Announcing New Unraid OS License Keys

[trurl]

3 hours ago, LSG501 said:

assuming open to internet

Do you allow your Unraid server to be accessed from the internet? How?

https://docs.unraid.net/unraid-os/manual/security/good-practices/

 

[LSG501]

25 minutes ago, trurl said:

Do you allow your Unraid server to be accessed from the internet? How?

https://docs.unraid.net/unraid-os/manual/security/good-practices/

 

Not at the minute, I'm still getting it all set up how I want it, but the plan for my own usage will be likely via some sort of vpn (my router does natively support it etc).  I'm not exactly rushing along with it at the moment due to limited time to set it up. 

 

The thing is that link has point #6 about keeping the OS up to date....this kind of goes back to one of the points some of us are making regarding the necessity to pay yearly if you want security updates.

[MagicLegend]

I happened to stumble across this by luck now because I saw it in the "more" section of the header as latest news. I have wondered from time to time when this change would come, since reality is that the current/old model is not sustainable.

 

As I understand there will be a timeframe of one week in which I can decide to upgrade my licence for the old price:
 

Quote

 

Q: "Will Basic>Plus>Pro upgrades be the same price as it was before the changes?"

A: No. Legacy upgrade pricing will be changing alongside the new license tiers. We are aiming for the end of Q1, 2024 to launch the new license types as well as an increase in Basic, Plus, and Pro upgrade costs. We will pre-announce all of the changes 1 week prior to launch.

 

 

Will an email go out to all licence owners to notify us of the new pricing in that week? As a normal human being I don't have the time to follow blogs of all the services I use, and I think an email notification would be appropriate. Honestly I think a note on https://unraid.net/pricing or even within Unraid itself (although I guess some users would complain about that...) would also be appropriate.

 

I'll have to consider picking up a second Basic key in case I ever build a second backup system then 😄

 

Edit:

 

I see that trial customers will be emailed, I think all customers should be emailed:

 

Quote

(...)

All current trial users between now and the changeover will be emailed regarding the changeover date.
(...)

 

Edited March 4 by MagicLegend

[primeval_god]

On 3/3/2024 at 6:45 AM, eras said:

....use the system with up-to-date patches (which--lets be honest here--isn't optional on anything connected to a network)...

Going to have to respectfully disagree here. Many unRAID users, myself included, routinely run systems a version or two behind the current latest release (some much farther). I just this weekend finally upgraded from 6.11 to 6.12. For us the lack of security updates is not new. An unRAID NAS is meant to run internally on a home network where its exposure to potential threats should be minimal. It would be nice to get ongoing security updates for a particular os version (without the introduction of features or potentially destabilizing changes), but at this point I am not to worried about it.

[SpencerJ]

5 hours ago, MagicLegend said:

I see that trial customers will be emailed, I think all customers should be emailed:

 

I would suggest signing up for our newsletter to be notified.

 

Sending mass unsolicited emails to our entire user base for this goes against our privacy policy.

[MagicLegend]

40 minutes ago, SpencerJ said:

 

I would suggest signing up for our newsletter to be notified.

 

Sending mass unsolicited emails to our entire user base for this goes against our privacy policy.

 

I guess that's fair enough, although I'd rather see the privacy policy updated to allow sending important communications like this (and yes, you can have a debate about what's "important" then, it's a slippery slope). Given the price changes of the upgrades of the grandfather tier (kudos for still allowing that though!) it is something that I would've expected to be notified about as a customer of your software. Or at least be present on the current pricing page. Not something that I had to stumble upon under the `more` section of your website.

[SpencerJ]

1 minute ago, MagicLegend said:

I guess that's fair enough, although I'd rather see the privacy policy updated to allow sending important communications

 

Thanks for the input. As a marketer, I would love this but you would (probably0 be surprised how sensitive people are to mass email. Even with the newsletter, people must double opt-in and I still face backlash at times 🤷‍♂️

[jit-010101]

23 hours ago, LSG501 said:

To be fair it's slightly different being locked out of video editor update versus locked out of a server OS update because you haven't paid for the 'yearly update fee'. 

 

IF the video editor doesn't work you'll lose some time or it will crash etc but if a server OS is left in a bad way due to a poor update or the update to fix a major security issue comes outside of your renewal date you have no recourse but to pay for the update to keep your data safe (assuming open to internet etc and that you have to keep using it in the exact same fashion).  If it's not open to the internet then of course you could go vlans and block external access etc.

