Re: [MLUG] replcing home server

2017-06-04 Thread Jer 

On 2017-06-04 04:58 PM, Hendrik Boom wrote:

On Fri, Jun 02, 2017 at 11:34:47PM -0400, Jer wrote:

On 2017-06-02 10:55 PM, Hendrik Boom wrote:

On Fri, Jun 02, 2017 at 10:16:17PM -0400, Stefan Monnier wrote:

Home server is slowly dying.  CMOS battery died, has trouble booting
(though I  always manage to get it to boot because I have two
independent ways to do it), USB  died, and so forth.

I am in process of replacing it.

I would suggest things, but if you care so much about security you will
throw out the two reigning platforms you are not left with much choice.

I'm noticing this.  A can't say that the security concerns are
absolute, but it goes against the grain to set up systems with known,
unavoidable vulnerabilities.

But it also goes against the grain to spend ridiculous amounts of time
or treasure to make the thing invulnerable.
This. Build a good system and protect the front of it, or make it 
non-web-accessible completely except for SSH/VPN through a strong gateway.


I love security, but I also have to think to myself "am I a target"? 
That being said I probably already put too much thought into security 
for a system that in a few years will be changed anyways.


Jer
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-04 Thread Hendrik Boom 
On Fri, Jun 02, 2017 at 11:34:47PM -0400, Jer wrote:
> On 2017-06-02 10:55 PM, Hendrik Boom wrote:
> >On Fri, Jun 02, 2017 at 10:16:17PM -0400, Stefan Monnier wrote:
> >>>Home server is slowly dying.  CMOS battery died, has trouble booting
> >>>(though I  always manage to get it to boot because I have two
> >>>independent ways to do it), USB  died, and so forth.
> >>>
> >>>I am in process of replacing it.
> I would suggest things, but if you care so much about security you will
> throw out the two reigning platforms you are not left with much choice.

I'm noticing this.  A can't say that the security concerns are 
absolute, but it goes against the grain to set up systems with known, 
unavoidable vulnerabilities.

But it also goes against the grain to spend ridiculous amounts of time 
or treasure to make the thing invulnerable.

I'm really looking for good compromises.

I may go for the intel server and later place a separate nonintel 
firewall in front if it.  There appear to be two specific port numbers 
used to access the management engine, and I would be able to block 
those.  Static web pages will probably reside on that firewall 
machine, to be checked and restocked now and then from behind the 
firewall.


> I
> have a Qnap NAS running ARM (ts-859+) with 8 drive bays with 2TB WD RE4
> drives in each. It may work I guess? Certainly not going to be doing much
> except file serving, but they have a decent NFS server.

Overkill, I suspect, but it's an interesting system.

-- hendrik
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-03 Thread Hendrik Boom 
On Fri, Jun 02, 2017 at 10:55:49PM -0400, Hendrik Boom wrote:
> On Fri, Jun 02, 2017 at 10:16:17PM -0400, Stefan Monnier wrote:
> > > Home server is slowly dying.  CMOS battery died, has trouble booting
> > > (though I  always manage to get it to boot because I have two
> > > independent ways to do it), USB  died, and so forth.
> > >
> > > I am in process of replacing it.
> > 
> > I have no idea what you need your server to be able to do, so it's hard
> > to give good recommendations, but FWIW:
> > 
> > - I use a BananaPi as home server.  I use the USB-OTG port as a second
> >   network interface (i.e. the ethernet port is connected to my
> >   dsl-modem, and I have a desktop connected via the USB-OTG port).
> > 
> > - You might like to take a look at the GnuBee
> >   https://www.crowdsupply.com/gnubee/personal-cloud-1
> 
> That case is too small for my disk drives.  They're more than 2 
> and a half inches.  They do say though that someday they may consider 
> making one for larger drives.  Otherwise it's excellent.
> 
> Come to think of it, with two gigabit ethernet ports, this could be my 
> network front end even if it isn't the file server.
> 
> And I'd have to find a power supply.  It doesn't seem to be  built in.  
> Or am I misinterpretig?

Ah.  They do provide a power supply for $19.

Except for the size of the disk drives, this looks pretty good.

