The Uncast Show
Owning an Unraid server gives you the ultimate control over your data and reduces your dependence on The Cloud. Join host Ed Rawlings to learn how to get the most out of your Unraid server, stay up to date on relevant news and topics, and get to know members of the Unraid community!
The Uncast Show
A Journey Through the NAS Landscape with Robbie Andrews from NASCompares
Imagine transforming your understanding of Network Attached Storage (NAS) from a complex, jargon-filled mystery to an easy-to-grasp concept. Our special guest, Robbie Andrews from the YouTube channel NASCompares, is here to help us navigate this complex landscape. Robbie's knack for breaking down complex topics in an engaging, whimsical way permeates through this long-form conversation.
From the intricacies of storage types and hard drives, we navigate towards the optimal configurations for a NAS, the integration of NVMEs in NAS systems, and then the conversation takes an intriguing turn towards the shadowy, dark world of ransomware attacks and the notorious Deadbolt ransomware attacks on QNAP.
Wrapping up this enlightening chat, we pit Synology and QNAP against each other, debating the merits and drawbacks of both. So, gear up and join us for a deep dive into the exciting, sometimes daunting, yet always fascinating world of NAS with Robbie of NASCompares.
Other Ways to Connect with the Uncast Show
Hi there, robbie. Thank you very much for joining us on the Uncast Show. It's great to have you here. The first thing I'd like to ask you really for people who don't know you, you run a YouTube channel called NAScompares. Can you share how your interest first started into network attack storage and how you decided to start up the website and the YouTube channel?
Robbie:I mean. Well, much like most cool people out there, it all stems from gaming. Originally, I would sort of repurpose I mean we're talking like late teens, early 20s. We would repurpose old Windows XP systems as working as Counter-Strike source and Soldier of Fortune, jedi Knight on a rough day, and turn it into like servers and so from there that was where a lot of my interest came from, the kind of networking and storage banded together. And then around 2007, 2008, I stayed working for an e-retailer that dealt with storage predominantly, and from there that was kind of where the nuts and bolts of it was organically sort of thrown at me and a lot of it was coal face type stuff, and then there was a lot of build stuff until eventually it sort of gave way to just marketing it just because one of my keenest interests. So I know it sounds a bit out there, but this is an incredibly technical subject for the most part that those who don't know what they're talking about. They would find it too dull to care or it's just not profitable for them to care.
Robbie:And half the motivation at the beginning, the other half being being on camera, hello. The first half of the motivation was always to take an incredibly complex subject and make it crayon and chewable friendly. So that's kind of where it all started with the blog. It was taking even something like a raid and trying to talk about the different kinds of storage pools and volume allocation and I scuzzy, lonesome and basically turning it into crayon Lego English and that's kind of how it started.
Robbie:And then we suddenly realized how much of that could actually be translated into easy and that's what effectively every video has become. Every time we tackle a subject, we try to keep it as chewable, easy and understandable as possible, because there are lots and lots of platforms out there, bigger and, I would argue, smarter than me, that tackle this subject with a sense of technical nuance I do not have. But if you're starting at step one, two, three or four, all these other platforms that start at platform nine, 10, 11, 12 are intimidating beyond measure and whether you are a small post-production facility, a wedding photographer, or you are a multi-site deployment, trying to hire a system admin to learn these things is tough, and that's basically where this all started and that's where we are now just taking incredibly difficult to understand subjects sometimes and making them chewable.
Ed:Yeah, definitely. It's always nice to be able to look at a subject and not always have the person explaining the subject assume that you know 50% about it already. So being able to kind of actually come into it and be able to learn from the ground up, really I think that's really awesome.
Robbie:I mean a lot of that. I would say I've just interject even my early understanding of unraided. A lot of that comes from your own videos, because not a dissimilar approach that you have to unraided. If you look online about unraided, there is extensive guides and stuff online but a lot of them miss out steps one through seven very early doors and even some of your earliest stuff. I remember one of the first videos that yours overwatched was the one where you were discussing how the parity works within the storage scalability of unraided and it was incredibly user friendly and you had these lovely graphics on screen that I swear a five year old could follow, which very few people could say that about unraided tutorials online.
Ed:So you know what came first for you. Was it the website or the YouTube channel?
Robbie:The website came first when I was working for the said e-retailer. At that point I was working in their marketing team and they wanted we were working sort of with them to talk about the product. But there were subjects I couldn't talk about and couldn't cover within that spectrum that I wanted to cover but you couldn't cover within an e-retailer perspective. So then that's where I went into kind of blogging there on the side and then that sort of gave way to everything else that came afterwards and that's kind of where it all began.
Ed:We were talking a couple of weeks ago when we were arranging to do the podcast, you were off to. Was it Taiwan?
Robbie:you were off to yeah, taipei for Computex. Second time I've went, I was hoping to go more frequently to cover that event and that's kind of that's R3, if you will. I mean, ces is the world's kind of access to a lot of the technology and the new stuff would they bring up?
Ed:If I can just kind of butt in sorry for one moment the people that don't know what Computex is.
Robbie:It's. It's effectively it's a trade show that shows off a lot of the new hardware and technical innovations coming out from the East and again, a lot of those are either brand specific or kind of the back end things, your real techs, your envidia's, all these ones that work with so many different partners and they're showing off their innovations, which will eventually be taken up and worked forward with afterwards.
Ed:So did you see any kind of really cool new things that really took your eye while you were there?
Robbie:Professionally and personally. Personally, I got served a drink by a robot which, I'll be honest, 13 year old me lost his mind, but a lot of it was just kind of the integration of Wi-Fi 7. It's like real, actual kind of progression on that. Then there was a lot of stuff to do, is obviously AI is king, you know from your chat GPTs to MPU processors being integrated into more and more devices and there was a lot more real world applications being shown off, kind of model home stuff and it's obviously the pandemic and semiconductor shortages and a myriad of socio political factors have slowed down this subject a lot. But Computex this year and Inovex running at the same time, we just saw a lot more of that integrated home and professional AI integration come to the forefront and actually be shown off in a relatable fashion. So that was a privilege, that was a standout for me.
Ed:Well, switching gears a bit and kind of going back to talking about NAS. I'm sure there's some listeners out there who maybe don't even know what a NAS is. I'm sure some of my old friends still think NAS is a 1990s rapper. So can you basically explain what a NAS drive actually is?
Robbie:At its most basic level and I mean fantastically basic it's a hard drive you access over the network or the internet, and even then I've not made it that basic.
Robbie:It's ultimately a storage device that can be accessed via any device in your home or business and also has the potential to be accessed remotely when you want it. But more often than not the word NAS is more heavily associated with a turnkey solution and although obviously there is open source alternatives and build your own alternatives, those are more often referred to colloquially as servers, even though it will be a DIY server, diy NAS, whereas at the flip side, nas more often than not gets associated with paid turnkey hardware, software, combined solutions, and of course there's a huge element of ambiguity there in the middle. But ultimately that's what a NAS is. My cat has decided to jump in because she's a fame to log, but yeah, for me that's what a NAS is and I think at its entry point it's a backup device. After that, everything else, from surveillance to virtual machines to multimedia they're just extras, but ultimately it's a single storage device that's accessible via a myriad of often wireless or wired means.
Ed:And why would someone prefer to have a NAS than use something like OneDrive or Dropbox?
Robbie:It's a very, very good point. A lot of that come. I mean, there's lots of small reasons that are and we moved the cat. There are lots of reasons that are more specific in users, like performance, but a lot of it comes down to ownership. So I know that a NAS in my studio, much like my cat, I can get hands on it and, before I fire her into the sky, I know that a cloud although it might be cloud storage device, which has its place, and I do think NAS and cloud synchronization and having both as a cloud gateway is useful to a lot of users.
Robbie:And NAS is 100% disconnectable from everyone. Cloud drive, like OneDrive, dropbox, google Drive, I can be 99.9% certain that's disconnected. The same goes for deletion. I can be up to, if I've got a handy volcano nearby, 100% certain of destroying the data on there, whereas that's something that's lacking on a cloud service provider. And finally, when users do buy a cloud device by a cloud subscription, they're kind of playing this game where you get a Google Drive and you know that in three years of that subscription you are going to pay X amount of money.
Robbie:That data has to be somewhere in three years anyway, so then you have to continue to pay, but you're increasing your data all the time. So then you may have to go for a larger tier and you're more in the hole and eventually you need to remove that data from the cloud. So when you remove it, where's it going to be? On a storage device like a NAS. So if that's what's going to happen in a three to five year forecast, just buy the NAS in the first place, because you've just spent all of this money in the interim anyway and there are downsides. You know electricity costs, you know can cost a penny here, a pound there, and then on top of that, replacement drives and raid functionality is going to cost more up front. But I want to leave it to cost that you acknowledge you're going to have to engage with in three to five years. Then a NAS becomes the better choice and also, of course, control of your data.
Ed:That's a really, really interesting thought. I've never thought of the fact that when someone has got all their stuff on Google Drive or OneDrive, one day they are going to have to move it somewhere else or continually pay forever, and so the time they actually want to have the data themselves, they are going to have to put it somewhere or just say, well, I don't want that data anymore, I'll just delete it. But I've never actually thought about that as a reason not to use them. My reasons have always been kind of privacy and just not wanting, like you say.
Robbie:You know, when you delete the data has it really been deleted and even legally with a lot of businesses you're kind of in many regards you're on a bound to keep hold of data for an extended period of time, so you're kind of locked in that you can't leave. You can't just walk away and leave your data. And indeed at the Excel Centre in London they do an event there called IP Expo, and there's a company that all they do is destroy hard drives. They give it to do a mini EMP on a selection of drives. They then wipe it, index it and then crush it in front of you and then turn it into like recycled toys and stuff.
Robbie:And this industry exists because of so many businesses, can't? They have to be 100% certain their data is destroyed or completely disconnected. And there's all these businesses that are in this. They're stuck constantly in this subscription model because not only if they created so much data that even just removing it from the cloud is troublesome in terms of scaling, but also the sheer volume of data means they've lost track of what is integral, what is mission critical and what is chaff. And again, within a NAS you have a great degree of control over that very early doors.
Ed:And talking about differences between NAS, how about direct attached storage? Can you explain the differences between a NAS and DAS is it called, I don't know and a SAN? Can you explain the kind of differences in these type of storage technologies please?
Robbie:Well, when it comes to, I mean, nas, we've sort of gone through their direct attached storage is kind of a one to one and you can't really multi-user access it, and SAN lives somewhere in the middle. Plus there's this phenomenal performance potential with the way the block transfers are and the way you can kind of scale the area of storage to start with to get higher performance in most regards than you would in traditional NAS protocol. But you also have the multi-user access and the multi-client connection, be they an actual physical client, a user or just a software opening up an exchange. That is just not possible on a DAS. So that's why, when you get to the enterprise level tier that's why SAN becomes more desirable. It's slightly not quite as high for loot as it used to be because NAS becomes increasingly more efficient in its exchanges. But definitely SAN in the middle between the two of them appeases a lot and ultimately why it becomes considerably more desirable at the enterprise tier.