 

Essentially it's all boiling down to semantics at this moment in time, I and many others will call the need to pay yearly to continue getting even the most basic things such as security updates a subscription, others will call it a maintenance fee or as Topaz calls it it's an 'upgrade license'.  However, like I said before, it doesn't matter what the name is, unraid is changing to a model where you need to pay on a regular basis to ensure you are 100% secure, if it was purely feature updates then I would say it is closer to the update license term that Topaz is using but at the moment unraids is also includes security/bug fixes.....

 

And while yes you could skip a few updates here and there if you want to but no one really recommends running an OS with out of date security/bug fixes these days do they.... it's not like unraid has been bug free or had no issues with excessive writes to drives or anything.

 

 

> assuming open to internet

 

Unraid was and is never ment to be used being exposed to the Internet directly.

 

You should always honor such design decisions - and work with that. Say run Unraid in a VM like on Proxmox in such cases.

 

If you need internet exposure you can use a pull solution like Syncthing - if you want to expose services you have much better solutions based on Kubernetes/Portainer on hardened Server OSes with LTS Kernels which can run in a seperate VM and just use the NAS-Storage as a mount.

 

Docker containers are still updatable, as it is too ... so the individual containers are never staying behind.

 

It all sounds a lot more like that you want to use it in edge cases the easy way - that's not going to work out too well.

 

On 3/3/2024 at 2:09 PM, eras said:

I think you might have missed the part where I wrote that I moved to Unraid because I have no time budget to browse through forums and try out suggested solutions. I moved in anticipation that a for-pay system would put stability first and new experimental features second. I am not running a complex and complicated system, just basic storage and a few docker containers. No VMs, no transcoding, no fancy stuff. The system was running stable after I set it up, and it ran that way for a while.
If a configuration is running stable and a system update breaks it, forcing me to go on a bugfixing hunt (which is almost always time-consuming), that basically ruins the deal for me. At the absolute minimum, I would expect a clear warning prior to the upgrade that new functions are introduced and that they break stuff / require maintenance work. Ideally, I would expect a separate, optional security-update-only path and maybe an update profile that you can select which will delay all updates until they have been found to be stable on all tested systems. That would allow me to avoid a situation where I have to invest time I do not have to fix something that was broken by a change in code I did not introduce. For me, the most important thing in servers is stability and reliability. New features are nice, but only if they do not impact those two things negatively.
The new pricing model just adds more issues to that. From the scarce details we were provided, there is another big problem I see: the non-existent synchronization in terms of versioning and licensing. If I understood it right, a user that pays for a license of let's say version 7.xx gets updates during the first year. The problem I see is if there are bugs in one of the versions he updates to towards the end of the year that will only be fixed after the year has expired. I mean, generally speaking, the idea that "you don't have to pay the subscription, you can just run your current version forever" is already unviable when one cares about security. But the idea that you could end up with a broken system that you need to pay to fix is making things worse. 
It would be much better to have a model where you get support until EOL for the version you buy, so basically paying for a license when version 7 is out gives me all updates until version 8 comes out. That would give the user at least the choice to stay with a stable and final release or to upgrade for a new version and new features based on a subscription model. I might have missed that this is actually what they plan but from what I have read, they do not.

 

Can't you simply downgrade to the last known stable and call it a day.

 

Like outlined above: Unraid was never be designed to be exposed to the internet directly.

 

There are shit ton of equipments with far older Kernels hidden behind propitary firmware with much bigger holes than that.

[nostradumas]

Here! Here!  I always knew Microsoft was wrong in not releasing any updates for XP for years now.  After all I paid for it once, and I expect and demand updates for it forever.

[ConnerVT]

You can use your XP key to activate a fresh install of Windows 11.

 

Need to find a better analogy.

[nostradumas]

38 minutes ago, ConnerVT said:

You can use your XP key to activate a fresh install of Windows 11.

 

Need to find a better analogy.

Really?

https://pureinfotech.com/windows-11-10-no-longer-activate-7-8-keys/

[ddube]

I don't know who is in charge of the marketing at limetech but holy cow it is really bad. You should hire someone who knows how to do this.

 

With this subscription model (and no support for security fixes), I will be moving to something else even if I paid for a "legacy" tier. If I want to stay with a jbod setup then Stablebit is a better offering on Windows. They never changed pricing, they never asked for more money, they never moved to subscription model. If I don't want to move to Windows, there is a lot of alternative that will not gouge their userbase.

