Need to use less power!

Don't forget your smart TVs... which are "always on", same as most system boards and microwave ovens.
My LAN and router hardware is up 24x7, but has no moving parts that suffer mechanical wear.
Same for my dual-screens on my workstation... they remain on 24x7 for the same reasons.
I don't run a firewall device.
We run a window fan in the bedroom year-round to drown out the noise of cop helicopters and barking dogs.

My power bill runs around $100 monthly before the air conditioning season comes in.
Then, it triples during the hot season.
 
Just curious... do the guys complaining about power consumption own an EV automobile?
Click to expand...

No!

I drive a 1983 Cadillac Eldorado Biarritz with an Oldsmobile 5.7 litre (350CI) engine mounted with a Rochester spreadbore Quadrajet (4 barrel).

6-8 MPG but comfortable as hell and fast, really fast. Especially for a 4500 lb sedan.

Just to update: I've got a DL360 running FreeBSD 13.2 with the SSDs running in two pais of RAID. I've loaded all the apps and have X running with MATE. I've still got to configure Apache and SQL Ledger and move some personal files and then I can shut down two servers with regular drives and use one with SSD's.
 
Here's a new question and LMK if I should start a new thread...

I'll be moving from the west coast to the east coast next summer and need a portable way to keep things running. I'll take my servers down in the spring and pack them into a 40 foot shipping container and it may be a few months before I can get them out and back online. I'll be driving across country and building a new shop at the other end but need to keep my business running the whole time.

A powerful laptop comes to mind as the best solution to bridge between the two locations.

I need the finance software to continue to run (Postgres and Apache) as well as email and browser.

Can anyone recommend a laptop with enough power to run FreeBSD, Apache, Postgreql, Perl, SQL Ledger as well as a desktop? I figure I only need 250-500GB of hard drive space. I'm willing to spend some $$ to get something good and reliable.

Any other suggestions welcome.

JayArr
 
I place Dell machines with all my clients because they are so well supported with BIOS and drivers.
In my opinion, AVOID the AMD processors and chipsets... stick with Intel all the way.
Again in my opinion, Intel is far better supported.

Buy as much RAM as the machine can hold, even if it means buying Crucial as a separate purchase and ditching the factory ram.
Most likely you will only have two RAM slots, so buy a pair of 32gb if you can swing it.

Buy a quality SSD and avoid the cheap OEM SSD favored by the big manufacturers.
For example, the Samsung OEM SSD cannot run their own Samsung Magician software.
The Samsung EVO is the higher end over their cheap line, and worth the small extra expense.

Avoid gaming video chipsets... you don't need them for a business machine.
They create needless heat, and serve no purpose for business.
 
JayArr said:
I'll be moving from the west coast to the east coast next summer and need a portable way to keep things running. I'll take my servers down in the spring and pack them into a 40 foot shipping container and it may be a few months before I can get them out and back online. I'll be driving across country and building a new shop at the other end but need to keep my business running the whole time.

A powerful laptop comes to mind as the best solution to bridge between the two locations.

I need the finance software to continue to run (Postgres and Apache) as well as email and browser.

Can anyone recommend a laptop with enough power to run FreeBSD, Apache, Postgreql, Perl, SQL Ledger as well as a desktop? I figure I only need 250-500GB of hard drive space. I'm willing to spend some $$ to get something good and reliable.
Click to expand...
Wouldn't it be easier to rent a dedicated server, or two if you really need redundancy, for the time being? Even if you really want to host everything yourself it could be an option in the meantime. As far as reliability goes it'll be much, much better than a laptop.
 
Hi Malavon

The way I've got my finance software set up I run Apache, Postgresql, Perl and then SQL-Ledger all together but serving only within the company. There is no outward facing service. This way all of my data is in house but all of my employees can access it. During the move there will just be me and my wife but at the other end we will expand again.

I already have space rented at a web hosting site that serves my web site to the internet but it's just a static information site, no commerce or interaction with visitors.

I hesitate to put all of my financial information on a server and then try to access it through the internet. I imagine the learning curve to make it all impervious to hacking would be considerable and it could still be hacked if the hosting site gets cracked from behind.

Correct me if I'm wrong but wouldn't that be hours and hours of learning and setting things up for a three month term that I'll never use again? I'm 60 now and don't want to waste three days of my life learning something I'll only use once.

I'll be traveling across the country in a travel trailer with a StarLink dish, my wife and two dogs while coordinating the building of a house and shop thousands of miles away. I won't have time for hacks, cracks or glitches. I know how to load all of this onto a server with FreeBSD, I've done it all a half dozen times now and I have a notebook of all the exact commands, file mods etc to load and do to make it work.

Maybe my perception of the amount of effort it would take to move to a dedicated cloud server is incorrect. If it's really easy to move to a cloud server and the learning curve isn't going to be more than a day I'd reconsider.
 
