SBC for NAS with NO spectre vulnerability

[medhunter]

I am going to do a brave project

 

Aim: Home server mainly for Nextcloud as my first priority in addition to NAS , plex 4k (DirectPlay), Adblock server

 

I hope I can get SBC doing this with the minimal specs of USB3 and true Gigabit LAN (RPI 4 check)

And of course NO Spectre or meltdown vulnerability, (RPI 4 fail)

The only one I could find is the Rock64 as far as I searched.

 

I am open to the possibility of a miniPC with 2.5 inch bay for storage or even USB3.Yet should have No spectre or meltdown vulnerability

 

I am curious what the options can be..

 

[+BudMan MVC]

So you plan on running multi tenant VMs on this "nas"... I think you should really do a bit more research on the details of meltdown and Spectre and how they could be exploited.  Before you concern yourself with you place too much concern on them to your "nas"

 

How exactly do you feel those exploits could be exploited on your nas??

 

What code would you be executing on your "nas" where it could use these exploits to "steal" info?  The only thing that runs on my nas is the nas software..  And a few "trusted" packages from secure locations, etc.  Its not a pc where you willy nilly go exe code because you were the 1million visitor to site xyz...

[Mindovermaster Moderator]

4 hours ago, BudMan said:

So you plan on running multi tenant VMs on this "nas"... I think you should really do a bit more research on the details of meltdown and Spectre and how they could be exploited.  Before you concern yourself with you place too much concern on them to your "nas"

 

How exactly do you feel those exploits could be exploited on your nas??

 

What code would you be executing on your "nas" where it could use these exploits to "steal" info?  The only thing that runs on my nas is the nas software..  And a few "trusted" packages from secure locations, etc.  Its not a pc where you willy nilly go exe code because you were the 1million visitor to site xyz...

IIRC, you only run your NAS on your guest network. It won't go on the internet. So would that count out meltdown?

[+BudMan MVC]

Im just a loss to why anyone would be worried about those issues on a "nas"  Are you giving access to other users running code?  Is your pc that could get infected by you running some untrusted code, or even getting hit with some drive by sort of infection?

 

You do not browse from your "nas" atleast not normally.. The only code running on it should be some packages from the maker of the nas from their secured stuff.  Or at worse some VMs you run on it for something - again should be trusted code running on it, etc.. Are you planning on running some VM on it that your going to use for XYZ that maybe could get infected?

 

But currently - good luck trying to find some cpu that is not open to these sorts of exploits..  And while its not a bad idea to get something that is not susceptible to such code... I don't see it as such an issue that you wouldn't get xyz nas box because of it..  But then again you have not given the full details of you are going to use this nas.. I can just comment on how nas is normally used..

 

And then again any major "nas" maker has supplied mitigation - for example here is synology page on the issues

https://www.synology.com/en-us/security/advisory/Synology_SA_18_01

DSM 6.2ModerateUpgrade to 6.2.2-24922 or above.

 

Here is best advice

Synology rates the overall severity as Moderate because these vulnerabilities can only be exploited via local malicious programs. To secure customers' products against the attacks, we recommend you only install trusted packages.

[medhunter]

Something must have been misunderstood.

 

My main goal is to de-googlify my world, using nextcloud storage, calender, contacts, chat (Preferably installed over NAS control panel).May add adblock, pfsense later.

I plan on accessing nextcloud from my cellphone ,so it should be open to the internet.

You are right, I wont brose internet from my NAS. It is a dedicated thing.I will definitely install nextcloud plugin and may be some to follow later

 

Lastly: Am I over worried about spectre and meltdown for nextcloud server?

[medhunter]

6 hours ago, Mindovermaster said:

IIRC, you only run your NAS on your guest network. It won't go on the internet. So would that count out meltdown?

I would connect to the internet at some time later.If so, should be concerned about meltdown Only?...If yes, some AMD CPUs are not vulnerable to meltdown, in contrast to spectre

[+BudMan MVC]

4 hours ago, medhunter said:

Am I over worried about spectre and meltdown for nextcloud server?

Yes!!!

 

Unless you think the nextcloud code your downloading from nextcloud is compromised and spying on you using those exploits.

[medhunter]

I am not concerned about Nextcloud. I will be sharing my data and later exposed to the internet.

If no vulnerability using this scenario , then I may pick RP4

[medhunter]

So, Raspberry Pi4 is the best option?

[+BudMan MVC]

You have not called out anywhere near enough design considerations and budget constraints to be honest. Yeah sure you can use a pi as a cheap nas.. Will it meet your performance needs??

 

Pi 4 is pretty cheap option.. Yeah it could be a nas, yeah it could also serve up plex - 4k direct might be possible.  That would also depend on what your clients are going to be.  And for sure it could run say pihole.

 

They also sell off the shelf ready to plug in and go devices as well that can do all of that. Say something like

https://www.synology.com/en-us/products/DS118

 

Or even the ds119j might work or you.. Your at like 99 for that model.. Which would be same sort of price you would be spending on a pi4 with all the things you need to make it work. Case, power supply, microsd etc.. Cables.