Interesting. Usually my critique for products like this is something along the lines of "great, but how are you going to access your data from the internet?" Typically the answer to that is you need some sort of tunneling service like ngrok to get around port forwarding, CGNAT, firewalls, etc. I maintain a list of solutions here[0]. The problem with most of these services is that they're targeted at developers and aren't something the average user should have to mess with.
In this case, the PiBox is being offered by KubeSail[1], a company which specializes in services like tunneling (they're already on the list mentioned above). It will be very interesting to see if they can bundle it in such a way that people don't have to worry about how the tunneling works. Extra points if they make it easy for users to buy/use their own domains.
This is exactly the goal - a box that anyone could buy, plug-in, click a few buttons, and get an on-the-internet service (like PhotoPrism or Plex) ready to roll. Bonus if they can easily control access, invite friends, and also if it's totally open and hackable - as much a learning platform for technology as a plug-and-play box-for-media.
Plex seems to be circling closer and closer to a bad place in their quest to be a media company.
I’d love it if they focussed on improving the UI and sharing aspects rather than pushing their media and weird default requirement for internet access.
Yeah, it started around 2017 with dark patterns to try and get you to create an account on their website and has only gotten worse from there. Can you even set it up locally anymore without forking over your email address? Shame how they shot themselves in the foot like that
We're starting with technical users - if we can't get programmers to love home-hosting there isn't much hope for the average user. As we go, we're very focused on making sure people who have no idea what Debian is can make use of the product, but I'm sad to say we're not quite there yet.
as opposed to the usual proprietary soon-to-be-abandonware firmware... guess that's a plus for everyone, not just developers, albeit they're the probably the only ones who care about it
I've heard good things about tailscale which does something magical I don't quite understand to get around NAT and allow access to your box in a secure way. I know (not so technical) people who have used it successfully.
Tailscale tries a few things, from direct connection, to NAT traversal techniques, and as a last resort, relay servers run by Tailscale that both nodes can connect out to.
The “magic” is just that it’s all automatic works pretty much no matter what.
I have no idea how Tailscale works, but it always does. I used to have a bastion host that I'd ssh into to access my home network. Now I just startup Tailscale and connect.
And Wireguard doesn’t rely on someone’s cloud server, too!
I looked into Tailscale because the hype is big, and I’m sure it’s good software… but the biggest reason I pay for a VPS is to get public IPv4 addresses I can connect to. A proxy will only add overhead and compromise privacy.
Edit: specifically, Tailscale uses their own proprietary relay servers, and if you don’t want to use them you can’t use tailscale. ¯\_(ツ)_/¯
> Edit: specifically, Tailscale uses their own proprietary relay servers, and if you don’t want to use them you can’t use tailscale. ¯\_(ツ)_/¯
This is incorrect [0]. You can use your own relay servers [0].
However, Tailscale only uses the relay servers as a last resort. Most of the time, the connection will be established directly between the peers.
If you're able to configure port forwarding on your router as another commenter said, wireguard works well enough. You'll probably be able to also set up some form of dynamic DNS if you don't have a static IP (like no-ip or duckdns, etc). In this case, you don't need Tailscale.
However, there are more and more people who aren't able to do the port-forwarding thing any more, such as those behind CG-NAT. For example, in France and, from what I hear, the UK, this seems to spread. In these cases, Tailscale's NAT traversal techniques may still work – that is, your connection will be directly between your two peers and not through their relays.
Also, of note is that their relays are open source [1], and you can run your own. But if that's the case, you probably don't need Tailscale and can get away with some kind of hub-and-spoke setup.
I find it hard to model the flow of this stuff and it can be hard to get a sense reading through the product offerings, maybe I can ask and you'll know enough to give me an overview?
Currently I run a server on a digital ocean box I access via a custom domain with a let's encrypt cert (too much detail about this setup is here: https://zalberico.com/essay/2020/06/06/urbit-on-the-cloud.ht...). It'd be cool to have this run on my home Mac Mini and just access it from the web.
What is actually going on to require this? I still need the custom domain, but now that custom domain is routing somewhere else right? Either to some software that's still running on digital ocean that handles this (wireguard?) that I'd have to configure or some service that deals with this? What are the actual pieces that are required for this to work and if you wanted to do it and control it yourself what do you need to know to do it safely?