 

I see only people that support this that are already on legacy tier, those with 9k+ comments on the forums. These guy will never pay more anyway.

[ddube]

4 hours ago, nostradumas said:

Really?

https://pureinfotech.com/windows-11-10-no-longer-activate-7-8-keys/

You can install windows free to use forever with no license and still get all updates forever. Only downside is the watermark. You can use an old key to remove this OR use the activation script that will license you hardware to microsoft server. It cost nothing. They make millions per month on the business side, they don't care about the customer market. If you use it at home, you'll demand it in enterprise.

[eras]

17 hours ago, primeval_god said:

An unRAID NAS is meant to run internally on a home network where its exposure to potential threats should be minimal.

Come on, that's maybe how the system was designed initially, years ago. These days, even LT themselves have included online components like unRAID Connect and many apps and containers will rely on internet access as well. So saying that this is designed to run purely on a subnet and without any internet connection is frankly not truthful. 

[eras]

13 hours ago, jit-010101 said:

Can't you simply downgrade to the last known stable and call it a day.

 

Sure you can, but is it fair of a company to expect you to? And is such a policy something that will convince prospective customers when the competition consists of mostly complete free and continuously updated systems?
What exactly is the value proposition here? You pay 29 or 39 bucks for a software that will not be updated anymore after just one year (unless you pay 10 or 20 bucks on top), leave you potentially with an unstable version and force you to play around with downgrade options that might also break in the future because of version conflicts with the apps you run on them?

I was actually considering to buy a second license for a secondary, SBC-based backup NAS. This change put me off. I ran OMV before, it's a little less comfortable, but it will be updated continuously and I don't have to worry about unpatched vulnerabilities.

"Like outlined above: Unraid was never be designed to be exposed to the internet directly."

I refer to my first answer on that. In addition, ANY reliable backup strategy for data will realistically require some online component. Having an up-to-date off-site backup is good practice. And for the most important data, a cloud-based backup is also something you want to have. Any serious user of a for-pay NAS would expect that the system was at least developed with these necessities in mind.

Edited March 5 by eras

[Kilrah]

13 minutes ago, eras said:

many apps and containers will rely on internet access as well.

The point is that it's these apps and services that are exposed, not unraid. 

In a decent setup nothing from unraid itself is exposed, it would take several layers of successive breaches (app, Docker) to reach the point where a vuln in unraid would become a problem.

[eras]

9 hours ago, nostradumas said:

Here! Here!  I always knew Microsoft was wrong in not releasing any updates for XP for years now.  After all I paid for it once, and I expect and demand updates for it forever.

Somehow I don't remember MS to end support for XP after just one year unless users shelled out another 10 or 20 bucks. They supported it for a decade and only then asked people to upgrade.

I would be totally fine with LT selling licenses by version, btw. That would give you a stable system at the end and you would really have a realistic option to stay on that--or to upgrade to a new version by paying a fee (which would also entitle you to get updates until EOL is reached).

[eras]

30 minutes ago, Kilrah said:

In a decent setup nothing from unraid itself is exposed, it would take several layers of successive breaches (app, Docker) to reach the point where a vuln in unraid would become a problem.

In an ideal world maybe. In the real world, people's internal networks often sit behind routers provided by the access provider. Those routers usually see updates either rarely or never. Unless you run a hardware firewall between that access point and your internal network, you should not rely on that router and thus everything in that internal network should be as secure as possible. Even if that ISP router issue wouldn't exist, you should never rely on one secure component to cover an unsecure other component.
If you rely on what you wrote above, your security concept could already fall apart because you have a visitor who accesses the network at your apartment with an infected device. Boom, the attackers just flew right over your allegedly impenetrable defensive trench network and one known, unpatched vulnerability in your unRaid system will allow them to wreak havoc.

I do not pay 39+ bucks for a system where security updates are replaced by wishful thinking after 12 months only. This is a real problem, both in terms of safety and in terms of value proposition. 

A licensing model that asks you to pay a larger fee for the initial purchase should at least give you a reliable, secure system with the version you bought. Stopping upgrades after one year unless you pay a fee would be acceptable if it were a subscription to begin with--in which case you would have the same, relatively low, annual fee. But the fairly high initial costs render the 12-month-timeout unfair and the system unnecessary unattractive.
Not only that. The relatively aggressive 12-month-timeout for support also indicates a relatively urgent need for additional cashflow on the side of the company. Which will spook users that want to set up a system that should reliably continue to operate for the medium to long-term. People don't set up servers of any kind for just a year. They plan for 4-5 years or more. They will calculate the costs accordingly and they don't like to get the impression that the company backing that system may suddenly collapse, turning their investment into a loss and forcing them to migrate to another system.