-- hendrik
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-02 Thread Jer 

On 2017-06-02 10:55 PM, Hendrik Boom wrote:

On Fri, Jun 02, 2017 at 10:16:17PM -0400, Stefan Monnier wrote:

Home server is slowly dying.  CMOS battery died, has trouble booting
(though I  always manage to get it to boot because I have two
independent ways to do it), USB  died, and so forth.

I am in process of replacing it.
I would suggest things, but if you care so much about security you will 
throw out the two reigning platforms you are not left with much choice. 
I have a Qnap NAS running ARM (ts-859+) with 8 drive bays with 2TB WD 
RE4 drives in each. It may work I guess? Certainly not going to be doing 
much except file serving, but they have a decent NFS server.


Jeremy
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-02 Thread Hendrik Boom 
On Fri, Jun 02, 2017 at 10:16:17PM -0400, Stefan Monnier wrote:
> > Home server is slowly dying.  CMOS battery died, has trouble booting
> > (though I  always manage to get it to boot because I have two
> > independent ways to do it), USB  died, and so forth.
> >
> > I am in process of replacing it.
> 
> I have no idea what you need your server to be able to do, so it's hard
> to give good recommendations, but FWIW:
> 
> - I use a BananaPi as home server.  I use the USB-OTG port as a second
>   network interface (i.e. the ethernet port is connected to my
>   dsl-modem, and I have a desktop connected via the USB-OTG port).
> 
> - You might like to take a look at the GnuBee
>   https://www.crowdsupply.com/gnubee/personal-cloud-1

That case is too small for my disk drives.  They're more than 2 
and a half inches.  They do say though that someday they may consider 
making one for larger drives.  Otherwise it's excellent.

Come to think of it, with two gigabit ethernet ports, this could be my 
network front end even if it isn't the file server.

And I'd have to find a power supply.  It doesn't seem to be  built in.  
Or am I misinterpretig?

-- hendrik

> 
> 
> Stefan
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-02 Thread Stefan Monnier 
> Home server is slowly dying.  CMOS battery died, has trouble booting
> (though I  always manage to get it to boot because I have two
> independent ways to do it), USB  died, and so forth.
>
> I am in process of replacing it.

I have no idea what you need your server to be able to do, so it's hard
to give good recommendations, but FWIW:

- I use a BananaPi as home server.  I use the USB-OTG port as a second
  network interface (i.e. the ethernet port is connected to my
  dsl-modem, and I have a desktop connected via the USB-OTG port).

- You might like to take a look at the GnuBee
  https://www.crowdsupply.com/gnubee/personal-cloud-1


Stefan
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-02 Thread Hendrik Boom 
On Fri, Jun 02, 2017 at 03:58:31PM -0400, znot...@mailbox.org wrote:
> Hello Hendrik,
> 
> > Le 1 janvier 2002 à 09:33, Hendrik Boom  a écrit :
> [snip]
> > I need file server and network front end.  At present they are the same
> > machine, but that is not at all necessary.
> [snip]
> > 
> > But I'd rather not have intel hardware facing the net, given known and
> > potential vulnerabilities in the management engine.
> > 
> > Rumour has it that AMD has something similar, though I don't know the 
> > details
> > and havent heard of any actual attacks -- yet.
> > 
> > So I've been wondering about ARM machines.  Perhaps as network front ends, 
> > with 
> [snip]
> > 
> > But I suspect there may sell be machines that will serve as internet front 
> [snip]
> > 
> > I'd want them to have at least two ethernet ports, one to the world and one 
> > to 
> [snip]
> > as I choose.  Ideally it could boot from USB so I coud easily reinstall or 
> [snip]
> > 
> > Anyone know of suotable hardware?
> 
> The first thing that came to my mind was PCengines.  They have some 
> boards with multiple RJ-45, USB bootable 
> (http://www.pcengines.ch/apu2c4.htm or 
> http://www.pcengines.ch/apu1d4.htm, for example).  Alas, I thought 
> they were ARM, but they are AMD.  I can't help mentioning them 
> anyway.
> 
> Good luck in your search.  I'd be interested in knowing what you go with.

Interesting.  They would, at least, provide one level of defense 
against such attacks.  And if their processors are old enough, they 
may not have whatever AMD uses instead of the Intel Management Engine.

The company that sells these machines seems also to sell an enclosure 
and provide a heat spreader that I'd have to install myself.

