- I've been using Verbatim all these years, but truth be told, I'm considering stopping.
Blank media is becoming harder and harder to come by, and prices have increased to 2-4x of what they were.
For now at least, I have enough media to fill out the next couple of years, 1 year per 100GB disc, and we'll see where we are by then. My prediction is that it won't be any easier to archive to optical media by then. If you need proof, just check your local DVD/Blu-Ray vendor for latest copies of movies/shows.
I know Sony and others are working on 1TB size discs, but they're all "enterprise archiving", so probably not within price range of consumers.
- Except, they're not.
They're in iCloud, backed up to my NAS at home, backed up to another cloud vendor, backed up to two different external hard drives, stored in separate locations, as well as archived on Blu-Ray M-Disc media, also identical copies, stored next to the external hard drives.
They're not exactly "great quality" most of them, us being early adopters of digital cameras (2000'ish), so 1.5 megabit, up to 3.5 megabit for our last "real" digital camera. There are some Canon EOS 500D SLR photos in there as well, but we continued to shoot our old an trusty analogue SLR cameras for years after that.
These days it's all phone pictures anyway. I don't think I have more than a handful of SLR quality photos of the kids.
- Use private mode browsing, click the easy option of allow all, and rejoice that cookies are cleared when you close the tab.
- They were founded by ex Apple employees, so there's that.
- As far as I know, everything iCloud and Apple Intelligence runs off of their own data centers if you happen to live "near" one, but you could still be using AWS and/or Google as well.
I live near the Danish Apple data center, and pretty much all my iCloud traffic goes there, with a small fraction (<10%) going to Stockholm, which has both AWS and Google data centers, so I assume they're using both for geographical redundancy (erasure coding)
It gets a bit more fuzzy once you start moving into Movies/Music/TV/Billing/whatever as well as their backend services for the store and monitoring.
- depends on where in the world you live.
If you live in a region where they operate their own data centers, you will be running on Apple data centers. If not, you're running on a mix of Google Cloud and AWS (IIRC). They used to use Azure as well, but I think that's no longer the case.
In any case, your data is encrypted (by Apple) before being uploaded to Google or AWS, and only Apple has that key. Whatever E2EE encryption you use will be applied on top of that.
- "Banks are full of war stories trying to migrate off their old mainframe codebases, and often giving up."
Most of the time it's a question of trying to apply "death by a thousand cuts" to their codebase, which works well enough as long as you're in the periphery, but eventually they start moving into "core business", you know that entangled mess that has 60 years old code that still runs today, and they realize they need to rewrite all of it, which will take a long time, and cost a lot of money, and they forget about it again for a few years.
It's the same problem everywhere with large and old codebases. You can easily amputate a tentacle here and there, but as soon as you get to the core of it, it is basically one giant monolith, and with age there has been added loads of "integrations" or "shortcuts" between various subsystems, and nobody in the company today has any idea why it is like it is, it just is and it works.
A bank I used to work for had somewhere around 50000 batch programs running nightly. Some were the same program running multiple times, but at least 20000 were "unique" programs. All of those programs had to fit like pearls on a string, each working off of the output of the previous program in the chain.
Untangling that mess is like peeling an onion one layer at a time, with the added bonus that the output of one program might be the final result for some report, and at the same time the input for some other program that needs to do something else.
Add to that, that there's no inherent problem with the mainframe or COBOL. They both work, and reliably as well. Both can push some serious IO through the system, loads that many x86/x64 builds would struggle with.
The conventional answer to IO problems is eventual consistency, which doesn't really work well with finance, at least not if applied broadly. You can get some of the way with slicing / partitioning, but you will still have to deal with a lot of traffic between partitions.
- "RTT to NextDNS is ~30ms for me"
That's why i setup a local caching resolver. RTT to NextDNS in Denmark is ~10ms, and RTT to my local caching resolver is 1-2ms, so yes, it's quicker, but my caching resolver is essentially just what my router offers (Unifi), with NextDNS as upstream (DNS over TLS).
