>“Western Digital is currently experiencing a service outage impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Charger"
In what world does a wireless charger need a cloud?
I worked at WD for about 2 years (via acquisition). I never really used their cloud services for any personal reason - because I either couldn’t get them to work or didn’t trust them.
I wouldn’t use their MyCloud NAS devices as a reliable place to store any important data.
Their cloud services routinely go down like this. And they just don’t communicate with their users.
YOU EXPRESSLY ACKNOWLEDGE THAT USE OF THE SERVICES IS AT YOUR SOLE RISK AND THAT THE ENTIRE RISK AS TO SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH YOU. ALL PARTS OFTHE SERVICES ARE PROVIDED BY WESTERN DIGITALON AN “AS IS,” “WITHALL FAULTS,” AND “AS AVAILABLE” BASIS ONLY, WITH ALL FAULTS AND WITHOUT WARRANTY OF ANY KIND. WESTERNDIGITAL HEREBY EXPRESSLY DISCLAIMS ALL REPRESENTATIONS,WARRANTIES, AND CONDITIONS WITH RESPECT TO THE SERVICES (INCLUDING THE USE, PERFORMANCE, AND SUPPORT THEREOF), WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE,INCLUDING ANY IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, TITLE, AND NON-INFRINGEMENT.WESTERN DIGITAL DOES NOT MAKE ANY ASSURANCES WITH REGARD TO THE ACCURACY OF THE RESULTS OR OUTPUT THAT DERIVES FROM THE SERVICES.
I asked chatGPT to summarize this like I was a child:
> Imagine you have a toy that you're not sure will work perfectly or not. The people who made the toy say that they're not sure either and that you have to take the risk of using it. They also say that if the toy doesn't work well or isn't accurate, it's not their fault, and they won't promise to fix it or make it better. They also can't promise that the results you get from using the toy will be correct. So, you have to be careful and use it at your own risk!
If ChatGPT is just a glorified autocomplete engine, which doesn't know the context or the meaning of what is being said (as I've read in random discussions here on HN), then how come it is able to process the license text and summarize it in those terms? I would think that it would be needed to "understand" the license text in order to produce that easier to understand version.
So, does chatGPT really know what it's writing about, or not?
A lot of human “decision making” literally happens after some pattern recognition system in your brain makes the decisions. We are all just autocompleting all day.
Does ChatGPT “think”? Maybe? Do we “think” as much as we think we do? Maybe not?
We are "glorified" autocomplete engines too. The glory is in the fact that we have rich sensors, a memory, and a world model underpinning the engine. ChatGPT has a complex model, if not as complex as ours, and it is good enough to perform such tasks. As these models improve, they will compete with and outperform us on more and more tasks, at which point we will stop comparing our abilities to execute tasks.
This doesn’t feel intuitive to me or convincing. What evidence do you have to support such a claim? I certainly don’t feel like I’m an autocomplete engine.
Was Gödel also an autocomplete engine? How could an autocomplete engine come up with novel ideas like the incompleteness theorems and understand them?
IDK if it helps but I find these examples interesting, predict the most likely word for the following phrases (whatever immediately comes to mind first):
- hello! How are
- What is 1+1?
- Today is Monday. That means yesterday was
- My favorite color is
Humans will likely estimate these as "you", "2", and "sunday". For the last one, there's not enough context to estimate the next word, but we will almost certainly estimate it as a "color", and might just have to guess at random "red"/"blue"/"orange"/etc, so there can be multiple possible answers. If you've seen enough data you might know that a specific color like blue might be more frequently mentioned in this context, and would be more included to guess "blue" because of that.
1+1 is interesting because most humans can immediately estimate 2. However given the question "What is (3.21^7)/(3+6.4*11)?" we can no longer quickly estimate the answer, we would have to manually (even if mentally) calculate the answer. I think this closely parallels how our current LLMs can do basic math they've seen a lot, but fall apart on more complex math since they aren't able to do the actual calculations and are forced to estimate.
"Today is Monday. That means yesterday was" is interesting because this would appear to imply that there is "logic". That you listed out the days of the week, looked at monday, and chose the day before. However, most likely you "just knew" it was most likely sunday given your previous knowledge. The LLM is unable to actually compute the answer, but it can estimate it based on it's training data.
> I certainly don’t feel like I’m an autocomplete engine.
Your mind is what you think and feel with, so I'd take that feeling with a grain of salt on multiple levels.
> Was Gödel also an autocomplete engine? How could an autocomplete engine come up with novel ideas like the incompleteness theorems and understand them?
I think you're reading too much value judgement into the (factual, if provocative) claim of "being an autocompletion engine" here.
> How could an autocomplete engine come up with novel ideas like the incompleteness theorems and understand them?
Depends on your definition of "novel". Ideas like the incompleteness theorems, General Relativity, quantum mechanics, etc. were certainly new/unusual given the status quo in science at the time but they weren't coming out of thin air, either[0]. In fact, could it be that they were inevitable, given the data? Now you're no longer that far away from auto-completion.
[0]: We always ascribe to Einstein this singular genius (which he certainly was in a lot of ways) but one can easily forget over this that there's a clear survivorship bias – many other very smart people were working on unifying gravity with Special Relativity at that time.
When people say that humans are "autocomplete engines" they are being a little facetious on the fact that we are pattern recognizing machines that require sensory input to function. Basically "autocompleting" the input we receive.
