ironicbadger

Community Developer
  • Posts

    1396
  • Joined

  • Last visited

Posts posted by ironicbadger

  1. Thank you to all who contributed to this thread, I’m happy to report that I purchased the ASRock Rack E3C246D4U and paired it with an i5 8500. Using the super secret bios menu mentioned a few pages back (and documented in my linked blog post), I’ve been able to get IPMI and the iGPU working correctly. Also worthy of note is that PCIe bifurcation works well but only in x8x4x4 mode, details in the blog post. 

     

    This was all achieved using the 2.30 bios and 1.80 bmc firmware. 

     

    https://blog.ktz.me/asrock-rack-e3c246d4u-the-perfect-media-server-motherboard/

  2. Having a big old clear out as I'm moving to USA in September. Prices include postage to mainland UK - will post to EU, ask for rates first please.

     

    * £170 (or £85 each) Asus Z270-P + i3 6100 

    * £50 Intel DH61CR mobo + i3 2100 + 4gb ddr3

    * £120 EVGA 850 G3 PSU (brand new shrink wrapped, never used)

    * £65 Asus P8H77-I + i3 3225 + 8gb ddr3 + gigabyte nvidia passive gpu

          * iGPU video failed, rest of CPU works fine. Not sure if chipset on mobo or gpu in CPU that failed.

    * £35 Bitfenix Prodigy Case black

    * £30 GX 650W Coolermaster

    * £125 Gigabyte Z370N Mini-ITX mobo

    * £350 MSI Armor 1070

    * £250 Asrock C2750D4I motherboard
    * £90 32GB ECC DDR3 memory (4x 8gb)

    * £75 Lian Li PC-Q25B Case (with original box for shipping)

     

    Can provide photos if required.

     

    Collection from SE13 7AD in Lewisham is available upon request. 

    Payment via Paypal please.

  3. Just finished up 3d printing a little adapter I reckon some of you guys will be interested in with spare 5.25 drive bays like I had on the define R5.

     

    I have an 80mm fan coming for which I am printing a housing to fit as well. The model I used is this one from Thingiverse.

     

    Happy to print and post a set of these to any UK peeps for £5 each inc postage. Just PM me.

     

    XEbK1mZ.jpg

     

    HD15Yui.jpg

     

    Q04NTn8.jpg

    • Like 1
  4. 9 hours ago, nuhll said:

    Yes, he need server.

     

    But you dont understand, you dont let the server connect to your lan, Its the LAN connect to the server.

     

    VPN provide access to your WHOLE NETWORK. My solution would only allow access to the unraid interface. Also whats more likely to happen? Someone hack VPN (18923798127398127312749812931893891 mrd user) or someone hack a app which has <1000 user?

     

    Also the server side part could be secured pretty easy, like with certificate, https, encryption, what ever. 

     

    with security advice like this, i'd take this guy seriously. seriously, you guys... 

  5. Thanks so much for this!  I've installed, and it's working just fine.  There is one oddity though - its appdata folder is empty, so I'm not sure where the files are being stored.  I've mapped /var/config to /mnt/cache/appdata/Booksonic, but that Booksonic folder has nothing in it.

     

    /var/booksonic

     

    I didn't build this docker.

     

    FYI i built this thing in about 30 seconds a few months ago to keep my wife quiet, it hasn't seen any updates since nor will it. I dont mind you creating a template for it but common courtesy might have been a quick PM or something.

  6. Good to know.  Seems like a lot of discussion on this point and no conclusions. Is there a SABNZBD docker that supports multiform par2?

     

    Sent from my SM-N920V using Tapatalk

     

    You had as good of an answer as was possible without actually speaking to the project directly, yourself. Seems like a good conclusion to me!

  7. Please accept the 20 mins I've taken to amend my signature as a shout out and a BIG Thank You to the Community Developers that contribute to my unRAID experience the most. Without these developers it is my opinion that unRAID would not be as close to as great as it is and probably wouldn't even sell as many licences as they do!

     

    I appreciate your honorable mention, but at the same time thinking it doesn't do justice to ALL community developers. There is a whole bunch of gifted people out there, spending their time in improving the unRAID experience at no cost.

     

    To all community developers thank you for your contributions, it has made the great unRAID experience even better!

     

    Oh jeez.

  8. Could this be part of nerd tools?

     

    It could but it should be tied into the core docker-engine version from LT so that incompatibilities can be checked for prior any forthcoming releases. As we all know, Docker like to break APIs for fun https://forums.docker.com/t/mismatch-between-api-versions-after-automatic-update-to-1-11-0-beta6-with-docker-machine-on-amazon/8549

     

    There's nothing stop people curl'ing the binary in their go file for now though.

