QNAP NAS users: QFinder update now collects usage information

If you use QFinder or QFinder Pro as part of your QNAP NAS management, the
most recent version of the app (QNAP Qfinder Pro 6.3.0) now collects information on your NAS usage.

You can click CANCEL and not OK at the legalese screen after the software installs, but it isn’t immediately apparent if this exempts you from the new TOS or is just a “close window” action.

Following is the “Consent to User Information Collection” that appears after the application updates. (The concerning parts I placed in bold.)

Consent to User Information Collection

Thank you for using QNAP Systems, Inc. (hereinafter referred to as the “Company”) products. To provide a better user experience, the Company will collect usage-related information when you use Qfinder Pro (hereinafter referred to as the “Product”), as detailed below:


User information and user behavior helps the Company to better understand user habits and preferences. The Company collects such information to improve the Product and services to meet the needs of users and to improve the overall service quality.

Information Collected

The information collected includes (but is not limited to):

Operating system information, device identification codes, country and language settings, computer model, firmware version and other basic information.

App-related information including: version information, update and shutdown time, usage frequency, and usage time.

User preferences: device settings, product configuration, usage time of the application and hardware.

Other relevant but non-personal information.

Use of information

With your agreement, the aforementioned information will be automatically collected and sent back to the Company. The Company will analyze the collected information to identify improvements that can be made to future products and services. The Company has effective mechanisms and procedures to protect the security of the information collected and shall only use the relevant information internally.

The Company hereby disclaims all warranties including express or implied warranties of merchantability or fitness for any particular purpose in connection with this consent or in any manner whatsoever. In addition to the foregoing, the Company shall not be held accountable for any direct, indirect, special, incidental or consequential damages, such as loss of profits, loss of data, equipment use or functional damage, interruption of business and events of a similar nature, regardless prior notice exists for such occurrence or not.

Flickr is shutting down their photo books and wall art services

Flickr announced earlier today they “are transitioning our photo book offering to Blurb and shutting down our wall art offering.”

“Beginning October 16, 2017 you will be able to connect your Flickr account to Blurb’s online photo book-making tool… you have until December 1, 2017 to complete any in-progress wall art or photo book orders. After December 1, 2017, you will not be able to access the Flickr wall art tool or the Flickr photo book tool and your progress will be lost.”

As for reprints, “you will need to go to your Flickr Wallet before December 1, 2017. After December 1, 2017, we will remove the wall art and photo book order history. You can manage your new orders on Blurb’s website.”

The Flickr forum for questions on this migration is here. This shutdown will NOT affect “regular” Flickr users or photos hosted on their service. Only the Photo Book and Wall Art sections will be discontinued.

Microsoft Groove is shutting down. Download your music before December 31st

In a late night email I just received, Microsoft announced it is shutting down their Groove music service as part of their upcoming merger with Spotify.

If you have any albums or singles through their service, you have until December 31st to download them before they are deleted.

From the email…

“Groove Music is excited to announce that we’re partnering with Spotify to bring you the world’s largest music streaming service. On December 31, 2017, the option to stream, purchase, and download music from Groove Music will be discontinued. After December 31, 2017, you’ll still be able to listen to your purchased music if it has been downloaded.”

“Keep your current music collection intact by downloading to your devices any albums and tracks that you’ve already purchased. You can download your purchased music through the Groove Music App until December 31, 2017.”

“To download your music, open Groove, go to your music collection and select the Purchased filter. Right-click or press and hold your music files and select Download from the menu.”

CDMaST Phase 2 is going to change naval warfare

I’m constantly amazed at the level of tech we are achieving in a relatively short period of time. The “future” is coming fast, and sometimes in ways that even the best of science fiction didn’t anticipate.

Case in point – the CDMaST Phase 2 project from DARPA. Long story short, the idea behind this project “revolves around real-time secure networks of manned and unmanned aircraft, surface ships, and submarines able to attack and defend vast areas of the world’s oceans to hold enemy ships and submarines at risk over wide contested areas.”

The CDMaST project wouldn’t be the only line of defense. The project “would augment aircraft carrier battle groups and manned submarines with networked manned and unmanned systems of systems (SoS) that work collaboratively to control the seas.”

Imagine hundreds or thousands of drone-based ships in the ocean, playing basic defense and surveillance “over ocean areas as large as a million square kilometers”. This 24/7 armada would “hold the line” so to speak, and keep the Navy’s “12 aircraft carriers, 52 attack submarines, and 18 ballistic- and cruise-missile submarines” on a more focused and as-needed basis.

It’s brilliant.

Of course CDMaST is going to be target #A1 for hacking, and CDMaST is probably going to be the focus of some terrible movies when the mainstream media gets wind of this, but the idea that technology has reached the point of 24/7 global defense is astounding.

The article is on the Military and Aerospace website here.

DJI drones and tech banned from US Army for “operational risks”

In an article on Military and Aerospace Electronics, the US Army recently ordered all Army personnel “to cease all use of Chinese-made Dajiang Innovation drone products, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction.”

“This guidance applies to all DJI UAS and any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GPS units, handheld control stations, or devices with DJI software applications installed.”

According to a sUAS article, this full stop shutdown might have something to do with DJI drones collecting “audio, visual and telemetry data on all flights across the globe. The details shared here are perhaps known to a limited number of the worldwide owners and users of the DJI technology.”

In other words, it looks like every DJI flght was copied to DJI / China’s HQ.

The actual Army memo and breakdown is on a sUAS news site, the sharing / data collection of DJI drones is on another sUAS page, and the ban is cross-confirmed on the UPI news site and the Military and Aerospace page.

The new bank heist – hacking Apple’s biometric datbases

Today Apple announced their new shiny shiny – the iPhone X.