"I just have an always-on AdGuardHome"
I've self hosted for 20 years, i honestly can't be bothered anymore. The power consumption of self hosted hardware alone costs more than the equivalent, better, service in the cloud. NextDNS is $18/year, thats 51 kWh at €0.35/kWh. 5W for a year is 43.8 kWh, which is roughly what a Raspberry Pi 3/4 uses, so for just €2.5/year i can have enterprise hardware and massive redundancy with zero operational risk compared to running on a single RPi at home.
Yes, i'm aware you can run better hardware with more services, but that really only makes the problem worse, both in terms of power consumption, but also in terms of TCO with hardware costs, as well as cybersecurity.
For most people, running in the cloud is cheaper than self hosting. If you have less than 5-6TB of data, the cloud will also be cheaper. After that the math starts going in the favor of self hosting, but year for year the amount of data you can store in the cloud cheaper than at home keeps growing. Yes, the cloud prices increase, but so does the price of harddrives and other hardware.
"but only local NZ IPs, which I did with GeoFilterig on my router."
I know geofiltering is usually security by obscurity, but it does keep the worst bots away, and i used to use it as well (when i self hosted). It cut down dramatically on the various "drive by shootings" by random bots constantly pinging various ports.
- Wireguard is simple enough to setup, and i actually use it much like OP does, though i don't force all my DNS queries through it, and instead use NextDNS.
It's basically setup so that i have my internal machines registered in NextDNS as rewrites, and Wireguard is setup to route anything for my internal RFC-1918 network, ie. 192.168.1.0/24, so when NextDNS returns 192.168.1.5 for "host.mydomain.com", it will go over wireguard.
The advantage is that i can keep the tunnel up 24/7, and it has very little impact on battery life as normal requests simply go over the internet.
- Can you setup custom filters on the free solution ?
If not, DNS4EU (https://www.joindns4.eu/) is free for personal use, and has no quota, and offers various endpoints for malware protection, adblocking, and other stuff.
- I doubt the VPS/VPN route is for the majority of people, but if "you" are one of those, then yes, it would make sense.
For everybody else, $18/year vs $5/month for a VPS should be an easy choice.
- Is running Pihole or Adguard home even worth it these days ?
You can get something like NextDNS for $18/year, which is probably less than what you pay for the power required to serve Pihole or Adguard Home, and you get enterprise level infrastructure for it, along with redundancy, and it works "everywhere".
Yes, you (probably) need a caching resolver at home, and that could be Pihole or Adguard, but going through hoops to setup Wireguard and have all DNS resolve over that, just to reach pihole at home, that sounds like overkill.
Anyway, In case it's not obvious, NextDNS is how i roll, using a "stupid" caching DNS resolver at home.
- ignoring all "hate" against streaming services, you have to at least give Netflix credit where it's due.
They contribute a lot to the open source community, and their engineering blog is always a good read. Granted, not many people will benefit from their specific type of problems, but for those of us that work with large scale infrastructure, there's often inspiration to be had.
And no, it's usually not directly applicable in a financial setting. Most of the time it's actually the exact opposite, where Netflix thrives on distributed loads, eventual consistency, etc, finance is a lot more reliant on "real time" events.
- Too late.
Your phone (GSM anyway) continuously reports back to the cell tower it's connected to, the strength of every other cell tower it can "see". The cell network, not the handset, decides which is the better cell tower for your handset to transfer to, which is why this information is being sent in the first place.
That information, the strength of cell towers, along with the knowledge of exactly where a cell tower is placed, can be used to triangulate your position down to a few meters in crowded areas with many cell towers. It's also how your phone establishes its position without GPS.
Besides that, you probably also have a handful or more apps that tracks your location within 100m constantly.
- I doubt much will change.
Your location is already known to your mobile operator, to your phone OS manufacturer, to various social media services, and more, including the government/law enforcement on request (maybe, or they have permanent access, who knows).
