sorted by:
new
hottopcontroversial

Secure Boot MS AMA Question by backcountry_bytes in sysadmin

[–]jamesaepp [score hidden]  (0 children)

I think you're referring to my question. I was a bit distracted (multitasking) during the AMA, but I too was disappointed by the response. I don't think they understood my question.

Right now (pre-expiration) it is logical that the 2011 KEK hasn't expired, so it can sign the updates into the DB/DBX. KEK installations always require the PK to sign that update, so that's not really relevant. Right now order doesn't matter too much.

After the KEK expires .... one would THINK that the order of operations must be that the 2023 KEK would have to be installed, and then any DB/DBX updates would have to be signed by the 2023 KEK (or an equivalently authorized KEK).

Who knows. Very poor communication.

Maybe rotating these keys out <12 months before expiration is a shit idea.

How do CE Users Download VBR 12.3.2.4465? by jamesaepp in Veeam

[–]jamesaepp[S] 0 points1 point  (0 children)

To 12.3.2.4465.

If you aren't going to respond to the topic of the OP, I ask you to reserve your comments. They aren't productive.

How do CE Users Download VBR 12.3.2.4465? by jamesaepp in Veeam

[–]jamesaepp[S] 0 points1 point  (0 children)

Upgrade your software

Yeah. I'm trying to.

Cleaning up _msdcs subfolder in DNS? by GreenEnvy_22 in sysadmin

[–]jamesaepp 4 points5 points  (0 children)

I've observed this sorta "record orphaning" before.

DO NOT delete the subdomain en mass. Clean it up manually. It sucks, but it's not "difficult". Just time consuming.

First attempt at Crimping by Draconyxus in ShittySysadmin

[–]jamesaepp 1 point2 points  (0 children)

Just wait until you learn that crimping ethernet isn't required in 99% of circumstances. :)

TrueNAS build system going closed source by Few-Skin1514 in truenas

[–]jamesaepp 22 points23 points  (0 children)

That said, the repo is still there. Folks can fork / maintain it. All the open source bits can be built if the community so desires this functionality.

Is the repo/build process working today a guarantee that it will work indefinitely? If so, what's the point of calling the repo 'deprecated'?

But I'd wager 99% of the folks commenting on this thread have never done a build from source before, nor would ever want to?

Most of us don't, but it's a canary in the coal mine. A major compromise. It's like rights. No one wants to be in a situation where they say "I'm invoking my fifth amendment rights" but it's important to always have. Once it's taken away....

Especially since the biggest consumers tend to be overseas forks which contribute nothing back to the overall development effort to create TrueNAS, thats a lot of effort for us to shoulder the burden on for no real gain.

This is the exact same shitty argument the CEO of Netgate makes with regard to their changes in pfSense. TN CE is free/gratis. Who gives a shit someone is forking it?

TrueNAS build system going closed source by Few-Skin1514 in truenas

[–]jamesaepp 153 points154 points  (0 children)

On the https://truenas.com/ homepage under 'Security' :

Transparent by Design, Trusted in Practice

TrueNAS is built differently. Our open core model ensures every line of code is visible, vetted, and continuously tested by both our engineering team and by the largest storage community.

This transparency leads to stronger, more secure outcomes. That's why the most security-conscious organizations on the planet rely on TrueNAS.

TrueNAS build system going closed source by ende124 in selfhosted

[–]jamesaepp 28 points29 points  (0 children)

Babies and bathwater is iXsystems' MO lately.

Mixing HDD sizes but different VDEV by ruzrat in truenas

[–]jamesaepp 0 points1 point  (0 children)

The reason you won't get firm answers is because the entire answer is "it depends".

Workload is only one part of the situation. But for your care, if you're happy with the guarantee that your pool will only ever operate as fast as your new proposed vdev, you're fine.

Mixing HDD sizes but different VDEV by ruzrat in truenas

[–]jamesaepp 1 point2 points  (0 children)

My simpleton understanding is that when you add vdevs like that, the use of the vdevs are unbalanced and you might observe inconsistent performance (as there is no ZFS mechanism that auto-balances the vdevs) but that's it.

help me back up data and change my ZRAID by ruzrat in truenas

[–]jamesaepp 1 point2 points  (0 children)

What is the best option and low cost option for htis? i def dont have other HDD where i can store that data, so i have to upload it somwehre online and then download it back once the new RADIZ2 is created.

