Why a secure cloud service is an important consideration...

  • Thread starter Thread starter Terence
  • Start date Start date
  • Tagged users None
Can we take a moment to go back and discuss how a dead base unit causes an apex users tank to crash?

I am going to call BS.

A simple google search and literally the first thread that popped up is this:

https://forum.neptunesystems.com/showthread.php?16631-Almost-crashed-my-tank-overnight-!

Base unit doesn't necessarily have to crash per se, but just freeze up completely while your tank is going to do something. There's some fine stories in there.

As well, the Fish Tank Hack mentions nothing about port 80. Even in Darktrace's Global threat report it says:

"Communications took place on a protocol normally associated with streaming audio and video."

It's very vague, as well as the information about the fish tank itself boils down to this quote from Darktrace again:

"Fier also explained the lack of detail in the smart fish tank incident. "A North American casino," says the report, "recently installed a high-tech fish tank as a new attraction, with advanced sensors that automatically regulate temperature, salinity, and feeding schedules." For security, the tank was configured to communicate its data via a VPN."

So info is actually terrible directly from the source, and I didn't see anything from a credible source that showed otherwise.

I don't think anything is TRULY secure that is connected to the internet. If you think otherwise, feel free to take your device to a major hack-a-thon and get humbled.
 
Apex. So secure that I can’t access it half of the time lol.

AF95744C-1984-4533-87FE-9D220441EC40.png
 
A simple google search and literally the first thread that popped up is this:

https://forum.neptunesystems.com/showthread.php?16631-Almost-crashed-my-tank-overnight-!

Base unit doesn't necessarily have to crash per se, but just freeze up completely while your tank is going to do something. There's some fine stories in there.

As well, the Fish Tank Hack mentions nothing about port 80. Even in Darktrace's Global threat report it says:

"Communications took place on a protocol normally associated with streaming audio and video."

It's very vague, as well as the information about the fish tank itself boils down to this quote from Darktrace again:

"Fier also explained the lack of detail in the smart fish tank incident. "A North American casino," says the report, "recently installed a high-tech fish tank as a new attraction, with advanced sensors that automatically regulate temperature, salinity, and feeding schedules." For security, the tank was configured to communicate its data via a VPN."

So info is actually terrible directly from the source, and I didn't see anything from a credible source that showed otherwise.

I don't think anything is TRULY secure that is connected to the internet. If you think otherwise, feel free to take your device to a major hack-a-thon and get humbled.
Well i have a number of innumerable philosophies in life and the thread you linked to breaks one

...never be an early adopter.

I have had new model cars fail, new model computers, new model tablets etc.

I am still using an apex classic and will probably upgrade next year late some time.

That's not really an issue thats isolated to Neptune....you also wouldn't want to buy a freshly released controller from one of their competitors, least the same thing might happen.
 
No theres more that’s just what fit on the screen. A controllers security imo is irrelevant. There’s no data there to be mined and no hacker is going to have any interest in anything that they can not profit from. Hacking isn’t done for fun, it’s a job and like any other job there has to be money so unless you’re network can lead into a casino or some other high value target I think this issue is being over thought. This was a jab at a competitor right when they release an app and there’s a thread with many people requesting BRS to do a review and carry their line. And if security was the only flaw to be found to pick at well I personally think that speaks volumes because as this thread has shown people each have their own opinions on security. Personally I have two computer science degrees but even if I didn’t anybody can use google and you tube to figure out just about anything these days, even the average customer.
 
No theres more that’s just what fit on the screen. A controllers security imo is irrelevant. There’s no data there to be mined and no hacker is going to have any interest in anything that they can not profit from. Hacking isn’t done for fun, it’s a job and like any other job there has to be money so unless you’re network can lead into a casino or some other high value target I think this issue is being over thought. This was a jab at a competitor right when they release an app and there’s a thread with many people requesting BRS to do a review and carry their line. And if security was the only flaw to be found to pick at well I personally think that speaks volumes because as this thread has shown people each have their own opinions on security. Personally I have two computer science degrees but even if I didn’t anybody can use google and you tube to figure out just about anything these days, even the average customer.
Not if it's a brand new release you don't want it.

See post #43

Edit:

I would also point out a couple of those apex failures in 2016 were traced to a brown out.

You absolutely should be running your controller on a UPS.....regardless of the controller manufacturer.

If done that way, several of these "freeze state" examples would not of happened.
 
Last edited:
I didn’t mention anything about apex failures. For the most part apex is a solid product. It has its quirks like any product trust me it’s not flawless but I rely on it for a lot of customer tanks and have no major complaints. Can’t say that a competing product would be any better but some of the demeaning comments and fixes that have been said are definitely a turn off but that’s just poor pr and doesn’t affect how the product works.
 