Any pointers in the right direction/high level explanation would be helpful - there are a lot of unknown unknowns when searching or just services you pay for that abstract it away with some tradeoff in control (at which point I might as well just leave it on digital ocean).
I'd say the most important thing, meaning the one with the biggest influence on what you end up doing, is how you connect your home Mac to the internet.
If my understanding is correct, you want this server to be publicly accessible, i.e. by anyone, not just you or a limited, well-defined set of people. If that's the case, you don't need Tailscale, which can be seen more like a VPN.
If you don't have CG-NAT (meaning your home router gets a public, routable IP) you can probably set up port forwarding to your Mac and some script that would update your DNS entry if your IP isn't static.
If you DO have CG-NAT, or for some other reason you cannot forward any ports, you'll have to use something external to at least route the traffic. I've glossed over your link, so this may not work, but you could look at proxying your traffic with Cloudflare. Look up cloudflared. If that doesn't work, then yes, something like wireguard between your DO VM and your home Mac could work.
All in all, I think this is more or less a classic "home server" setup, so you should be searching for "hosting a server at home" or similar.
I have a similar setup. I have a server at my house that I want to be able to access from anywhere.
What I did was:
1. Install Tailscale on my devices (server, laptop, phone, etc.)
2. Setup a cert with LetsEncrypt and import it into Apache. I use AWS Route53, so this was as easy as setting up my AWS credentials and running the certbot cli.
3. Setup a A & AAAA record pointing to my server's Tailscale IPv4 and IPv6 addresses. This is fine even though these addresses are only accessible through Tailscale. You'll obviously still need to be connected to Tailscale, but you can just use your custom domain name to connect.
4. Done!
I use this server for media streaming and file syncing. I manage it with Ansible; I've even have GitHub Actions set up to run my Ansible playbook whenever I commit!
i have a systemd cron job (timer) that runs miniupnpc every couple minutes to ask the router to set up firewall rules that a box needs. for now i still manually update my home's dns records whenever there's a power outage and therefore new ip address. but i'll be building something dor dynamic dns soon enough.
but a couple boxes also ssh into a vps, and forward their own ssh ports to the vps, so i can jump into them indirectly if the main door/direct ssh way isnt working. this is also an ok way to expose ports on the internet if i want them proxied, if i need rate limiting.
I made a dumb script to handle my dynamic IP back before I knew of a better way and before I got a static IP.
It checked my IP, compared it to the last check, and if different, posted the results to my private Slack channel.
Then I just altered the IP on connection. It actually changed very rarely but until I learned of better ways, I liked it.
i've maintained router side tables for years. i actually prefer just having devices able to set themselves up.
even if i go to a friends house with a system, it should have a good chance of configuring itself there too. that's one huge advantage. mostly though i just dont want the centealization, dont want to be thinking about configuring routers.
Tunneling is a good fallback if you don't have working v6 or v4, but i disagree potential internet connectivity problems should be a critique of internet applications like like this.
Certainly it could still be useful without internet access, but it can't compete with Google Drive or iCloud unless you can easily access your data from anywhere and share with others.
Perhaps im just a jerk but all im seeing here is a very expensive diskless nas case that i can already buy from aliexpress for an order of magnitude cheaper. I'd be glad if you could change my mind.
I've tinkered with cheap nas cases. It's easy to end up with a case that: so thin/flimsy that it rattles, crappy plastic carriers that seem designed for 3 insert/removals before dying, terrible airflow, and/or loud.
There are exceptions of course, but it's not an easy task to find a nice solution that is quiet, vibration damped (easier on spinning disks), good airflow (keep drives cool), nice mini-itx or similar motherboard (ideally with ECC), an expansion port (10G or M.2/U2 cache), etc.
One I've had my eye on is the Fractal Design Node 304.
Is this really that expensive? I bought a 4-bay Netgear NAS (without drives) back in 2013 or so for around $375. I still use it today, but its performance is pretty bad (it's a single-core ARMv5TE with 256MB -- yes, MB -- of RAM), and I've had to deal with a no-longer-supported proprietary OS[0] based on Debian squeeze (unsupported since 2016).
