Dual-Booting A Server/Workstation/Gaming-Rig Safely

[Arman]

Absolutely. Encryption does nothing to prevent destruction of data (in fact @DrKK would likely argue it makes it more easy), it just prevents (for some value of "prevents") off-line access to it.


First, please understand that anti-virus software doesn't 100% prevent you from "catching a virus" or prevent one from running once caught, no more than a dose of Tamiflu can prevent you from getting Ebola or even all possible Flu virii. It's just a database of known virus signatures that Windows can warn you about or block from executing, but the second a new (or substantially mutated) one appears and you catch it, you're done.

Second, all of your experiments in off-lining disks and otherwise using the Windows disk management tools are exercises in going through "known, well-guarded paths" to your hardware, which is not the same as the path that a virus or even an outright bug is going to take. Those will bypass all of the helpful and friendly "Are you sure you really want to do this?" prompts and go straight to the hardware, which is why you would want to investigate the options that Windows device drivers and "raw" access allow vs simply using the management tools - those prove nothing.

All this said, we clearly can't talk you out of doing this or really understand your principle motivation, so party on Wayne! We're all just assuming that you have some really valuable data on this FreeNAS box you're trying to create, but if it's just a collection of... err... flesh-toned photographs... that you can easily reconstitute by downloading it all again, then we would classify that under the heading of "fungible data" and encourage you to do whatever the heck you want because who cares? In 100 years we'll all be dead anyway...

I agree with you on the things you've said. To end this, can you tell me how a virus could get to the drives when they are "physically" offline by turning off the sata controller from bios? (forget about setting them offline from disk management)

 

[jkh]

I agree with you on the things you've said. To end this, can you tell me how a virus could get to the drives when they are "physically" offline by turning off the sata controller from bios? (forget about setting them offline from disk management)

If you physically disconnect the drives, or disable the controller they're attached to at the BIOS level, then I'd say you've safely accomplished your goals.

I also get that you're doing this largely as an intellectual exercise at this point, which is fine. I'm not one to advocate that everyone should "stay in their comfort zone" or "not try new things", as you postulated might be the general case in this Forum a few replies back, and you can rest assured that most of us here make our decisions based on logic rather than feelings.

A fundamental challenge that runs through this entire thread, however, is the fact that it's hard to argue in terms of logical postulates when the reader (that's you) still lacks some of the more fundamental "math" required to understand those postulates. I can't truly describe the problem in terms of what windows device drivers are capable of doing, for example, without you having a solid OS internals background. Others cannot suggest using techniques like PCI pass-through in virtualization when you're not familiar with the terminology and would have difficulty in mapping an HBA or PCI graphics card into a guest OS's address space in any case, because you clearly haven't done that sort of thing before and need training in a whole host of prerequisites first.

If an analogy would help, let's pretend you walked up to a physicist at some symposium and asked why magnets worked the way they did. You'd wind up with an interview like this (in which Feynman really isn't trying to be a dick, he's just helplessly attempting to explain how complex the topic really is). Or let's say you asked them "why can't light escape a black hole?? That makes no SENSE!!" and the minute your hapless physicist started mentioning terms like Schwartzchild Radius you went "Wait wait what's that??", that physicist would know they were in for a rough ride because you're asking questions for which the only meaningful answer is "go spend at least a few months understanding the fundamental terminology and principles behind the question you are asking before you ask the question, because right now I just can't answer it for you."

You'd likely think that physicist was being condescending and be frustrated yourself that they weren't willing to teach you fundamental physics as part of answering your question, or couldn't answer it without you having that knowledge. The physicist, in turn, would be frustrated that people who haven't even taken a couple of years worth of college physics, never mind the PhD coursework, come up to them at symposiums and ask them really complicated questions without even knowing how complicated they are. :)

That's why this thread has been so long and occasionally heated. If you take nothing else away from it, please take that much. ;)

 

[Arman]

If you physically disconnect the drives, or disable the controller they're attached to at the BIOS level, then I'd say you've safely accomplished your goals.

I also get that you're doing this largely as an intellectual exercise at this point, which is fine. I'm not one to advocate that everyone should "stay in their comfort zone" or "not try new things", as you postulated might be the general case in this Forum a few replies back, and you can rest assured that most of us here make our decisions based on logic rather than feelings.

A fundamental challenge that runs through this entire thread, however, is the fact that it's hard to argue in terms of logical postulates when the reader (that's you) still lacks some of the more fundamental "math" required to understand those postulates. I can't truly describe the problem in terms of what windows device drivers are capable of doing, for example, without you having a solid OS internals background. Others cannot suggest using techniques like PCI pass-through in virtualization when you're not familiar with the terminology and would have difficulty in mapping an HBA or PCI graphics card into a guest OS's address space in any case, because you clearly haven't done that sort of thing before and need training in a whole host of prerequisites first.

If an analogy would help, let's pretend you walked up to a physicist at some symposium and asked why magnets worked the way they did. You'd wind up with an interview like this (in which Feynman really isn't trying to be a dick, he's just helplessly attempting to explain how complex the topic really is). Or let's say you asked them "why can't light escape a black hole?? That makes no SENSE!!" and the minute your hapless physicist started mentioning terms like Schwartzchild Radius you went "Wait wait what's that??", that physicist would know they were in for a rough ride because you're asking questions for which the only meaningful answer is "go spend at least a few months understanding the fundamental terminology and principles behind the question you are asking before you ask the question, because right now I just can't answer it for you."

