Beep boop - this is a robot. A new show has been posted to TWiT…
What are your thoughts about today’s show? We’d love to hear from you!
I wipe all disks on my main personal rig twice a year. Winrot is real. It’s part of my spring/fall cleaning routine at this point, and it’s just as rewarding.
We run windows on our TV in the lounge, I RDP into my mediaserver to play music and other bits and pieces of video
Currently using an Intel NUC, but would be good if built in
It amuses me when people say they want their TV to be a screen since I bet most people who say that have an Apple TV or watch streaming video on their games console. I’m unsure of what’s so bad about using the apps built into your TV since, in my experience of being at my parent’s house, LG seem good about keeping their apps up to date
In a word, security.
The TV is an expensive device that has an expected lifetime of at least 10 years. The “smart” part of the TV generally gets around 18 months to 2 years, from beginning of the sales run, not purchase, during which time it receives security updates, if you are lucky. After that time, the apps might still work, but the TV is a security risk to your whole household network.
The streaming boxes are comparatively cheap, they receive longer active lifetimes - the time during which they receive security updates - and can be easily replaced when the updates stopped.
When the TV stops getting security updates, that is a huge re-investment. A FireTV Stick costs $40 or less, a new 4K HDR TV with a decent quality 20 to 40 times that figure. An Apple TV around $180-$200, still 5 to 10 times cheaper than replacing the TV every couple of years.
1 Like
While I wholeheartedly agree with security, th other problem is they don’t do what I want, or if they do attempt to do it they are so bad I wouldn’t bother using them.
I am an audio snob (not an audiophile - I have wife, soon to be teen and giant dog that I share my life and space with) this means no matter how well Sonos, Apple and other smart speaker creators try to market their frankenstein type creations, the don’t sont good to me. I made a significant investment in a stereo Hifi setup using an unexpected income a few years back. For music IMHO it is amazing and when you ply film soundtracks through it, the floor moves. My server also has every piece of music I ever bought digitised, apparently it can play for way more time without repeating than I have left - the hopeless app that is on the TV can’t handle 25000+ albums, or FLAC files, or play lists, or integrate with ChatGPT to suggest music for me.
So that’s why I don’t like the TV apps and why the virtual windows instance in the podcast would be brilliant for me!
1 Like
But if I accept Steve Gibson’s advice that a zero-day, baseband modem vulnerability on my phone that I carry around with me all the time connected to public networks is OK 'cos I’m not a target, doesn’t the same apply to the insecure TV connected to my own LAN in my house?
It depends on your view point and the risks you or your employer are willing to take.
For example, the LastPass breach was caused by an unpatched media streaming device, which was used as a beachhead to gain access to the employee’s company laptop, while he was working in home office. That is a pretty big oops!
The security hole has been patched a couple of years earlier, but the employee couldn’t be bothered to keep up with patching and his employer paid the price…
The problem is, those devices actively go out on the internet looking for content and the older devices, which haven’t been patched in the last year or two, let alone the last month, are open to known vulnerabilities and, because they are on the inside, they can more easily attack other devices on your network.
For example, if they get in through the TV using a 2-3 year old security flaw, that the manufacturer hasn’t bothered to patch, because the TV is 3 years old, “so the owner should have bought a new one but now!” /s and the user has a Windows laptop that hasn’t been patched this month, but, because it is on a “trusted” network and not directly on the internet, so SMB is open (E.g. to allow the home multi-function device to scan to folder on the PC), the attacker can easily gain access over the SMB flaw that hasn’t had the current patch applied, giving them access to the employer’s network… Or even a 2 stage attack, TV to MFC, which is less likely to have been patched, so will be easier to access, and from there with the saved credentials directly onto the laptop without needing a security flaw, just push a prepared PDF into the scanner folder on the laptop.
Or even just you local NAS and PC, for a quick Encryption malware attack, locally.
But that’s my point. That LastPass employee, using unpatched personal software whilst accessing highly sensitive data and systems at work, was a target.
Isn’t anyone a target if they’re visiting a compromised website that uses a browser or OS exploit that can’t be patched on their device?
I’d call that untargeted, and the reason folks should be careful what sites they visit, browser, OS, network kit is patched etc.
legitimately why I’m looking at upgrading some of my still working devices. I have a 1080p roku TV and while it works fine. I selfishly want 4k for one thing, but I also question how well it’s being updated. I can already see my DNS resolver blocking tracking queries when it’s “off” all the time. My next TV will never see the light of the internet and will just be an HDMI interface to something like an Apple TV…
1 Like
And there we go again - bad people doing bad stuff on the Internet - the reason we cant have nice things.
Maybe there should be a global anti - computer hacking law - if you get caught, they give you to Musk as a SpaceX Guinea Pig