Encryption, SED vs FreeNAS built in, user intervention at reboots and updates?

[JoshDW19]

The problem isn't that geli is broken or anything. The problem is that the FreeNAS middleware isn't well maintained with relation to encryption.

The tickets that I have are internal iXsystems tickets. So as I said, I have nothing to prove and have no intention of making internal customer data public.

Edit: And to be frank, if you're going to need me to "prove myself" with something as silly as encryption, you should simply add me to your "ignore" list so you never see my posts, because clearly you should simply ignore *everything* I say. If you're going to decide I'm an idiot or say things that are totally baseless, you can't be discriminatory about what I say. Either I'm an idiot or I'm not.

Cyberjock don't get hung up on having to prove anything. This is more about making sure that we have constructive dialogue. I would encourage you to get in touch with Kris so that we can make sure these encryption issues you mentioned are getting looked at. I'd like to also encourage you when saying things like the "FreeNAS middleware isn't well maintained" show us with a ticket / feature request where it can be improved and let's get fixing. There is active development happening now so it's time to get moving on this and get long standing issues fixed. Perhaps you already have brought internal attention to this and if so I sincerely appreciate it.

Thanks!

 

[cyberjock]

Cyberjock don't get hung up on having to prove anything. This is more about making sure that we have constructive dialogue. I would encourage you to get in touch with Kris so that we can make sure these encryption issues you mentioned are getting looked at. I'd like to also encourage you when saying things like the "FreeNAS middleware isn't well maintained" show us with a ticket / feature request where it can be improved and let's get fixing. There is active development happening now so it's time to get moving on this and get long standing issues fixed. Perhaps you already have brought internal attention to this and if so I sincerely appreciate it.

Thanks!

Yeah, already opened tickets on them long ago... shot down as "will be doing a rewrite in 10 anyway".

 

[fta]

Yeah, already opened tickets on them long ago... shot down as "will be doing a rewrite in 10 anyway".

https://bugs.freenas.org/projects/f...to&c[]=updated_on&c[]=fixed_version&group_by=

I only see one, and I agree with the assessment that iXsystems gave it. Or are these tickets you've opened also "internal"?

 

[JoshDW19]

https://bugs.freenas.org/projects/freenas/issues?utf8=✓&set_filter=1&f[]=status_id&op[status_id]==&v[status_id][]=6&v[status_id][]=12&f[]=author_id&op[author_id]==&v[author_id][]=110&f[]=&c[]=tracker&c[]=status&c[]=priority&c[]=subject&c[]=assigned_to&c[]=updated_on&c[]=fixed_version&group_by=

I only see one, and I agree with the assessment that iXsystems gave it. Or are these tickets you've opened also "internal"?

After discussing this with a couple of FreeNAS shark team devs it sounds like this is a serious deficiency as Cyberjock was trying to explain. The good news is there is a lot of good discussion happening on how we can properly implement encryption going forward. I'd recommend leaving this discussion at a rest for now.

 

[fta]

After discussing this with a couple of FreeNAS shark team devs it sounds like this is a serious deficiency as Cyberjock was trying to explain. The good news is there is a lot of good discussion happening on how we can properly implement encryption going forward. I'd recommend leaving this discussion at a rest for now.

I'd appreciate an explanation. I presented a design that would fix one of the major deficiencies in the current design. The reply was something along the lines of it can't be done due to the design of FN10. When asked for specifics as to why, I was met with silence.

 

[JoshDW19]

I'd appreciate an explanation. I presented a design that would fix one of the major deficiencies in the current design. The reply was something along the lines of it can't be done due to the design of FN10. When asked for specifics as to why, I was met with silence.

I can't give you any design details yet because there's not enough information that has been laid out. What I can tell you is that the FreeNAS 9 devs have been talking about ways of properly implementing this. If you asked / presented a plan a few months ago that may have been before development started to continue separately on FN9.x which could have been why they said they were going to re-write it for FN10. If you'd like to present your idea again please link the ticket and I'll make sure Kris sees it. I can't guarantee your idea will be accepted, but we're willing to look at it again. Hope this helps.