greyfox

If you are just using a self signed server certificate anyone can connect to your services. Many browsers/applications will fail to connect or give a warning but it can be easily bypassed.

Unless you are talking about mutual TLS authentication (aka mTLS or two way ssl). With mutual TLS in addition to the server key+cert you also have a client key+cert for your client. And you setup your web server/reverse proxy to only allow connections from clients that can prove they have that client key.

So in the context of this thread mTLS is a great way to protect your externally exposed services. Mutual TLS should be just as strong of a protection as a VPN, and in fact many VPNs use mutual TLS to authenticate clients (i.e. if you have an OpenVPN file with certs in it instead of a pre-shared key). So they are doing the exact same thing. Why not skip all of the extra VPN steps and setup mTLS directly to your services.

mTLS prevents any web requests from getting through before the client has authenticated, but it can be a little complicated to setup. In reality basic auth at the reverse proxy and a sufficiently strong password is just as good, and is much easier to setup/use.

Here are a couple of relevant links for nginx. Traefik and many other reverse proxies can do the same.

How To Implement Two Way SSL With Nginx

Apply Mutual TLS over kubernetes/nginx ingress controller

The biggest question is, are you looking for Dolby Vision support?

There is no open source implementation for Dolby Vision or HDR10+ so if you want to use those formats you are limited to Android/Apple/Amazon streaming boxes.

If you want to avoid the ads from those devices apart from side loading apks to replace home screens or something the only way to get Dolby Vision with Kodi/standard Linux is to buy a CoreELEC supported streaming device and flashing it with CoreELEC.

List of supported devices here

CoreELEC is Kodi based so it limits your player choice, but there are plugins for Plex/Jellyfin if you want to pull from those as back ends.

Personally it is a lot easier to just grab the latest gen Onn 4k Pro from Walmart for $50 and deal with the Google TV ads (never leave my streaming app anyways). Only downside with the Onn is lack of Dolby TrueHD/DTS Master audio output, but it handles AV1, and more Dolby Vision profiles than the Shield does at a much cheaper price. It also handles HDR10+ which the Shield doesn't but that for at isn't nearly as common and many of the big TV brands don't support it anyways.

Like most have said it is best to stay away from ZFS deduplication. Especially if your data set is media the chances of an entire ZFS block being the same as any other is small unless you somehow have multiple copies of the same content.

Imagine two mp3s with the exact same music content but with slightly different artist metadata. A single bit longer or shorter at the beginning of the file and even if the file spans multiple blocks ZFS won't be able to duplicate a single byte. A single bit offsetting the rest of the file just a little is enough to throw off the block checksums across every block in the file.

To contrast with ZFS, enterprise backup/NAS appliances with deduplication usually do a lot more than block level checks. They usually check for data with sliding window sizes/offsets to find more duplicate data.

There are still some use cases where ZFS can help. Like if you were doing multiple full backups of VMs. A VM image has a fixed size so the offset issue above isn't an issue, but if beware that enabling deduplication for even a single ZFS filesystem affects the entire pool, even ZFS filesystems that have deduplication disabed. The deduplication table is global for the pool and once you have turned it on you really can't get rid of it. If you get into a situation where you don't have enough memory to keep the deduplication table in memory ZFS will grind to a halt and the only way to completely remove deduplication is to copy all of your data to a new ZFS pool.

If you think this feature would still be useful for you, you might want to wait for 2.3 to release (which isn't too far off) for the new fast dedup feature which fixes or at least prevents a lot of the major issues with ZFS dedup

More info on the fast dedup feature here https://github.com/openzfs/zfs/discussions/15896

Slows down then freezes sure sounds like an out of memory situation, so to add to yours here they might actually want less swap. Sometimes you would rather hit the oom killer sooner instead of waiting on swap to fill.

Ideally login via SSH from another machine to figure out what is using the memory (hopefully the system is responsive enough for SSH), and if it is your critical programs causing the problem then you should consider a memory upgrade.