I see a Synology 5-bay NAS on Amazon for around $700. The PiBox 5 plus an 8GB CM4 w/32GB eMMC runs less than $350. Even though I'd expect the performance of the PiBox to be less than that of a Synology NAS, I will gladly pay half price for something decent that runs an OS that I can update essentially forever and manage how I see fit.
[0] Luckily I've managed to build and flash a modern kernel and install Debian buster on it, since support for its hardware has been upstreamed, but I imagine this is the exception, not the rule.
I bought a rockpro64 and a NAS case with space for 4 drives, I added a 4xSATA PCIe card. Right now it's a 4x4TB ZFS setup that has been running as my own home storage for over a year continuously. Very happy with it.
I also have a rockpro64 with two 8tb WD red pro and in subvolumes with encryption i only get 70MB and in non encrypted 110MB.
I already switched from aes256-gcm (the default) to aes256-ccm, since that is less taxing ob the CPU.
I Start to get the feeling that zfs arm is not yet optimised enough.
this is the case: https://www.amazon.com/gp/product/B00J353KH8/ - had to modify it a bit to fit the rockpro at the bottom, use an ethernet extension to connect the cable from the back and a hacky switch to turn it on. But it works now and it's pretty stable.
After further poking around, I see that if one ponies up one's email and follows the (surprisingly dark-patterned) [0] "Sign Up & Customize" button [1], one can see the whole catalogue of planned PiBox hardware. It looks like you'd want the currently-unreleased "Box 2" -- assuming you could swallow the presumably still unpalatable shipping charges.
[0] OK, I get that these guys want to gauge interest as precisely as possible, given the frightening prospect of being a hardware startup during a chip shortage and/or burgeoning logistics apocalypse, but it's still a real eye-roller. Especially given how, like, cool this project otherwise seems.
[1] https://pibox.io/prefs <- note that without having already signed up, this'll bounce you to the homepage
I think it's a little unfair to call this a dark pattern. There's no point in selecting product options if you're not going to give them your email (since nothing is actually available yet), and I think "Sign Up & Customize" is a pretty clear description of what's happening.
It's pretty clear (to me, at least) that they're trying to see what people want (and even helpfully give the expected price points for the various options) in order to decide what order to design and build things, and I'm more than happy to help give that information, as well as give them my email address so they can tell me when the thing I want is going to be available.
I guess I just don't see what your objection is to their flow. The only improvement I could see would be waiting to ask for an email address until the end instead of the beginning, but I don't see that as being all that huge. And honestly I see that as sorta worse: it feels dark-patterny to get people to engage with you (in this case, by putting the various hardware option selections first), and then after they've invested the time, require an email address to make that time worthwhile.
>I guess I just don't see what your objection is to their flow
...they're asking for my email in order to let me see the prices. Why do they need my email in order to let me see the prices? Answer: they don't. So, uh, why are they asking for it? I find this bonkers. There are all kinds of Hackers on this site; I consider myself a Computer subtype, but I suppose from the perspective of the Growth Hacker, this isn't strange at all.
>And honestly I see that as sorta worse: it feels dark-patterny to get people to engage with you (in this case, by putting the various hardware option selections first), and then after they've invested the time, require an email address to make that time worthwhile
Question, would you engage in business with a physical store that made you provide ID (or even just an email) before letting you see how much things cost? Personally I go to the liquor store, select some liquor based on price and whimsy, and then I show them my ID to complete the flow. Placing roadblocks in the path of that flow -- I can't see the price without ID, and I can't just whimsically browse the shelves if I have to signal my intent to be there by digging out my ID before I enter -- seems like a bad idea.
Yeah I saw their 3.5" variant that's coming soon, but assuming it's prices only slightly higher than the 2.5" variant (keeping in mind it'd need a different power supply setup) it's still too expensive IMO. It's edging into the price range of other commercially available NASs for less performance.
Fair enough. I figure one of the things that I'm paying for is a non-wack firmware/OS in dedicated NAS hardware; it's less about performance for me (I could just use an old computer!) and more about power usage, form factor, and supporting general-purpose-computing-that-just-happens-to-be-running-a-NAS.