Neither can we. We have a lot of theorems ourselves that exist because they are what we consider the most likely solution to either extrapolating existing rules or modeling a set of measurements - but it's unknown as to whether the theory is absolutely true.
a child might see that
1 + 2 = 2 + 1
4 * 3 = 4 * 3
7 + 7 = 7 + 7
They might predict this may apply elsewhere, and that:
8 + 0 = 0 + 8
This is the Commutative Law, which the child can predict exists, even if they don't have the specialty to write proofs and understand the theory, etc. They don't know that this is true, but based on their observations this is a theory that holds true to this situation.
Sure, children can pattern match. But I was thinking more about seasoned mathematicians, who not only create new theorems but can also understand proofs and thus find errors in proofs and decide they are wrong, or can be correct. They can also construct new mathematical structures, which other people may eventually use in novel ways to solve old problems. None of this seems anything remotely like "pattern matching" in any way.
I don't disagree with the notion that "probably 80% of Americans/humans are just glorified autocomplete engines", but what about the people with proper ingenuity that is either provably correct in the mathematical sense, or can build up a tapestry of understanding from which we can build predictions about reality (in the physics sense).
Pretty much everything else I do in life - riding a bike, cooking food, composing/enjoying music, etc - can be done with estimates and pattern matching. But the "correctness" of math proofs seems to me to not fit the approximation/estimations that language models use.
There's a school of thought that says that "you" (the thing that says "I" when you think) is part of your brain that is making up an ongoing story about the input that it sees from one instant to the next to try to make it into a cohesive story/timeline that is fed back into itself to give it continuity.
This can be seen when there's a severed brain (done to control epilepsy) so that the two halves of the brain are no longer able to communicate... but one half still sees with one eye and the other half sees with the other... and one half has control of one hand and the other half has control of the other hand... and one half can control what is said.
The "get the full input, process it, and do something" isn't fast enough for how you think. Your brain is trying to predict what is happening before it happens. Goalies in hokey and batters in baseball are examples of this - they are acting before a full set of information can be processed. They are predicting the future state of the world.
With words, two people can get into the same mental state and be able to predict the word that the other will say next. Twins, spouses... and even strangers in the right circumstance can have this happen. We are "next word predictors" in that sense - and there have been experiments that demonstrate that (the two articles on the same one above).
---
And so while the story that you tell yourself about how you think doesn't match a next word predictor (and mine doesn't either) - that is a model of how the mind and brain work that has... well, predictive power.
The interesting part with GPT (to me) is that as this "next word prediction" gained more abilities to properly predict the next word it also gained a world model.
The question of "is there a world model that is contained within the language model that can be used?" is a rather interesting one. I find the image, prompt and response set with the balloons and "what would happen if the strings were cut?" to be rather fascinating.
I believe you're getting too hung up on the "word" of "next word prediction". But instead consider the question: "does language enable thought?" Consider examples such as Koko the gorilla, Bunny the dog and Billie the cat. Do they think? Were they able to think before they had language? If you've got a program that can manipulate language as convincingly as a human - can it think for some definition of the word "think"?
A lot of these questions hinge on words like “think” and “understand” for which we do not have precise definitions. It’s really kind of calling bullshit on a lot of the terminology we use to talk about thinking, revealing that most of it is hand wavey anthropocentrism.
It does what it does. We do not know what that means. We do not really know how close what it is doing is to what we do.
It’s also possible that it’s doing similar things to what we do but in some very different way. “Neural network” has always been a term to make biologists cringe as they’re really only the loosest of analogies to how brains work.
So true! We basically define those words almost self-referentially. Understanding is what human brains do, so by definition nothing else but a human can 'understand' complex things (we say).
We make only slight allowances for animals, allowing that they can "understand" but only simple things.
As this tech gets better, those who cling to that definition are going to get more and more uncomfortable, and tie themselves into more and more logical knots trying desperately to explain why it "doesn't count."
A similar thing has happened (and arguably is still happening) when it comes to animal cognition.
"The only species capable of recognizing itself in the mirror. Ok, recognizing itself in the mirror and object permanence. Ok, all of that and mourning its dead. Ok, hang on for a minute..."
Because it can instantly go through countless examples where people were summarizing things on the forums, paper abstracts, documents, etc., and blend it together with a 99% accuracy. Except for that 1% where it will look totally plausible, but will be completely wrong.
I was wondering the same and asked gpt to explain it to me the other day. Basically it’s all one process, there aren’t 2 modules (understand and generate). The “understanding” is perhaps like the generating in reverse. Rather than generating the next word from a statistical process, it’s defining the statistical process from the next words of the input.
But as I explain here, even reviewing that conversation we had, I think maybe gpt and I were both hallucinating and feigning understanding. Cuz I still don’t get it. It still seems far too magical to fit this explanation.
So my next best guess: we’re a simulation, GPT is magic, and our creators are just having fun introducing more and more magic into the system.
The words it autocompleted were the most likely words (chains of word fragments) to come next in a theoretical conversation when the question as context was taken into consideration, given the rest of the context it's been trained on up to EOY 2021.
I wonder what an LLM would say if it had, say, 2 orders of magnitude more parameters and 46 years of training like I do. And if it was trained up to the millisecond with new inputs from millions of individual sensors. It might say:
it'll be funny to find some unheard of website where someone wrote something very similar in blog or reply in comment. maybe even in a usenet chat archive or something?