Contrary to a lot of posts that I have seen, I would say ZFS isn't pointless with a single drive. Even if you can't repair corruption with a single drive knowing something is corrupt in the first place is even more important (you have backups to restore it from right?).

And a ZFS still has a lot of features that are useful regardless. Like snapshots, compression, reflinks, send/receive, and COW means no concerns about data loss during a crash.

BTRFS can do all of this too and I believe it is better about low memory systems but since you have ZFS on your NAS you unlock a lot of possibilities keeping them the same.

I.e. say you keep your T110ii running with ZFS you can use tools like syncoid to periodically push snapshots from the Optiplex to your T110.

That way your Optiplex can be a workhorse, and your NAS can keep the backup+periodic snapshots of the important data.

I don't have any experience with TrueNAS in particular but it looks like syncoid works with it. You might need to make sure that pool versions/flags are the same for sending/receive to work.

Alternatively keep that data on an NFS mount. The SSD in the Optiplex would just be for the base OS and wouldn't have any data that can't be thrown away. The disadvantage here being your Optiplex now relies on a lot more to keep running (networking + nas must be online all the time).

If you need HA for the VMs you likely need distributed storage for the VMs to run on. No point in building an HA VM solution if it just moves the single point of failure to your NAS.

Personally I like Harvester, but the minimum requirements are probably beyond what your hardware can handle.

Since you are already on TrueNAS Scale have you looked at using TrueNAS Scale on the Optiplex with replication tasks for backups?

If you are accessing your files through dolphin on your Linux device this change has no effect on you. In that case Synology is just sharing files and it doesn't know or care what kind of files they are.

This change is mostly for people who were using the Synology videos app to stream videos. I assume Plex is much more common on Synology and I don't believe anything changed with Plex's h265 support.

If you were using the built in Synology videos app and have objections to Plex give Jellyfin a try. It should handle h265 and doesn't require a purchase like Plex does to unlock features like mobile apps.

Linux isn't dropping any codecs and should be able to handle almost any media you throw at it. Codec support depends on what app you are using, and most Linux apps use ffmpeg to do that decoding. As far as I know Debian hasn't dropped support for h265, but even if they did you could always compile your own ffmpeg libraries with it re-enabled.

How can I most easily search my NAS for files needing the removed codecs

The mediainfo command is one of the easiest ways to do this on the command line. It can tell you what video/audio codecs are used in a file.

With Linux and Synology DSM both dropping codecs, I am considering just taking the storage hit to convert to h.264 or another format. What would you recommend?

To answer this you need to know the least common denominator of supported codecs on everything you want to play back on. If you are only worried about playing this back on your Linux machine with your 1080s then you fully support h265 already and you should not convert anything. Any conversion between codecs is lossy so it is best to leave them as they are or else you will lose quality.

If you have other hardware that can't support h265, h264 is probably the next best. Almost any hardware in the last 15 years should easily handle h264.

When it comes to thumbnails for a remote filesystem like this are they generated and stored on my PC or will the PC save them to the folder on the NAS where other programs could use them.

Yes they are generated locally, and Dolphin stores them in ~/.cache/thumbnails on your local system.

In any KDE app you can connect with SFTP in the open file dialog. Just type sftp://user@server/path and you can browse/open/edit files the remote server. ssh keys+agent make things a lot easier here obviously.

It might be the least effective especially for those not in swing states, but it certainly isn't the least important.

And as far as "not a democracy" the NPVIC isn't that many states away from effectively rendering the problems with the electoral college moot. Certainly a steep uphill battle though.

If voters actually turned out for primaries/elections there would be much better candidates. So your argument becomes "nobody else does it, and because of that the system is broken, and so I won't do it either".

It seems like people get caught up in the media hype on the presidential election and forget that some of the most important change needs to start from the bottom up, and a couple of. votes can make a huge difference in State levels, and congressional/senate elections. A president is worthless without a Congress/senate passing laws that actually matter.