Ed:If I've got it right, so direct attached storage would be something like a USB hard drive plugged into your laptop, so that's basically block storage plugged into a computer, and SAN is block storage that can be shared over a network to a computer and it thinks it's a hard drive plugged in. Am I correct?
Robbie:Yeah, I mean again, there's a lot of things you can do when it comes to SAN level connectivity to dupe your local system into or dupe is a strong word but to let your client apps and devices treat it like a local storage device. And then, of course, on the actual I guess it kind of the lun in the SAN end of the server you're utilizing you can be incredibly creative about how you want the storage to be built. So if you're going to be having a large volume and large frequency database, so that's, you know, a million squillion tiny files, you're going to want to make sure that your provisioning is built around that in a way that you can't really do with an external drive, because with external drives the amount of customization and control you know, is it going to be fat 32? Well, it isn't. Well, there you go.
Robbie:I've got two options left and it's kind of like that. You've got so much more flexibility on SAN than that. But unfortunately SAN is also fantastically complex and if you set it up wrong at the beginning, you can't just it's not easy to do a do over with that and even with the scalability of SAN, so you can create a SAN target for storage and then go. I want that to be a billion squillion terabytes. I've only got 20 terabytes but I plan to scale up later and you can create this imaginary target for you to scale up towards all you can just use to lock it in and then there are performance benefits and detriment to either one of them. But again it just comes down to flexibility at the enterprise level. That kind of unified storage tier really benefits from that.
Ed:So for us home users and small business users, just having access to shared files through a NAS, you know that's kind of ideal for us. So inside our NAS. Can we talk a little bit about hard drives please, robbie, absolutely. I wondered if you could help me understand the differences between the different types of hard drives. You know, when you go on places like Amazon that kind of place you'll see it might say enterprise drive, you might see CCTV drive, performance desktop drive or a NAS specific drive. Do we really need NAS specific drives and what's the difference between all of these different types and does it matter?
Robbie:I think if you'd asked me that question back in maybe 2005 or 2006, the answer would have been daaah, but unfortunately the real answer is a lot more nuanced now and, like any, you know what, we'll bring things down. Caveman, that's my style right. Look at your cutlery draw. You have a variety of different knives, a variety of different spoons, a variety of you know different forks. I don't know how rich you are and from there you know that at the beginning there was probably one fork and then they redeveloped and created these newer, different versions of it that are more tailored to a different user case scenario. You're not going to cut a steak with a butter knife but at the same time you're not going to use a steak knife and to spread butter, unless you know your dishwasher is not done.
Ed:I don't know, robbie, you didn't know me. When I was a student, I had always come to do this.
Robbie:Not noodle with a fork gotcha or a pen, but on top of it, when it comes to hard drives, early hard drive technology, the difference between individual drives are very, very small and, as the rest of the infrastructure, the client devices that we're going into, could be geared certain ways. It's the same with cars and different brakes and you know accelerations and tires and stuff like that. So, for example, a traditional PC class hard drive, you know it, can read, it can write, can probably hit, you know, 160 to 220 megs depending on capacity. It's not designed to be on and constantly being hit 24-7. It's designed for a nice easy spin up, spin down. So then we would look at, say, a NAS drive.
Robbie:A NAS drive has much more intermittent and irregular power up, power down. It has to go into hibernation mode a lot more readily. Also, it's going to be in larger groups of drives at the same time. So that means sometimes multiple drives are being written to in this more rugged, more high working environment and drives are being written on but in a very irregular fashion. So you got like right, right, right, parity, right, right, right.
Robbie:So it's the behavior slightly different there and a lot of the time when you're being you're reading from the drive, you're reading one piece of data spread across all of those discs, whereas if you use traditional standard class drives, you wouldn't see the same level of performance level.
Robbie:And then you go to some like surveillance, where there's going to be 95 to 98 percent right of footage and very rarely you're going to access the footage. So that's another way in which the drive has to be geared towards that user case. And then we break down into the whole pro enterprise thing and a lot of that comes down to two words durability, that the drive is going to be an environment where it's going to be battered constantly, and then, when you get to the enterprise tier, you can double down on the endurance factor there. But then on top of that there has to be sustained performance. So these are drives that are designed to reach heights in performance but maintain that height without getting an oversaturated cache, without you know the the arm or the actuator inside getting overworked. And then you get into the subject of dual arm hard drives and NVMe hard drive, seagate. What are you? What is that?
Ed:And the NAS drives. When there's a lot of them next to each other, they handle things like vibration better and that kind of thing. Is it mainly kind of firmware related differences, or is it actually the build of the hardware inside the drive that are different between these drives? You know where? Where is the difference? Or is it a combination of the two?
Robbie:It's a combination of the two. I would argue that 10, 12 years ago they were more physical differences than firmware differences. But now we're seeing the firmware play a bigger part, particularly with more frequent firmware updates as the drives are used more. And then, particularly now, we're seeing the introduction of helium into hard drives. So now we crossed the 12 TB line and we're now getting into 22 and 24 TB hard drives.
Robbie:The only way that was achieved by multi, the different methodologies was to take a utilize helium in a sealed casing and therefore the platters that I wish I had by fake little hard drive.
Robbie:To show you my little four year old welcome to school hard drive.
Robbie:It does my nut in, but the platters got to be thinner. So when the platters got to be thinner, then after that they become helium, you know, reduces drag factor in those casings. But at the same time you've now got a much more crafted device, which therefore then you're pushing even more into surveillance, enterprise, nas, desktop use, as the capacity's got higher and the way they were built became more specialized, and at that point the hard drives become even very, very similar. But then the firmware has to be geared to making the most out of that. You could. You know, if you abandon firm wearing in general and you lined up all the hard drives next to each other, they're probably very, very similar in inside, although some of the enterprise ones will have a little bit more onboard cache, and this is how optin and thing with WD to e-cat a few more terabytes, but ultimately the firmware and more recent hard drive releases is where the drivers being given better control of the crafted elements inside, more tailored to the end use and inside.
Ed:Inside NAS and enterprise drives there's a feature TL ER time limited error recovery. Wondering if you could talk a little bit about that and what that is and what it does well, I believe that's to do with the amount of time it the drive is left after.
Robbie:Well, calling an error will be a bit strong. But the recurring revisit of the drive and I think that's another example of the drive, some drives having support of that within the NAS structure and again you've caught me off with that one I'm thinking about the TL ER as the drive how frequently a re attempt to read from the drive is made, and I think more modern hard drives have really upped that and got the drive to effectively, even as soon as it hits a wall, to already be beginning the next attempt by even a TL ER.
Robbie:The last time I was really focusing on that was around about 2019 2020, and a lot of that was with WD and the whole SMR business before.
Ed:So again, perhaps things have moved forward how I understand it works is you're quite right it's how many times it will continually try and reread an error, a desktop hard drive. I believe it will keep on trying and trying and trying. But the problem is is when you have that it can make the drive drop out of a raid. So the TL ER will stop it trying so much so the drive won't drop out of a out of a raid system.
Robbie:I mean as we move.
Robbie:I might be wrong about because as we move more and more into SSD populated server systems because the cost of NVME SSDs have come down, there was a spike, cheer, semiconductor shortages and the like. As we're seeing more and more of SSD utilization being cashing or in a hybrid tiered storage fashion, more and more users are becoming less bothered about recurrent error attempts because SSDs by their nature already have that. They've got that whole blueprint ideology of access to hold drive at once, whereas a drive has obviously got a more linear approach to it so it can overcome or ignore errors or work around or we'll get back to that error in just a few milliseconds. Be right back. But yeah, we're seeing, we're kind of hearing about that less and less at the moment as SSD occupation increases and also in drives, the very large hard drive.
Ed:Some of them are SMR, as it called SMR hard drives. I'm shingled magnetic recording. What is that and should be? Do you think we should avoid hard drives that have made that way, or are they as good as other hard drives that don't use that technology?
Robbie:I mean. I mean there's there's a few different outlooks. Probably one of the more current, one of the more common outlooks is hate it, hate it, hate it, don't want them, hate it. And the real answer is probably a little bit more balanced than that. And again, we referenced the WD thing there and we'll come to that in just a moment.
Robbie:But Schengel magnetic recording in a drive is, as the name, as a roof would suggest, that the writing action inside is ever so slightly overlapped and it allows a drive to actually achieve higher capacities at a lower price point. But it's built around the idea that has to be a sufficient amount of idle time for the drive to recalibrate kind of the written sectors and the index internally. And if a drive isn't given that off at that down idle time to recalibrate, then that's when they become problematic and therefore unsuitable and a nass. Now circling back to WD, wd got in a little bit of trouble because their WD hard drives certain capacities I think it was the two, three, four and 60 B drives were SMR drives but not advertised as such and there were lots of people putting them in things like a true, you know, a true NAS or free NAS back then, and other service systems where if you were doing constant activity with this drive and you suffered a drive failure or the drives reached at 100% capacity and then you wanted to include a new drive and start expanding your existing rate, you still weren't given the system enough time for downtime and it increased the potential for a rate for the drive rate recovery or rate expansion to fail.
Robbie:And that was why utilization of SMR drives or drive managed and host managed SMR and another that in a bit it came incredibly unpopular. However, smr drives are still very common these days and, as we generally find with a new capacity tier I think 2060 B was the latest one the earliest capacity deers that get rolled out are SMR and if you have a host managed SMR drive, there are ways and means to regulate the drives a little bit more to allow and actually profit by the use of SMR drives in a larger raid environment. I personally still don't massively recommend it unless you're running a particularly high end system with particularly proficient hosts managed SMR capabilities. But yeah, smr drives, I personally wouldn't recommend them to most NAS users outside of very specific environments.
Ed:What do you think of the practice of people they're not using NAS drives, they're looking for something a bit cheaper is shucking a drive from an external hard drive? Are the hard drives inside external drives as good as if you bought, say, the same drive that wasn't inside a case? I don't know how much it is nowadays. I think the drives are pretty much almost the same price, but it used to be cheaper to buy the same drive in an external case and take the drive out. I heard that a lot of times they were drives that failed quality tests that they'd put in external hard drives. I don't know what your thoughts are on that, robbie, about people using shut drives.
Robbie:Well, I had heard that last point you made there and I wrote an article, I made a video about this self plug, self plug. I did do a video on an article on this and I'd heard that, but because I couldn't find anywhere to back it up specifically online, I didn't include that. I have heard not a dissimilar point to that. But mainly you're right about the cost of shucking drives these days is generally comparable to standard buying drives at internal bear and of course, shucking a drive you're generally throwing your warranty away. You have a drive that has a soldered connector in some cases or a bridging device that can often be attached to the top of the drive. So, despite my efforts to try and create a database of shuckable drives, I've almost completely given it up, because I created a massive database of evidence online from like everything from Reddit to individual forums to buying patents to Amazon that showed the internals of some external drives and the drive that was inside. But then I found out one change of a serial number later and it's a different drive, so it became incredibly inconsistent. But on the other end of the seesaw one, if you go for a device like an external, that has more than one drive inside. So it's maybe a RAID 5 device that's got four WD reds in drive. The saving potential there is huge, Because those ones where you generally find the prices isn't just a case of 10 pounds off each drive, but somehow the pricing on there because they accept users are going to lose a drive in the RAID capacity calculation. I'm not sure, but it is huge savings to be made in shucking in that fashion. Then you've got some drives that when the WD, for example, I keep I don't know what.