Not trying to rain on LT's parade here. It is actually one of the most likeable companies out there. But that doesn't mean their value proposition doesn't have to make sense.

Edited March 5 by eras

[itimpi]

18 minutes ago, eras said:

The relatively aggressive 12-month-timeout for support also indicates a relatively urgent need for additional cashflow on the side of the company.

I do not see how this follows?   Once one realises it is is going to be difficult to separate out bug fixes releases from releases that incorporate new features as the company is probably not big enough to have multiple parallel development streams then one has to pick a timeframe and 1 year seems easy to quantify.

[Kilrah]

17 minutes ago, eras said:

I do not pay 39+ bucks for a system where security updates are replaced by wishful thinking after 12 months only.

Then vote with your wallet and don't

 

18 minutes ago, eras said:

But that doesn't mean their value proposition doesn't have to make sense.

If you're right that your view is the same as that of most people then LT will see a drop in revenue rather than the desired increase and the problem will solve itself with them having to find another solution. 

[eras]

36 minutes ago, itimpi said:

I do not see how this follows?

Maybe look around a little? People complain about MS not supporting Windows 10 long enough (actual support timeframe is 10 years). Long support pledges have become a big part of the value proposition of Android phones and many other devices, with most manufacturers going beyond what is the usual expected service life of the average phone. The update policy has become an important point in reviews of many technical devices. 

And that isn't just a random trend. It is the result of the realization that malware has become much more sophisticated, and those who write it have become much better in exploiting new vulnerabilities.

Would you be able to refer to any other software product, let alone an OS, that asks for a larger license fee and then drops support after just 12 months unless you sign up for a subscription? I can't think of one. If you can't as well, then how isn't it obvious that this is a problem?

[itimpi]

10 minutes ago, eras said:

Would you be able to refer to any other software product, let alone an OS, that asks for a larger license fee and then drops support after just 12 months unless you sign up for a subscription?

I am not sure that that we know this is true as the pricing has not been disclosed yet.    The only thing that we know for certain is that the equivalent of the current licences + lifetime updates is going up in price.   You could be correct, but lets wait and see.

[eras]

48 minutes ago, Kilrah said:

Then vote with your wallet and don't

 

I would. But that's not the point.

 

48 minutes ago, Kilrah said:

If you're right that your view is the same as that of most people then LT will see a drop in revenue rather than the desired increase and the problem will solve itself with them having to find another solution. 

Yes, but at that point, reversing course will likely have become impossible. That's how that usually plays out with companies which chase money down the drain: their cash flow might increase temporarily at the beginning, but after a short while, it drops significantly and their financial troubles worsen, leading to the inevitable collapse. 

So given that this thread was asking for feedback, not praise, and given that we all want LT to stay in business for many years to come, I think it is actually a good idea to not just vote with the wallet but to warn them before about the mistake they are making in my view.

[eras]

48 minutes ago, itimpi said:

I am not sure that that we know this is true as the pricing has not been disclosed yet.

First: That's part of the problem, because everyone is left to speculate. I am aware that their hand was forced here, but still...

Second: It kind of has if you read between the lines. Quote:
"Starter - supports up to 4 devices.  This will be offered at a lower price than today's Basic key.

Unleashed - supports unlimited number of devices. This will be offered at about the same price as today's Plus key."