Just look at what Minnesota has been able to with voter reform in the last year with their very narrow trifecta. I.e law went into effect this year that allows residents to sign up to automatically receive absentee ballots for every election/primary in their area. A minor improvement, but an important one. Guaranteed that there will be folks that wouldn't bother to vote on non-presidential elections that will be now.

They also added a "right to be absent from work to vote" which gives Minnesotans the ability to vote without using any sort of vacation/leave time without losing pay. Full list of other rather import changes here

Things like that can snowball into a larger shift at the state level.

The state has no need for you to legitimize them. Even if the system is weighted against you every vote still has power, and the only thing that not voting accomplishes is sending a message that you are okay with the system as it is. There are plenty of politicians out there that want change to happen, and they can't do it without enough votes behind them.

But those aren't mutually exclusive things. Voting for the Dems doesn't prevent you from doing those other things in the meantime.

If you only have two real choices that will affect the outcome and one of them is better than the other, voting for neither of them just makes things harder for those that would have made it slightly better. More compromises have to be made and that means the situation can't improve.

I see constant posts about how Trump splitting their base is going to mean the end of the Republican party but that seems very short sighted. It is a simple matter of natural selection, and in a two party system only two parties will ever exist. It also inherently gravitates to very close races between those parties. Any split of the Republican party might cause a term or two of chaos, but it is just a matter of time before something fills the vacuum and balance is restored.

Each party would prefer to move further towards their end of the spectrum, but they are forced to move their values (or choose more centrist candidates) until they have enough of a majority to win.

Gerrymandering, the electoral college, what's left of the judicial branch, apathetic voters, parasitic third parties, and wedge issues have allowed the Republicans to shift further right while maintaining their power. The only possible response to that from the Dems is to also shift right as well. If they didn't the Republicans would just end up with trifectas or super majorities.

Trump was also able to shift racist/authoritarian/nationalist policies much further right by shifting his fiscal policies further left than what Republicans normally would do. His whole campaign was based on deficit spending (tax cuts without any real cost cutting, stimulus COVID spending, etc), public works (multi billion dollar worthless walls), and his focus on blue collar workers (not directly supporting unions but he pushed anti China + US manufacturing boosts).

Every vote for a third party is one less vote that the Republicans need to gain, which is a little more right that they can slide and maintain power, and since natural selection links the two parties it is also a little further right that the Democrats have to slide to maintain their power as well.

If you want to shift things left voting third-party won't do it. Third parties have no power to make changes and never will in our current system.

Voting for the only party that has a chance of winning and is willing to make voting reforms to improve that system is the only hope of shifting the parties to the left where the actual political center of the country lies.

Voting for anyone else is illogical and won't prevent this genocide. Protests, and organizations can maybe help in the short term to push the Democrats to change course but it also disenfranchises more voters to not show up, and pushes more to vote for third parties... And so the snowball tumbles down the hill to the right gaining momentum leaving us with frankly no good choice.

This was a separate outage unrelated to CrowdStrike a few hours earlier that took down a couple of airlines as well.

A majority of the VMs in the Azure CentralUS datacenter went down due to some sort of backend storage issue.

Edit: I guess I should have read the article they do say CrowdStrike. They seem to be implying that they were one event when the cloud services outage was earlier and unrelated. I had heard about grounded flights during the first outage as well. So they likely are combining the two events here.

I would think most wifi jamming is just deauth attacks. It is much easier to just channel hop, enumerate clients, and send them deauthentication packets.

This way you don't need a particularly powerful radio/antenna, any laptop/hacking tool with Wi-Fi is all you need. There are scripts out there that automate the whole thing, so almost no deep knowledge of wifi protocols are required.

WPA3 has protected management frames to protect against this but most IoT cameras probably don't support WPA3 yet.

I believe so. The package descriptions for most of the ZFS packages in Ubuntu mention OpenZFS, so it certainly appears that way.

You can still create pools that are compatible with Oracle Solaris, you just have to set the pool version to 28 or older when you create it and obviously don't update it. That will prevent you from using any of the newer features that have been added since the fork.