I am not at all offended by Terrence’s original post. I think it is naive of anyone to think that he is on these boards as a pure hobbiest with no interest in promoting the business that feeds his family. And he clearly accepts opposing viewpoints and addresses perceived and actual flaws in his posts with dignity and respect. But it’s unfair to tell him to stop posting or change the manner of his posts simply because they clearly or not so clearly may have a marketing aspect. Most of us are not rubes needing to be protected from the big bad capitalist wolf by having posts censored.
 
I'd certainly take less issue if this was posted in Neptune's subforum versus the Aquarium Controllers subforum. As you say, since it is obvious that he's here to sell products he should do so there, no? There are plenty of vendors who drop into the subforums and answer questions, but I can't recall a single other one that tried to sell you something. For example, a particular vendor who sells water filtration stuff is constantly answering questions and I've not once seen him say "You can fix that problem with this thing that I sell." It is always something like, "A full metal solenoid has shown to be more reliable than the plastic ones, I suggest replacing yours with a metal one and it might fix your issue."

Everyone will have their opinion about whether it is right or wrong. I shared mine that I find it inappropriate. Telling someone sharing their opinion about what he posts is being unfair to him stifles conversation.
 
I am not at all offended by Terrence’s original post. I think it is naive of anyone to think that he is on these boards as a pure hobbiest with no interest in promoting the business that feeds his family. And he clearly accepts opposing viewpoints and addresses perceived and actual flaws in his posts with dignity and respect. But it’s unfair to tell him to stop posting or change the manner of his posts simply because they clearly or not so clearly may have a marketing aspect. Most of us are not rubes needing to be protected from the big bad capitalist wolf by having posts censored.

I don't think I have seen anyone say he should be censored, what I do see is people objecting to what they feel are misleading statements. I think there is a big difference between a informative reply to a user of their product or a reply to a question about their product and starting a discussion to promote their product based upon a questionable premise and I don't think that the fact that this feeds his family exempts him from criticism.

Here is one example of a highly misleading statement that nobody has questioned up to now:
It is harder to do. There are more places for a customer to get it wrong such as selecting inadvertently - "allow my router to be configured remotely"

And, FWIW, I too have a Computer Science degree - and have worked in IT since 1984.

I find it quite incredible that someone could claim to have a computer science degree and to have worked in IT since 1984 and make the statement that someone could accidentally allow unlimited access to their network by accidentally allowing outsiders to remotely reconfigure their router because they were setting up port forwarding and lacked the experience to do so.

I have configured routers for people for almost 20 years and I have never seen a router that has the setting for allowing remote access to the router configuration on the same page as port forwarding.

This is what setting up port forwarding looks like on a typical router:
portforwarding_linksys.png

This is how you enable remote access on a typical router:
108650-4643-003.png

They are not on the same page, they do not look alike, and they are labelled differently. So how does someone set this up accidentally while setting up port forwarding? To claim this one has to believe the users of ones product is completely stupid and will start to randomly click on pages/options instead of following simple instructions that can be found in the online manual of the router they use. Hundreds if not thousands of applications need port forwarding to work and all router manufacturers have links on their website to show how it is set up, as do many websites of applications.

So in my eyes this is a textbook example of FUD:
Fear, uncertainty and doubt (often shortened to FUD) is a disinformation strategy used in sales, marketing, public relations, talk radio, politics, religious organizations, and propaganda. FUD is generally a strategy to influence perception by disseminating negative and dubious or false information and a manifestation of the appeal to fear.

As someone with a background in marketing and a long-standing interest in computing I am struggling to find polite words to express how unhappy I am that these types of tactics are being used to push a product on a forum, especially after some people have already questioned this approach.
 
@Reef Monkie you clearly have never worked in a support capacity with the general public or you would not have taken that approach - most customers do not read manuals. Many customers do blindly click on things hoping something will work. I know I am not going to convince you of this, but I say this not from a guess or a gut feeling, but as someone who sees many of the support tickets every day - and as a person that himself has personally done tech support.

There are many ways to mess up the configuration on many devices - it just so happens doing so on your router can have extremely negative consequences. Most customers have no desire to ever see screens like that you posted above - it scares the heck out of them - let alone try and figure out what they should do on them. "Sure, I want remote access to my aquarium controller, let me select that" would not be far fetched based on many of the experiences we have had here with customers messing with their routers. This is not speculation. This is based on thousands of support interactions (before Apex Fusion) where we have had to walk customers through these things.