Robbie:Let's be fair. Let's say Seagate. This time Seagate will go ahead and go right. We have produced 10,000 units of these 10 TB drives. We're going to put three, but we're going to put 3000 of these in externals and the other 7000 we're going to sell bear. Now, these bear ones are more subject to things like inflation, profit margins and ultimately their price point from after manufacture is more floaty, totie all over the place. But the ones that go into external casing go into a completely different pricing bracket and sale and demand. And you will often find and again we saw this enormously during 2021 with that cryptocurrency Chia. I think it was 2021, it might have been 2022.
Robbie:You must have seen loads of people wanting to make an RAID, chia service and stuff, and with that people were buying up external hard drives to shut those drives, the reason being because normal hard drives at 14, 16, 18, whatever the TB limit was at that point were changing hands for silly money and the e-retailers were aware of that.
Robbie:But the external okay, the boxes that were pre-populated DAZ boxes predominantly, but the WD, mycloud and Seagate Backup Plus and stuff those, the pricing on those didn't increase, notably for lots of different factors. So they ended up getting, you know, people would just buy them. Sell the empty case, because that's another way to recoup your loss as well. Selling the empty enclosure and ultimately shucking eyes do still think is very much a thing, but the brands are nailing it down so much by adding those little bridge, bore things on the top of them, not only nullifying your warranty but in some cases not giving people any indication of the drive that's inside, and then white labelling those drives as well, which is another big factor, I think, where you will get a drive that's the same model idea as a bare drive, but it's been white labelled, which again leads to this question of hmm, is it a quality control issue?
Robbie:Did they specifically tailor this drive for an external or otherwise?
Ed:As well. Sometimes, when you shut them, didn't you have to kind of bridge two pins on the? Hmm?
Robbie:I forgot what that's called. There was a particular connector on the top I can never remember what it's called on the top of a hard drive. I don't think it's just power, but old servers would have an actual interface going into that one and I know a lot of the time those plugs would either be completely removed, and therefore barring their use in some cases, or wouldn't run at all unless they had that inside to start with. We don't see as much of that anymore, due to mass production technique, I imagine, and also because a lot of that was restrict was available to IDE and ATA drives that had that interface built into the pins, but you see it less now on SATA drives.
Ed:Talking about cheaper drives as well as like shucking drives. What do you think about refurbished drives? What's your opinion on these drives? Is it normally the manufacturer that's refurbishing these when you see them in places like Amazon, or is it like a reseller refurbishing them?
Robbie:Well, I have seen refurbished drives as an option listed on quite a few official websites. I don't see it as much anymore, but I have seen it like previously. Certainly for the right setup, I would not be averse to refurbished drives. Indeed, again, I'll have to double check this, but I did a video recently self plug, self plug, arrogant beyond the extreme. I did a video about is it better to have fewer larger hard drives or lots of smaller drives and then use, you know, ray calculations.
Ed:That was a question I wanted to ask you actually that, in your opinion, what is better? If I wanted, say, a 20 terabyte of usable space, would I be better off to have two 20 terabyte drives and just have two, or would I be better off to have maybe, I don't know three 10 terabyte drives?
Robbie:The issue is there is no answer because the user case scenarios. There's pros and cons on either side that will be fit a different user. So if you look at, say, a four or an eight bay server device, nas, be it Turnkey or DIY that's, you're going to need a bigger PSU, you're going to be you open the door to maybe having a better CPU to get more out of it and eat more a bit of 10 GB, because more drives equals higher performance but it also leads to more points of failure. You can save money by going for multiple drives, often over going for larger drives, which are often newer, and therefore the newer drives. You know we've seen examples in the past that a lot of people won't jump on the bandwagon with a new drive because the failure rates are up there sometimes depending on the drive. So there are arguments for either side. I think it really does come down to a user case scenario. It's not always which one's going to be the best money, because in a lot of our calculations and I believe WDC8 and the like, frotashiba in why not these brands? They're aware of the calculation, the whole price per terabyte, and they've brought it closer and closer and closer together to a point where the savings one way or the other are actually quite minimal, but it's the system you're putting them in.
Robbie:So if you buy a 20 TB drive score, but you need two, you can't have one because you've just put all your eggs in one basket. So this drive that cost you 5, 600 NICA, you've just spent a grand to 1200 quid and you've not even got the enclosure. So the savings and also you don't get the performance, as mentioned earlier, whereas if you've got a bunch of 4 TB drives for that same amount of money and you put it in a RAID 5, you've spread out your points of value. You need a bigger enclosure and everything, of course, but the performance you will get while reading off of 4, 6, 8 drives. You can max out a 10 gig with that. That's fantastic stuff. You're never going to max out a 10 gig with two 20 TB drives. If you're lucky you're going to hit 4, 450 megs on a good day. So there's no real one answer. There's just a huge separation of variables that can apply to different end users.
Ed:Yeah, I find personally when I'm using in my RAID server, in the main RAID array, I prefer to go for as few large drives as possible because the data's not striped across on the RAID array. I don't get any performance benefit from having multiple drives as well. I haven't got a lot of slots in some of my servers so if I wanted to actually increase the size of the array later on down the road like, as you know, the main array on RAID we can add drives to it, increasing it in the future. But if our parity drive isn't big enough we can't add a larger drive. So I always like to try and keep as few drives as possible.
Ed:But now ZFS is in RAID 6.12. I'm in the process of building a server next week with some SSDs in. I chose to get some 2TB SSDs and I had the choice between buying 6 2TB SSDs or 3 4TB SSDs and it was cheaper to buy the 6 than the 4. And I ended up. I think I ended up having a slightly more capacity and, like you say, the speed increase, you know with the striped data over the SSDs made me choose the smaller drives.
Robbie:And actually in the last point, to add to that, I should have mentioned earlier the incremental cost of failure, which I believe is a Steven Seagal film, the.
Robbie:When, when you're running a system that's got, say, 10 2TB drives and one of those fails.
Robbie:Now you should have a hot spare on a shelf of course everyone at home say it together but at the same time you can nip out and buy 2TB drive.
Robbie:Now if you were running 10 TB drives and one fails, you're down to 300 NICA, just like that, and you've got to go out and get that and there's got to be availability for that.
Robbie:And you, despite modern hard drive production getting better and better and better and this is a job I have no statistical research to back this up other than every single Black Friday, every single Cyber Monday and working in e retail for a long time there's always more of the smaller capacities and the big capacities, and I don't know whether it's a resourcing, that is, brands knowing that they are going to sell more of certain hard drives, or that larger hard drives are purchased on mass and they're bought in cartons of 20 at the data center level or unified storage level, but all of the smaller drives, none of the big guys are going for those, so you can go to your local e shop and then get a bunch of one, two, four, six, eight TB drives easily. So that's I think that I'm going to update my article after this. Definitely a reason that whole kind of incremental cost of failure coming this summer.
Ed:Yeah, that's a really good point. You know, if a drive fails, it's much nicer. It costs you a hundred dollars or a hundred pounds to replace them, three or four hundred. Yeah, it's definitely. I'm going to ask you before we move on to speaking about SSDs, because I want to speak to you about SSDs, about Western Digital Device Analytics or WDDA. Now I know.
Robbie:Sorry, the sleeves are going up. Now, the sleeves are going up.
Ed:So can you, for people who know nothing about it whatsoever, explain what it is and why it is so controversial at the moment?
Robbie:Well, you know credit where it's due. A chat Will over at Space Rex, again another NAS platform over in the US. There he was pretty much the one that brought this to everyone's attention. It was only after zooming with him and doing a few emails back and forth that we started talking about looking at this from a lot of different NAS brands, because he really doesn't cover too many beyond true NAS and and synology and a few smaller like pocket bits like that. But the long story short is and I wish I had a WD drive here to show you I believe it was 2019-20. Don't quote me on that, you know.
Robbie:You know alleged they rolled out their alternative to Seagate's Iron Wolf Health Management, which is a kind of an on. It's either on the drive or it is an on system utility that is accessing the drive and taking a lot of the values not dissimilar to that of smart and in some cases, reinterpreting the smart data in new, more user friendly metrics to alert the end user to the health of your drive. So when you do smart tests on any drive, they are tremendously useful. Smart tests have been around for donkey's years. They will continue to be around for a long time to tell you about you know bad sector spin up, unload cycles, power on how long, etc.
Robbie:But where WDDI felt foul a lot of public opinion. One particular value the power on hours. Because users started cropping up saying their WD drive reported power on hours equivalent to three years on the mark. To say your drive has now been on for three years, you might want to consider replacing it. Now. This power on hours warning, notwithstanding that it was included apparently on a lot of pro series drives which have got a five year manufacturers warranty, which is a lib. But on top of that it was how it was being handled by the connected host systems that it was in. So earliest reports were Synology NASs that were running DSM 7.0. It has since been removed from later revisions of DSM. I should add, had it turned off by default. But if a user turned on WDDI, western Digital Device Analytics from within the storage manager, if the drive said your drive has been on for a certain number of hours, now you might want to consider replacement, the Synology would then push a notification to the end user and put the storage into a warning which, for anyone who owns a server with mission critical data, that is serious brown trousers time. That is terrifying because all of a sudden, your drives, which you've purchased at the same time, remember, which you've put into the system at the same time, but therefore power on hours is gonna be not dissimilar. Often, you know, one or two hours between is gonna result in your drives, one by one, same warning and you are going to freak out.
Robbie:And a lot of users went out and bought drives. Apparently what Will was saying with one of his clients as well, and this was the whole business. So that WDDI tool and health monitoring tool, seemingly I don't know how much of it is unique data. A lot of it seemed to be reinterpreted smart data from what we could see, but presented in optimal user-friendly fashion. That power on hours thing has rubbed a lot of people up the wrong way and now, although Synology again removed it as of, I believe, midway through 2021, and it's in no later revisions of Synology DSM platform, qnap have just rolled out QTS 5.1, which has WDDA support included and you can't turn it off and it's on by default, but we're still.
Robbie:We have no way of modding and forcing a drive to give that three year warning without waiting three years to see how the QNAP interprets that. Qnap have spoken to me and said that they, their system interprets this as information, not a warning, and it won't put the storage manager into a warning state. It won't also shout at the end user by bloody drives. It won't do any of that. But we these companies?
Ed:do they partner with WD? Is there any kind of financial incentive? Like you say, after three years it's gonna sell quite a lot of hard drives if a company integrates the WDDA into their system and saying your hard drives need replacing, that's quite a lot of sales after three years.
Robbie:I mean, I'm obviously without knowing for certain, I'm reluctant to say whether that is the case, but my instinct says, with regards to collaboration at least, I don't think the NAS brands would have collaborated with WD to that end, because Synology ditched it very early doors and QNAP have only just added it to QTS from something that was rolled out in 2019 to 2020. Now QNAP integrated it, from what I could see, as part of their predicted failure migration service. So QNAP have got this thing. I'll make it very, very brief where, when you have a hot spare drive at the moment, if one of your drives falls over and knackered, whatever you wanna call it, your hot spare jumps in and your raid starts rebuilding.