Any time you buy stuff with a debit/credit card, the details of that transaction is known to your bank, your card provider, tax authorities, including where you bought stuff, and by request, authorities
Money that goes into your bank account is also known by your bank (obviously), by tax authorities, and by request, authorities.
Your ISP knows who you talk to, and can easily log metadata about which sites you visit, even if you use a secure DNS, and in most countries, authorities can request (metadata) logging from your ISP, which you'll never even notice.
During COVID, health authorities started analyzing sewage to estimate how much the virus had spread in various communities, and some places they were down to street level accuracy. Obviously that gets a lot more diffuse on Manhattan than some rural city with 400 people in it, but you pretty much can't fart without anyone knowing it.
We are already under constant surveillance, whether we like it or not. I don't mind as much as long as it's used retroactively, but the ChatControl proposition would be proactive instead. It would scan your texts and report if it found something "suspicious", with the caveat that you as a user don't know what's suspicious today (or tomorrow). The list isn't public, and you wouldn't get notified that someone had called an adult, not until someone comes knocking on your door.
Their plan is/was to use AI, and we all know that ChatGPT never gets confused about anything, so that sounds like a great and ultra consistent plan. Most things require context. I might be angry because some kids gave me hard time, and write "fuck all children" to someone, but the anger isn't evident in the message, only the literal message, which I agree might be interpreted as something else (deliberately). This would then (probably) result in a notification for human review, a task that would fall to the operator of said service, so now Meta, Google or whomever has a legal justification for reading my messages looking for context, and I can't see any way that could go wrong. The other option was for law enforcement to read the messages, and while they're probably a bit more trustworthy in terms of privacy, I doubt we want to staff up our law enforcement offices by a factor 10 to read peoples messages.
The list could also be updated behind your back, so for totalitarian wannabe regimes, it could be used to pinpoint exactly who is organizing all those darned protests.
- Probably because dash cams have a questionable legal status in Denmark.
There's a law that prohibits all video monitoring of public spaces, and a register where you must register your video cameras if you're a business owner. Video surveillance in Denmark has a maximum legal retention of 28 days, unless there's an ongoing investigation.
Considering that dash cams mostly monitor "public spaces" and are moving around, the legality of them have been questioned multiple times. They are however also becoming more and more common, so I'm guessing they will eventually be allowed with a relatively low retention, like 1-2 days, enough to get footage off of them in case of a crash.
- "- The data was collected in 2016, and was used in 2023 - a retention period of 7 years, way longer than the specified maximum of 2"
Normally, when there's an ongoing police investigation, the police can either request and retain a copy of the data, or request the holder of the data retain it until "further notice". I'm assuming that's what was going on here.
"If he was, I'd argue the dragnet-collected evidence is only circumstantial."
The phone logging was not conclusive evidence, only used to establish that he had been in the area. They found various artifacts in his house, like a roll of duct tape with the dead girls DNA on, that he explained he had found while walking around the lake, the same type of duct tape used to bind the girl. They also found various other items with the girls DNA on.
They used the logging data to establish his whereabouts for the night in question and compared it to his statement of where he'd been. They also used various financial transactions, like buying a cup of coffee with his credit card at a gas station, etc.
In Denmark, DNA cannot be used as a single evidence, only as supporting evidence, and the same goes for phone logging. But combined, if your location data says you've been there, and your DNA is found at the crime scene, even though it may not by itself be enough to get you convicted, it makes all other evidence much more believable.
- It's still a law in Denmark, despite being rendered illegal in the EU, and likewise in national courts.
It was last used to convict a murderer of the murder of Emilie Meng (https://en.wikipedia.org/wiki/Murder_of_Emilie_Meng). At the time, he had kidnapped a 13 year old girl (IIRC), that he had sexually assaulted for 24+ hours, and various dashcam recordings were used to piece together what had happened. He was also convicted of attempted kidnapping of a 15 year old girl from a school.