<Nicholson Joker Voice> You thought the celebrity photo leak was bad? The Equifax hack terrorized? Wait until you get a load of the biometric hack. </Nicholson Joker Voice>

Apple swears “the detailed biometric data points that Face ID will use to identify individuals will stay local, stored on the phone and not remotely” BUT “face ID will work with third-party apps.

The gold mine of biometric data won’t be held in Apple’s Fort Knox, but shared “on the open road” with third parties?

Never mind Apple. Forget about trying to get into their billion dollar systems. If I was an evil mastermind, this would be by four-step plan…

  1. Wait and see what new app requiring the iPhone X facial recognition takes off in popularity
  2. Hack their low-secure angel-funded 20-people-in-the-whole-company database
  3. Sell the users’ biometric data on the dark web
  4. Profit

If I was an government employee evil mastermind, this would be by four-step plan…

  1. Create multiple new apps requiring iPhone X’s facial recognition (match the celebrity funny face, make your own emojis, group party chat, who’s the hottest, etc)
  2. Keep a master database of all faces using the app AND constantly scan everything the camera “sees” while running in the background
  3. Keep the users’ biometric data in my master database – create cross references of who the user associates with through matching biometric facial scans, their GPS locations, and who they have in their contact list (Apple already allows app access to GPS position and contact lists BTW)
  4. Profit in a very serious long-term way

Read Apple’s statement again. The biometric data points are not generated and deleted with every use. They are stored. On the local phone.

That stored information will be shared with third-party apps.

Biometric scans are a mathematical algorithm. Your facial patterns create an identifier unique to you. There’s no changing it. Once your unique biological mathematical algorithm is out in the open, there’s absolutely no way to put that genie back in the bottle. The last cornerstone of individual security will turn to dust.

I expect the first public-aware hack in two years.

Ask Mondelez how much a successful cyber attack costs

I’m that IT guy. No you can’t have Facebook at your work PC. No you can’t access the company Wi-Fi network with your personal device. No you can’t remote access the work servers from any PC you want to. No you can’t skip this month’s security training.

Know why I’m such a pain? Because one slip up on my part will bring the company crashing down.

Ask Mondelez, the snack maker that owns Oreos and Cadbury, what the cost of a successful cyber attack is. According to an article on Food Business News, it was an immediate $7.1 million loss, another $150 million in lost sales, and an ongoing “to be determined” repair cost.

Back in June, Mondelez got hit with the ransomware strain “Petya”. The effects were immediate and brutal. Production came to a complete stop, and the company scrambled for weeks trying to remove the ransomware infection from their company servers.

According to Food Business News, “The malware affected a significant portion of the company’s global Windows-based applications and its sales, distribution and financial networks across the company.”

“Although the company believes it has now largely contained the disruption and restored a majority of its affected systems, the company anticipates additional work during the second half of 2017 as the company continues to recover and further enhance the security of its systems. For the second quarter, the company estimates that the malware incident had a negative impact of 2.3% on its net revenue growth and 2.4% on its organic revenue growth. The company also incurred incremental expenses of $7.1 million as a result of the incident.”

The worst part? “In an Aug. 2 conference call with investment analysts, Irene Rosenfeld, chairman and chief executive officer, said Mondelez was not yet “back to normal.”

June. July. August. And an untold number of months to go.

Yes, IT guys like me are a royal pain. It’s not because we want to be. It’s because we know what will happen if a cyber attack is actually successful.

Time Warner ended partnership with Dell’s Sonic Wall

In a big giant bit of ugly news today, our local Time Warner rep informed me that Time Warner corporate is no longer offering Dell Sonic Wall products or services.

If you are in a Time Warner corporate environment and are currently using a Dell Sonic Wall product provided by Time Warner, you should have grandfathered-in support for the time being. HOWEVER, if your existing Sonic Wall goes out or you need to add to your WAN/LAN, your only option now will be to switch to Time Warner’s new Cisco/AdTran services or buy and config your own Sonic Wall.

Nightmare scenario: the corporate Sonic Wall goes out. Time Warner has nothing to drop ship you as a replacement. You will either have to re-configure your entire network through their new Cisco/AdTran services or find an identical Sonic Wall online to clone your previous config to. How long will either scenario take?

If you’re in this boat, contact your Time Warner rep for more details.

New research shows 3D through-wall imaging using only two drones and Wi-Fi

This should get the tinfofil hat brigade nice and riled up. New research from the University of California Santa Barbara has shown it is possible to make a “high-resolution 3D through-wall imaging of completely unknown areas” using only basic Wi-Fi signals and two drones.

The concept is pretty straightforward but the tech behind it is fairly complex. One drone acts as the Wi-Fi broadcaster, and the other drone “reads” the signals and maps out the interior. Both drones follow multiple paths around the area until a satisfactory image is created.

The idea is to use this tech for “emergency response, archaeological discovery, and structural monitoring”.

The link to the video showing the drones in action, the tech involved, and article is on the TechTV site here

Notegraphy shutting down web services by June 30th

Notegraphy announced in a press release that as a result of “overhauling their technology platforms”, the web version of Notegraphy will be discontinued on June 30th.

If you have anything on Notegraphy you want to keep before the June 30th purge, you will need to…

  1. Login to www.notegraphy.com with your username and password
  2. Go to Settings
  3. Select Backup my notes
  4. Check your email for the link to download your notes to your PC or Mac

The company has a new app they are pushing (of course!), but to delete all of their user’s works in Notegraphy instead of automatically migrating them to the new app is a boneheaded executive decision. After all, if they are willing to eviscerate Notegraphy with one week’s notice and not offer a full migration path to its’ supposed successor, what’s to stop them from doing the same with any of their future products?