Ed:If it was ZFS, it would be a lot quicker, but so basically, it's making you use your hot spare when you don't need to.
Robbie:Yeah, but what this might do when, in the case of predicted failure with the QNAP, is the drive is being monitored with as many health monitoring tools as possible. So you got Ion Wolf, wdda their own drive analyzer, smart, and when they can see indications that the drive could potentially fall over soon, then it integrates this drive and therefore it clones the drive rather than the raid degradation in the raid rebuild, which can you know 8, 12, 24 hours, it's cloning this drive that's showing signs of dodginess with a new drive and then it just powers down the system and swaps the new drive in and you've got no downtime. The problem lies with if WDDA is influencing that, then, as you say, the drive failure prediction might replace that drive on the basis of the drive being on for three years, even though in every other regard smart tests and just in general, it's a healthy drive. I mean, I was thinking about you, but I'm willing to bet somewhere around you is a hard drive that's been knocking around for longer than three years in operation. Oh for sure, I've got one nine years that I walk past every day. I want to kiss it if it wasn't electric. But yeah, so WDDA, I don't think it's a financial incentive by the NAS brand to integrate it. I don't think money has changed hands any more than them integrating Seagate's own wolf health management with the date recovery.
Robbie:I can't speak for WD, because WD reinterpreting these metrics in WDDA to make them all user friendly sounds quite nice. But if they'd repackaged this hours on warning to your drive with three years warranty has been on for two years and 11 months it's about to go outside of warranty. We just wanted to let you know. That sounds great to me, because there are people out there that add 10 years warranty replacement spares on their washing machine. They get the extended warranty on everything and when the warranty is almost up they flog the thing and use the money towards something new. It's quite common. So if the warning had been interpreted like that, I'd like that. Actually I really like that. I wish drive manufacturers did that. They won't, because then they open themselves up to pointless RMAs, but I think that would have been a better way for that message to be delivered.
Ed:Do you think, Robbie, that say you had a NAS drive, you had four drives in it. For instance, you didn't have a hot spare. You ran it for six months and you thought I really should get a hot spare. So you're going by another WD, so you've got four of the drives that are six months older than your hot spare. It comes to the three year point and come up with a warning and it swaps it for your hot spare.
Ed:Your hot spare is already gonna be two and a half years old, or even if you've had your hot spare safe for even longer, for three years as well. It could literally do a hot spare and go oh actually you bought this one only two days after the other one, so the hot spare will still be, even though it's not really been used on this power on time. So it will still be reporting the same information, I assume.
Robbie:I will smash stuff, cry, go to the pub. I would be absolutely livid. And the thing is, people online have made much more I would take eloquent descriptions than myself. As for case scenarios and the most compelling for me which sort of impacts me, but not really, but it is, for me, the most astute argument Imagine you are either a system admin or you're an installer, a service provider, and you two, three jobs, maybe five jobs a week where you set up people's storage for them.
Robbie:So that's maybe three to five jobs a week. You've been using this very specific setup that you know is fantastic for that business model. They're content creators, they're post-production, they're an editing suite. So you're creating this setup for them and you're doing it. And then all of a sudden you wake up one morning and because remember, it's power on hours as well, so people do power it down, so it won't be the domino effect per se.
Robbie:But then all of a sudden you've got freaked out businesses that you're on a retainer for or that you've signed off on a warranty period that you take care of, warranties for them, and it's all going bananas because they've all suddenly woke up to amber lights everywhere and hot spares suddenly getting swapped out unnecessarily in specific configurations and you have suddenly got a workload that you're not really gonna be paid for. And all of this down to a warning that has no real bearing on anything it has. It's the equivalent of saying the metal has become slightly less ionized. It might as well be that the depths of this warning so yeah, that's the big brouhaha about this, and it's again.
Robbie:Spacerx, slightly more so than me, is really pushing for WD to remove this on their drives, because it's one thing for all of the NAS and indeed and I'm not sure about its position in things like TrueNAS or Unray I imagine it isn't integrated into that, but then I just simply don't know that he would like it if it was removed utterly from WD drives, whereas from my point of view, I just wanna make sure, as many NAS vendors, do not integrate WDDA or at least disable this one warning, because the rest of the warnings or the information being presented they reinterpreted smart data, to my mind, and therefore they actually have an element of use, because telling a slightly more novice end user that your unload load cycles are too high, they have no idea what that means, whereas if you say to them this drive has been spun up, spanned down, powered on. Powered on just a little bit too much. Frankly, they're gonna understand that, because it's caveman to me.
Ed:Yeah, it's very naughty as well, I think, for them to have the warning when it's three years. If they have a five year warranty on a hard drive, it should only be five years. You know, that's really bad because they're saying, like you said earlier, that their five year warranty isn't really kind of worth the paper or the pixels it's written on.
Robbie:I should have mentioned it earlier. One of the big barriers again that we've encountered with this is the information is so scant online. Wd has its own page that's been there for three to four years, I believe, and it's incredibly non-descriptive. Then the NAS brands themselves have put very, very little resources out and there is no index online what WD drives have this on board. There's just nothing online detailing it, so we don't know. All we've got is conjecture, forum reports and the drives that we've managed to test. So a lot of the information we've gathered unfortunately has to come under the heading of hearsay a little bit, because we're going for some random Reddit post in some cases. But there's enough evidence to kind of underline this point, I think, and it's enough, I think, for a lot of users much like the SMR business we talked about earlier with WD that have made them go.
Robbie:Ooh, that's not nice. We don't like your business practice Like we could. Seagate for a long time, let's be frank, were kind of the dumpster fire for a lot of users in terms of hard drives. It was like oh, the Seagate drives are cheaper. Oh well, I'll deal with it. And WD had this spotless reputation about a decade ago in terms of hard drives. I don't know what's going on in the last decade.
Ed:Yes, it sounds a bit of a shame they do that, but I think your idea of just vendors having it disabled for that particular reading and keep all the other ones on there or even just have it off by default people can switch it on if they want to and it explains that it doesn't mean you need to actually change the drive. It's just a warning that it's been in use for a long time. I was thinking like do you know at all why? Talking about smart data, why has that never been standardized? Like every vendor, their smart data is slightly different and is interpreted slightly differently. Any idea why? I guess it's just never been a standard for it.
Robbie:I would have to guess I mean the bits of it that aren't universal, I think would probably come down to their own secret recipe for their hard drives they wouldn't want to give away because even though there's a million squillion hard drives released every year from these brands, a lot of the production and even the firm was probably locked up pretty tight and I think it would be tough for them to give away a lot of their secret source that goes into it.
Robbie:I mean we look at the newer generation of hard drives that are rocking out with WD, rocking out Optinand to free up some of the space on the platters to get bigger hard drives. Then you've got EAMR, hamr and we're talking about like companies in the tens of billions of dollars they're always trying to cut ahead. I think. Is it the end of this year they want to have 30 TB drives live and by the end of the decade 50 and 100 TB drives. They get there by being secretive as all hell. And I think standardization of smart data they would probably fight against it a little bit for that reason. There will be some values again power on load, on load cycles, blocks that are going to be standardized for the most part, and I think when the smart test is performed can differ depending on systems, whether it's a physical action, a scheduled action or every time the drive is booted. I think there is disparity there as well.
Ed:I can know the smart data. Sometimes the lower number's better and sometimes the higher number and they have this kind of tolerance. The tolerances can be kind of different between different vendors. The low number with one can be better and a high number with another. Like it starts at 100, and it goes below 40 as your threshold. That's really bad. But then you can see the threshold is 40 and you see that your hard drive is like at 100 and you think, oh, does that mean that's really bad because it's over 40, but the bad thing would be if it's under 40 and that kind of thing. I've always found that smart information very difficult to understand.
Robbie:But again, that's probably, and again, this is not me defending WD at all, but WDDI when it was first envisioned. And again we've got to add disclaimer than allegedly all the information we found online with WDDI was that it was initially rolled out for WD purple drives for surveillance. Now in that arena, a lot of these surveillance devices, they have a surveillance feed, a bunch of camera feeds, your pan tilt zoom and all that luck. But the actual management of storage bordered on caveman, bordered on terrible, because it just went where's your storage? It's over there, okay, and that was it. You couldn't do anything.
Robbie:So what WDDI in that context was for was to allow the drives own health monitoring and management to be translatable to your HIC visions, your anchors, your Rio links, your DVR vendors, and then those systems could then have that interpreted data and then splashed it into their own GUI. Which is why when WDDI first rolled out this is getting really boring, I'm sorry, but WDDI, when it was first rolled out, was available as an APK for all of these vendors to integrate into their own GUI. So in that context, when your system doesn't have a robust hard drive or storage media, health monitoring tool and sophisticated warning system, wdda makes a lot of sense. But the minute you roll it into a NAS system of any version of NAS again we can go Turkey, open source or anywhere in the middle. Those systems have robust storage management. They have the skill set and the options of the customization and the control to handle that and WDDA is not necessary in that arena.
Ed:I think the WDDA, you know it's quite a nice idea in a way, because being able to interpret smart data in a human readable form is quite a nice idea. But hopefully they may just kind of change that bit and improve the WDDA going forward and it was just a bit of a mistake. Anyway, kind of moving on, I'd love to talk to you about SSDs, if I may.
Robbie:Far. Away.
Ed:So, in the context of kind of NAS systems, what do you see the pros and cons of using SSDs are, please, and also really what specific use cases would you think for a NAS to have SSDs as opposed to not?
Robbie:Well, up until about two months ago, my perspective was pretty solid on SSD utilization in NAS, again, where I've done that caveat. You'll see why in a bit. So SSDs in NAS, you have to have a NAS system that has a sufficient CPU that can afford the number of PCI lanes to make the most of it. Now, if you go to SATA SSDs, which again are becoming increasingly affordable, in that scenario you don't have to worry too much about the CPU, because the amount of SATA lanes that are all paired up for all the individual bays that you're laying out, it's the same for hard drives and SSDs. But SATA SSDs, again, they will advertise five to 550 megs, but realistically you're looking at somewhere about 450 peak, except if you're using very specialized and targeted setups, whereas hard drives are now available that go up to 285 megabytes per second and we're starting to see reveals of hard drives getting to 300 megs. And then you've got dual actuator drives, a hard drive with two arms that can hit 440, 450 megs, and these are hard drives that can have 16, 18, 20 terabytes. So the need for SATA SSDs has rescinded, whereas NVME SSDs in the NAS is starting to boom. So NVME SSDs in NAS, because the NAS has the slots there or we're getting better CPUs and the price of NVMEs coming down has all resulted in this vogue towards NASs either being fully or partially populated with NVMEs and up until about two months ago I would have said it was largely a waste of money for anyone underneath enterprise. Because if you don't have a CPU that can spread out its available lines, if you're going for like a cellar on that's got eight lines to play with, each one of those NVME SSDs that can hit 3, 4,000 megs can't exceed 1,000 megs each. So you're capping immediately and one of the amazing benefits of M2 NVMEs gets lost in translation because each one can only give you 1,000 megs and the CPU has to go hell for lever needs at least eight gig of memory minimum to really make the most of it. So you end up kind of losing out on some of the benefits of the SSDs.