And I have not even touched on the nightmare issues of the home IP address changing and the need and expense of a dynamic DNS or a static IP to deal with that. Try explaining that concept to the average customer. And, wait until Xfinity comes over and changes their set up on them and the entire access to their controller no longer works. Or the DynDNS stops working because the company changed their plans, or went out of business, or was bought out. Before Apex Fusion this was a continual occurrence for our customers.

Oh, I haven't even touched on email alerts and email server configuration. Without a service like Apex Fusion, some systems (and this was the way it used to be on the Apex) may require you to enter an SMTP servers info and credentials. Yet another customer nightmare as their current email provider will likely not let them use a third party program to send email using their server. Or, the customer gets it all configured (or their family member does it) with some free service, and then that service goes away at some point. This too used to be an all-too-common occurrence before Apex Fusion.

I think you guys are missing the whole point which is that, in my opinion, maybe 5-10% of the prospective customers out there can do these (port forwarding and dynamic DNS) steps correctly. Another segment of customers may even do it incorrectly and possibly open themselves up to security issues. Just creating the LAN access inbound from the router itself can open the customer up to issues if the router, or the device itself, have vulnerabilities. Not going to get into the specifics here, but there are plenty of exploits out there, and many not yet found. Inviting bad people out there doing scans to stop by and have a look-see is not a good idea - they are not after your aquarium.

Again, my opinion is that using port forwarding is both difficult (based on thousands of customer interactions) as well as less secure (based on many discussions with very knowledgeable IT admins) than using a cloud service for this kind of remote access of a device on an internal network. As a company we believe in this so much that we spend hundreds of thousands of dollars a year in resources to make it available for our customers - free of charge.
 
I've had people in my office "lose their email." Literally can't figure out how to open up MS outlook. These are educated professionals in their field. I would never, never, ever want them mucking around with router settings...
 
Here is one example of a highly misleading statement that nobody has questioned up to now:


I find it quite incredible that someone could claim to have a computer science degree and to have worked in IT since 1984 and make the statement that someone could accidentally allow unlimited access to their network by accidentally......

Let me stop you right there.

It would be VERY EASY for some average Joe who was changing settings to think "let me change a few more settings that look like they will make this work better"....and then proceed about changing 5 or 6 more things not really understanding what they do.

It happens...ALL THE TIME...

I see that all the time. It's in the category of "knows just enough to be dangerous but not enough to know better".
 
Lets not forget, "most" users wont even know how to get into the router config...let alone have any idea how to get the public IP address, or anything else other than signing into Facebook. It seems very simple for us that have done it for years, but for people that have never done it, it is like looking at gibberish. I think that's where the simplicity of Fusion is big, it allows a user to for the most part, plug in and play.... and not worry about changing configurations and security. Also what happens when the IP changes...now they gotta go back and figure that out...and that means another support call because they wont remember how they got it last time.
 
You guys are making this way more complicated than it really is. Most of this stuff is taught in high school now and anybody 50 or under knows how to use google and you tube to do any of this with ease. That said I do believe Fusion is easier to use however that doesn’t make it anymore secure and may well make it less so by putting all of your eggs in one basket.
 
Hey Terrence, since we're talking security, does the (latest) Apex use https? With what cryptosuite? The days of "our processor is too low powered/we don't have enough memory/it's too hard, are long, long gone. Without proper authentication/authorization/privacy (encryption)/integrity protection, it's way, way too easy to have bad things happen.

And remember, the "S" in "IoT" stands for Security!!
 
Hey Terrence, since we're talking security, does the (latest) Apex use https? With what cryptosuite? The days of "our processor is too low powered/we don't have enough memory/it's too hard, are long, long gone. Without proper authentication/authorization/privacy (encryption)/integrity protection, it's way, way too easy to have bad things happen.

And remember, the "S" in "IoT" stands for Security!!
The new Apex is far more secure than its predecessor. In many ways.
 
Hey Terrence, since we're talking security, does the (latest) Apex use https? With what cryptosuite? The days of "our processor is too low powered/we don't have enough memory/it's too hard, are long, long gone. Without proper authentication/authorization/privacy (encryption)/integrity protection, it's way, way too easy to have bad things happen.

And remember, the "S" in "IoT" stands for Security!!


Yes.. https://apexfusion.com/apex/.....

Perhaps I am missing something
 

IF YOU HAD TO TAKE A REEFING EXAM, WOULD YOU PASS?

  • Yes!

    Votes: 32 45.7%
  • Not yet, but I have one that I want to buy in mind!

    Votes: 9 12.9%
  • No.

    Votes: 26 37.1%
  • Other (please explain).

    Votes: 3 4.3%
Back
Top