None of them…
ssh-keygen -t ecdsa -b 384
Then get it signed and use the certificate.
None of them…
ssh-keygen -t ecdsa -b 384
Then get it signed and use the certificate.
SSH certificates are where its at.
I do play and I absolutely guarantee any guitar I would try assemble would play so so badly. Setting up a guitar is an exercise in precision engineering with wood.
It stole all my data. It’s a bit of a clusterfuck of a file system, especially one so old. This article gives a good overview: https://arstechnica.com/gadgets/2021/09/examining-btrfs-linuxs-perpetually-half-finished-filesystem/ It managed to get into a state where it wouldn’t even let me mount it readonly. I even resorted to running commands of which the documentation just said “only run this if you know what you’re doing”, but actually gave no guidance to understand - it was basically a command for the developer to use and noone else. It ddn’t work anyway. Every other system that was using the same disks but with ext4 on their filesystems came back and I was able to fsck them and continue on. I think they’re all still running without issue 6 years later.
For such an old file system, it has a lot of braindead design choices and a huge amount of unreliability.
Why fake serial numbers?
I used btrfs once. Never again!
Are you saying SSDs are faster than HDDs?
I was thinking Proxmox would add a layer between the raw disks and the VM that might interfere with ZFS, in a similar way how a non IT more HBA does. From what I understand now, the passthrough should be fine.
The server runs Proxmox and one of the VMs runs as a fileserver. Other VMs and containers do other things.
I won’t be running ZFS on any solid state media, I’m using spinning rust disks meant for NAS use.
My desire to move to ZFS is bitrot prevention and as a result of this:
Good point. Having a small VM that just needs the HBA passed through sounds like the best idea so far. More portable and less dependencies.
I’m starting to think this is the way to do it because it loses the dependency on Proxmox to a large degree.
Could this because it’s a RAIDZ-2/3? They will be writing parity as well as data and the usual ZFS checksums. I am running RAID5 at the moment on my HBA card and my limit is definitely the 1Gbit network for file transfers, not the disks. And it’s only me that uses this thing, it sits totally idle 90+% of the time.
Did you have atime
on?
What I have now is one VM that has the array volume passed through and the VM exports certain folders for various purposes to other VMs. So for example, my application server VM has read access to the music folder so I can run Emby. Similar thing for photos and shares out to my other PCs etc. This way I can centrally manage permissions, users etc from that one file server VM. I don’t fancy managing all that in Proxmox itself. So maybe I just create the zpool in Proxmox, pass that through to the file server VM and keep the management centralised there.
I’m not intending to run Proxmox on it. I have that running on an SSD, or maybe it’s an NVME, I forget. This will just be for data storage mainly of photos that one VM will manage and NFS share out to other machines.
Snaps themselves are a GPLd format
XML is a superior format to Json or yaml or any of those other trendy formats around today. It’s the hill I’m willing to die on because I’m right.
Attackers need to access the system kernel to exploit the Sinkclose vulnerability, so the system would have to already be compromised. The hack itself is a sophisticated vector that is usually only used by state-sponsored hackers, so most casual users should take that into account.
So it’s a vulnerability that requires you to.already have been compromised. Hardly seems like news.
I can understand AMD only patching server chips that by definition will be under greater threat. On the other hand it’s probably not worth the bad publicity not to fix more.
I can’t use VPN on my work PC so I have some services open on sub domains that aren’t in my DNS. Follow some basic rules and it’s fine. My phone is always connected to my Wireguard running on Opnsense. It’s simple, fully self hosted and works great.