Robbie:However, two months ago Asus Store NAS brand nowhere near the clout of your big names out there they released something called the Flash Store and it broke a lot of the preconceptions. It's a six-by NVME Intel cellar on powered system and it's $499. It's got four gig of memory in there. It's as quiet as a mouse that's asleep and even though each of the lanes are limited to three times one, for $499 for a six-by M2 NVME system cellar on custom built, tiny, well ventilated.
Robbie:I struggled to try to build that. I tried to spec up. And they include software with it BTRFS, full UI, mobile apps, desktop, the works. There's even remote access available as well with their own domain. So I was trying to figure out how could you even build something like that at this price point? And then they released a 12 NVME version which has got 10 gig on board as well. So that's about $850 for 12 NVMEs. Now, again, they're all restricted. But all of my reservations and issues with restricted bandwidth or limited bandwidth availability because, remember, that is a GIN, sorry, that's an eight-lane CPU with 12 NVMEs inside and they're using a little bridge. They're using a PCI bridge internally to make it work. But at that price point it costs less than most eight-by hard drive turnkey solutions in the market and at $499 for the six-by one. I'm not a salesman but I just couldn't figure out how they could piece it together financially.
Robbie:And now, from what I understand, all of the NAS brands are working on M2 NVME solutions. So in the last few months I've seen this change towards people's attitudes to M2 NVMEs in NAS, because the decreasing cost of M2 NVMEs and the decreasing cost of the NAS, the flash systems that use it, have removed that big bottleneck factor from people's budget and their minds. Because they've realized well, I'm not spending two, three, four, five grand on a compact flash server or 10 to 20 grand on a rack mount U.2 server. I'm spending 500 NICA on this server. That's M2 NVME all the way through, which opens the door to multi-virtual machine utilization, container utilization, plex Media Server. I did 8K Plex Media Server transcoding on a 499-pound NAS, which is insane for 8K playback, real 8K HVC. And then when you've got users that are running again high volume, high frequency databases where the utility and benefits of M2 NVME, your multi-user access, really come into fruition, this tiny little compact server that's about this big is just insane and we're seeing more of these solutions throughout this year.
Ed:Even though the bandwidth isn't there to run all the NVMEs at full speed. In reality, you would never have all of the drives running at full speed anyway, so for a lot of people you wouldn't really notice the lack of bandwidth running all of the NVMEs and, like you say, it is an amazing price point for 499 pounds. Was it 499 pounds or dollars?
Robbie:It's 499 dollars, so dollars as well, but again that's 6M2 NVMEs that are restricted to three times one, but they're in a raid, so there is performance benefits internally to them all being afforded together.
Ed:I think a lot of times companies like you say you don't know how ASUS could do it so cheap. I think sometimes business models for companies, when they're not established in the market, is they come in with a product and they make a loss on it, and then all the other brands are like how can you do that for this amount? And it gives them a reputation and they're happy to lose the money in order to angle them into the market. They're probably making a loss on each one of those in order to basically give them a reputation that they don't have in the NAS market maybe.
Robbie:I think at the moment we're seeing funny you should say that this again I didn't know if we were talking about this, I would love talking about it anyway this growing middle ground between turnkey NAS solutions QNAP, synology, terramaster, asus, to all of that luck and at the other end you've got your pure DIY. So build it from the ground up. You use Unraid, you use True NAS, you use Open Media Vault a myriad of different open source options out there and we're starting to see more and more this middle ground of companies that are just producing pre-made NAS servers with no OS. They might lump on Unraid in a trial version or True NAS, but they're releasing these hardware solutions in the middle and a lot of the time and a case in point, the store AXA. They're being designed arguably as loss leaders themselves so this company can build a reputation and then maybe it released our own OS down the line. So this middle ground that's expanding by people.
Robbie:Again. Topten is another one with their little mini servers we're seeing rolling out. We did a review of one of those that had a Penteon processor inside at N600, and that system is so remarkably cheap. It's like 250, 300 Nica for this quad core Penteon system with M2 slots ready to go and on the one hand, you have the open source crew going. Wait, why am I even I think even Linus Tech Tips made a video on this very subject when he was talking about that AXA store device going? Why am I wasting time building when it's costing this little to have these things now? And then you have to turn. Key solution provided.
Ed:So on the AXA's one, could you run anything on that?
Robbie:Absolutely.
Ed:I mean again so I could buy one and run Unraid on one of those AXA's boxes.
Robbie:And can I recommend, if you do that, to Google it first, because you'll find my video. He said arrogantly, but yeah, 100% they do not endorse it.
Robbie:They don't like it. But I've installed Proxmox, truenas and Unraid on AXA store systems and QNAP as well A lot of these NAS brands. They've a run from an internal DOM little five gig flash module inside but stick a keyboard, stick a KVM keyboard video mouse. Go into BIOS, change the order USB sticking your USB done and if you want to turn it back to the original OS BIOS, reset it. Remove your USB key and then that's it. And in most cases, unless you do something particularly horrific I don't think it you know they would have to prove you've invalidated your warranty there, which most NAS brands probably wouldn't do. So that's one of the reasons.
Robbie:I've seen a lot of users who just they're money rich, time poor, which I know is incredibly trite description but rather than build their own NAS and get a MOBO from scan, go to eBuyer and get the hard drives and the SATA cable and go to about three different vendors, all of which have their own RMAs to build it, sit on the floor and have that horrible moment to press the power button with the fingers crossed and praying to the gods of IT.
Robbie:All of that time is. You can now just buy a custom made solution from a lot of these, either middle ground providers or the turnkey NAS providers, and they just lump on your own OS. It's really interesting the way things have developed and, with a lot of open source software and again Unrayed, probably the most user friendly of all of the software only NAS software is on the market you can just simply download, try for free. All of those have become increasingly more user friendly and easy to install on this hardware and I just don't think the NAS brands like it that much, but it's that's what people are doing.
Ed:And I think you know, for Unrayed as well, the fact if you buy one of these turnkey systems and put another OS on the fact that Unrayed runs off a flash drive and that flash drive runs into RAM, you're not wasting one of the disks inside your NAS with the actual OS for the NAS, so you're able to use your hardware a little bit more. I saw your video on putting Unrayed on QNAP and I tell you I really liked the part of your video and I think everyone should go and watch this part and I'm going to put it as a link in the show notes where you describe how to format a.
Ed:USB stick, that's larger than 32 gigs in Fat32. Because Unrayed needs Fat32 to boot and you know it's really great to see your way of actually being able to format. Did I use disk part and then Rufus? It was a while ago, I can't remember what I did In my head.
Robbie:it was using disk part to format and then I used Rufus to create the ISO. You use Rufus just to format the format in.
Ed:Fat32 because Windows will go. No, that's more than 32 gigs. You're not allowed to do that. I'm sorry.
Robbie:I like it somewhere like Windows.
Ed:They're like what year?
Robbie:is it? It's 2023. No, we're not formatting Fat32. Are you serious? We have XFAT now, you know. Tell them to use that.
Ed:Make it a little bit more serious.
Robbie:Tell them to use that Make it double XFAT Unbelievable.
Ed:And with QNAP can most of the ones installed on Raid-On. The ARM-based ones can't.
Robbie:Well, the ones that have got an integrated graphics CPU and therefore have HDMI out.
Ed:And why do they need that, Robbie?
Robbie:Because you can't UI into it. You need the means to make the QNAP allow you to get into BIOS, because otherwise you need a visual output to get into BIOS, to switch away from the DOM, because otherwise by default it will always load from there.
Ed:Anyway, I'm going to switch gears a little bit and I would like to ask you about ransomware.
Robbie:Keep it light right.
Ed:Can you explain what ransomware is and how it differs from other kind of cyber threats like just the regular virus, and what are the motives behind ransomware attacks?
Robbie:Well, I think a lot of people that are watching this podcast, a lot of us are, you know, the old school. So when we think of viruses and we think of a PC covered in pop-up windows and you know the nightmare scenario, what makes ransomware different is ransomware tries its damnedest to not harm the system it's in. It's one of the few invasive threat actors that doesn't try to destroy the system. All it wants to do is get inside, zip up everything into a completely inaccessible format, leave a little ransom note, generally on a digital rolled up scroll, on a knife stabbed in the wall, before it leaves. That effectively says if you want to access your data, you've got to pay us via this specific means. More often than not these days it is via Bitcoin and a Bitcoin wallet, because it is incredibly difficult and impossible to trace for them to be found out via those means but then we're still via.
Robbie:This methodology is unlike normal malware and major viruses which target big, big files. Generally. They'll kind of see someone been able to get in and then attack the larger file structure. Ransomware starts at the bottom more often than not and it goes to the smallest files, the reason being it can do more files and it heightens the percentage chance of hitting that payload, that wonderful pay file that someone goes. They're the fighters of my child from when they were zero years old. They're the ones I'm prepared to pay for because they're irreplaceable.
Ed:If I could just just button very, very slightly. So just just for people. I'm sure everyone listening to the podcast or watching it knows, but what ransomware does is actually encrypt the files and hold them to ransom.
Robbie:Sorry, yes.
Ed:Yeah, Okay, sorry, no, no, no, no no you're right.
Robbie:But when it comes to when people's perception of ransomware, whenever we look at big corporations, they get hit by ransomware and most people go, yeah, well, they're a big corporation, they should have paid for a lot of system admin and security in about 8,000 VPNs. And when smaller groups are impacted by ransomware, there is this vibe of well, the brand shouldn't have let me down, you know. But unfortunately the truth of ransomware is that I'm not going to say the majority, because I don't have the statistic to hand, but a significant body of people that are impacted by ransomware. It's often because they punched holes in their firewall or ignored a lot of the warnings that are presented to them by the system when they're setting it up and then later on. Then you come into this road of having regular updates and there is this quasi relationship with ransomwares. Who is truly culpable? Obviously, the threat actors performing it are their dog dirt, but it is where the end client device can only do so much. When we talk about open source, for example I know I'm going on a slight tangent, but I will really in I promise when we're looking at, say, open source a lot of the open source platforms they like, true now is a fantastic example If you try to set it up in an insecure fashion. True, now is just goes. No, if you really really must do this very silly thing in this very silly way, then click this box. That goes. I take all the risks.
Robbie:Not a lot of NAS brands do that and it really winds me up. They don't do that. The reason that a lot of the turnkey now solutions have been hit recently by ransomware and again we'll talk about deadbolt I assume Several brands were impacted by that was because, on the one hand, users were handling their device unsafely, but a lot of these devices were advertised as simple, easy to use, chewable crayon, user friendly. You know knobbers like me on YouTube saying as such. And then the NAS device comes out and it allows these users to set it up in this insecure fashion. So yeah, ransomware attacks are getting more frequent and it's worse than a virus, because at least with a virus you don't know in charges the virus that's right actor. With a virus doesn't leave you with an invoice, if you know what I mean.
