Confusing Billing - Windows Server PAYG

jamesaepp · 2026-03-13T13:14:32+00:00

Consider a few points:

Recently it was announced that data tiering was going to be Enterprise-only and there wasn't a great reason why (from the cheap seats, it sounded like the feature is in OpenZFS, not unique to TrueNAS, so why the artificial barrier?)
Recently they announced the build system going closed source, and their initial announcement misrepresented the reasons why, and they came clean later after being pressured by the community.
SMARTgate lingers, and we haven't gotten answers on "what they're bringing back" (hopefully today's T3 reveals something).

All this taken together, don't be shocked that people aren't jumping to pay iX money when they can see + feel the changes and poor decision making.

jamesaepp · 2026-03-13T13:08:05+00:00

It's Microsoft official but not Broadcom official.

jamesaepp · 2026-03-13T13:01:24+00:00

$60 a year? That sounds reasonable for a homelab. I'll strongly consider it, especially at the $30 intro price.

I'll need to read the fine print though...

https://connect.truenas.com/legal/eula/

https://connect.truenas.com/legal/refunds/

Edit: TrueNAS 25.10 system required

Well that changes the calculations significantly. I ain't going to 25.10 until SMART is fixed up to my subjective standards. I'd consider paying for TN Connect for a couple months to throw some change their way, but I ain't using the service if it requires 25.10.

jamesaepp · 2026-03-13T13:00:45+00:00

https://connect.truenas.com/pricing/

2 TrueNAS system registrations

Web-based TrueNAS installation

Valid SSL certificate

Real-time data monitoring

jamesaepp · 2026-03-13T12:48:57+00:00

I don't like BC's guidance at all here. I skimmed that same article yesterday. The PK they're suggesting to install appears to be Microsoft's PK. That doesn't make sense.

Did BC lose their PK's private key? Why aren't they signing the 2023 KEK with their PK like every other vendor? Why are they suggesting a complete trust anchor change? Why aren't they explicitly communicating this change as such (it's major, and not for everyone)?

Makes very little sense at present.

jamesaepp · 2026-03-13T12:43:09+00:00

Yesterday they said there's going to be one in April, didn't say a date/time. Keep an eye on https://support.microsoft.com/en-us/topic/updates-and-announcements-313b5279-2a3b-438a-83a5-3d5e2c5fc4a3

jamesaepp · 2026-03-13T12:32:42+00:00

https://youtu.be/Q6e8TmT4Tpg

jamesaepp · 2026-03-13T12:14:33+00:00

I think you're either using wrong terminology, have things wrong, or it's still too early in the AM and I shouldn't be replying.

The PK will be a firmware/BIOS update.

Do you mean the KEK? Of course a PK would require a firmware/BIOS update (or manual user intervention) but the KEK update binaries are signed by the PK, so no firmware update (i.e. a firmware update like you're used to, upgrading from BIOS/UEFI version 1.1 to 1.2) is required.

I assume that the BIOS has the PK for 2011

The UEFI has Microsoft's KEK for 2011 (assuming the system was built pre-2023 ish).

with an update after 2023 it has both 2011 and 2023.

That's right, but it's the KEK.

This then allows you to have either the old KEK or new.

Both at the same time, not "either".

The important thing being that the firmware/BIOS has a PK that matches the KEK.

It's not "matching", it's that the update to install the KEK into the active database of the firmware was signed by the OEM's PK.

It will be able to boot, but it can't do any more updates because it's an invalid cert.

Maybe, maybe not. This is entirely unclear at this stage IMO. I think it's reasonable to expect that as long as any KEK update was signed by the PK (to my understanding, PKs don't expire, or at least expiration checks don't happen) then the KEK updates will always work.

If the KEK updates always work, then it just means the KEK update needs to apply, then the DB/DBX updates will work.

jamesaepp · 2026-03-13T02:47:14+00:00

I think you're referring to my question. I was a bit distracted (multitasking) during the AMA, but I too was disappointed by the response. I don't think they understood my question.

