I’ve never been in a server room from which I could not steal a random hard drive without getting caught, if I wanted. I have been in server hosting companies’ rooms in more than one countries.
Should I find one that employs guards with machine guns, still there is a point from which it isn’t smart to keep your unencrypted data on disks that can fail and be replaced by people who are not you.
I have been considering Geli for a while and collecting questions about ZFS + Geli. Not because there aren’t tutorials online. There are also tutorials online how to climb onto 1000 meters tall buildings in Russia without any kind of protection. Yet I don’t want to do that either. Just because people with good will post guides one should not put a method into production right after it didn’t throw any error in the command line. Especially not without being expert in that area. 4 of the 5 guides top on my Google search don’t mention that TRIM won’t be supported. (The one that does.)
Actually, I used to have Geli + ZFS on my home desktop computer with zero issues, but I know that the setup harms ZFS’s self-healing features. Should it be below the metadata, a few bad sectors that would be corrected by native ZFS may eliminate the whole disk with ZFS + Geli. Another nuance rarely mentioned in random guides.
I’m not opening the thread to blame guides that helped me hundreds of times. I’m wondering what experts do for this kind of security. I wonder what companies that aren’t big enough yet to hire gunmen but aren’t small enough to not worry about their data can do.
The sole alternative crossed my mind so far was Amazon EC2. I have never tried it but I read they support FreeBSD. They also provide encryption. I can only hope they are big enough to not try to steal my encryption keys. I’m not talking about the company but the employees.
Should you wonder whether I am paranoid or not, I’m opening this topic from the country that has been famous for its bank secrecy for decades until a few individuals stole data from their employers ruining the whole industry permanently and causing more damage than you might think.
Any information based on real experience that makes a young company’s people sleep well would be awesome.
Should I find one that employs guards with machine guns, still there is a point from which it isn’t smart to keep your unencrypted data on disks that can fail and be replaced by people who are not you.
I have been considering Geli for a while and collecting questions about ZFS + Geli. Not because there aren’t tutorials online. There are also tutorials online how to climb onto 1000 meters tall buildings in Russia without any kind of protection. Yet I don’t want to do that either. Just because people with good will post guides one should not put a method into production right after it didn’t throw any error in the command line. Especially not without being expert in that area. 4 of the 5 guides top on my Google search don’t mention that TRIM won’t be supported. (The one that does.)
Actually, I used to have Geli + ZFS on my home desktop computer with zero issues, but I know that the setup harms ZFS’s self-healing features. Should it be below the metadata, a few bad sectors that would be corrected by native ZFS may eliminate the whole disk with ZFS + Geli. Another nuance rarely mentioned in random guides.
I’m not opening the thread to blame guides that helped me hundreds of times. I’m wondering what experts do for this kind of security. I wonder what companies that aren’t big enough yet to hire gunmen but aren’t small enough to not worry about their data can do.
The sole alternative crossed my mind so far was Amazon EC2. I have never tried it but I read they support FreeBSD. They also provide encryption. I can only hope they are big enough to not try to steal my encryption keys. I’m not talking about the company but the employees.
Should you wonder whether I am paranoid or not, I’m opening this topic from the country that has been famous for its bank secrecy for decades until a few individuals stole data from their employers ruining the whole industry permanently and causing more damage than you might think.
Any information based on real experience that makes a young company’s people sleep well would be awesome.