Ed:And what would you say is a good set of things for someone to do to help prevent them having a ransomware attack in the first place? Are there certain protocols? You know best practices?
Robbie:Well, definitely, these days, port forwarding and just punching holes in your, in your router and your firewall and stuff is so much less necessary than it's ever been, and I think a lot of users are slightly unaware of the fact that when they need remote access, that when they do remote access their server, they either use the one that's provided by the NAS brand and the third party brand as well, and, I think, unraided as well. I forgot what the unraided one is called that allows remote access. You sign up to something I can't remember what it was, I'm sure you're going to correct me in a moment but things like Towscale now exist and lots of other VPN type splinter that actually give a decent amount of performance, and installing them allow you to completely nullify unencrypted transmission between you and your device remotely, and a lot of them can be tailored towards third party apps. Now on the subject to third party apps, most third party apps now everything you need is kind of there, and a lot of people are installing third party apps on their NAS systems.
Robbie:A lot of the time grant these apps way too much access, so when you're installing the app for the first time, some NAS brand will say what directories do you want access to? What privileges? Do you want this to have? Much like your mobile phone, when you open an app for the first time and then it goes hold up. Do you want to give access to the camera or hold up? Do you want to give access to your contacts?
Robbie:Not, a lot of apps on NAS platforms I include all the NAS platforms actually open source or turnkey provide that, but it is there so you can install pretty much anything, first or third party now go straight into the control settings and remove all of the access, and the same thing goes with some NAS devices. Now have an isolation mode. You click it and any third party app, anything that uses remote access, php type stuff any of that can be disabled in a heartbeat and after that, really everything else is just small increments of protection. So, disabling your admin account, randomized ports these are things that now we're starting to see NAS brands actually say during setup, we won't allow you to use the admin account, you have to disable it. Or when you set up the device for the first time, it won't allow you to run certain apps or services without tick boxing all of those protections.
Ed:Basically, it's keeping the server secure from, obviously, the internet. So that would also, I guess, include things like your router and firewall, keeping the firmware on that up to date as well. So it's not just, it's not just your, your NAS or your server you need to keep secure. You need to keep the gateway of the internet coming into your house secure. You don't want to be using old firmware on a 10 year old router.
Robbie:That was another big area. That deadbolt impacted people because a lot of the I think it was three, three and a half thousand users I'm sure someone will correct me that were hit by deadbolt and a lot of those devices were running super old firmware because people took the device home, set up in the corner and never updated the firmware. But I mean, I don't know about, I don't know how much console gaming you do, but if you own a PlayStation four or five, if you don't update the firmware for a couple of revisions, you can't access the internet. It just won't let you, you won't allow you to use online services. Now there are users that would hate to have that on a NAS server, but I personally think that would be great. If you're not updating to latest firmware, you can't access remote level services. Same goes for two step authentication. You should be set up that. No, you can't do this much unless you enable two step. But these are very strong positions to take.
Ed:Yeah, I can. I can totally see your point that you're only as secure as your last, your most recent patch or firmware update One step. But I I'm the opinion that people should be able to kind of choose. I look at it as like, say, I want to go and buy a Ferrari and Ferrari put a limiter on so I can't go above 70 miles an hour. I shouldn't go above 70 miles an hour, but it should be the kind of user's choice. But, like what you were saying earlier, I think all of these things should be in every kind of situation. If you're not doing the right thing, you should be highly warned and you should have to literally tick a box to say I know, if I do this, this could go horribly wrong.
Ed:But I know what I'm doing and hopefully it shouldn't do.
Robbie:It's like when you set up a PC for the first time to use a reference from earlier. I think anyone that's ever built a PC DIY or does it more regularly how often have you had a motherboard on a table connected to a PSU on a table, connected to a hard drive on a table and the case Well, the case is still in the shop, the case is still in the shop and therefore in that scenario, anyone else you saw doing that you would lose your mind. But because you're doing it, it's okay and I think it's on the back of deadbolt, when QNAP did effectively a pushed update on lots of users as a reaction to deadbolt because their handling of the situation was not great. But they did a push update and updated lots of people's servers to the latest server revision to stop further users being impacted by deadbolt. That weren't the first time.
Robbie:But the problem is, if you were running lots of VMs in your business, if your server isn't one of these five minute turnaround reboot. It's actually a quite complex reboot scenario where you had ice guzzies suddenly lost, you had dynamic IPs that you probably shouldn't have had on DHCP, that all of a sudden have changed our identity, and you had VMs and more that hacked off even more people the way that was handled. But again, it comes down to that whole should you update or not, and should you be forced, should you be allowed, to do it your own way?
Ed:Why do you think people don't like to update? I love doing an update. As soon as there's an update, I get quite excited and I like to click and do an update. Why do you think there's a lot of people who don't like to bother to update things?
Robbie:Well, I think part of updates it's that whole business of security updates and feature updates. And I say that as a man who, in the bottom right of my screen right now, is still being offered Windows 11. And I'll tell you right now, it's still going to be quite a long while before I upgrade to Windows 11. Now, why is that? Because I'm used to Windows 10. I didn't want to give up Windows XP. If I'm honest, I still think about it. I'm not sure if it's under my pillow, but it's the idea that there'll be change. I feel like there'll be things that don't work. There'll be adaptions and changes or maybe even a little bit of modded script that I think will not work in this newer version.
Robbie:And in terms of NAS, we've already seen from all of the major NAS players I can only speak on behalf of Turnkey. I've not followed Unraid or TrueNAS Edwin near as close but there has been certain features that are only available in old revisions, so Synology with AI, photo recognition, just certain apps and services that they reach a certain point and then they get downgraded or removed from the package center so you can no longer get them anymore, and some of these sometimes are the reasons people bought these systems, or at least major part. So, at least in the case of NAS, that's their reasoning. Because they don't like change. They're worried about certain features no longer being available or not functioning right. So that's the main point of view. Although I staunchly tell people to update, it makes me a big old hypocrite when I know that that Windows 11 pop up is getting ignored massively. Or I'm using my web browser and Chrome has suddenly turned around and said you know, there's an update and I'm like I've got 18 tabs on the go.
Ed:I don't want to refresh these. I think all of us we're guilty of. We say do this. Like I always tell you, you must do a backup. I always do a backup. And then maybe kind of three months ago, I lost all of my app data and I didn't have a backup because it well, I had a backup, but it was months old, because I was thinking, okay, this is only temporary, it's like this, I'll do it later. And I was a big hypocrite and I paid the price.
Robbie:But I think it's that idea about I'm not going to do the whole, do as I say, not what I do, but we still need to acknowledge these are the right things to do with the updates. But sometimes life gets in the way, I think. But it's when people make a choice to actively ignore these things or to actively decide not to pursue them. Now, that isn't to say that what happened?
Ed:I think as well, robbie, a lot of people you know, and I can imagine it would be more so with people who buy. Maybe a turnkey now is like I was speaking to my brother the other day and he wanted to set something up for CCTV and he was just saying, ed, I just want to be able to set it up and forget about it. I haven't got time to worry about doing this, that and the other. And I think a lot of people like that, they want to just put it in the cupboard and they forget about it. And it might be months and months.
Ed:And I think to those people that are listening to do that get your calendar, put a date six months in the future, on a Saturday morning or something. Say, I'm going to go to my NAS, I'm going to check if there's any updates. I'm going to do this just like you would when you schedule a service for your car. Now, you wouldn't. You wouldn't keep driving your car, you wouldn't buy a nice brand new top of the range Mercedes or something like you buy a top of the range NAS or you build yourself a top of the range server. Well, if you bought a top of the range car and you just drove it till it broke. It would kind of be your fault. You think, well, I couldn't be bothered to change the oil, I couldn't be bothered to check the tyre pressure.
Robbie:I feel I feel like I'm dog piling on users a little bit. I think it's important to recognise that one when people do update. It's only recently that we've seen nuance in the way updates are delivered. So it used to be that it was all updates, some updates, no updates. Now you can go for security updates or feature updates. You can actually be more selective. And also in the case of deadbolt, for example, it was recognised online.
Robbie:I never really got it 100% confirmed that the vulnerability with at least two platforms that were impacted by it were vulnerabilities within specific applications which were found because they obviously built on Linux and Linux can only ever stay one step ahead of all the vulnerabilities anyway.
Robbie:But in those scenarios, yes, if people had updated, they would have patched that vulnerability as soon as it was recognised. But then there is a window of the vulnerability that was in the back end of certain apps and the attack vector having the opportunity and in the case of some brands, during the deadbolt ransomware impact, which impacted several brands. In some cases that time was weeks, if not months, between the vulnerability and it being closed and in that area that person could have had all the updates on, but they didn't matter. So in some cases I don't want to dogpull on users too much, because there is an element of brand's responsibility and user's responsibility with regards to ransomware and in that case the brand did let people down and I think now it's going to be quite a few years before people give QNAP, you know, let them wash their hands of everything that happened. I think it will be a good six, seven, eight years minimum.
Ed:Can you give just a brief overview of what the deadbolt ransomware is? I'm assuming deadbolt is like the name of the group that did the attack.
Robbie:Absolutely.
Ed:Yeah.
Robbie:It's all it did and a lot of people when it impacted them, their first instinct was to pull the cable out the back of the NAS from their router or switch. But all it was was an injected line of code to via SSH I believe I have to double check that, depending on the application and its range of services that was allowed to have access to it just injected and said basically, create a zip of all of these files, of every single file that might be a three meg photo, turned into a three meg zip, that was a Z zip as a Z zip, seven zip perhaps, and then from there the actual encryption key was created and then purged from the system and then create a word document, a text dot, txt or a rich text for format, and then just create this ransomware. And that was it, and it was all in one injected command. It wasn't installing a malware that sticks 8000 yahoo toolbars on your web browser and you smash your laptop into the sea. It was one line of injected code.
Ed:And that will still keep running even without the internet plugged in, because it will just chug along and encrypt all of your files.
Robbie:And the worst thing was that when it happened what they did to get people's attention the last part of the ransomware script replaced the usual login screen for your NAS. So it was replaced by the deadbolt screen that went your system's been hit, you can't get in. If you want to get in, go to this key or go to this URL, make us a payment. I think it was like 1.01 and 1.005 Bitcoin. It's like 500 Nica to a grand or something. Yeah, that doesn't look cool.
Ed:Didn't they? In the ransomware, they gave the use, the end user the opportunity to use the end user to pay to unlock their files. But also they tried to get money from QNAP themselves saying if you give us 5 Bitcoin, which must have 100,000.
Robbie:It was 15. I think I might be wrong.
Ed:I think it was 5.4. We'll tell you about the vulnerability, and it was 50, and we'll give you the decryption keys for everyone. So QNAP could have paid what that would have been about a million and they could have had the decryption keys and then decrypted everyone's files for them. But obviously QNAP didn't want to do that and I kind of really agree with that. You know, a lot of people may not agree with me, because I think when a company starts doing that, it's going to encourage attacks. When one company's paid, then it's going to encourage more of that type of attack attacking the end users to hold the company to ransom, which it seems like they were trying to do as well.