I'm glad this is the first comment, because there's no way these terms of use would (should?) fly in the EU. I don't know about the USA, but it is plain deception to advertise a service along a product and then proclaim that you're in no way responsible of how it works or if it does at all.
does that mean it could fly if it's free? (for example, a lot of OSS license has similar disclaimer)
I don't know wd's case in particular, but just curious:
1. would it fly if the cloud service is also free (no additional subscription fee)?
2. or is it that even if the cloud service itself is "free", they only allow people with wd hardware products to use it, so it's considered part of those hardware products, so it's not really free and is still covered by that directive?
Simplified, the seller is responsible as long as the buyer can reasonably expect the feature to work based on public statements by the seller and their supply chain (including the manufacturer).
By contrast, it's the case with nearly all products here. It's part of the standard boilerplate that comes with any software product license to explicitly disclaim all warranties, even the implied one that would otherwise exist. Usually phrased like:
> [Company] specifically disclaims all indirect or implied warranties to the full extent allowed by applicable law, including without limitation all implied warranties of, non-infringement, merchantability, title or fitness for any particular purpose. No oral or written information or advice given by [Company], its agents or employees shall create a warranty.
So, you can sell software with claims that it does anything, and if it does nothing at all, is useless, and actually burns your house down, the standard industry practice is that your TOS should make explicitly clear that that's not your problem.
There are legal requirements in the USA to ensure certain parts of an agreement are “conspicuous” (ie should be made so that consumers/customers don’t miss them). Placing the terms in caps is a historical way to achieve the legal bar for this, so is a legal tradition in the USA.
In other legal systems (eg the UK) you don’t get this, it’s a uniquely American phenomenon as far as I know.
Edit: In this case it appears they’re using it for emphasis, since the majority of the ToS is in normal caps, but it was definitely a deliberate dark pattern until very recently to make the ToS hard to read.
This isn’t true - caps are a legal standard in the USA to indicate that this section is higher-importance for the reader. It’s actually a legal obligation to make your terms “conspicuous”.
So it’s actually supposed to be the opposite - to meet a legal obligation to highlight to users that they should pay particular notice to certain sections.
Something can be legally required but also have been originally made into a requirement as a dark pattern. The idea that something is legally defined as being 'conspicuous' in a way that makes it less conspicuous makes me consider that a dark pattern was the original intent. While I commonly hear to never attribute to malice what can be explained by incompetence, I don't feel that is applicable to the legal system.
It's a legal document following precedent about contract law. Lawyers and the companies they represent are usually better served by following established legal precedent than veering off it.
Let's say the lawyers decide to be 'creative' and then bold the text instead, and then it gets copied into a page and some CSS renders it without bold text - suddenly the contract might have legal challenges, and the lawyers will rightly be asked why they decided to not follow established industry and legal norms.
I think it's a bit silly too, but if I was hiring an American lawyer I would want them to follow established norms rather than come up with their own unique and legally-untested interpretation of what is required.
It's not supposed to be easier to read, it's supposed to make it clear to the reader that it's important.
(I'm not a fan of it anyway - I'm from the UK and think it's silly, but I've come across this plenty during contract negotiations with American lawyers that will insist on certain sections being in caps)
I've seen this happen after copy pasting text from PDF files lacking proper text data. The reader needs to infer where spaces are based on the distance between characters, which might not be very reliable with some fonts.
Had multi day outage at my ISP and checked the TOS. IT had similar language including indemnifying them from secondary/indirect damages caused by negligence or malice on their part.
Way back in 2012 when I started my last startup, I had setup some quick and easy redundant WD NAS drives lol.
I couldn’t ever keep them in sync, the remote piece never worked, and one of the drives died within the first few months lol..
They ended up in the garbage, with a bunch of drill holes through the drives.
I quickly throw together a Freenas server with 4 redundant disks, and we never lost data for over a decade after that switch. Freenas scaled with us as we grew, and 4 drives grew into over 32 drives spread over a couple Dell poweredge clusters. When COVID hit and everyone went into lockdown, Freenas saved the day for us once again. I had already setup our storage servers behind a VPN, and when everyone quit coming into the office, they already had all their files synced up to their laptop from Freenas :)
Yea, WD makes really good enterprise and NAS grade drives lol..
However back in 2012, we had a laptop that died with about 3 months worth of work gone. I ran out to Microcenter and bought 2 of the WD MyCloud NAS devices. It was like a mini Linux machine with a single NAS drive and an Ethernet port.
They worked great for about a month; but they lacked the ability to do auto backups of themselves to another spare MyCloud device. We initially had a quick SOP on how to copy/paste the primary drive to the secondary drive, but the drives became out of sync within a month. Our primary MyCloud device locked up within a month and bricked the drive. We were SOL once again, and only had a semi copy on the backup drive.
I bought a pc case, a supermicro board with ECC memory on eBay, and 4 WD Red NAS drives.
Problem was solved, and I destroyed the MyCloud devices lol.. WD wasn’t really concerned either when I contacted them.
I must say, Tom Lawerence of Lawerence Systems on YouTube was one of the biggest aids for us when we were setting up and scaling our large it systems.
The crazy thing is their MyCloud line up used to support local only operation until an OS upgrade disabled it apparently.
