• 0 Posts
  • 6 Comments
Joined 1 year ago
cake
Cake day: October 25th, 2023

help-circle
  • Personal anecdote: I have had an old Synology DS215j using WD Blues for about eight years now, and the SMART checks show the drives are within spec.

    First, I’d go with making sure you have 3-2-1 protection. It is better to have RAID 1 with two Blues than one enterprise drive. If you already have 3-2-1 protection in place, then move to higher tier drives.

    Focus on the backups and getting that in place first. Ideally, CMR Reds are what you should be using, but if money is tight, blues can work.




  • The absolute cheapest way to get storage. For the barest bones, ugliest setup, I’ve seen people have two PC power supplies on their desk, a motherboard, a few SATA cards, and a number of drives plugged into the SATA cards, and using Linux + ZFS + Samba for the heavy lifting. Alternatively, a “NAS PC case” with a decent motherboard and such should work.

    If I were building the cheapest way to have a lot of storage, but have a warranty, I’d go for a higher end QNAP NAS that supports QuTS Hero, even QES. I would then load TrueNAS SCALE on the QNAP hardware, use ZFS from there on out. This ensures a lower attack surface, and ZFS without any added stuff. The QNAP hardware isn’t cheap, but it is fairly reliable.


  • I have had APFS + encryption fail me once, where I wound up losing all data on the drive completely. It was just a copy of data so it wasn’t a major loss, but it was something that concerned me.

    As others have said, the simplest way is to just use APFS + encryption, copy the files, call it done.

    However, what I do is format the external drive with ExFAT, and use Borg Backup with encryption. This ensures that I can pull the data off the drive, regardless of the data being on a Mac, Windows (with WSL2), or Linux. Borg Backup is an open source utility, and has a lot of presence, so it won’t be going away anytime soon. The nice thing about Borg Backup is its deduplication, so if you back up a folder twice, the space used will be minimal.

    Another idea is to use Cryptomator. This works on Linux, Mac, and Windows, and you create a vault (which is a folder with encrypted contents), mount that, and from there, copy your files into that. The nice thing about this method is that it works on all platforms (assuming you used ExFAT for the filesystem), and provides solid security.

    If just Mac-only, the simplest will be using encryption with APFS, but making sure you have multiple copies on multiple drives, just in case.


  • A few things, mainly with security:

    • A “master switch” so I can ensure the camera, microphone, GPS, and other things are turned off, where no app can access them, period.

    • Some anti-mugging features like a duress code, ability to PIN protect access to account and family info on the phone (the screen time thing sort of works, but not really), where one can enter in a fake PIN, let the attacker adjust whatever settings they want, but all their changes are automatically reverted in 1-2 hours.

    It would be nice if an attacker didn’t just need your device PIN and your device to seize your account and family stuff.

    • Ability to geofence, so a phone will prompt for a PIN and not just FaceID/TouchID if taken out of the usual commute corridors. This way, if the phone is stolen, it is harder for a would-be thief to decode it.

    • A self erase feature, where if the phone doesn’t get an Internet connection in “x” amount of time, it will erase itself.

    • Partial backups. I’d love to be able to save off games and other stuff off the device and later on, load them, load the app and play it. Backups are all or nothing… it would be nice to have something like Titanium Backup where individual apps can be backed up or even archived off with their data.