it locks consumers into nearly all-Apple solutions.

Microsoft’s Media Center and Home Server combination, based around UPnP, shows great promise, with many compatible third-party clients and servers already available. But my own experience with the solution has not been at all positive (I still can’t get my Roku SoundBridge, Vista Ultimate laptop, and Media Center PC to see each other!), leading me to question the viability of this option.

Although Apple or Microsoft could come to dominate, I suspect the future of home storage is out of both companies hands. A number of others are working on improved home server experiences, including EMC’s LifeLine and the expanding use of Debian Linux and open source tools. But all could be sidelined by improved Internet-based services. Google, Microsoft, and Apple continue to expand their online consumer suites with greater storage, synchronization, multimedia integration, and all have the potential to reduce or eliminate the need for in-home storage.

Although I cannot yet tell which service will win, one thing is certain: Consumers demand friendly, flexible solutions. They don’t want to fuss with their media, and they don’t want simple shared storage. They want integration with multiple devices and flexibility to access their content on any device. The first company to offer a simple, flexible storage server for the home will surely be on the right track!

© sfoskett for Stephen Foskett, Pack Rat, 2008. | The Future of Home Storage
This post was categorized as Apple, Computer History, Terabyte home. Each of my categories has its own feed if you'd like to filter out or focus on posts like this.

Sprint USB EV-DO + Cradlepoint personal hotspot = sweet!Default password = bad!

As I posted the other day, my new Cradlepoint PHS300 3G router is just awesome, and I would happily recommend it to anyone. If you do get one, however, be sure to change the default password immediately. The seemingly-strong password is worse than insecure – it’s available to anyone who asks whenever the router is powered on!

Let’s back up, though. When I first set up the router, I was impressed by how simple it was. Turn it on and its Wi-Fi LAN appears almost immediately. Connect to the LAN and your browser is redirected to the router’s management interface (at 192.168.0.1).

I was happy to see that, unlike nearly all router manufacturers, Cradlepoint does not use a default password. Rather, each router has its own unique password – the last six hexadecimal characters of the MAC address, which is printed on a sticker on the bottom of the unit. At the time, this seemed much better than the big manufacturers, which tend to use the easily-guessable “admin” or another short, simple-to-crack word.

But the Cradlepoint also uses the last three characters of the MAC address as its default Wi-Fi SSID. So three of the password’s six characters are broadcast constantly to anyone who cares to see, regardless of whether they are even connected to the LAN! This literally makes the password 4,096 times easier to guess. My router’s SSID was “PHS-28a”, and the password was “02828a” – see the problem?  Amazingly enough, though, this isn’t the worst problem!

Most people know that DNS servers translate domain names (like “blog.fosketts.net”) into IP addresses (like “208.113.206.204″). But Ethernet networks (including Wi-Fi) use a different addressing scheme, and IP addresses themselves must be translated into a MAC address (like “00:30:44:02:82:8a”) before it can transmit data. Any connected client can use a command line program called arp to look up a MAC address, which means they can simply ask the router for the MAC thus discover the password. See my password in that example? But wait, it gets worse still!

Cradlepoint suggests setting a connection password, which will keep people from using its 3G connection but will do nothing to prevent them from using arp to find out the router’s password. Smarter people will turn off the SSID broadcast or use a WEP password, which will keep them from connecting to the router’s Wi-Fi network. Although this will stop the arp attack, the password is still vulnerable. See, the address is included as part of every Wi-Fi packet in plaintext, and as any wardriver will tell you, it’s simple to snoop on Wi-Fi packets. So the router is continually transmitting its password, whether one is connected or not. One would need to figure out the WEP password in order to connect, but there are techniques that allow this, and the attacker would then be able to use the administrator password to reconfigure the router.

The Cradlepoint also supports WPA/WPA2, which is much more secure than WEP and would dramatically improve the situation, but not all devices support it. But the real solution is much simpler – change the administrator password to something much more secure. Sadly, most people won’t do any of this – they’ll leave the password as it is and thus leave their router totally open to attack.

But let me just take a moment to beg those who read this post: Don’t ever use a MAC address as a password!

© sfoskett for Stephen Foskett, Pack Rat, 2008. | MAC Addresses Are Bad Passwords
This post was categorized as Apple, Terabyte home. Each of my categories has its own feed if you'd like to filter out or focus on posts like this.