Just their MyCloud hard drive + syncthing has been my ideal backup solution for all my devices for about 5 years now. Any document I save on any of my device instantly gets replicated onto all my devices. Any picture/video i take on my phone gets backed up to my NAS automatically. I used to host a browser based file manager and had dynamic dns pointing to that NAS for the rare use case where i wanted to share a file with someone via a link.
Such a shame I'll have to re do all this set up if/when i need to move away from that drive...
I'm using Resilio Sync (former bittorrent sync) to make a backup sync from all devices (one-way sync) and then do a normal backup of that folder to other media since a sync folder isn't really a backup. No cloud functionality, only your own devices with the speed of whatever network speed you have at home or on the go.
Why not just use syncthing? I do that. You can even set up an encrypted node on e.g. an aws vps. That node won't see any of your files but still any them.
Nope, MyCloud NAS with latest upgrades and without any cloud works fine here. I wouldn't even think of trusting my data to WD whose expertise is hard drives and anything software is obviously an unloved and underfunded child, born out of necessity.
Hey I have a WD MyCloud with OS5 (updated to latest release) and it works localy.
I've disabled all the silly cloud and online services and I use it perfectly fine as a local NAS.
It's people who were using the cloud features that are affected by this hack.
To be clear and honest, other vendors have faced similar issues. I remember D-Link many years ago and Synology more recently. We have to accept that all cloud services are susceptible to attacks, downtime and so it's always good to have local (and offsite) backups of your important files.
I think the problem is the newer models. I also have a WD MyCloud, but the "newer" Home edition one, and a lot of the features do not work locally, and require cloud connections. (Even local LAN-only file transfers, or managing the onboard Plex server and such, all have random cloud server junk shoved in the middle of them, to handle authentication and such)
I had to take pliers and scissors to mine and cut the harddrive out to rescue the data earlier this year, when the internal network board couldn't successfully reach WD's cloud system for some reason. I have to imagine any of the folks who bought devices like mine are just SOL until WD gets service back up.
Ohh interesting.. do the existing applications like syncthing etc.. work on OS5?
I've currently disabled all cloud functionality.. i don't think i ever even registered an account with them. I remember reading that cloud account is mandatory after the update, so i had to disable the updates.
On my current OS, i ran a little piece of JS to enable third-party applications, from which I've installed syncthing. It freed up my raspberry Pi to do other things...
If you have automatic updates turned on, I would still assume you were breached. It can remotely re-enable cloud services and there's all kinds of unknown implementation details.
I had to enable access to full filesystem and specifically add the camera folder.
Previously i used to root my Android devices and blindly backup the whole storage with syncthing, but these days rooting has become a pain with safety net.
Another typical corporate status page that has no real information and it’s of no value.
Why do companies still have these silly pages that don’t actually provide any helpful information to their users/customers?
They also don’t offer info or real support over at their forum as well, same corporate silence https://community.wd.com/
Providing no information and no value is a very positive way to express it. They are just lying. They do know that they had inappropriate security, an attacker was able to steal data and they have taken the system down before other attackers can exploit the hole.
It's not like this. Corporations are actually lying and just putting up static pages to fool their customers. Fred simply does what he was assigned to.
Fred was impatiently mumbling about one service, need to refactor it or something. What a maniac. We are busy with kubernaytez and ay-eye. Would a chat work instead of status page perhaps?
Fred has been laid off. Monica and Charles over in Marketing handle status updates now with generic tweets about how we care deeply about our customers and lots of cool emojis
Am I the only person on the Earth that enjoys using Kubernetes?
Running it yourself or having to deal with buying it from IBM is no fun at all but manaed k8s (GKE, DO, etc) works great and beats the ever-living hell out of managing server state. JMO.
Because the status page can be used against the company in case of litigation. So basically you have 2 way of doing it, an easy one where it's just an on/off, and an hard one where the legal team write it (after 2 weeks of internal discussion).
The problem with self hosting is that it quickly becomes very insecure and unreliable because it needs to be managed and most people don't like managing it. Even if you are fine with managing it, strange errors will occur and you will solve those errors by following tutorials and you(maybe not you specifically, but most people) wouldn't know what you are doing and you will introduce security holes.
Self hosting will be possible only when there is a software which doesn't have settings and runs on a box which also doesn't have settings beyond wi-fi settings. Plug it into the wall and forget about it.
Which is actually what WD is trying to do but apparently your setup can go down for days because it has an intermediary component which needs to be managed, can get compromised and can go down.
> Self hosting will be possible only when there is a software which doesn't have setting and runs on a box which also doesn't have settings beyond wi-fi settings. Plug it into the wall and forget about it.
Buy a Synology DiskStation, and you get an easy-to-use yet customisable OS, that receives security updates for up to a decade.
Also comes with checksums/data scrubbing (btrfs; like zfs), Docker support, snapshots, E2E diff-based backups to your choice of cloud provider, an optional cloud-based NAT-puncher if you don't like/know to set up port forwarding, etc.
Sure, the hardware has a markup, but you're paying for a nearly-Apple-like experience that's still crazily customisable. I've had zero complaints.