  9. BTW @NAS - I agree 100% with everything you've written. It's absolutely shameful and is a completely avoidable situation.

     

    Could someone link me to LT's privacy and security policies please? Also point me in the direction of where I can submit a FOI on the information they hold on me. That's a legal requirement in the UK, does this hold true in the US?

  10. Here's the "phone home" request:

     

    Thank you. Glad to see the details of these requests, although I wonder what data protection policies you might need to adhere too given the storing of user information - certainly in the UK it's a tightrope to walk.

     

    Do you keep IP logs of all these requests and tie those to GUIDs?

     

    Can I ask what plans you have in place to prevent such a CVE backlog occurring again in future?

    I'd also like to see clear confirmation from LT that the phone home and kill switch will be removed from the final release.

    Confirming: the phone home and kill switch will be removed from the final release.

     

    There's a kill switch and a phone home. Nice.

     

    I feel my questions are fair and need answering. Simply saying to users that unRAID isn't designed to be secure isn't a defense these days as there are many vulnerable devices on our networks - and that number will only grow.

     

    Obviously you don't owe me an explanation as to why you have chosen, more than once, to architect your system in a fundamentally insecure way - but I think your userbase deserves an answer. CVEs are not to be ignored, they will bite you one day. I know you know this, which is what makes dealing with LT so frustrating sometimes. An OS manufacturer without a clear privacy or security policy. Sounds crazy when you say it like that. Sorry to be the one who did.

     

     

  11. Here's the "phone home" request:

     

    Thank you. Glad to see the details of these requests, although I wonder what data protection policies you might need to adhere too given the storing of user information - certainly in the UK it's a tightrope to walk.

     

    Do you keep IP logs of all these requests and tie those to GUIDs?

     

    Can I ask what plans you have in place to prevent such a CVE backlog occurring again in future?

  12. Ironicbadger: You're not still holding a grudge against past interactions with LT that did not favor the outcomes you desired? There's a very clear anti-LT theme to all of your posts.

     

    To all of my posts? The one's in this thread, perhaps yes. For the reasons stated and those alone. What happened 3 years ago is ancient history now, and I don't believe I ever 'fell out' or rage quit either. BTW, LSIO is a huge contributor to the unRAID ecosystem in case you'd missed that!

     

    I don't mind eating humble pie if and when the time comes, by the way. Just find it interesting when premonitions come true - honestly that is all. A call to action is an entirely appropriate response in my opinion under the circumstances. As a more technical user, comfortable with compiling kernels and tinkering away in the very bowels of Linux systems on a daily basis, I simply expect LT to talk to their customers when a thread like this 'blows-up' and feel somewhat duty-bound to highlight issues such as these to those who might not understand quite what is at stake. I owe a great deal to unRAID for pushing Docker so early as it's now my livelihood (despite, I might add, my protestations to the contrary). Sometimes they get it right, sometimes not. In my opinion this is not a time where things are right.

  13. Are the 100 CVE disclosed security issues mitigated by not exposing your UNRAID server to the Internet? If I recall, such exposure has been widely regarded as a very bad thing by everyone at all levels.

     

    Depends what else is vulnerable on your network that IS exposed to the internet. Ever heard of island hopping? Sounds implausible until you think about the multitude of Internet of Things devices that are beginning to sit on our LANs. These devices often don't get patches and are nice little ingress points for those that are looking. There are whole podcasts dedicated to this topic, TechSNAP for one. This is people's entire livelihoods - security.

     

    You know, NAS, I hadn't even considered the security angle but by jove - that must be the best one in this thread by a mile. Ethics aside for a second, the integrity of your data is what this whole thread is about (right?). Please explain to me how leaving a box vulnerable for so long can possibly have your users best interests at heart? There are many processes in place for responsible disclosure of vulnerabilities from proper vendors so that their users can update the *second* a CVE is disclosed. This was the fundamental reason grumpy and I pestered Tom for so long to put unRAID on top of a 'proper' OS and let users have a proper userspace. This is all preventable. Linux (as a whole) has been solving this problem since before Ross and Rachel were on a break... Come on LT!!! Patch your S - or change architecture. It's the responsible thing to do.

     

    The time it takes to make a coffee. That's how long this issue would take to put to bed, unless there's something to hide. 

  14. Who's to say that in future, this kill-switch won't be used to enforce a blanket subscription policy which rendered all existing licenses (for v4, 5, 6) invalid. Just a thought.

    You seem to want / need iron clad immutable declarations where none are either possible or realistic.

     

    You have a point but so, I think, do I.