Garmin Connect outage

As much as I like to dig into the data created in such situations I get some spare time free of charge for other activities.
Talking to my wife
Sitting in my garden enjoying the sunshine and birds flying around
Watching the grass growing
etc.
Life is still good, very good.

I tend to agree. This flippant attitude to privacy is weird.

Is it possible to download the trainerroad fit file and the manually add the workout to the garmin?

atm not, as soon as Garmin is back you can wait for the sync or put it manually to Garmin

Here is what I wonder. How prepared are TrainerRoad and Strava for the same kind of attack? It literally only takes one person to make one big mistake or many people to make very small mistakes. With 20+ years in the security field in both offensive and defensive roles, I can tell you that the attackers will find a way and the less protected remote workforce is becoming the ticket. So many companies take this for granted but when it happens, the money they saved by not engaging qualified people to run a full scope security program is fully eclipsed by loss of revenue and confidence. Garmin likely has too large of a physical footprint to quickly become a relic but for companies who are in a market where others provide similar services, what does that loss of confidence mean for them?

I can tell you that some companies didn’t use intrusion systems before TJ Max got hacked because they thought the cost of a hack would be a million or two and it wasn’t worth the investment. After TJ Max’s $256+ million in damages, those companies changed their mind. And that was for premise systems that were well understood. Cloud sounds cool but most environments are a mess waiting for an attacker to provide their special brand of love.

Please be ready TrainerRoad and Strava. We really want you to be around for the long haul.

I can imagine the current lockdown and remote working is making this one a 1000 times hard to resolve. If they have no email or call system running I wonder if their internal email and calls are also down. Hopefully, they’re on something like o365 and can break out from the VPN but if that’s all on-premise as part of their wider architecture this could be a nightmare. How do you update the external comms teams and exec when you can’t email them or get on a VC. You can’t get to your email to find the contact of that vendor that could help something, you can’t get around a whiteboard or even do a VC call to try and work out the best options for fixes. If the VPN is down presumably no-one can work on the fixes remotely so has to go into the office etc

Am I the only one who finds it interesting that all the news that goes into more detail then Garmin is down is coming from tech web sites and not the sports web sites? So the people who have contacts with internal Garmin people aren’t trying to tell us more

Aye, it’s ‘impressive’ how the production line, call centre, GC – which you’d think would be sandboxed - have all been taken down.

I wonder who got spear-phished…

Actually this should be possible. If you have a the .fit file just connect your head unit via usb and copy and paste it to the workouts folder on the unit.

IIRC there are two workout folders, one on the unit itself and one on SD card (if fitted) I believe it is the former but if not copy it to the other one.

what you wont get is a successful upload of the workout when completed

I think the OP was asking how to get the TR workout .fit file in the first place (not what to do with it once they have it)

ahh right, so you can’t manually download a .fit file for a trainerroad workout before you have ridden it. but if you have previously you can, I believe.

so if you’ve done the workout before, and download the completed .fit file and copy to garmin as I have suggested would that give you the base workout to follow?

A handful of workouts have been recreated on ergdb, you can search for names and sometimes find what you’re looking for if someone has recreated it.

Easier and more efficient to not be sandboxed. Security always gets in the way and so gets ignored. Plus I’ve seen setups that are sandboxed in that you can’t talk between networks but there are computers that can talk to both. So once the computer that can talk to both gets compromised…

My own experience of ransomware attacks is not a pretty memory: (I was called in after an airport got savaged by one in 2019). A normal office user opens an email, clicks on a link and suddenly all of the many years of cutting corners on IT security & best practice and poor IT management and cost savings come home to roost when you lose everything, and i mean everything: all of your files and data and diagrams and spreadsheets and applications, all gone. In the airport’s case all of their backups were also encrypted because of a general cluelessness and total lack of advanced technical skills. Going over the wreckage it was a horror show of crapness at every level and it costs them millions to fix.

So my advice to corporations is to employ the best IT people & Defense in Depth!

Good luck Garmin. I hope you fix it soon because i have an unimpressive morning 5 mile run i need to upload.

Because the tech sites are basically just spinning rumors and speculation. They may end up being right, but it’s surprising how little factual information there is in most of those articles. It’s just each article copying each other and saying “someone else said something”. Even the oft-cited ZDNet article that said “employees were on Twitter saying virus things” didn’t link to any such tweets. Seems pretty basic they would have involve that, after all, they linked to someone saying ‘just plug it in’.

It makes complete and total sense for Garmin to not say anything specific at this point, especially if ransomware or such is involved. The service is down, and until they know the exact details and have resolved it, all it does is feed the cycle - one only needs to look at the Twitter hacks of last week to see that. What Garmin could be doing is issuing another Twitter update with a variant of “It’s gonna be a while”.

if some1 is interested, here is a live cyber thread map:

https://threatmap.checkpoint.com/

I expect I’ll be able to go old skool and download the tile-bagging routes I’ve recently created over USB for the time being, if they don’t sort it soon.

To be honest, I’ve found wireless route downloading to be such a pain anyway. Being forced to stop using it may be a blessing. GC just exists as a way to get stuff up/downloaded for me anyway. TP, TR and Strava should have everything.

The next level would be the ransomware people (if that’s what it is) managing to hold end-user devices hostage.

Presumably if it was Randsomware they would need to have informed the ICO (and other bodies in other nations) as if it would be a notifiable breach with a high likelyhood of risk to the rights and freedoms of indviduals. I would have thought it would at that point also be something they would need to announce to the stock exchange before opening today? Which make me think it’s not that l

Guess I may be timing my virtual race on Saturday with my stopwatch from the 1970s Hope it knows where all the Strava segments are.

The organisations that are nowhere on cloud security are the same ones that were nowhere on on-premise security! For many smaller organisations the cloud actually offers the opportunity to be more secure than they were previously, since basic housekeeping stuff (upgrades, patches, etc) gets handled for them and they can outsource a lot of security management to companies that have tools, expertise and capability that is very hard and expensive to develop in-house at a small scale.

The problem being of course that if you don’t really understand (or place value on) security in the first place, just see cloud as an opportunity to cut costs and so sign up with the cheapest provider and/or the basic/no frills service from whichever provider you’re with, then you get what you pay for…