• 0 Posts
  • 173 Comments
Joined 3 years ago
Cake day: June 12th, 2023
  • billwashere@lemmy.worldtoSelfhosted@lemmy.worldDecreasing Certificate Lifetimes to 45 DaysEnglish
    92·
    20 days ago

    But can you imagine the load on their servers should it come to this? And god forbid it goes down for a few hours and every person in the world is facing SSL errors because Let’s Encrypt can’t create new ones.

    This continued shortening of lifespans on these certs is untenable at best. Personally I have never run into a situation where a cert was stolen or compromised but obviously that doesn’t mean it doesn’t happen. I also feel like this is meant to automate all cert production which is nice if you can. Right now, at my job, all cert creation requires manually generating a CSR, submit it to a website, wait for manager approval, and then wait for creation. Then go download the cert and install it manually.

    If I have to do this everyday for all my certs I’m not going to be happy. Yes this should be automated and central IT is supposed to be working on it but I’m not holding my breath.

  • billwashere@lemmy.worldtoTechnology@lemmy.worldDon't throw away your old PC—it makes a better NAS than anything you can buyEnglish
    1·
    20 days ago

    I would think that right now the sweet spot for good used drives is between 4-8tb. Check out backblaze’s drive stats for some good info about failure rates for older drives.

    https://www.backblaze.com/blog/category/cloud-storage/hard-drive-stats/

    Yeah RAID 5 is fine (in ZFS terms it’s just called raidz or raidz1). You could also do something like raidz2 (which is essentially RAID6 with two parity drives). There is some newer stuff in TrueNAS called dRAID which does some interesting stuff with the spares. It’s kinda like old RAID5EE stuff if youre familiar with that. Just google it and read up on it.

    Safest bet on old hardware… in my opinion find some old enterprise level stuff somebody is upgrading out of. I get lots of hand-me-downs that way. This stuff is meant to run 24/7, keep running forever, and is usually upgraded before it’s really not useful to anyone. Word of warning, this stuff is generally not power efficient, or quiet for that matter. So I wouldn’t be running this in my bedroom. Well unless you’re cold 'cause your heater is broken and love lots of white noise :)

    As a hardware guy going on 20+ years let me offer some basic advice. If this data is important , which you mentioned it was, RAID is NOT backup. Have separate backups. Yes I know it’s expensive but hardware can and does fail. Sometimes irrecoverably. ZFS does a good job helping with this with snapshots and the ability to sync easily. For me just I follow the 3-2-1 rules. Yeah it’s kinda outdated but I’m old.

    The 3-2-1 rule is basically:

    • 3 copies

      • Primary data (on its own pool).
      • Local backup (on a separate ZFS pool, ideally on different hardware). This is where ZFS replication is useful. This built into TrueNAS.
      • Off‑site/cloud backup (replicated ZFS dataset or traditional backup tool like restic/Borg to cloud).

    • 2 different media

      • e.g., Primary on SSDs, backup on HDDs; or primary on local NAS, backup in cloud.

    • 1 off‑site

      • Replicate ZFS snapshots to a remote location (another site or cloud).

    Oh and one other thing. If you are using TrueNAS be mindful there are two flavors now, TrueNAS Core and TrueNAS Scale. The interfaces are slightly different but the main differences are:

    • TrueNAS Core is based on FreeBSD and is the older, more mature “classic NAS” platform, optimized for rock‑solid file serving with jails and VMs.

    • TrueNAS Scale is based on Debian Linux and is designed for “scale‑out” and hyperconverged use: clustering, containers, and modern virtualization on newer hardware.

    Hope this is useful….