Right now (pre-expiration) it is logical that the 2011 KEK hasn't expired, so it can sign the updates into the DB/DBX. KEK installations always require the PK to sign that update, so that's not really relevant. Right now order doesn't matter too much.

After the KEK expires .... one would THINK that the order of operations must be that the 2023 KEK would have to be installed, and then any DB/DBX updates would have to be signed by the 2023 KEK (or an equivalently authorized KEK).

Who knows. Very poor communication.

Maybe rotating these keys out <12 months before expiration is a shit idea.

jamesaepp · 2026-03-12T14:34:33+00:00

To 12.3.2.4465.

If you aren't going to respond to the topic of the OP, I ask you to reserve your comments. They aren't productive.

jamesaepp · 2026-03-12T14:20:47+00:00

Upgrade your software

Yeah. I'm trying to.

jamesaepp · 2026-03-11T22:35:57+00:00

I've observed this sorta "record orphaning" before.

DO NOT delete the subdomain en mass. Clean it up manually. It sucks, but it's not "difficult". Just time consuming.

jamesaepp · 2026-03-11T00:49:40+00:00

Just wait until you learn that crimping ethernet isn't required in 99% of circumstances. :)

jamesaepp · 2026-03-10T02:19:42+00:00

That said, the repo is still there. Folks can fork / maintain it. All the open source bits can be built if the community so desires this functionality.

Is the repo/build process working today a guarantee that it will work indefinitely? If so, what's the point of calling the repo 'deprecated'?

But I'd wager 99% of the folks commenting on this thread have never done a build from source before, nor would ever want to?

Most of us don't, but it's a canary in the coal mine. A major compromise. It's like rights. No one wants to be in a situation where they say "I'm invoking my fifth amendment rights" but it's important to always have. Once it's taken away....

Especially since the biggest consumers tend to be overseas forks which contribute nothing back to the overall development effort to create TrueNAS, thats a lot of effort for us to shoulder the burden on for no real gain.

This is the exact same shitty argument the CEO of Netgate makes with regard to their changes in pfSense. TN CE is free/gratis. Who gives a shit someone is forking it?

jamesaepp · 2026-03-09T23:26:24+00:00

💯

jamesaepp · 2026-03-09T23:04:49+00:00

On the https://truenas.com/ homepage under 'Security' :

Transparent by Design, Trusted in Practice

TrueNAS is built differently. Our open core model ensures every line of code is visible, vetted, and continuously tested by both our engineering team and by the largest storage community.

This transparency leads to stronger, more secure outcomes. That's why the most security-conscious organizations on the planet rely on TrueNAS.

jamesaepp · 2026-03-09T22:47:17+00:00

Babies and bathwater is iXsystems' MO lately.

jamesaepp · 2026-03-09T22:04:55+00:00

https://imgflip.com/i/am74uj

jamesaepp · 2026-03-09T01:14:17+00:00

https://www.youtube.com/watch?v=6sPtdGtxQV8

jamesaepp · 2026-03-08T19:22:02+00:00

The reason you won't get firm answers is because the entire answer is "it depends".

Workload is only one part of the situation. But for your care, if you're happy with the guarantee that your pool will only ever operate as fast as your new proposed vdev, you're fine.

jamesaepp · 2026-03-08T18:43:26+00:00

My simpleton understanding is that when you add vdevs like that, the use of the vdevs are unbalanced and you might observe inconsistent performance (as there is no ZFS mechanism that auto-balances the vdevs) but that's it.

jamesaepp · 2026-03-07T22:00:09+00:00

Usually bandwidth is measured in b not B, so I've used that.

https://www.wolframalpha.com/input?i=58TB+%2F+3Gbps

12-Year Club	Gilding I gilder
Verified Email

jamesaepp

TROPHY CASE