Unleashed will be ~$89 and it will give you the same features as todays Pro, which costs an extra $40, but it will force you to sign up for updates. If their calculation is designed to produce additional revenue, the annual fee cannot be much lower than ~20 bucks. Which basically means you are paying more than in the old system after three years--and you keep on paying (that's the real problem).
For smaller settings that would currently use basic, the value proposition will be even worse. Because you get a painful reduction in features--from 6 to 4 drives--which breaks the deal already for many. Keep in mind that the cache drive counts, so your limit is actually 3 HDDs in a tier where people often are on a budget and thus more likely to buy smaller capacity-drives. Honestly, lowering the max HDD count to 4 in that tier is one of the worst decisions, since it really ruins the deal for smaller home NAS settings and you don't have a reasonable upgrade option from there, given that they removed the mid-tier (which is an even more catastrophic decision). Imagine you build a home NAS with a single drive and a parity plus a cache. Now you are left with just one additional drive to add, which is a crippling limitation. So for smaller, home-setting NAS systems, Unraid becomes a hard sell. And it will be even worse for the SBC-plus-drive setting. I honestly cannot think which target group they had in mind for the Starter license.
And I don't see a significant-enough reduction in price in return, at least judging by the words "at a lower price" (not "at a significantly lower price"). I interpret that at a reduction by maybe 10, more likely 20 bucks. So that's a $39 price, because I don't think they will go as low as $29. Which is basically just the equivalent of the loss of value due to the HDD limitation. So you wouldn't even get much of a discount initially--and you pay on top after already one year. Even if they go as low as $29 for the initial license, that's not sweetening the deal in any meaningful way.
As for the last tier, the Pro or probably Lifetime version: That one has to be SIGNIFICANTLY more expensive to make sense and to make the Unleashed license worthwhile at least for those who calculate their license purchases by a 4-5 year lifespan of the system. It would have to cost more than Unleashed plus 4 years of updates, or Unleashed has no reason to exist. So $170+, probably more towards $200. 

Now let's assume I am a user with an average-size NAS of 4-6 drives plus a cache drive. Which of those tiers would you recommend because "it's worth it"? I don't see any attractive option.

I really believe they do make a terrible mistake here. And it is very sad to see.

Edited March 5 by eras

[Frank1940]

@eras,  here is the cost of an official MS license to run Windows 11:

 

https://www.amazon.com/Microsoft-Windоws-Pro-OEM-DVD/dp/B09MYBD79G/ref=sr_1_4?crid=1OTRURGROMODN&dib=eyJ2IjoiMSJ9.49RhAsYl6BBbgJ_D0N1ejb3F8xcQoPe0KQ-Vsq2DceXzvuiIx3UO1KzJREM9gFj3OIRhvAdtnE1xeablN9XtSLJk0vyUFYqMUiNNVbMGvqz7CNlzZ_2p7IFFvvUskIDehMCoM4VXLjcncEBD0tWUPxH1gojEQ-XgdhvqjhNAKiWBDwzZTZE20dZrMk2wuswEZWP9mCOz09FHutDr5-bP9SR6SHJfxpyUIDpDSRgEpoM._PSwn2se_WYi8kGvH3vh70lWqILW-1vDRKuIaFqPwVQ&dib_tag=se&keywords=windows%2B11%2Bpro%2Bkey&qid=1709638700&sprefix=windows%2B11%2Bpro%2B%2Caps%2C91&sr=8-4&th=1

 

Granted the no OEM would be buying hundreds/thousands of these packages but instead they would approach MS directly to negotiate a bulk purchase of a certain number of licenses.  This offering is intended for those folks who assemble a computer using individual components and need/want a legal license for it.

 

Any other way of installing Windows 11 on a new computer is a violation of the Digital Rights and Copyright acts (in the  USA) regardless of the work-arounds that many have used. 

 

And take look at the pricing structure of Adobe Photoshop.  It appears that the marketing model that they are using  is working in their case.

 

If Unraid has made a mistake, it is that is advertises what it sells as an OS.  They didn't write an OS (the core of their software is a standard Linux distribution).  They are selling a NAS with several additional capabilities (plugins, Docker and VMs) merged into it.  It is a much more limited market than what MS is serving.  The fact that MS is loosely-goosey with their license enforcement of their OS products may actually be a business strategy to sell their other software. (Most Windows computers have trial versions of other MS software installed on it and you have to pay to activate when the trial expires!)  Unraid has no side software line that it is selling.  It is not collecting  data from its users that it is marketing.  Its sole stream of income is sale of its NAS software. 

 

The bottom line is that Unraid needs a more steady flow of income than a single purchase of a lifetime license can give.  They are attempting to honor a promise to their old clients who purchased their software with that understanding.  The problem is now how to price their product to provide an income stream to support, maintain, and provide future enhancements and to attract new customers.  No pricing policy is going to make everyone happy.  In the final analysis, their new pricing policy has to generate more income than their current plan does.   ...And it has to be attractive enough to make enough people willing to buy into the price plan that they finally adopt.

 

As side case, I use Bitwarden password manager.  They have a free version that has virtually all of the features that their $10 per year individual subscription plan does.  Those few additional features (two that we use are hardware keys verification and collections) are worth the $20 per year for my wife and myself.  There are many password managers-- some free and some with annual fees ---that I considered.  I evaluated many of these and make a decision that Bitwarden made the most sense for us.  It wasn't the cheapest plan but cost was a consideration.