You'd likely think that physicist was being condescending and be frustrated yourself that they weren't willing to teach you fundamental physics as part of answering your question, or couldn't answer it without you having that knowledge. The physicist, in turn, would be frustrated that people who haven't even taken a couple of years worth of college physics, never mind the PhD coursework, come up to them at symposiums and ask them really complicated questions without even knowing how complicated they are. :)

That's why this thread has been so long and occasionally heated. If you take nothing else away from it, please take that much. ;)

That's what I was thinking. It just got pretty stressful because it felt like people were attempting to escape the bottom fact.

I completely agree with you on what you said (about not being able to explain certain things) with no resistance in my thoughts whatsoever! I acknowledge where Feynman is coming from in his explanation... I didn't think I would come to your mind as such a person (like the interviewer). Not sure if that's how it seemed, but I never wanted anyone here to go that deep in explaining the fundamentals computer science/physics of how or why the corruption would be caused. All I wanted to prove was that with the method I explained it would decrease the probability of it happening with to such a level that it would be kind of comparable with the probability of the disks becoming corrupt if the system was set up the way the usual way... The traditional way... The recommended way... Safety protocols just need to be followed to keep the probability comparable. :)

 

[cyberjock]

I appreciate all fair/valid opinions even if they sound harsh. I prefer to have the truth rather than sugar-coated stuff...

Good. You show promise! Many people want the sugar coated answers, which I'm not inclined to give. ;)

Sorry, im kind of confused. Disabling SATA in the BIOS would just turn them off despite whatever operating is running, right? Or have I misunderstood something?

Disabling stuff in the BIOS is no guarantee that it is truly "disabled". It's a software switch that is off/on based on the setting. It doesn't always work, and doesn't always work 100% even when you think its working. In short, assuming that "disabled" in the BIOS means that no OS can touch it isn't a good plan if you are putting important data on the line. ;)

Alright. Since the Supermicro is well known i'll go with that. I was searching online yesterday and it seems I came to the conclusion that graphics cards in a (16x Mechanical, 8x electrical) slot only has a minor performance drop compared to it being is a true 16x slot. Is that correct? If so, I don't even need to think about the AsRock anymore...

Assuming you max out the PCIe connections, your performance will drop at that point. If you never send enough data to saturate the 8x PCIe lanes, you'll never see a performance drop. So it's a big if/when scenario.

And for the dual-boot issue: You say: "I wouldn't recommend dual booting because of all of the reasons already discussed and more.", but for the reasons already discussed we kind of found valid ways to isolate the server freenas HDD's from the Windows SSD... Physically isolating the windows M.2 (PCI-e) SSD from the freenas HDD (SATA) by disabling sata controller was one of them. Or does that not make sense? Excuse the noobiness, but even if I don't actually put this idea into action I still want to fully understand why it cannot be done safely.

As mentioned above, disabling stuff in the BIOS is kind of risky, and doesn't always work 100%. So you're only "good" option for dual boot is to physically detach the disks. Of course, that then means plugging/unplugging all of your disks every time, which wears down the SATA/SAS ports. So again, something best avoided.

Dual booting is one of those things that sounds great in theory (less hardware to buy, less space taken up on a desk somewhere, etc.) but it really adds lots more complexity and problems and nobody remember to unplug everything 100% of the time. And you only have to forget to unplug the drives once for it to be a disaster.

So if you assume you're going to make that one mistake someday, and assuming you are wanting to do this to save all this money on a second system, and assuming you are about to store very important data (maybe even without a backup), is the risk worth the benefits? For the majority of people that do this (dual boot) and it blows up in their face, they realize that it wasn't worth the saving ($$$) that they got because they lost their data forever.

Unfortunately, ZFS doesn't really have 'recovery' tools that aren't outrageously expensive, so as soon as you make that one mistake, the cost to restore your data (assuming it wasn't overwritten, etc.) is like to be measured in $10k minimum, that $1000 for a second system is suddenly a great price!

That's why everyone here is saying "whoa.. bad idea with the dual boot". The risks, the rewards, and the actual costs if/when the data is lost leans heavily towards the rewards not being worth the risks.

Hope that explains everything. ;)

 

[Arman]

Good. You show promise! Many people want the sugar coated answers, which I'm not inclined to give. ;)



Disabling stuff in the BIOS is no guarantee that it is truly "disabled". It's a software switch that is off/on based on the setting. It doesn't always work, and doesn't always work 100% even when you think its working. In short, assuming that "disabled" in the BIOS means that no OS can touch it isn't a good plan if you are putting important data on the line. ;)

Ill be sure to test it thoroughly before I put any important data on it. In the end, it is at the BIOS level so it is much more reassuring than setting the volumes to disabled in disk management ahaha ^__^

 

[Arman]

If anybody can be bothered to take pictures of their supermicro X10-X11 motherboard's BIOS for me I will be very grateful. I just want to check out the options they have before I buy. Or can I see that information on the manual instructions of the motherboard? Ill go find out

 

[Jailer]

You'd wind up with an interview like this

Thank you for that, I loved it.

I don't know how many times when people have inquired about something that my first reply is, "do you really want to know or were you just making conversation?" Sounds a bit harsh but I find that most times people are just making conversation and don't want to be bothered with the details and their response to that question of course dictates mine. :)

 

[Arman]

Thank you for that, I loved it.

I don't know how many times when people have inquired about something that my first reply is, "do you really want to know or were you just making conversation?" Sounds a bit harsh but I find that most times people are just making conversation and don't want to be bothered with the details and their response to that question of course dictates mine. :)

Are you implying I was like that interviewer? Or?

 

[Jailer]

Are you implying I was like that interviewer? Or?

Not at all, just people in general that I interact with.

 

[jkh]

Are you implying I was like that interviewer? Or?

You're like the two magnets.

 

[Arman]

You're like the two magnets.

In what sense? ^__^