ironicbadger

Thank you to all who contributed to this thread, I’m happy to report that I purchased the ASRock Rack E3C246D4U and paired it with an i5 8500. Using the super secret bios menu mentioned a few pages back (and documented in my linked blog post), I’ve been able to get IPMI and the iGPU working correctly. Also worthy of note is that PCIe bifurcation works well but only in x8x4x4 mode, details in the blog post. This was all achieved using the 2.30 bios and 1.80 bmc firmware. https://blog.ktz.me/asrock-rack-e3c246d4u-the-perfect-media-server-motherboard/

Not wanting to hijack this thread except I came here to make the exact same one myself. So please OP keep this thread up to date as I'd like to buy a Norco 4224 myself. I live in NC. What price were you thinking jrdnlc?

Hi. PMd.

Selling a Q25B if interested? Shipped from UK £100.

Having a big old clear out as I'm moving to USA in September. Prices include postage to mainland UK - will post to EU, ask for rates first please. * £170 (or £85 each) Asus Z270-P + i3 6100 * £50 Intel DH61CR mobo + i3 2100 + 4gb ddr3 * £120 EVGA 850 G3 PSU (brand new shrink wrapped, never used) * £65 Asus P8H77-I + i3 3225 + 8gb ddr3 + gigabyte nvidia passive gpu * iGPU video failed, rest of CPU works fine. Not sure if chipset on mobo or gpu in CPU that failed. * £35 Bitfenix Prodigy Case black * £30 GX 650W Coolermaster * £125 Gigabyte Z370N Mini-ITX mobo * £350 MSI Armor 1070 * £250 Asrock C2750D4I motherboard * £90 32GB ECC DDR3 memory (4x 8gb) * £75 Lian Li PC-Q25B Case (with original box for shipping) Can provide photos if required. Collection from SE13 7AD in Lewisham is available upon request. Payment via Paypal please.

Easily!

Just finished up 3d printing a little adapter I reckon some of you guys will be interested in with spare 5.25 drive bays like I had on the define R5. I have an 80mm fan coming for which I am printing a housing to fit as well. The model I used is this one from Thingiverse. Happy to print and post a set of these to any UK peeps for £5 each inc postage. Just PM me.

with security advice like this, i'd take this guy seriously. seriously, you guys...

Errr, ok. Also, http://bfy.tw/8vDI. I'm not hard to find. I did say I didn't mind you doing this, in case you missed that.

/var/booksonic FYI i built this thing in about 30 seconds a few months ago to keep my wife quiet, it hasn't seen any updates since nor will it. I dont mind you creating a template for it but common courtesy might have been a quick PM or something.

You had as good of an answer as was possible without actually speaking to the project directly, yourself. Seems like a good conclusion to me!

I appreciate your honorable mention, but at the same time thinking it doesn't do justice to ALL community developers. There is a whole bunch of gifted people out there, spending their time in improving the unRAID experience at no cost. To all community developers thank you for your contributions, it has made the great unRAID experience even better! Oh jeez.

Why are new experimental features being added in an RC?

It could but it should be tied into the core docker-engine version from LT so that incompatibilities can be checked for prior any forthcoming releases. As we all know, Docker like to break APIs for fun https://forums.docker.com/t/mismatch-between-api-versions-after-automatic-update-to-1-11-0-beta6-with-docker-machine-on-amazon/8549 There's nothing stop people curl'ing the binary in their go file for now though.

Thank you. Glad to see you're considering the removal of a unnecessarily stored data. Doesn't address the CVE discussion though. Where / when can we expect you to address this? For the record, I don't appreciate being called a troll.

Sorry to revive an old thread. Can we get docker-compose into unraid for real this time?

BTW @NAS - I agree 100% with everything you've written. It's absolutely shameful and is a completely avoidable situation. Could someone link me to LT's privacy and security policies please? Also point me in the direction of where I can submit a FOI on the information they hold on me. That's a legal requirement in the UK, does this hold true in the US?

Alright peeps, this is how much LT care about CVEs and your security. Pretty disrespectful.

Ignoring it isn't cricket in my book!

Thank you. Glad to see the details of these requests, although I wonder what data protection policies you might need to adhere too given the storing of user information - certainly in the UK it's a tightrope to walk. Do you keep IP logs of all these requests and tie those to GUIDs? Can I ask what plans you have in place to prevent such a CVE backlog occurring again in future? Confirming: the phone home and kill switch will be removed from the final release. There's a kill switch and a phone home. Nice. I feel my questions are fair and need answering. Simply saying to users that unRAID isn't designed to be secure isn't a defense these days as there are many vulnerable devices on our networks - and that number will only grow. Obviously you don't owe me an explanation as to why you have chosen, more than once, to architect your system in a fundamentally insecure way - but I think your userbase deserves an answer. CVEs are not to be ignored, they will bite you one day. I know you know this, which is what makes dealing with LT so frustrating sometimes. An OS manufacturer without a clear privacy or security policy. Sounds crazy when you say it like that. Sorry to be the one who did.

Before I'm accused of 'raving' again, would you care to spare 30 seconds from your day to answer the above questions please?

Thank you. Glad to see the details of these requests, although I wonder what data protection policies you might need to adhere too given the storing of user information - certainly in the UK it's a tightrope to walk. Do you keep IP logs of all these requests and tie those to GUIDs? Can I ask what plans you have in place to prevent such a CVE backlog occurring again in future?

To all of my posts? The one's in this thread, perhaps yes. For the reasons stated and those alone. What happened 3 years ago is ancient history now, and I don't believe I ever 'fell out' or rage quit either. BTW, LSIO is a huge contributor to the unRAID ecosystem in case you'd missed that! I don't mind eating humble pie if and when the time comes, by the way. Just find it interesting when premonitions come true - honestly that is all. A call to action is an entirely appropriate response in my opinion under the circumstances. As a more technical user, comfortable with compiling kernels and tinkering away in the very bowels of Linux systems on a daily basis, I simply expect LT to talk to their customers when a thread like this 'blows-up' and feel somewhat duty-bound to highlight issues such as these to those who might not understand quite what is at stake. I owe a great deal to unRAID for pushing Docker so early as it's now my livelihood (despite, I might add, my protestations to the contrary). Sometimes they get it right, sometimes not. In my opinion this is not a time where things are right.

Depends what else is vulnerable on your network that IS exposed to the internet. Ever heard of island hopping? Sounds implausible until you think about the multitude of Internet of Things devices that are beginning to sit on our LANs. These devices often don't get patches and are nice little ingress points for those that are looking. There are whole podcasts dedicated to this topic, TechSNAP for one. This is people's entire livelihoods - security. You know, NAS, I hadn't even considered the security angle but by jove - that must be the best one in this thread by a mile. Ethics aside for a second, the integrity of your data is what this whole thread is about (right?). Please explain to me how leaving a box vulnerable for so long can possibly have your users best interests at heart? There are many processes in place for responsible disclosure of vulnerabilities from proper vendors so that their users can update the *second* a CVE is disclosed. This was the fundamental reason grumpy and I pestered Tom for so long to put unRAID on top of a 'proper' OS and let users have a proper userspace. This is all preventable. Linux (as a whole) has been solving this problem since before Ross and Rachel were on a break... Come on LT!!! Patch your S - or change architecture. It's the responsible thing to do. The time it takes to make a coffee. That's how long this issue would take to put to bed, unless there's something to hide.

You seem to want / need iron clad immutable declarations where none are either possible or realistic. You have a point but so, I think, do I.