That changes things, I misread into thinking you'd be hosting public-facing software/websites on a laptop while on the road. Not sure what the best option would be in your case. I would stress the need for (remote) backups if you'll be driving around though, make sure you've got those covered then :)

As far as servers are concerned, I was making the assumption it would be running FreeBSD as well. Then again, if it doesn't need to be available publicly it adds an unnecessary security risk and I would personally not recommend it.
 
Then again, if it doesn't need to be available publicly it adds an unnecessary security risk and I would personally not recommend it.
Click to expand...

That's sort of my head space too.

Backups are definitely a good idea, I'll grab a portable external drive, it may be slow but that isn't a big factor for me.
 
JayArr said:
Backups are definitely a good idea, I'll grab a portable external drive, it may be slow but that isn't a big factor for me.
Click to expand...
While already a good idea, I'd add remote backups somewhere. Even if it's just an encrypted tar or database export on a google drive it'll add some protection against data loss.
Imagine crashing your car, destroying your laptop and backup disk. It most likely won't happen, but if it's really important data I'd advice not to risk losing it.
 
malavon said:
While already a good idea, I'd add remote backups somewhere. Even if it's just an encrypted tar or database export on a google drive it'll add some protection against data loss.
Imagine crashing your car, destroying your laptop and backup disk. It most likely won't happen, but if it's really important data I'd advice not to risk losing it.
Click to expand...

Excellent point!

I've got tons of 'space' on the server I rent for my web site I'll arrange encrypted tar backups to it so my data isn't location specific.
 
How about this one bgavin?

Dell Latitude 3540 15.6" Laptop - Intel Core i7-1355U - 512 SSD - 16 GB RAM - Windows 11 Pro​


I could pull the drive and out upon arrival and put an upgraded SSD into it.

This would have the added benefit of being able to put the original drive back in when I'm done moving and giving it to my wife as a Windows computer for the house. She likes a kitchen laptop so she can surf youtube while she cooks meals.
 
JayArr said:
I hesitate to put all of my financial information on a server and then try to access it through the internet. I imagine the learning curve to make it all impervious to hacking would be considerable and it could still be hacked if the hosting site gets cracked from behind.
Click to expand...

Does your internal server have a public IP address? If yes, running it in the cloud changes very little, the attack surface is the same (or nearly the same if your internal clients need to go over public networks). Are you sure all the internal clients are all perfectly well secured? If no, you already have a problem you have been ignoring.

Unless your internal network (which contains sensitive data, such as finances) is air gapped, you need to think through security.

Correct me if I'm wrong but wouldn't that be hours and hours of learning and setting things up for a three month term that I'll never use again? I'm 60 now and don't want to waste three days of my life learning something I'll only use once.
Click to expand...
Let me propose seeing it the opposite way: You may have considerable "technical debt" in computer security already. Maybe use having to move as an opportunity to learn how to secure your information; in the process you may find that the location of your server is not very important, and having it remote in a big hosting or cloud provider is just as good.

By the way, I still have my FreeBSD server at home, and am not about to give it up. But that's for a different reason: Where we live, the internet connection is always slow, and often unreliable. For example, just this morning we had a 10 minute internet outage for no logical reason. So I keep all my data at home, with an encrypted backup in the cloud, and a cloud host for monitoring.
 
Does your internal server have a public IP address?
Click to expand...

No. The server is internal only and only accepts connections from IP addresses of the local computers on site. The list is specific and individually itemized since there are less than a dozen computers that need access. No 'ranges' and no defaults.

Behind a PF Sense firewall.

It's definitely not military hack proof but I don't feel it is lying open waiting for Russian hackers either.
 
Ah, you invested your effort into making a very shielded internal network. That makes sense, and is nearly as good as air-gapping the network (which in your case would simply mean disconnecting the PF Sense firewall, and putting an air gap between the worldwide and internal networks). In a nutshell, you're basing your security implementation on the following assumption: All machine inside the site are fully trusted, so all we need to do is to prevent access from outside.

Going from that starting point to having the server in the cloud is indeed a bit painful, since you'll have to learn and implement something like "zero trust". Which is indeed a considerable amount of work: You need to figure out how to authenticate clients, you need to organize access control (who can do what), and you need to secure the transports. I think in the long run those would all be good things to do, but perhaps now is not the time.
 
you're basing your security implementation on the following assumption: All machine inside the site are fully trusted, so all we need to do is to prevent access from outside.
Click to expand...

Correct.

I think in the long run those would all be good things to do, but perhaps now is not the time.
Click to expand...