But its boot process seems to require me to access the machine with a 
serial terminal.  Those things are getting scarce.  My laptop, for 
exampe, doesn't even have a serial port to connect a null modem to. 
 
I've heard of a thing called an ARM with two networks.   There are a 
few such components advertised on the net.  But the ones I found seem 
to be bare single-board computers without power supply or case, 
unlikely to survive on its own in an overcrowded house.  Otherwise 
promising.

-- hendrik
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-02 Thread znoteer 
Hello Hendrik,

> Le 1 janvier 2002 à 09:33, Hendrik Boom  a écrit :
[snip]
> I need file server and network front end.  At present they are the same
> machine, but that is not at all necessary.
[snip]
> 
> But I'd rather not have intel hardware facing the net, given known and
> potential vulnerabilities in the management engine.
> 
> Rumour has it that AMD has something similar, though I don't know the details
> and havent heard of any actual attacks -- yet.
> 
> So I've been wondering about ARM machines.  Perhaps as network front ends, 
> with 
[snip]
> 
> But I suspect there may sell be machines that will serve as internet front 
[snip]
> 
> I'd want them to have at least two ethernet ports, one to the world and one 
> to 
[snip]
> as I choose.  Ideally it could boot from USB so I coud easily reinstall or 
[snip]
> 
> Anyone know of suotable hardware?

The first thing that came to my mind was PCengines.  They have some boards with 
multiple RJ-45, USB bootable (http://www.pcengines.ch/apu2c4.htm or 
http://www.pcengines.ch/apu1d4.htm, for example).  Alas, I thought they were 
ARM, but they are AMD.  I can't help mentioning them anyway.

Good luck in your search.  I'd be interested in knowing what you go with.

znoteer
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca

Re: [MLUG] replcing home server

2017-06-01 Thread Hendrik Boom 
On Tue, Jan 01, 2002 at 09:33:57AM -0500, Hendrik Boom wrote:

Date on previous message is symptom of server dying.  Yes, I know I 
just have toe replace CMOS battery.  But when enough things go wrong 
it's time to migrate instead of keeping patchng things together.

-- hendrik

> Home server is slowly dying.  CMOS battery died, has trouble booting (though 
> I 
> always manage to get it to boot because I have two independent ways to do 
> it), USB 
> died, and so forth.
> 
> I am in process of replacing it.
> 
> I need file server and network front end.  At present they are the same 
> machine, 
> but that is not at all necessary.
> 
> The replacements I have seen use intel hardware, and will also function as 
> high-powered compute engines (8 cores, etc., and I have uses in mind for all 
> those 
> cores)
> 
> But I'd rather not have intel hardware facing the net, given known and 
> potential 
> vulnerabilities in the management engine.
> 
> Rumour has it that AMD has something similar, though I don't know the details 
> and 
> havent heard of any actual attacks -- yet.
> 
> 
> So I've been wondering about ARM machines.  Perhaps as network front ends, 
> with the 
> intel-based file server and compute enging behind the firewall.
> 
> Haven't seen anything relevant for a file server.  Anyone know of one?
> (I've seen an ARM file linux-based file server, but its physical dimensions 
> are for 
> hard drives a lot smaller than the ones I'm now using) 
> 
> But I suspect there may sell be machines that will serve as internet front 
> ends.  
> As firewalls, mail forwarders and low-powered web servers (mostly static 
> files).
> 
> I'd want them to have at least two ethernet ports, one to the world and one 
> to the 
> lan.  I'd like to be able to install a Linux distro of my choice and 
> configure it 
> as I choose.  Ideally it could boot from USB so I coud easily reinstall or 
> replace 
> the entire bootable system in case of corruption (which I hope won't happen, 
> of course)
> 
> Anyone know of suotable hardware?
> 
> -- hendrik
> 
> P.S.  I do not have the tools or skill to solder, so many potential kits are 
> beyond 
> my reach.  I have soldered in that past, and it was a mess, with cold solder 
> joints 
> and solder dripping where it doesn't belong and so forth.  I'm not prepared 
> to ruin 
> expensive equipmeent this way.
> 
> ___
> mlug mailing list
> mlug@listserv.mlug.ca
> https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
___
mlug mailing list
mlug@listserv.mlug.ca
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca