Then I was not sure what you meant by this:

I don’t actually know if this is the right way to calculate it, but if for each disk you count the time separately, and add it together for a combined MTBF, then that is 20 out of the 136 MTBF years.

5 years of drive runtime for one drive. 20 “years” for 4 drives, 40 “years” for 8 drives. I say “years” because the way I mean it is like this: running 4 drives for 10 minutes is 40 minutes of combined drive runtime. running 4 drives for 5 years is 20 years of drive runtime. I think calculating it like this can be compared to MTBF. but again, I’m not totally confident that it really works this way.

All in all, I am at this point only trying to track down and relay what I’m seeing about SAS vs SATA.

I think it might be because SATA drives you normally run across, especially in laptops, are not the enterprise kind, but consumer drives built from cheaper components and simpler designs. and those are lower quality. while SAS drives are always enterprise grade.

but still, in my experience SATA drives can have a long life too. but it may be more unpredictable than enterprise SATA/SAS drives

HP says that SAS is more reliable

could be controller chips and cable quality. but also, SFF-8644 type SAS connector can be used to attach a drive to multiple HBA cards as I heard, maybe even multiple machines, for redundancy

if you allowed that to happen you either did not set firewall rules strict enough, or if the client doing the compromise absolutely had to have access to the vulnerable service then you did everything you could to limit the chance of it happening.

usually the solution to that is to limit who can access what more strictly. dont allow user devices like smartphones on the iot vlan, as any app running on the phone could be doing nefarious things. only allow the iot devices and the home assistant service on the iot vlan, and user devices will only talk to home assistant, something supposedly more secure than whatever iot devices there are.
similarly, don’t allow user devices to access the ip cameras. put the ip cameras on a network where only the NVR software can access them, and user devices will only access the NVR. if you can, don’t put the whole operating system of these services on the iot and ipcam vlans either. this is possible when the services run in containers, because you can pass in only vlan specific interfaces to the containers. if not using containers, you can still use the operating systems firewall to filter incoming traffic.

if you set up proper network filtering, the “if” in “If your firewall couldn’t stop it” will become a pretty big “if”

I’m a repair depot I typically didn’t see drives that live much longer than 17k hours (just under 2 years).

I have a bunch of working drives with 2+ years, and in my area almost everyone still has their system installed on old hard drives

that it would be difficult to project an average lifetime of 20 years

I did not mean an average timeline of 20 years

that when Backblaze mentions consumer vs enterprise drives they are possibly discussing SATA vs SAS.

there are plenty of enterprise SATA drives

This comes from the realization that enterprise workstation drives are still just consumer drives with a part number label on them (seen in Dell and HP Enterprise equipment).

that’s workstation drives. Obviously if your work buys 2 TB wd blue drives they won’t become enterprise drives. enterprise drives include like that of wd red pro, ultrastars, etc, which do use the SATA interface.

The security reason generally doesn’t exist for home labs because most need to setup bridging or you can’t access the devices on the secure vlan at all.

bridging can be set up in a limited fashion. it could happen with a firewall doing routing and filtering

that mathematically does not stand.

if a drive costs 1000 and another 2000, it cannot be that all is worse than each other!

thanks! as you say because tye 5 vs 136 years it does not really matter in our environment, but it probably starts mattering when you have lots of disks.

I don’t actually know if this is the right way to calculate it, but if for each disk you count the time separately, and add it together for a combined MTBF, then that is 20 out of the 136 MTBF years.
But with 30 drives that will be 150 and indicate that you will likely have at least one error of some kind because of using SATA

Supposedly SATA controllers are also not built for the abuse I have been throwing them in my machines, and I don’t want to push it.

what makes you say that?

that’s dumb. there are still better and worse prices

Unfortunately I didn’t have much fun, but good to know you were only here to stir up shit and have “fun”, while spreading bad advice.

if they can detect it, why couldn’t they block it?

The scraping/bandwidth abuse problem can easily be worked around.

how?

anubis does not protect the APIs, and it cannot protect against bot traffic coming from many different residential proxies

for a very long time it was not only possible for experts. like, I would say the last 10-15 years, maybe even more. It’s very harmful that people can now create things they don’t even know how to check what it does, and they just assume this “sentient thing” actually produced what you wanted with no major flaws. thing is, you (or anyone else vibecoding things) won’t be able to determine what is good or bad without taking the time and learning the building blocks, learning how they work and how they are supposed to be used.

also your comments look like AI generated comments, fake enthusiasm and all the rest. it does not inspire much confidence

“if I don’t have to”. and, is your jellyfin running as root? or are you running it a different way, e.g. from apt package (where I believe it’s sensible by default)? I smell doubt.

but in either case it does not matter how do you run jellyfin. what I care is how many other people are running jellyfin exposed to the internet because they think its safe, because people on forums told them so, with the popular docker image where it is being ran as root.

I’m not moving goalposts. I’m still firmly besides my point that for the general jellyfin admin exposing jellyfin to the wide internet is unsafe and irresponsible. and seeing all the downvotes but no one else telling their opinion, it seems no one knows better either and they are just angry I pointed this out.
again, I don’t care how are you running Jellyfin. I don’t want to convince you on that, you do whats best for you, it seems you might have done some precautions. what I care is to not recommend these practices to others (without the full picture), because they are unsafe, especially without further precautions like running a(n unofficial) rootless jellyfin docker image and an intrusion detection system, which I guarantee most people won’t have.

plenty of FOSS projects are safe to expose through a simple reverse proxy

I have my doubts about that. Personally I would never do that.

Talking about security… Have you heard of intrusion detection, process isolation, or principle of least privilege?

are you aware that the very popular official docker image for jellyfin still runs the jellyfin process as root? or that most people just mount their media libraries as a read-write volume because they don’t know better?

I would also be very interested about statistics on how many jellyfin admins run intrusion detection software on their system, if you have any.

yeah, it’s the operator’s job to help setting that up

wow not just totally unprofessional, but even downvoting the calling out the lack of credible security! you can be ashamed of yourself, and hope that your clients never find out you are a contrarian

I really doubt your work has anything to do with computers

would not ever use your services in that case

much of the internet is run on simpler software or by full time employees tasked to deal with all this. but sure, ignorance is bliss, what you don’t see does not exist, etc etc, keep running your Jellyfin exposed to the internet. you wouldnt even get to know when your system is compromised. but you know what? you could even remove your password for extra convenience. who would want to log in to a random jellyfin account anyway! surely no one! just don’t recommend these practices to anyone, because you are putting them at risk.

idk man, I wont keep my front gate unlocked just so my friends can come in without keys. either they accept having to carry an additional key, or they won’t have access without me, but I’m not going to compromise on reasonable security. oh the burden I know.

I’ll help them set it up if they want it, they are not on their own. but zero effort won’t work.