I did that, and I have to say it does NOT play with linux very nicely. I had to change the UID and GID on my desktop for my default user and all of my files because Ubuntu starts with UID 1 and Synology starts with UID 26, so after you figure out how to mount the disk as nfs it says you don't have permission to access it (because your UID does not match the UID of the device). Solving this was one of those problems where you go back 10 years and so many people have posted forum posts and the answer was always some weird hack, and Synology has never fixed it. Changing the UID of my user on my desktop was the easiest hack. Then I installed another OS to dual boot and had to change the UID for that one too, so I could access my files, and somehow the "easy" NAS option has made me jump through lots of hoops.
Turns out self hosting is not easy even when you buy a Synology.
Your choice of NFS is the issue here. I use SMB (with one or two shares where I remap UIDs and masks), and it has worked well for nearly 15 years across Linux, Mac and Windows clients.
I believe I tried both and had issues with SMB too. I found it all very frustrating. I bought a nice NAS. I bought a bunch of drives. I hooked it up and I expected I would be loading on files quickly. But it took all evening to get anything working. I tried SMB and NFS and I recall NFS was easier to get connected, but then I had the permissions issue, which took another couple of days to sort out.
I just did not find it plug and play. It took a lot of messing with it. And I am a relatively experienced linux user!
It wasn’t meant as an ad hominem, but as a complete sentence. Sometimes I think HN commenters are overly sensitive and think others are “out to get them” - and other times I’m 200% sure of it. :)
Someone using Linux preferred to connect to their Synology using NFS and went through some troubleshooting to make it work. Aren’t you interested what NFS might have in store when cross-platform is not an issue?
For some anecdata, my Synology has always played perfectly with a vast assortment of Windows, Mac, Linux, Android, and iOS for many years, even a Chromebook!
I legitimately don't remember a single error, or ever having to do any debugging around supported services (obviously my own services and dockers have been a bit more involved)
I've had tech savvy friends have good brand (don't remember if qnap or synology) NAS devices compromised. OS patches help but for example the 3rd party stuff you install might be a risk, or things that are patched too slowly in the os, etc. In the end you still need to manage and monitor it.
It seems a lot of guidance about securing your NAS (eg [1]) starts with "it's bad if it's directly connected to the internet". So if you want to use the internet, it may be a better bet to use a managed service (or maybe look for a more security focused product?).
I usually turn off all "cloud" / Internet-accessible features of everything (and, where possible, even block things from Internet access), and then have a Wireguard VPN back to my home network. I think this is a better balance of security and usability than trusting that all of the NAS/camera/doorknob/printer/etc vendors are any good at securing these things.
The use of VPNs to mitigate iffy security in self-hosted stuff is common but comes with its own problems, simultaneously it makes your self-hosted services harder to access (or impossible from some contextx), and it hurts security by making your system more complex (harder to understand & manage & monitor). They're also seemingly going out of fashion as zero-trust/beyondcorp/identity-aware proxies gain mindshare. Of course if you (along with friends and family) are all-in on a overlay network like tailscale it can be a different story.
Actually, I find that a simple wireguard tunnel giving boring old IP routing to my home network is a far simpler setup than every device having its own opaque tunnel back to its vendor which I have to use a vendor-specific method of connecting to. Tailscale is also more complex, though a nice product. So far I haven't encountered any context where I couldn't connect to my wireguard tunnel, but YMMV.
That's not self-hosting, that's giving direct access to your LAN to yet another corporation. Self-host ought to be 100% owned by you. (Yeah, it can be harder like this, I know)
I love my Synology NAS, enough that I now have 2 for different use cases.
My only issue with them was when I emailed them to confirm that I could have it connected to my network but not have internet access (people calling "wifi" or "ethernet" internet still drives me up the wall) since I was going to block its internet access on my router.
First I had issues getting support to understand the distinction between "network" and "internet". Second once I finally did get someone who understood I was asked "Why" or "what was I trying to accomplish". It almost put me off purchasing it that I would be asked why I would want a device like a NAS to have zero internet connectivity.
That aside I would agree and it does feel like a very apple like experience (maybe a bit more technical). I mean it isn't as easy as the time capsule was years ago, but its up there.
Asking "why" or "what are you trying to accomplish?" is standard and good practice - a good person (technician, manager, or many other roles) wants to get at the root of the question so they can provide a genuine solution. I'm sure we've all experienced times where someone asks you an odd question, you ask what they're trying to do, and you come up with a much better solution (or better/more accurate way of asking the question) than what would have been provided in simply answering the first question.
Granted, it's frustrating when you are a well-informed person that knows exactly what they're looking for. I just accept it as a cost of dealing with other people.
TBH maybe it was the fact that it took a few emails to get there that it felt annoying?
I mean I recognize that they may be dealing with far less technical people and maybe that is a valid question.
I get what your saying but wouldn't "I don't want my NAS to have an internet connection but I want to make sure it still works locally" be mostly self explanatory?
Maybe that is me putting more faith in other people than I should, like obviously it won't be able to update, sync with a cloud, or any other number of things. Maybe thats not obvious?
But also to be clear the bad taste it gave me was seeing products that should have no need for an active internet connection and yet are paper weights without it. So when a company seems to be pushing me to connect something to the internet, especially something as sensitive as a NAS... it sets off alarms.
Synology doesn't update their Kernel. Only the latest release model in 2023 comes with 5.10. The others are on 4.x, and if you bought any before 2020 you may be on 3.x. On the 2023 model You would have thought they would at least be on 5.15, no.
All Entry level model doesn't come with BTRFS.