That being said, I love that someone is working on making this stuff easier to do, it was finicky to get it setup myself. I would be backing it if I hadn't just done it already.
I wish Kubesail all the best and I hope they succeed.
Cloudflare Tunnels is currently my recommendation for most people. Not only is it free, it will also manage DNS records and HTTPS for you very easily.
My main concern is that when it comes to self-hosting photos and videos, that's against the TOS for Cloudflare's free tier. If enough people start using it I assume they'll crack down. Bandwidth isn't free.
I'm not aware of many tunneling services that offer e2ee. My own boringproxy[0] does.
In any case, the MITM issue you mention is no different of a risk profile than storing your data on google drive or icloud, which is what most people are currently doing. Hosting through Cloudflare on a domain you own isn't perfect, but it's a big step in the right direction.
> But I am also not sure why I'd want to expose my photos and videos to the internet
I often share photos and videos with others, whether actually allowing them access directly through their device, or pulling images up on my phone to show them in person.
Not everyone stays at home 24/7. "Just" using a VPN of some sort means you a) need your mobile device connected to it at all times you wish to access your private resources, and b) can't be connected to some other VPN for privacy purposes.
I love everything about this except the included 15W power supply, which seems too low for a CM4, fan, display, two SSDs, and the SATA controller.
The CM4 draws somewhere between 7 and 9 watts under peak load, and each SSD would be around 2W under load. That feels pretty tight already.
I'm sure it would be totally fine at idle and low loads, but I just can't see it being enough juice at full load with two drives, especially if there are other services running on it and the storage is encrypted.
We've done a lot of testing it doesn't get close to 15W of power, and also never trips the low voltage warning with the variety of 15W supplies I've used. We are including a 17.5W power supply with all boards to give it a little extra margin, just in case.
Would you mind addressing this user's concerns [0] regarding the power supply? There's a serious allure to a NAS that actually runs a real OS and not some weird proprietary thing that's going to get pwned [1], and also isn't just a computer that I'm not using anymore.
...too late to edit, but the comment I was trying to bring attention to [0] has received a response by another founder in re power, and the 15w advertised is actually a 17.5w supply [1], according to the parts list of the DIY edition on the Kickstarter page [2], which is apparently enough to supply everything consistently.
Love the product and hope to see more success in this space.
Will it be easy for users to bring their own domain and/or buy one through you, or will they have to use a domain you control to use KubeSail tunneling?
I spent a little time testing Kubesail when I was testing the PiBox, and I have to say I really liked it. I typically don't run 'managed' solutions for K8s, but the way everything connected together gave me Rancher Labs vibes, it was simple to use and mostly intuitive.
With a little more polish I could see myself recommending it to more people, especially in tandem with units like the PiBox.
There is a list of other inexpensive arm boards which are Linux compatible here: https://wiki.debian.org/CheapServerBoxHardware I have been wanting to build my own NAS similar to PiBox Mini, and have been finding this list helpful. Nothing seems as polished as the PiBox though. Best of luck to them.
Looks great - exactly what I've always wanted to do with a Pi. Won't be buying one however, as the price is frankly outrageous; considering what you can get from a NUC or a Lenovo ThinkCentre, I would want to pay no more than £100 for the novel components, then bring my own CM4 and drives.
It's weird that there is no tier that offers everything from the Standard tier (case, fan, display, power supply etc.) minus CM4. I'd rather trade Wi-Fi capability for more eMMC storage, considering this thing will likely sit right next to my router anyway.
This is an interesting suggestion. We actually do plan on selling the case separately, so you could just buy the "Hacker bundle" and the case and you'd be good to go. You can see the customization we plan to offer over at https://pibox.io - but for the kickstarter we simplified things a bit!
That doesn't include the case though, which renders this back to the same state as my current Pi estate, ie "bundle of cables and boards too ugly to want to leave out".
Ah fair enough - we are also releasing our case's 3D files so you can easily print your own. I don't believe it's mentioned anywhere, but we're also planning on selling the cases on their own.
My major worry here is how they'll get their hands on enough CM4's. Aren't they like gold-dust at the moment? Lots of similar projects have stalled recently because the supplies just aren't there. Is the KickStart going to finish, we'll all get charged $250 but no product will be able to ship for several months to a year past the expected date?