Robbie:Also, there is the question mark of would they have handed over the key? Exactly it's a simple.
Robbie:I mean there is no guarantee of that anyway, of them handing over the key afterwards.
Robbie:But a lot of users during the deadbolt ransomware attacks, their instinct obviously quick turn off the machine and the problem was for some user cases it completely removed their ability to interface with the NAS because during the transition, during the encrypting of those files, to produce the GUI to log in the new login screen it wouldn't generate, so lots of users couldn't log into their system.
Robbie:So the first thing you saw during the deadbolt attacks for the first month, month and a bit, depending on the brand that was impacted, the brand actually had to roll out and show people how to get in to the GUI of their NAS because lots of people would just turn the system off or when it would turn back on, in some cases the encryption would just then continue because it wasn't an active installed like API or anything, it was just a command that had been delivered to the system. So yeah, I mean the impact of it is still being felt now because there's lots of users obviously that still hold QNAP in disdain for that and again they're going to have to spend a still quite a few more years to wash that off their hands.
Ed:I heard Robbie as well, with the QNAP situation, that their malware scanning software would actually remove the text file telling people how they can actually pay. What are your thoughts about that? Do you think they should have done that? Do you think that was taking away the opportunity? If someone wanted to try and pay to get their photos back? They were literally taking away that opportunity for them. And I don't mean just photos, they're encrypted files. What's your thoughts on that?
Robbie:I think the problem is, without knowing QNAP's intent, whether that was an actual intentional action or a byproduct of the malware removing tool finding that file. Now, if it did just flat out delete it, I think that's terrible. If it just quarantined the file, like a lot of antivirus or malware scanners would do, to give you the option to go we found this file, what do you want to do? That would be different, but because I don't know, I'd be reluctant to comment on that. What I would say, though, is if it did just delete that file and at least take away people's option to do it, that's pretty disgusting.
Ed:I believe there's actually some type of file where, if you have deleted your instructions of where to pay that's actually provided by the ransomware people you can put one of your files, you can have it scan one of your files and it will retell you where you have to pay the ransomware to.
Robbie:I didn't know that. No, I know there was one. To identify which ransomware you've been hit by, which, to me, is one of the most depressing things I've ever heard. If you've been hit, the first you need to know is which one it is, so you upload the file to the website that goes sorry, you've been hit by skull thunder. It's terrible, but you know, there you are. I mean, what a rubbish bit of news.
Robbie:When deadbolt hit Acer store nazis and again, that was 2021, I believe there was a guy that worked in an office near me who was a photography, was running a lot of marketing agency stuff, and he lost six years of his portfolio to this Now, on the one hand, I would love to say to him well, where's your backup, mate? And again, no one wants to hear that. But at the same time, he'd set this device up, he'd updated the firmware pretty frequently. It wasn't even that old a firmware he'd been hit by, he'd been pretty Johnny on the spot about it, but he'd still lost all of that data. Who's to blame in that scenario? Is it Acer store for not rigorously tightening their software for vulnerabilities that they're not aware with which are built on? You know Linux, which you know, reports vulnerabilities pretty frequently that everyone else then has to build on top of. Is. Or is it his fault for not having a sufficient backup in place? You know, we're all there. There's poo on everyone's shoes.
Ed:There are. We all know everyone should have a backup. And you know I say like it's the old saying, raid is not a backup. But if you've got a file and if you delete that file you can never get it back, you haven't got a backup. So you know, on an unraided server, for instance, if I've got 20 terabytes of files and I delete all of them, if I can't get them back from anywhere else, I don't have a backup.
Ed:In my opinion, a great protection against ransomware is snapshots. If you're running ZFS, if you've got a snapshot, you can click a button and you can just be back to where you were straight away. And now we've got ZFS officially in on-raid. I would say to anyone for your really important data, make a ZFS pull, put your really important data there, make sure it's snapshotted. So if you ever did have a ransomware attack, you can at least roll it back to before the time that the ransomware attack happened and you would be fully protected. But again, snapshots aren't a backup either, but it does allow you to roll back to how it was before the attack happened. It's very powerful. So anyway, I think that's enough talk about ransomware and depressing things.
Robbie:I think let's let's lighten up a bit.
Ed:Let's talk about nuclear war. No, let's, let's.
Robbie:I'm glad this isn't my channel, volsgan, and let's talk about a little bit of nuclear fallout. You, karen, what's your jacket made of? Asbestos, great.
Ed:So we've got some audience questions for you, and the first question is for you, robbie, is what is the best NAS right now for Plex in your opinion? So the best media server NAS.
Robbie:Well, price is going to be a big deciding factor. So if I break it down into pricing, that NAS, I mentioned earlier that flash store for 499, that's a good. At the moment I'm sort of plugging that for a good middle ground, not with standard. It's got a media mode on, it supports Plex and I've got it transcoding 8K. It means that even if you don't own 8K media now, or if you own 8K media but your TV and all your other devices don't support 8K, it can play and transcode everything down to, you know, 4k and 1080p and stuff. I mean, if your budget is 2 to 300. Nica the Synology DS223 is not too shabby. We're running Plex on that in a container. But again, that's a very low end entry level. The problem with saying the best is every user case is different. There could be someone that's running.
Ed:It depends how much media they've got and how many people. If it's just them accessing it in their house, like them and their wife watching together, that's going to be very different than if you've got 20 grandchildren, three aunts and 100 terabytes worth of media. You're going to need something very different.
Robbie:And then when you factor in file formats like HEVC not being supported on certain devices, then you've got your audio files, the ones that simply, simply simply have to listen to Led Zeppelin in that original file format. That's a flak rip. That's absolutely insane. Like for those users, you're going to have to go minimum Pentium, maybe an i3, because you need that integrated graphics. You can roll in a graphics card, but it's for Plex, it's not as efficient in that regard the amount of power output you're putting in and the noise. I mean for those users.
Robbie:Basically, the entry point I would say a Synology would be a DS920, then if you want to go a bit better, you go for something like a QNAP74 series and they go from Pentium all the way up to an i9 12th Gen.
Robbie:All of these are systems where you're trading off the power of the device versus the cost of the device, versus the noise and the you know TDP and general power consumption of the device.
Robbie:A lot of those users that have large media collections, those users are going to be very aware of a server that's on 24 seven, making a lot of noise and hitting the old electricity bill, particularly now midway through 2023 and energy crises. So, yeah, a 920 entry point from Synology and the 7.4 series. I would say for anyone that wants to take it seriously, or if you've got a couple of M2 NVMe's from an old laptop knocking around that you want to reuse, look up that flash door, because that flash door again, you can get the six bay model, stick one M2 NVMe and start racking them up and you can get M2 NVMe's even with QLC NAND now that up to 8 TB in scale, and then you add to that. For me that kind of is the middle ground and it's potentially going to be my recommended Plexna server of the year when we do our best ofs in December.
Ed:Looping back to when we're talking about SSDs. How do you find the actual durability of running an SSD server compared to a mechanical drive server? Are they more reliable or less reliable? Would you imagine you would see, say, a SATA SSD that's nine years old sitting in your NAS box behind you in the same way from a mechanical hard drive?
Robbie:I can see it now because production in NAND I mean again.
Robbie:I'll move slightly away from NVMe, but I will circle back to that in a second. But when it comes to SATA, I mean again, we're seeing a lot more SATA SSDs arrive, where the NAND production is being built to NVMe level utilization but being used in a SATA SSD. So you've got a SATA SSD that, guns blazing on its day, can hit 500 megs if you're lucky, but they're using NAND that's being developed at production for SSDs that can crank out 7 to 8000 megs. So, consequently, the NAND is built to a standard, or at least to a production quality standard, to withstand so much more than it did before. Nand is considerably more durable than it has been for a long time and we're seeing a lot more SSDs arrive with a drive rights per day DWPD of exceeding 1.0, which means you could get a terabyte SSD completely, fill it, delete and rewrite one terabyte on this one terabyte drive every day, and it would still last five years, according to the manufacturer. So yes, it's substantially more durable than they've ever been.
Ed:Moving on to the next question for you, robbie, is will you stop recommending Western digital disks after the WDDA and the 26 to 80 hours warning?
Robbie:Well, so that's what we discussed earlier on.
Ed:It is.
Robbie:I will. I still continue to recommend WD drives, but nowhere near as much as I did. I've got to. When I talk about WD red drives now, I talk about them with a caveat. In the minute you're talking about something with a caveat, you're doing it because you want people to be fully aware of everything. But there's no denying that I'm going to add the caveat for a long time that, oh, you're going for a WD red drive? Oh yeah, actually they're a good drive, as long as you don't go for the SMR ones. Or if you're going to go for a WD drive in your NAS, great, just make sure WDDA is disabled by default. Or if you can't disable it, just know that at three years it may spit a warning at you that you can largely disregard, and I hate adding caveats like that, but it's sort of their own fault.
Ed:And the next question, which is kind of in a similar vein to the previous question, is they're saying why do you continue to recommend QNAP NAS after Deadbolt?
Robbie:With QNAP and Deadbolt. I think I recommend quite a lot of QNAPs to be kept offline. I also think that the brand has introduced a lot of network security precautions and changes to default structure within their OS. I still maintain in every QNAP review towards the conclusion, you know, a highlight Deadbolt. If you look at any of my before you buys, generally you'll find that the third or fifth point is always they were hit by Deadbolt and I think I'm going to be doing this probably till the end of the decade because they need to have an unbroken record.
Robbie:Now, time was when I talked about Synology a long time ago. I would highlight Synolocker because they I can't remember it was 2012 or 2014, back in the very early days of me really getting into NAS, they were hit by our malware. They were hit by Synolocker that was locking up the system to try to make money out of people. Now, synology they dealt with it I would argue, slightly better than QNAP dealt with Deadbolt, but they were still hit by it. But now you look online and there's not much information about it, and that's because they learnt their lesson. They carried on, moved forward really rigorously, changed their security protocol and, although some of the decisions they've made, such as streamlining USB compatibility, changing a lot of the applications you can use on their system, all they say in the aid of security, and keeping their system as robust and as protected as possible. We can't deny that in a decade since Synolocker might be give or take that there hasn't been anything big like that happen again. There's been the odd thing pop up on their security advisory, but that's really it so for them. That's why I don't bring it up anymore and I will continue to recommend QNAP, but much like WD, with caveats, and I'll tell people to use a QNAP with vigorous security protocol.
Robbie:I will, you know, I will applaud them for them changing a lot of their QTS platform, disabling SSH by default, disabling the admin account, you know, not allowing users to make insecure choices without fully acknowledging the. You know the risks. And they, you know, included a lot more third party VPN support on their system and again I mentioned it earlier on, with integrating Towskow. They've done a lot of work to integrate those things in. They even rolled out their own bounty program, like Synolocker did.
Robbie:But they've still got blood on their hands as far as I'm concerned, and they will always be presented with that caveat. But if you're looking at a NAS system that you want to get a turnkey solution to put on rate one or Thunderbolt NAS or any number of hardware solutions which are just simply not available to be purchased off shelf, qnap's a great option for those, but as long as people stay informed about it, as long as they know the past and they're aware of the risks with regards to their own choices and sometimes in the way these devices are set up. That's why I still continue to recommend them. Start with caveats.