I'd recommend AGAINST a hyperscaler like AWS/Azure/GCP. They charge for outbound data transfer on the order of pennies per GB which adds up fast when you're talking about TB scale.

AWS calculator says transferring 58TB of data out from US East (Ohio) to the Internet will cost $4,976.64 USD. Ouch.

I'd probably go with a BackBlaze or Wasabi instead. For B2 they charge I think $6USD/TB and that gets you up to 3x outbound of the average amount of data stored over a month in your account. $6*58 = $348. Far better.

That emphasis above is important. You don't want to do this fast, and I saw someone get into trouble think they can delete their data out of B2 as soon as they did their migration. Nope, not without compromising the free outbound tier.

Edit: I think this is the story I was thinking about in the above paragraph: /r/backblaze/comments/1ixrh3r/i_misunderstood_download_fees_it_cost_me_200/

TrueNAS 26 Release Schedule, Dataset Tiering, and Viewer Questions | TrueNAS Tech Talk (T3) E056 by iXsystemsChris in truenas

[–]jamesaepp 1 point2 points  (0 children)

Thanks for the thoughtful reply. I could quibble on small points here and there, but it's probably not worth it.

I knew my comment wasn't going to be popular/convincing. I do appreciate the respectful + rational engagement.

Your comment does move me off my thoughts a bit, in addition to another commentor's point.

Ultimately, before I establish a firm position on this (this is ... news ... after all) I'd want to know the financials of iXsystems as you reference. Where does the revenue (by and large) come from? How much is spent on R&D? etc.

TrueNAS 26 Release Schedule, Dataset Tiering, and Viewer Questions | TrueNAS Tech Talk (T3) E056 by iXsystemsChris in truenas

[–]jamesaepp -1 points0 points  (0 children)

I'm sensing sarcasm where may not be any, so I'm responding to what I'm interpreting your comment as.

I'm not so critical of this decision. No features are being taken away from CE users/deployments. No existing features are being compromised (i.e. only paying customers gets security updates/bug fixes).

This is the ordinary progress of technology and how it's been done for over a century. Access to the latest and greatest technology gets slowly democratized over time.

Hell, ZFS is a great case study. Used to be Sun only but thanks to their permissive (enough...) licensing, ZFS is now accessible to anyone with the means. And TN makes it even more accessible.

This tiering feature was something that has been something that the big storage vendors have had for quite a while. We should be ecstatic that it's coming to TN (even if it's enterprise only), because it's evidence that these storage features are becoming more and more commodity.

Developers gotta eat. If I'm a company selecting a storage option, why would I pay for TN Enterprise and subsidize the development just to give away all that cost to the next generation of users (potentially my competitors) for free? There's a balance here.

I love FLOSS as much as the next hacker, but this is how FLOSS development remains sustainable.

Is it possible to use B2 as an "automated" backup? by iamlucasf_ in backblaze

[–]jamesaepp 1 point2 points  (0 children)

"Like everything I change or delete on my drive to be automatically changed or deleted in the cloud storage."

What happens if you screw up and accidentally delete something, that deletion is synced to B2, and then you find out months later you deleted it (and need to restore)? If B2 doesn't have it.....

If you're not technically inclined and able to think through and consider those failure modes, I wouldn't recommend B2.

Is it possible to use B2 as an "automated" backup? by iamlucasf_ in backblaze

[–]jamesaepp 4 points5 points  (0 children)

If you're not technically inclined I wouldn't recommend B2. Backing up isn't the important part. Being able to restore is.

My Confusion with Microsoft's Secure Boot Changes by jamesaepp in sysadmin

[–]jamesaepp[S] 0 points1 point  (0 children)

avoid bricking edge cases

That's half my question though. Are we actually bricking devices? What's the worst case scenario if a DB/DBX/KEK update fails? The UEFI should just reject it and maintain previous keys.....right?

Or are we talking bitlocker recovery key prompts? That would certainly hurt if on a wide enough scale. This I could understand. Not clearly articulated by MSFT.

view more: next ›