It's nice to see projects like this, because IMO NAS companies like Synology are really overcharging. I have a tangential question however, regarding the google photos alternative mentioned in the marketing.
Has anyone managed to properly replace google photos with a self-hosted solution? It should:
1. have first class Android and Ios apps
2. should have auto-upload from mobile apps
3. should have share functionality between users, so I can share with my family
4. have a nice web/native app that lets me browse and manage pics on a computer
I understand that it is tough for open-source/free projects to build and maintain mobile apps (due to store fees etc). However, I think this is a big problem and I'm ready to pay for such software. Just not a subscription like google photos.
A litter pricey, great concepts. For me I will just use a rpi4 with two usb drives for a poor man NAS, that just backup stuff and nothing more, I can do it with less than $60(including housing, 2GB version, fanless)
I agree it is a little pricey for something that doesn't come complete with the SOC. I would rather use something like the ODROID-HC4[1]. It isn't as fancy as this or have as broad of support as the RPi, but it is $80.
Yes that looks very attractive, I am buying one so I don't need run usb cables external to my USB drives which is a bit messy.
On the other hand, you can have a USB3.1 hard drive docking station(around $30 for 2 hard drives) to hook into any cheap SBC board that provides a USB3 port. another way to do poorman NAS.
I have the Radxa 4 port SATA HAT, which is a USB mediated drive path via a double USB connector. I'm running ZFS on ubuntu over 4x 2tb shucked portable drives.
If you can make this use some PCI path to the drives, and support 2.5" laptops or SSDs, then you're on the same journey to a better story.
Radaxa have a vertical chassis, with a fan. It runs the fan a LOT. I suspect driving disks is hot work.
Anyone know of a similar solution that supports 3.5" drives?
I have a bunch of 4 TB externals that I would love to put to use. I know Synology, etc. exist but I don't need something so heavy. Just a simple Pi based case that can take one or two disks would be awesome.
Was really looking forward to the Helios 64 but unfortunately, they closed shop: https://kobol.io/
I'm looking for a simple DAS/NAS for 5-10 2.5" SSDs to attach either via a couple of 1gbit links, usb 3.(0/1) of a SAS connector (that could connect to a computer with a SAS/SATA controller running in HBA/JBOD mode.) but there doesn't seem to be much out there in the 2.5" space.
Worth pointing out that for the (not necessarily Faustian) bargain of offering up your email to the "Sign Up & Customize" box, you can access what appears to be post-KS pricing for the planned PiBox fleet. There's a 2x3.5" version, as well as 5-drive SSD and 3.5" versions, the ability to choose which of the Pi CM4 variants you want, etc.
I love the idea of getting rid of online storage.
I do have experience with a lot of HDs failing in NASs.
Primary the value for me in storing my 260.000 (approximate actual number) somewhere online is the reliability it gives.
So far with the services I use I have had 0 data loss.
I also have my photos stored in my home but now I do not have to worry about losing precious data if the storage dies. (apart from restoring / syncing from the cloud can
take a very loooooong time, and depending on service might
also cost a lot from bsndwith usage)
Doing local backups is prudent, if a bit complicated if your storage is in the 10TB - 200TB range. Ten rotate keep at least one off site.
I wish I could afford some of the new streamers, they can fit a lot of data into a small space.
Mostly size and power consumption. Four NVMe drives could almost fit in a traditional size Raspberry Pi case. It looks like it is also possible to do 2.5Gbit Ethernet on the CM4 [1].
Pi has limited PCIe lanes to devote to additional controllers. PiBox lacks USB3 for this reason -- all the throughput is already filled by SATA3. 2.5Gbit is likely to be mutually exclusive to either.
not sure it's just a throughput question... the thing is, there's only a single PCIe lane exposed, and multiplexing it to multiple devices (i.e. a SATA controller plus a USB3 controller) requires more electronics, and of course the bandwidth will have to be shared between the devices
This looks great as a portable NAS device. I could run it using Raspbian or whatever will run on the rpi. For me it would be perfect if there was a TrueNAS port to arm hardware that could run on the pi. As it is, I use a 2GB pi4 in an argon m.2 case as a traveling NAS. I run FreeBSD on that and it's not so much of a NAS as it is an NFS server.