But apart from that, it is still the best in the market right now.
Does the $200 model still support all of that? I know I need to get my ass in gear and fix my storage and backups. I’d also like to start replacing my Wyzecams with and IP NVR.
But I’ve been in a frugal mood lately, I find it hard to spend over $500 on an item like this.
having said that i bought the $200 model (220j) with a steep discount with points on amazon and it works fine but is a little slower than the others. i just use it for rsync (which never-deletes by default) and as an SMB server.
note the 220j unit doesn't do btrfs. the nas software seems pretty good but i don't use much of it. it takes some configuring to setup proper user home directories to rsync with but it only took me a few minutes of googling to figure it out. also their macos backup agent software kind of sucks but if you're using it for rsync or as a NAS volume it seems to work great. i don't use any of synology cloud or public cloud features.
But does it do them all at once with its available RAM? I got bit by this by buying a low-end QNAP NAS that only had a gig of RAM and found that it was non-upgradable and severely limited the number of services it could run at once.
I run a bittorrent client, a light web service docker, Video Station, Photoprism, and a VPN on a 2GB Synology fine; along with HyperBackup, data scrubbing, snapshots, etc. The official Synology services are pretty RAM-optimised.
It does get pretty tight, I probably wouldn't want to be adding any more services, but it's fine for my use cases.
Although the consequences of failure are not as severe, you could make a similar argument against cooking your own food as the outcome can be unreliable and time consuming.
Some enjoy doing it, some just purchase microwave food and some just pay or get someone else to do it for them. Then there are chefs in the media that try to make cooking more accessible with the message that it's not as difficult as people make it out to be.
However some pushback/warning against self hosting because we don't yet have a good alternative to reliable "microwave food" is good I guess.
With the added bonus that you are cluless of the state of a Cloud (no insights of its real state, its actual practices, also kept in darkness, only over confident corporate statements).
(actually there are quite fine self hosted products with maintainance updates and help where you do not have to be an IT practitioner to use, equal to the level required from Cloud services, just look around)
While I self-host everything, I fully agree with this.
If it works and has no internet access, you'll just leave it there, running for a year, two years, when suddenly something changes. Either you need to upgrade the underlying OS to a new major version or some 3rd-party client changes, and you're confronted with a wall of stuff you must do.
Or even if it's something as simple as MongoDB, after a patch (not even a minor version bump), no longer being supported on the Raspberry Pi 4 even though MongoDB themselves posted a blog post a couple of months before that change showing how to easily install it on this device.
Then we need to work on it to make self hosting as ubiquitous as a TV. Imagine a future where all your photos, videos stay at your house on a box and others who have access can view them from anywhere.
The corporations are working in direction where this is never possible but given how they all deal with data this is the only future that will be secure and makes sense.
>Imagine a future where all your photos, videos stay at your house on a box and others who have access can view them from anywhere.
We are slowly working towards such a future and common users by and large will appreciate it, but it's not going to be the future most tech nerds envision it to be.
Basically: Convenience and customizability are mutually exclusive.
We as tech nerds value our ability to power user, but this is quite simply at odds with the interests of common users.
Things like further and further abstractioning of file systems, further and further integrations of operating systems with online accounts and other internet services, further and further "appliance"ing of computer systems, etc.
> In what ways will the average homebox be more secure than the average cloud hosting?
No third parties will be automatically rummaging through your files and using it to stuff a dossier with details about you to sell or exploit for profit.
The webserver in your living room will only host your personal files, so it isn't a single target that can grant a hacker massive amounts of valuable data from hundreds of thousands of users at once if they can manage to get in. If a hacker takes the time to break into your server, they maybe get a handful of baby photos and MP3s, but before that they'd have to somehow know about and find your server specifically in the first place.
When your server gets hacked, you aren't going to pretend it isn't happening, or lie to yourself about what happened, and you won't have to spend days wondering what the impact to you was, and you won't bend over backwards to try to downplay that impact for the sake of your shareholders.
>The webserver in your living room will only host your personal files, so it isn't a single target that can grant a hacker massive amounts of valuable data from hundreds of thousands of users at once if they can manage to get in.
Just because it's not running under a single domain doesn't mean hundereds of thousands of users can't be affected by a single vulnerability. If everyone was using Nextcloud on Ubuntu and a vulnerability is found somewhere in that stack then attackers could easily scan the internet for unpatched installations. Happens all the time with corporate IT.
Also, people don't just store family photos and MP3s. They also store intimate photos, financial data, company data, health data, scans of passports and other official documents, utility bills, plenty that can be used as proof of identity and proof of address. If you had access to the contents of my hard drive you could easily impersonate me in almost every context.
> Just because it's not running under a single domain doesn't mean hundereds of thousands of users can't be affected by a single vulnerability.
That's fair, although it's much easier to find a heavily advertised corporate network and scan that than it is to scan the entire IPv4/6 space looking for a particular vulnerable server (which isn't to say that it doesn't happen). One advantage you have with a home server too is that hackers can't create legitimate accounts on your server to poke around and look for holes.
> They also store intimate photos, financial data, company data, health data, scans of passports and other official documents, utility bills,
People do have those things on hard drives, but I don't think most people would put that on their living room webserver. At least I don't think that was what was meant by "Imagine a future where all your photos, videos stay at your house on a box and others who have access can view them from anywhere." I assumed that "box" was a separate web/file server specifically designed and used for sharing your personal files and not the same device people would use to pay their bills and store their nudes. Keeping those two things separate would certainty be good practice!