They found the 13 year old in his home, so not much doubt about that, but the other two cases were partially proven with phone metadata logging, proving he had been in the area at the time.
In the light of that, it's hard to disagree 100% that it's a "bad idea". It's a question of balance I guess, and the mass surveillance proposed in ChatControl is way out of balance. Not only does it scan in the background, it also scans for things that are unknown to you, and alerts authorities without alerting you. That's the perfect tool for facist regimes to get rid of political dissents.
- drives are spinning. 4x8TB WD Red Plus, which uses 3.4W idle, and assuming 20W for the NAS it's at ~34W (measured 35W). Mac Mini uses 4.6W idle (headless). POE consumption (measured by switch) is 37W (I'm aware there's overhead in AC/DC conversion).
All in all the total consumption at the wall is 96W, but as i have written in another comment, i was 7-8W off, meaning the quoted setup of mine uses 7-8W more than the 66.7W OPs NAS idles at.
- did you forget the Mac Mini M1 in that comparison ?
My setup, UNAS and Mac Mini M1, with 10Gbps networking, will easily perform as well as the NAS in question, but the Mac Mini only uses 4.6W idle, making it much more efficient.
As for ZFS vs Btrfs, they're about equal unless you're doing some very specific things. For most normal server stuff or NAS stuff, Btrfs is every bit as competent as ZFS. Snapshots, compression, RAID1+, recovery, bitrot detection, they're pretty much equal. ZFS as an advantage with RAIDZ1/2 as Btrfs apparently hasn't managed to make RAID5/6 stable in the past decade. You can however run RAID1 across multiple devices with multiple copies, which is not quite the same, but also not terrible.
The RAM usage of ZFS is also largely a myth. Yes, it will use RAM if available, but that is mostly because it was designed with it's own file cache, which was probably fine on Solaris, and to some extent on FreeBSD, but Linux uses a shared block cache, and instead of files being cached in the shared cache, ZFS will cache them, making it look like it hogs RAM.
- "by measuring "36W POE consumption" you are excluding the AC-DC conversion losses from the switch's PSU which further makes the comparison a bit unfair. IOW your POE equipment draws more than 36W at the wall."
I'm aware of that, but the wall measurement is still 96W before the UPS, so it's basically just pushing numbers around the same budget. The switch is the only place i have to measure "poe power consumption", so i quoted that number.
"35W you claim, and I still believe it's closer to 40W"
I have 4 x 8TB WD Red Plus drives in there, quoted by WD to be consuming 3.4W idle, so 4x3.4 = 13.6W, and a couple of Samsung QVO 8TB drives, which idles at ~45mW. Assuming the UNAS pulls 20W by itself, adding the drives lands us at 33.7W, right in the ballpark of my measured 35W.
Part of my "astonishment" was also that i run my entire "infrastructure" for 30W more than OPs NAS idles at (66.7W vs 96W).
And yes, 7W is probably peanuts, but when you're paying €0.35/kWh, it all adds up. I came from a full self hosted setup, proxmox, multiple NAS boxes, etc, and was using ~350W idle, when power spiked in 2022 to €$1.12/kWh (peak pricing, 17-21, with an average price some days of €1/kWh). I initially turned everything off, and with just the Mac mini, router, switch, APs, cameras, various hubs, i was at 67W.
The UNAS has been added since (after power prices stabilized), which took the idle power consumption to 96W. And no, the UNAS is not pulling 29W. I've removed a couple of cameras, replaced a couple of APs, even removed an AP, so it's not direct comparison, other than in terms of total power consumption for price comparison.
- 96W is what's reported at the wall including everything. The switch reports 36W PoE consumption The Mac Mini is 5-6W, and the UNAS Pro around 35W with drives (4xHDD, 2xSSD).
So ~75W in total for everything PoE, Mac Mini and UNAS Pro. I was 8.5W over, so remove the Mac Mini from the equation.
