A NAS serves data to clients; I know this is tilting conventional wisdom on it’s head but hear me out: go for the most inexpensive, lowest power storge-only-NAS that you can tolerate, and instead…put your money into your data transport (network) and into your clients..
As much as possible, simplify your life - move processing out of middle tiers, into client tiers.
you could probably roll your own pretty easily, just prowl around /proc etc
https://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/proc.html
Actually…for a NAS, your network link is your limit.
You could have 4xPCIe5 M.2’s in full-raid, saturating your bus w/64Gb/s of glory, but if you are on 1Gb/s wifi, that’s what you’ll actually get.
Still, would be fun to ssh in and dupe 1TB in seconds, just for the giggles. Do it for the fun!
Remember, it is almost always cheaper and fast enough to use a Thunderbolt / high-speed USB4/40Gbs flash drive for a quick backup.
Is it something you can address with your ISP?
Changing ISP is just not an option for most people. Sometimes a different class of service will Improve link reliability.
The other thing you could consider is some kind of mobile hotspot.
If you are hosting everything, why do your need your ISP? Is it for access to your home services outside your home?
I like how you have a home smartcard. I can’t believe many do.
Why do you think cloud operators are lying?
The azure breach is interesting in that it is vs MSFT SaaS. We’re talking produce, ready to eat meals are in the deli section!
The encryption tech in many cloud providers is typically superior to what you run at home to the point I don’t believe it is a common attack vector.
Overall, hardened containers are more secure vs bare metal as the attack vectors are radically diff.
A container should refuse to execute processes that have nothing to do with container function. For ex, there is no reason to have a super user in a container, and the underlying container host should never be accessible from the devices connecting to the containers that it hosts.
Bare metal is an emotional illusion of control esp with consumer devices between ISP gateway and bare metal.
It’s not that self hosted can’t run the same level of detect & reject cfg, it’s just that I would be surprised if it was. Securing self hosted internet facing home labs could almost be its own community and is definitely worth a discussion.
My point is that it is simpler imo to button up a virtual env and that includes a virtual network env (by defn, cloud hosting).
Well with bare metal yes, but when your architecture is virtual, configuration rises in importance as the first line of defense. So it’s not just “yum —update” and reboot to remediate a vulnerability, there is more to it; the odds of a home lab admin keeping up with that seem remote to me.
Encryption is interesting, there really is no practical difference between cloud vs self hosted encryption offerings other than an emotional response.
Regarding security issues, it will depend on the provider but one wonders if those are real or imagined issues?
Certain cloud providers are as secure, if not more secure, than a home lab. Amazon, Google, Microsoft, et al. are responding to 0-day vulnerabilities on the reg. In a home lab, that is on you.
To me, self-hosted means you deploy, operate, and maintain your services.
Why? Varied…the most crucial reason is 1) it is fun because 2) they work.
Yeah, I agree, and ultimately shame on the tv manufacturer. However many software just won’t connect so it’s not really a plex issue. If they use a library that won’t support it…
To be fair, old ssl isn’t really ssl at all & considered to be a vulnerability by a lot of libraries.
This is a great question. The photo ecosystem is one where I haven’t found a FOSS soln that hits all the marks of subscription services. I would focus on whatever helps you search.
I do feel like if files have accurate dates in the file system and in metadata, then folders based on event make sense.
However subscription photo services are very good at automatically sorting - these dates are holidays so these pictures are probably for that holiday. Your home location is here, these pictures are over there so this must be your trip to there. These pictures have these people or animals, so these pictures are about them.
With that comes seamless integration across devices - a picture taken at time now can be seen on a tv or laptop at time +x. Etc.
I have left the FOSS photo world but am definitely interested to see where it is. With digital photography finding pictures is the real trick. using folders like a tag hierarchy at least gets you in the ball park imo. But I have no practical knowledge any more.
In general if you lose your iscsi storage you are hosed.
The way around this is replication where you write one byte to two locations and pseudo load balancing where you have an active and inactive link. When power on one storage fabric goes down you flip to the other. Iscsi isn’t really good for this use case
Microsoft says gtfo with your bios settings, they know what’s best, and that means all the checks you say you don’t want. I am guessing that’s your OS vendor…
Depends, it’s all a gamble. Think of it like this … how much do you spend on your kit? A top end GPU is $1500 USD. A decent surge protector might cost $15. However suppose you cheap out and get one for $9.99…then a surge blows thru it and smokes your mobo&gpu. how much did that $5 in savings cost you?
there is quite a bit that goes into it. And yet it’s not magic. Also, protection does wear out as load & surge is applied. So it’s not really worth it to pay top end, over and over, at least imo.
Remember power!
First and foremost, well-grounded power is essential. I haven’t done the whole house thing yet, but I am thinking about it and curious to know of other’s stories.
For surge protectors, I like GE wall taps for form factor and Furman racks when there is space & need.
For an uninterruptible power supply, I like APC. While they aren’t made in the USA like they used to (RIP), they have been reliable for me.
Network (ISP Modem, WIFI, Switch) and tower CPU are all driven by UPS power. APC UPS, at least, is always drawing off the battery, so the upstream electronics are protected…a massive surge is far more likely to take out the battery. For laptops, surge protection is enough.
I have not yet surge-protected the ISP lower power input… this is a real risk! I found a cheap one off Amazon, but I am worried it will degrade the network --> whole house may be better.
Note - I have had a lightning strike get sent down the cable line, enter the home, blow out the cable modem, traverse into the network switch, blow out the switch, and nuke every active ethernet port (NAS, Apple TV, etc.), as well as jump the wire into low power security, physically blowing a hard-wired security panel off the wall and damaging a few hard-wired security points. Pretty crazy!
I would look for something that can generate your diagram from text. There are several.
Also you should probably have some kind orchestration layer so that your architecture as text feeds both diagram and operational automation (say, ansible).
The hard part with diagrams is keeping it up to date. So if you can generate a diagram from something that MUST be up to date, it’s a 2-fer (or if your diagram can be used to generate say an ansible inventory).
Yeah I get that, but the way that usually works is by running a mail host that relays to upstream accounts.
Such things are a stairway to heaven to malware & Trojan horses…nothing says “check me out” like a bot finding out smtp is open on a local domain behind a firewall. That moves the attack from auto crypto mal to “how can we control this dudes email”.
I get the intention just be very very careful.
My advice - do not fall into the trap that you can run e-mail better than a provider who does that for a living.
The easiest way imo is to pick a provider who specializes in this sort of thing. Then begin to rotate your accounts from the old account to the new one, utilizing aliases or masks as needed and desired.
as you do so , archive old emails off your old account. Periodically check but remove it from your daily driver. At some point, all will be left is spam at which point you can … let that mail provider manage for you.
Many mail providers have excellent spam protection so you are right - get it at the source.
Depends how much your time is worth? For some it is easily worth the $1-$5/USD Month to let your mail provider handle the bulk of it.
Usually it’s handy to have a display during initial setup and cfg. Also, with x windows port forwarding … you access your server gui over a network like god intended :)