>People do have those things on hard drives, but I don't think most people would put that on their living room webserver.
I was thinking of self hosted replacements for things like iCloud, Google Photos or OneDrive. People use cloud services to access, share and upload their files from all their devices wherever they may be.
It's not even a question because this has played out time and again: The commons value simplicity and convenience, and products will naturally gravitate towards such offerings over time as technologies evolve.
I firmly believe that "appliance" computers like Macbooks, Chromebooks, game consoles, and smartphones are the future and ultimate destination of personal computing. Much as I hate to say it: Fucking nobody cares about being a power user, about messing with their computer. For the commons, a computer is merely just another appliance and tool to serve and enable bigger interests, a means to an end.
We should also remember that, eventually, the time will come when we become the technologically illiterate luddites, unable to "get" the new fangled tech that the youngsters will immediately master as they point and laugh at our seeming ineptitude.
> Fucking nobody cares about being a power user, about messing with their computer.
No, people care only to have somebody that cares around, so that they can solve their issues. Do you think people with macbooks etc never encounter issues with software/hardware and all just work automatically always without having to care about anything? This is an illusion, and in the end of the day you (or someone) has to put the extra work.
It is similar to what happened to electronic and other devices through the years, everything becomes more user friendly but also more complex and opaque the same time, so younger generations were getting more and more clueless how these devices worked. I do not know how things will go now, but I see the same trend as computers, I do not see the older generation becoming technologically illiterate luddites (ok I do mot use tik tok so maybe that makes me one) as much as I see that the the big part of the younger generations not knowing much more than touching stuff on a screen. I do not see that the proportion of more technically adept people increased at all. But yeah, maybe there is some new neurotechnology thing or whatever at some point that changes things, but not something I see with present tech.
> Question is for each of us who are experts in the field: do we continue to encourage this trend or do we encourage people to learn?
This is will not happen. Every other tech fellow I speak to (working in SAP-/Oracle/google/type Giant to a startup) tells me that I just do it as I need $$$. Done. As long as they can afford/get the appropriate help. They dont care about average joe that knows only bestbuy or google photos.
> Do you think people with macbooks etc never encounter issues with software/hardware and all just work automatically always without having to care about anything? Thi
The advantage is that with macbooks/chromebooks/windows (even ubuntu to some level) is that you can google and get some info. Worst case I have seen customers in Apple Store - with a old (i.e) 2 year old macs - asking the Genius to please copy everything to their new device.
With Raspberry or WD - one cant do it. (Sure there are some Linux User Groups where an old fart will do it for a beer but most people dont know this)..
It is a difficult challenge, ideally: one gets some kind of govt authorisation for a FAAANG-account - and it will get backup up with FAANG for some $/month. And one can produce some govt ID to restore it. Of course it has other issues - but for average Joe whose privacy is already lost - they would be too happy to just to get their wedding/holiday pics back.
That last statement is not necessarily true. Becoming technologically illiterate, outside of bona fide medical problems like Alzheimer's making it impossible to think, is a choice. Say no to becoming that person.
I say no to becoming that person, but I can see myself becoming that person (like most people who came before me) because I simply do not have the time, money, nor energy to chase after and learn everything in the world.
I have had the fortunate pleasure of interacting with many genuinely intelligent, skilled, wise people, but it wouldn't surprise me if those same people couldn't understand computers or whatever new fangled tech that comes our way. I don't necessarily blame them either, lives are limited and they spent what they have in places they felt were worth it; we can't have everything.
Nobody, least of all me, is asking you to chase after and learn everything in the world. The word used is "literacy", not "proficiency". You only become illiterate (again, barring actual impediment) by outright rejecting the opportunity to learn, and that is something chosen.
I've been self hosting openssh sftp for decades and not run into any problems with security as of yet but it could be I am just lucky. I do not expose any services to IP's that I do not control with exception to my public SFTP servers but there is nothing sensitive or important on those. The boxes auto-update OS patches but I manually reboot them just to ensure they come back in a happy state.
This is just to say that a chroot SFTP server and the lftp client is all one really needs to push backups to wherever with functionality similar to rsync but with slower directory enumeration because there isn't a corresponding sync client on the remote end. That's fine with me since I can be asleep when this occurs.
For cell phone backups one of the many SFTP clients is AdminHands but I find anything for cell phones is mediocre at best.
It's more problematic in some areas, like wireless access points. Any reliable maker these days? Cisco Meraki sends data to their "cloud" (or even has to be managed through cloud services) and so does Ubiquiti hardware.
Now that Apple made Cloud Storage encryption a thing. They should remake the Time Machine and allow user to backup their iOS and Mac on Time Machine, while upselling you iCloud as Off Site Backup.
Surely this will be the end for their cloud storage business. Who would use if after being down for 1 week and zero information provided through their official channels.
I'm sorry for your family pictures: it's the one personal thing I've got copies of everywhere (online / offline / on-site / off-site).
But... Regarding HDDs/SSDs failing at the same time: the common mantra is to be very careful of disks from the same batch. There have been SSDs too failing after a certain amount of hours of usage.
I like to use different brands or, at the very least, different models from the same brand.
Now I'm not saying it's what happened in our case: if they literally fried, then it's another problem.