The rest of the consumption (21W) is made up of a UDM Pro with a 4TB WD Red, USW Pro Max 16 POE, Hue Bridge, Tado Bridge, Homey Pro, and a Unifi UPS Tower.
and yes, that's at idle (drives spinning). It does rise to 120-130W when everything is doing "something".
- Not really.
It's part of the 3-2-1 backup setup, but where other people have their "offsite backup" in the cloud, I keep my working copy there, and have backups at home.
I outsourced operations of it though. I have self hosted for decades, and for the first time in 15-20 years, I'm able to take a vacation and not bring my laptop in case something breaks.
As for main storage, as was probably evident from my comment, I don't have 30TB of cloud storage. We have our important stuff in the cloud, and "everything else" at home, but nothing at home is accessible from the internet unless you're on a VPN.
- Holy smokes, the NAS in idle consumes more power than my UNAS Pro with 4x8TB HDD and 2X8TB SSD, as well as a Mac mini M1 with a 2TB Samsung T7 SSD, and my 4 access points and 4 protect cameras combined.
For reference, the UNAS Pro comes with 10G networking, and will deliver roughly 500MB/s from a 4 HDD RAID5 array, and close to 1GB/s from the SSDs (which it never gets a chance to do, as I use them for photos/documents).
My entire "network stack", including firewall, switch, everything POE, hue bridge, tado bridge, Homey Pro, UPS, and whatever else, consumes 96W in total, and does pretty much all my family and I need, at reasonable speeds. Our main storage is in the cloud though, so YMMV.
- They have removed the backdoor paragraph, and inserted a new one that states that scanning is entirely voluntary and best effort, and also state that the EU cannot force them to scan.
As far as the mass surveillance scanning goes, it has completely been removed, and what remains is still the mandatory age checks, which might be problematic.
From reading the specification, it appears to be reasonably well designed, where identification is handled by authorities, and the requesting party cannot get your identification details, only send an "is the user of this session older than 18". The verifier cannot see which site the request comes from, and you identify yourself in the session, and a reply goes back to the requester with a "yes/no" answer.
So, it at least appears to be simply an age check, and not some sort of surveillance program to stalk your online browsing habits.
- Modern Safari is pretty damned good at randomizing fingerprints with Intelligent Tracking Prevention. With IOS 26 and MacOS 26, it's enabled in both private and non private browser windows (used to be only in private mode).
All "fingerprint" tests I've run have returned good results.
- Rclone works fine, but the main difference to Cryptomator is that their mobile apps integrate well into the phone filesystems, essentially allowing you to modify the contents of an encrypted vault from mobile, desktop or wherever.
It’s basically cloud storage (works on local drives as well), but fully source encrypted.
- If you still want/need cloud storage, but don't want to roll your own (with the warts that brings), Cryptomator is an excellent tool for source encrypting your data before uploading them.
It works transparently, and has clients for Mac/Windows as well as iOS/Android.
It's also open source, and "free" (IIRC there's a one time fee for the mobile client).
- And yet, despite all it's bells and whistles, it hasn't kept up with the times.
Apple introduced "icloud optimized storage" about a decade ago, and Time Machine still doesn't support backing up files that have been offloaded to iCloud.
While you can trigger a file download of files from iCloud, the design of Photos, where it replaces originals with "space optimized versions" means only Apple Photos can download original photos, and Time Machine will just backup a bunch of useless preview files.
i REALLY wish Apple would implement a way in MacOS to download and backup ALL iCloud content, especially given that Apples own recommendations are a bunch of manual steps : https://support.apple.com/en-us/108306
For your home, no, you don’t need it. But if setting up a remote backup, ie at your parents / in-laws / children / summerhouse / whatever, S3 can help cut down on network traffic by offloading checksum calculations to the remote server. It won’t help (much) with backups, but verification of backups will be much faster as you don’t have to transfer everything back home to verify it like with SMB.