Ed:And the next question on our list is at what point should I start considering a NAS instead of Unraid, or vice versa?
Robbie:Right. Well, I think we've covered most of this, but I would say, because NAS is our much more user friendly and Unraid is by far the most user friendly, I reckon there's a lot of users that can use Unraid and never have to touch command line unless they really want to these days. I think there's been a lot of really great stuff done with Unraid there, but it still isn't quite as user friendly as turnkey NAS solutions and that's done by design because they want to target you know again that money, rich, time, poor user. The levels of support afforded by NAS brands is probably better. So if you need direct support from the brand, you generally get. It's easier to talk to someone who's a member of that brand more quickly.
Robbie:I think, on that larger scale level, the range of client applications as well. So the range of applications for your iPhone, your Android, your desktop there is just enormous number of client applications that once you go into open source platforms and again, I know Unraid isn't strictly open source, but it still lives within that bubble, I believe the number of client applications to keep things easy for you to interact with it. There's not as many diverse options out there. So it's the level of hardware for what you're buying. The amount you put in to buying a create your NDRI server can be intimidating, and if you don't know what you're doing, building it, you don't get, you know, a bit of silicon under your fingernails. You don't want to, you know, have to deal with a bunch of warranties. And NAS is a good choice, and that's why I think for those that want an easy first step into private server ownership I'm back to the first question you asked about going cloud to NAS, and NAS is a great choice. However, once you know more about NAS and you become a lot more versed, you don't have to get to enthusiast level.
Robbie:You just have to use one for a while to suddenly find limitations in a NAS which are there by design. They are there to stop you breaking the device, stop you putting it in a state where support would be required, and for those users that suddenly start feeling the glass ceiling of a NAS, that's when things like unraid are unparalleled. When it comes to unraid, it gives you the probably the best middle ground there in terms of adaptability and customization, but also in terms of low cost and access as well, and, I think, for users that have owned a NAS for a while as a hobbyist or owned a NAS and then suddenly started feeling the glass ceiling and the limitations and you feel like you're getting treated a bit like a baby. For those users that's when the transition to an unraid server makes a lot of sense, because those are users that have now become skilled enough that they're feeling the limitations of some NAS systems.
Robbie:If you're an enterprise user it's slightly different, because that's when you need something that's certified for your needs and maybe your HR not your HR, but I think in your accounts team needs you to sign off on this product and you need it to be integral in that scenario. But you don't want to spend a lot of time reconnecting starter cables and stuff where DIY is not an option. Until I ever see an unraid turnkey solution, those users I would probably direct towards a NAS, a turnkey NAS, unless they've got a good intelligence system. Admin on site.
Ed:And moving on to the next question. Now I just want to point out these aren't my own questions. They're all from the website.
Robbie:So, oh, I love this. This is going to be brilliant. What hatching job is this man alive?
Ed:So the next question is do Synology and QNAP pay you to make videos for them?
Robbie:No, to date and I think I've talked about this before I was going to do an Ask Me Anything video on this. I've been paid by three brands ever and I'll get to them in a bit but Synology and QNAP have never paid me. They send hardware upon my request. In most cases I never get to keep it. So I'll sign a kind of an agreement where I keep hold of the hardware for a loan period, depending if it's a particularly sophisticated piece of equipment, for example the TS855X.
Robbie:I'm doing a review on that. I've got that for maybe nine days. It's been taken away from me on Friday. I've done a bunch of videos on it. I've done some reviews. They never impact my reviews. They never tell me oh, don't say that. And indeed, even when I did those videos where I was installing TrueNAS, unrayed and Proxmox and more on QNAP systems and you know, mucking around and putting unofficial memory and Synology systems, not once have they gone. We're not sending you anything again. Get out, get out. They never did that. They've never paid me. What I get from them is access to the hardware and independence.
Robbie:Now, if a device I believe I'm going to be using for a long time, you can probably normally see them on the left hand side of the screen when I'm making a video, those ones I've got on long term loan or I get to keep them. So some devices the brand will say we're sending it to you and you can keep it, but I've never been paid by them. Generally that's called an MDF, a marketing development fund by the brands. I know because I have been offered by different brands money in the past and that's paid for from their marketing budget to promote their product. But once you do that, it's a. You get told what to do and I know some platforms do that and do engage in that and it can be very profitable. But we generally go with ads and we go with affiliated marketing hits. Why, at the end of every video I talk about links in the description that only use them if you've actually liked the video, and I find that to be the good middle ground.
Robbie:And the three occasions we have taken payment, we took one payment from Buffalo. They had just released their Windows storage server devices and they wanted us to do a few reviews for it and we flat out said no because we didn't have time. And they were adamant. They wanted us to make some videos on it. And we were like we simply don't have time. The only way we'll do that is if you make it financially viable for us. And it was very in the early, very much in the early days. But we went independent. So we did a three part series on WSS, buffalo, nas and they never got to tell us what we could tell and I think, the third video. We were quite scathing. The second payment was with Terra Master, to have their name at the top of our site along the top bar, and we said we can't put you up there because no one really wants to click on your button and we're running a website here. And they were like well, can we pay a retainer to have our little menu there at the top? And we're like yeah, sure, knock yourself out. So that was the second one. And the third one was one from the end of last year.
Robbie:I contacted WD and said oh, you know your WD Red Drives. They're going to be 10 years old. I'd love to make a video on it. And they said that'd be great, we'll pay for it. And I was like well, no, I was going to make it anyway. And they were like no, no, we'll pay for it We'll pay. Well, you know, we'll facilitate it to be in this way. And I foolishly said, yep, sure, and you can watch the video in the article. It's covered in the word sponsored and they wanted it done a certain way and I wasn't overly pleased with the result. If I'm honest. I like the video, it's quite snappy, but I would have gone into a lot more depth about the whole thing. And those are the three times I've ever taken payments from brands, and that's. I thought every time we did it to upgrade the mail server, to upgrade the website, to cover more traffic because it was starting to fall over a lot, and that's really it. And you know I've not been paid really by any brand, that's a long answer wouldn't it.
Ed:And second to last question why are NAS drives so expensive?
Robbie:One word software. It's the NAS. Software is what makes them expensive. If you broke it down to the hardware, if you tried to build the majority of NASs barring a few exceptions take for example that Plex NAS I mentioned earlier, the QNAP 74 series If you were to build that NAS, which cost two to two and a half grand to buy, you could probably put it together for about 12, maybe 13, 30 and a half Nica.
Robbie:But you would that's if you're going for a specific server case, that's, a six or eight by not just repurposing an old PC tower and getting like caddies.
Robbie:The reason you're paying for that software is for that access for all of the utilities for the long term, firmware updates for that software. And that's why they're expensive, comparative because, unlike building your own NAS or going again for one of those top 10 type solutions or that store acts a kickstart that's still in progress, all of those only paying for the hardware and a bit of labor lasered on top. Whereas a NAS there's a lot more software to it. So it has to be a combined hardware software solution. None of the brands realistically sell their software on its own, although you can buy virtual VM versions of that software that run on their platform. But all of them have to be a hardware software combined solution and that goes all the way down to like one by arm, 512 meg that's right Meg ram solutions for about 100 Nica Even that 100 quid or so, not including tax, the 20 Nica on top. Some of that is for the software, so it's always the software that's making those price tags higher.
Ed:I'm not sure if we should interpret the question as well, Robbie, from the person who asked it. I'm not sure if he's also maybe asking about the actual NAS hard drives, why they're more expensive than regular ones.
Robbie:Oh, that's hard. Oh, we will have it's NAS hard drive.
Ed:You know NAS drives. I don't know if he meant NAS drivers in a in a NAS all in one, or he's meaning a NAS drivers and hard drive, so maybe we should answer it both ways.
Robbie:When it comes to NAS hard drives, I would argue again it comes down to NAS hard drives and they're not that much expensive, to be fair, per terabyte If you compare them.
Robbie:If we're talking about the physical NAS media, the price between a 10 TB to get barracuda and a 10 TB iron wolf NAS hard drive, the price difference per terabyte isn't actually that much.
Robbie:But that is a drive that's been designed to spin up, spin down in a more sporadic environment and therefore its durability has to be scaled to that accordingly as well. You always find, I know, meantime between failure is a bit of a I nearly said a negative word there not a great way to measure drive life outside of multi drive environments, but it's certainly higher on NAS storage media. And then NAS storage media being in raid environments again adds to the higher vibration sensors being required there, largely heat, more heat being generated there and generally more cash as well on a lot of those drives to deal with a lot of the overhead and the instructions that are handed to and from the drive controllers. I think that's mainly why NAS storage media costs more, because it's just it's geared towards another utilization and again not to use that incredibly trite and very basic comparison. But if we look at cutlery in a draw, I think a butter knife costs less than a proper steak knife because it's about it being durable to the task and again, that's an incredibly basic simile.
Ed:And also maybe Robbie as well. Nas drives often have longer warranty, so that has to be factored into the price.
Robbie:Absolutely yeah to a down fine point yeah, two to three years to five years yeah.
Ed:Right, our last question. I probably shouldn't really ask it because we've kind of answered it anyway, but I don't want to miss anyone out. So is now the time to move over to SSD and NAS servers, and are they durable enough? How about just a yes or no answer for that one, Robbie?
Robbie:I can't just say yes or no. I'm broken. I'm broken as a human being. You've exposed me. No, mostly. Yes, it's just it's still going to cost you more. And if you're not using a system that can leverage at least some of the performance, then no. So if you go for some basic arm, one or two bay NAS, you're never going to be able to fully utilize those SSDs, even with or without PCI lane restrictions. So, unless if you're running an x86, AMD or Intel based, then yeah, or you definitely are running better than one gig network out, Because even though you'll never really get to fully realize the SSD speed and you're going to oversaturate even 2.5 gig connections, even 10 gig depending on your rate structure, you can at least make the most of it and internal with databases and moving a lot of the hard work away from the CPU and memory. This is the longest yes or no answer you've ever received. But yeah, I'm incapable, absolutely incapable. But yeah, yes for most users, depending on the hardware architecture of the NAS in question.
Ed:Okay, well, thank you very much for answering those questions, robbie. That's the last of them, so I think it's a good place to wrap up. We've been speaking for quite a long time. I've really enjoyed talking to you today, and I'm sure our listeners are going to find it really interesting hearing your expertise. For people that haven't seen your website and haven't seen your YouTube channel, where can people get hold of you and see your work?
Robbie:They can go to the South Coast of England and they'll generally bump into me screaming off the end of the pier that RAID is not a backup. Or they can Google NAScompares, because no one types URLs these days. Or they can find me online just under the name NAScompares or NASweirdo. That'll do it, yeah.
Ed:Also, guys, you can obviously see all the links in the show notes below.
Robbie:Perfect. Thanks so much for having me on.
Ed:Anyway, thank you very much for your time. I hope you have a great rest of your day and speak to you soon. Cheers.