Question from a laic. When someone setups a RAID they usually buy disks from the same manufacturer. And those might stop working at the same time (e.g. warranty for 24 months, so they 'strangely' fry in 25th).
Is it possible to mix disks from different manufacturers in a RAID?
Technically you can mix & match as long as they are of the same capacity. Some NAS appliances might not like that tho.
But a way around what you mention, keeping it to a single manufacturer: is to buy the drives from different retailers, hopefully geographically dispersed, a few weeks apart, to ensure you get drives from different manufacturing batches.
Unless there's a systemic issue with the entire product line (unlikely to go unnoticed) you spread out the risk of a single bad batch that way.
Maybe overkill, but that's what I did many years ago.
Linux/FreeBSD software RAID (using OS tools or things like FreeNAS) doesn't care what the devices are, just that the space makes sense (e.g. for RAID1 you need 2 volumes of the same size).
I'm not sure to the extent hardware RAID cares these days. NAS boxes from hard drive manufacturers might care about the drive vendor, but I've never used them.
If you're on this orange website, give yourself the gift of building a TrueNAS (nee FreeNAS) setup. I cobbled one together in 2014 and it's still running nonstop. I've replaced two drives with absolutely zero drama, and it took about 20 minutes each time.
Around 10 years ago, when cloud storage services got going, I copied all my stuff to Google Drive, thinking this was gonna solve all my problems. Well, 10 years later, in 2023, I've finally finished copying all my stuff back down to my laptop and storing anything important on 3 different 256-GB removable USB drives. I keep some stuff in Google Drive, mostly throw-away stuff, like goofy pictures I wanna share. But anything important is local now. I just got tired of weird policy changes, sometimes data would go missing, only to magically reappear a few days later, and I just lost trust in all cloud storage services. And this incident with WD is a great example of that.
They're not that bad in my humble opinion. I've done maintenance on hundreds of Dell and HP workstations which had WD disks (From nvme to ide disks). They're just a bit slow.
Never trusted WD cloud though. History taught me no disk or nas is safe when it's reachable via the big bad internet.
Had to look up[1] what the SMR scam was about, short summary: different disks with lower random I/O performance were sold without being marked as such.
The problem with SMR is not the worse performance, but inability of operating as just a plain hard drive.
You throw terabytes at CMR drive - it's just writes them to LBAs.
You do the same at SMR drive - as soon as it's depletes FastCache/MediaCache or whatever it's called (buffer zones in CMR style to handle bursts of incoming data) it crawls to 1990's speeds OR even drops out of system.
But honestly, there is almost no options left at the moment. There is no 2.5" CMR drives anymore and with 3.5" it's only a bigger disks with a price premium.
The tech behind SMR is intriguing to me, but I really don't want it anywhere near data that I consider important.
A lot of folks don't realize that SMR drives have a lot more in common with SSD firmware with its emulated virtual block layer and wear leveling than a traditional HDD. Having the same kind of virtual block layer is where the problems come from.
With SSDs, virtual blocks stored in pages that are about to be erased have to be relocated elsewhere. SMR drives have to do the same sort of thing but with sequential recording for the overlapping tracks. All the same nightmares exist including garbage collection/reclaimation, de-fragmentation, managing TRIM (or parsing NTFS data structures), etc etc. With SMR, handling the worst case scenarios are made more difficult by seek latency - something that isn't as much of an issue for SSD storage.
All of this tends to invalidate cherished assumptions that unix/linux file systems make about HDD storage. And that's ignoring the issues about the devices reaching timeout thresholds - again, the kinds of things that Windows is OK with but really hurts linux/unix systems.
I'm giving Toshiba a try now with two MG09 18TB HDDs. 5 year warranty and peak transfer rates of nearly 300 MB/s.
I've had bad luck with two Seagate 4TB ST4000DM000 HDDs, they both failed after warranty was over. I think it was a bad model. My other Seagate disks (2x 8TB CMR and 2x 8TB SMR) have been working just fine for a few years.
I've bought around like 9 WD HDDs so far, passports, books, internal SATA ones, Red NAS ones, and all of them are either still running or never outright failed. Meanwhile 2 of the 3 Seagate HDDs I had failed in a way that resulted in data loss ¯\_(ツ)_/¯
Needless to say I only buy WD if I ever still need an HDD. Wouldn't ever use their cloud though.
Looking at Backblaze's stats, it's true WD are a little better off, but not by a huge amount.
If you care about a single drive dying, then yeah, buy WD I guess, but at the same time, I can't imagine a sane case to rely on any single drive not failing. I'd always have redundancy if I am talking spinning disk (and of course backups regardless), because the reality is no matter who makes it, eventually it'll die, and none of them can guarantee anything.
"Lost" a lot of backups to a WD MyBook a while ago.
The story is interesting enough to mention: first it showed up as non-formatted. Turned out the disk was encrypted and the key was stored in the enclosure which somehow lost it.
After a while I found out the encryption key was stored on the disk on a predictable location and could be extracted and used to decrypt the disk, but at that point the disk had stopped answering completely.
I still keep it around because someday I will probably try to get a recovery company to look at it, but I still wonder why they put that "encryption" feature there in the first place.
Western digital is the brand of drive I wanted one up from back when I was building a 386sx. Funny that anyone wants to buy cloud services from them 30 years later.