Just finished watching your video on it. I'll be curious to see how the quality improves on the production units. I don't think I'll need 2 8TB drives for it lol but this seems to be one of the better RPI NAS form factors so far.
Heh, the 8 TB drives was more for show than anything else—I actually have them in mind for a separate project but it's more fun saying 16 TB SSD than 4 TB... plus one of my 2 TB Crucial SSDs seems to have burned itself out this week so I guess it's two good things!
I hope they make the 3.5" model too, though—it would be more cost effective (and fit the Pi's performance better) to use 3.5" HDDs that are a lot cheaper per GB, and could still easily saturate the 1 Gbps network jack.
I was hoping for a bit better performance. Any suggestions for similar that could max out 4-5 drives, maybe add a M.2/U.2 for caching (or 2), and handle 2.5 gbit ethernet?
If you want that many drives you’re better off with a proper NAS and a RAID setup imho. If you want an M.2 drive for caching, you’re basically in Synology territory if you throw your other requirements on top.
Sure, it’s not running an OS flavored for the Pi, but everything else you want is covered.
Ditto—though I'm also testing the Radxa Taco, which is hopefully coming soon. It has a 2.5 Gbps network port and M.2 slot, but the overall bus is still limited to 5 Gbps (3.6 Gbps real-world) because of the Pi's internal PCIe x1 Gen 2 lane.
If you really need the sustained performance, especially if you want to use it for things like transcoding, it's better to get more supported hardware.
The max bus throughput was always something that was the real limit with Pi's. Luckily they are getting better and better. I'm still rocking a first gen Pi as my Pihole. Dont need too much power for dns queries.
Can you run debian or similar on the synology 420+ so that when synology dies, merges, abandons the 420+, is bought, or just changes their mind that I can switch to something with updates?
Can you run debian or similar on the ts-932px so that when synology dies, merges, abandons the ts-932px, is bought, or just changes their mind that I can switch to something with updates?
The QNAP OS is already a variant of Linux, so with enough work you could make it run anything you want. I haven't tried or looked for instructions on it, though.
But, the data is more important than the OS here. And the filesystem is a variant of ext4 and there's some instructions floating around on how to mount drives on an external standard Linux machine to recover said data in the event of a disaster.
You should also back up the data regularly so it doesn't matter if the hardware or company fail.
Well the trick is, can a user do it themselves. Is there a locked bootloader? Proprietary binaries? Etc.
I'd be find with a vendor linux, but vendors tend to get bored with older products, drop support, go bankrupt, get purchased, revoke previously promised functionality, have security holes in their addons, etc.
The website also advertises running software other than a NFS/SMB/SFTP server, it's presumably for that. You might also be surprised how much CPU power something boring like Samba can use. Finally, an entry-level CM4 costs about the same as the cheapest well-supported SBC, IIRC.
That's like asking how cooking is different from eating out. You do it yourself, you customize all the things, you're independent, it can be cheaper than managed services if you discount your time or even scale it only a little bit, and many people simply enjoy it.
And if something goes wrong, you know who's at fault, who's on call, and who's gonna fix it :D (I host my own mail server among other thing, and it's mostly unattended but still I felt I should nuance the comment a little bit.)
Pricing is on the nutty side. You can do a lot better than that for $250 nowadays, though it won't be as compact. That said, I'm looking for something like this but able to take 3.5" hard drives (2 of them) and at half the price. Doesn't need to be pretty or have a screen.
Their webpage suggests replacing Dropbox with a self-hosted cloud service. I am not confident enough to put all my personal documents on a home NAS server which runs 24/7. It's basically open for hackers in the whole world to scan and eventually put ransomware in it.
I feel I am more comfortable with saving my documents on respected cloud service.
I do have a NAS at home but its not open to the internet and I don't put my documents on it, just media files.
In this case, the PiBox is being offered by KubeSail[1], a company which specializes in services like tunneling (they're already on the list mentioned above). It will be very interesting to see if they can bundle it in such a way that people don't have to worry about how the tunneling works. Extra points if they make it easy for users to buy/use their own domains.
[0]: https://github.com/anderspitman/awesome-tunneling
[1]: https://kubesail.com/