Age is a funny thing Ralph, I thought had all the time in the world to learn anything that tweaked my fancy, I learned how to rebuild automatic transmissions just because I thought it would be fun - and it was. Then when I turned 60 I realized time is shorter than I thought. If I live to 75 that means I only have 780 weekends left. That's a pretty definitive number so now they become more valuable. Do I want to spend a weekend learning how to harden a cloud server or do I want to spend that weekend building a custom exhaust for my Oldsmobile Rocket? Not all of my interests are going to get time so that others I enjoy more will.

I've also stopped cutting my lawn, I'm hiring out to paint my house and I'm not going to change my own oil anymore. LOL
 
JayArr said:
Age is a funny thing Ralph, ...
Click to expand...

I'm a little older than you! And yes, I started using a cloud server about 6 or 7 years ago (in spite of also having a fully secured site network). And in the last few months, when I had more spare time (no day job, sadly) I've been thinking about how to better secure not only that server in the cloud while making it more useful to our family, but also how to secure our house network better: WPA-x passwords are hackable or guessable, we give friends and neighbors our WiFi password for convenience (sort of needed in a rural area), so I can no longer trust all machines on the internal network.

But I get it that people want to have different hobbies, and network security is not on your list. My big hobby is "recreational landscaping and vegetation removal", so now I'll go and weed whack a quarter acre of high weeds, and then pick a dozen trees out of the forest with our crane and run them through our chipper. Our vehicle hobby these days is 200-300 HP diesel powered machines.

Having established that a physically small machine would better serve you than a cloud server, may I make a suggestion that's different from the laptop idea (which is also very good, likely better): Build yourself a small server, using a small case (I use a LianLi micro ATX case), a low-power motherboard (I'm still on a non-ECC 1.8 GHz 4-core Intel Atom motherboard, but that needs to be replaced with a newer machine soon), and a small number of disks (I have a boot SSD, and two data disks in a mirrored configuration, plus off-host backup). The net result is the size of a shoebox, has multiple Ethernet and USB ports, and uses about 30W in steady state. While a laptop is smaller and has the battery backup built right in (no UPS needed), a self-built computer is more flexible, and can be cheaper.
 
Here's an idea for the wifi security. I put an extra network card in the firewall server and ran it to the WIFI router on a different subnet. PF Sense allows me to run a separate DHCP server on the wifi and there is no connection allowed between the subnets. All of the "casual" wifi devices like phones and laptops connect on that subnet but my business is on the LAN subnet and is completely separate. There are some downsides - you can't print from the laptops to the business printers and the business desktops don't have access to the music archive but these are minor inconveniences we're willing to live with for security. There is a third subnet for the televisions since we get our programming by fibre to set top boxes. It is on it's own outside of the firewall.
 
Nice idea, and I'm planning to implement fundamentally that; have already done the first steps, but there is another few evenings of work to finish it.

Your solution relies on physically separating WiFi from wired (LAN), and treating LAN as fully trusted, and the wireless as partially trusted (enough to use network bandwidth, not enough to get to the protected business resources). In my case that doesn't work, since much of our house's internal traffic (trusted or not) is now using WiFi, and wired ethernet is mostly gone, too inconvenient. So what I'm going to do is use VLANs and multiple IP address ranges, for the multiple trust domains, but all sharing one physical network. The crux here is authentication: how do I know that a device that comes onto the network is who they say they are? For now, I'm just going with MAC addresses for that, since spoofing those is not easy for a casual hacker. That is only possible because our remote physical location (the nearest house is 1/2 mile away): Anyone who uses our WiFi will be seen soon enough, and I don't worry about camouflaged assailants crawling up the hillside in the middle of the night and doing MAC address spoofing.
 
I've replaced my proliant firewall server with a small "Barracuda" box that comes pre-loaded with PF Sense. A little confusing in how the ports are named but otherwise it's been great. It comes with five native ethernet ports so one in and four possible separate subnets.

I grabbed a sub$100 ethernet router and bridged it to act as a transmitter and set up the DHCP within the firewall. You'll need to get MAC addresses from your neighbors and set them up individually but then it's more secure. The router allows MAC address filtering as the first wall so if your not on the list you can't even ask for a DHCP number. Then the DHCP server only serves those on it's list, I assign dedicated IP address to MAC addresses and create static ARP table entries for them then lock out everything else so only the static addresses designated.

With a Barracuda box you could do this repetatively (4 times) to create multiple different wifi subnets within your location.
 
OK, I snagged a good deal on a pair of Lenovo P71 laptops, one for me and one for my wife.

Intel i7 CPU, 17" screen, 1 TB SSD drive, 16GB native mem plus I'll add 32GB more. DVDRW drive.

I'm hoping I can get FreeBSD, Apache, Postgres, PERL, and a desktop (mate XFCE?) with Open Office, Firefox and Thunderbird all loaded up and running fairly fast.

Wife will get Win10.

Anything I should know before I begin?
 
You must log in or register to reply here.
Back
Top