Hello - I might be an ‘enthusiast’? - Win scripter, can follow Arch wiki but can’t deepdive linux can-of-worms tho. Kiwi “power user” as such
Upgrading from a old Synology to a Aoostar 4bay ‘WTR’, primarily SMB, so features are covered So most things come from passionately wanting to use features and use hardware better. Things have been smooth, but with bugs and basics missing I don’t want to put brainpower into trusting to move to it yet.
I don’t know who you have written the review for. Some things don’t look implemented yet.
I’ve struggled with basics and potential bugs, meaning I’m not confident using it. Particularly Android app dumps all files in one folder with 10k limit, app translations, column headers, etc.
Some ‘good by default’ settings don’t have options. I don’t think I could only half allocate space so I could play with ZFS later.
“Modern” feels like you are starting from zero rather than polishing down previous UIs. Feels opaque - does that graph mean its fast or kinda average? OS version took hours to appear first time, upgraded without prompting me, and I’ve no idea when it’ll check for v1.5
CLI and Apps is the reverse - slim OS is good, but hard to penetrate, definitely don’t feel confident with using. Apps has usual lots of assumed knowledge; can’t search ‘gallery’, or check if any sync supports meganz without heading to google a lot, or eg. if Selkies/Trixie is insecure by default. Feels like the deep end rather than being a useful curated experience.
Even just locating the right place to log a job or ask a question. I feel so far out of my depth, asking the dumbest questions, at bugs that seem so obvious.
Positives from the articles;
I am enjoying the hardware freedom.
OS well optimized to host and handle.
App access “anywhere” a plus, but literally jumped up in panic when it first started installing ZeroTier as I wasn’t expecting combined feature app, and I still don’t know how it works.
Your biggest strength is likely your smaller team and being Agile. (Big assumption, I assume Giorgio is right with ‘passionate but lean’, as your About Us page is waffle sorry Ed). You can choose to fix faster, and focus on higher value - is it performing well?when do drives need replacing or upsizing?are apps healthy and secure? Rather than “roadmap”, it could be useful to see what you’ve acknowledged and what is “in-scope”, but still be Agile and don’t “commit” to anything.
Sorry for the braindump. xiexie thanks for reading. I might not be your target audiance, but maybe it helps.
I’m a newcomer in the Zima community, and I’m just starting to test ZimaOS on a refurbished mini PC.
As a UX/UI designer, I really appreciate the look-and-feel of this solution, specially compared to the Synology DSM I used for years… before a disk crashed.
About Synology DSM, even if I found it slow (a 2-bay drives, entry-level processor, 512Mb of Ram,…) and the UI outdated, it was finally pretty easy to use and I felt safe.
Safety is my primary concern (like for many other users I guess), and I think it is not so much covered in your blog post. But the comparison with DSM could be interesting with this topic too. That’s what I would like to discuss here.
In addition with other options already mentioned in this thread (and before this article is getting too old…), DSM v7 provides other options to secure the data:
Change the default ports to access DSM (I think this is what we can do in Zima settings already),
Remove the label ‘server’ from Http requests headers, to hide the machine type (is such setting relevant with ZimaOS?)
Enable automatic updates (I think it’s already ON with ZimaOS right?)
Enable email notifications, for new system updates, disk health alerts, 2FA,… (is it on your roadmap?)
Do not allow DSM to be embedded in an iFrame (could we have the same with Zima? Is it relevant?)
Deactivate the Admin account, once at least one sub account have been created (coming in a close future?),
Enable 2FA for some/all users (a basic and essential feature!),
Set User session timeout (important),
Enable (and set) Brute Force protection (could be a nice-to-have),
Enable DoS protection (same),
Hide the NAS, making it not visible for network discovery,
Enable the firewall (I know there is no native firewall, but maybe in a close future? With external app?)
Schedule automatic backups (I think it’s already part of the next ZimaOS update, right?)
Will Zima be aligned with the same security-level soon?
I’m not an expert at all. I just want a simple but secure solution for hosting personal data. I will continue to explore and test Zima. Thank you for your replies and your work!
UI Time Out, sure. But please don’t make file shares time out. Be it a NFS mounted on another system, or a samba share with users mounting with a drive letter that they have to have credentials to sign in.
I also thing 2FA for the web UI and App sure. But for file shares no.
Also I think as others have mentioned having full drives exposed to everyone is a big no, exposed to just admins yes. I haven’t even looked at sub users yet to know if there are security levels or not. As in creating users that can only access a specific file share for them.