I agree with most of your worries, actually. However, I have one major thing to ask: how about VLANs? Am I the only one who can't understand why they won't allow you to have multiple VLANs in the same interface? Do I need a 10GB fiber port for every VLAN I have in a small/home office? Doesn't make any sense.
@SpaceRexWill
8 ай бұрын
^that is my #9 now! Completely forgot that this did not make my list!
@maxherman11
8 ай бұрын
I’ve done this with the CLI, it is supported by that method in that it will work, but it’s hacky. I wish they would just let us define VLAN’s per interface. TrueNAS does this and I love it. I had to buy a $400 4 port NIC just to have 4 separate interfaces on my NAS, which is so dumb.
@RobertFabiano
8 ай бұрын
So annoying. This is what makes Synology not enterprise ready.
@jrbenito5983
8 ай бұрын
@@maxherman11 did you manage to make it work with OpenVSwtich enabled? I could only figure it out with vswitch off.
@alin.danila
8 ай бұрын
Yessss ! You pretty much nailed it regarding Photos 🎉 1. Let us pick our own shared folder for shared space 2. Fix the “read-only” permission for shared space. Not only that timeline view is not working, also the automatically created albums like “people” , “tags” , “videos” are gone .. 😢 Those things makes Synology Photos not usable for families with 1 admin and multiple “read-only” users that wants a central shared vault for their entire family photos. I gave up on Synology Photos because of this .😢
@argeebargee1503
8 ай бұрын
Well said...couldn't agree more. It is far too tied down for my families usage. Great wish-list from Will😊
@alin.danila
8 ай бұрын
@@argeebargee1503 They focused on being a google photos replacement for individual , “isolated” users with private galleries and accounts …. while most of us out here are families that runs a central archive for our entire photo legacy. Maybe there are particular niche use cases for a self-hosted “google photos” … but i bet that for family use most of us wants the entire household photos organized and accessed in a central archive / vault by other family members. Not “segregated” by users, private “owners” and so on … Also by forcing me to use their hardocded shared folder it gives the impression that the app takes ownership of it and i can’t really control it by forcing the app into read-only mode. So , who knows what app can do in that folder ? Since i can’t force it into read-only mode at system level (shared folder permission)
@nimrod1717
8 ай бұрын
What do you use instead of Synology Photos?
@alin.danila
8 ай бұрын
@@nimrod1717 Currently ... nothing :) . I decided to keep my family photo "vault" un-touched and go another route with maybe a separate "media" server. I'm thinking about having another nas (Synology or build my own) as a family "media" server and having Plex / Emby / Jelllyfin ... or a dedicated photo server app like Immich displaying the photos. I want to separate the household "services" from the important storage "vault" of irreplaceable data. That means i will duplicate and "rsync" our photos/videos to the media server for consumption and keep the archive un-touched, properly backed-up, off-site backup, snapshots ... the whole menu :) For my "real" Photography raw files i'm using Adobe Lightroom Classic. As far as workflow goes for our iPhone photos, i always did it the manual way: Importing iPhone photos to Mac, culling, renaming files (YYYYMMDD_HHMMSS ... so they fall in the right chronological order for the same "event" within the same folder when using multiple iPhones), placing them in the right directory structure ... and then moving them to nas. I never used Synology Photos as a "sandboxed" ("isolated" users) google photos replacement or for backing up photos using the smartphone app etc. I just want a solution for viewing our home archive. I'm taking the time to properly archive photos anyway.
@YouAreOnTheWoodway
8 ай бұрын
Encrypted home folders for each user. And your points on docker and Photos are so right!
@TheCynysterMind
8 ай бұрын
I like your list. Here is mine 1. Built in Certificate authority 2. On the fly encryption 3. Better File Permission Granularity and set FTP home folders separate from DSM home folder. 4. Better handling of Playlists in Audio Station (If you have playlists created for each and every album like I do AudioStation Chokes on so many playlists) 5. Be able to remove/change default Audio and Video Folder ( I do not use them and want them gone) 6. Be able to manually remove root shares like PLEX... once plex puts their folder there is no way to remove that share without resetting the whole NAS. Cheers
@MrAntonioTech
3 ай бұрын
I think they listened to you about the Synology photos because I just checked and it's possible to "Grant this privileges to all users by default." I was able to get into the settings and allow all users to see my (admin) photos. This is great!
@RamonddeVrede
8 ай бұрын
Yes and also add deduplication! At least minimal on Photos. It's on backup but not on shared folders :(
@CedroCron
8 ай бұрын
Good information on the Certificates Will, That was a really big thorn in my side with my family units. Thanks for the work around with Active Backup for Business. With regards to Wireguard, I use tail-scale to link my Synology units together. It works fantastic and it's easy to setup.
@lucabertagnolio9166
8 ай бұрын
+1 for Tailscale. The package is already on DSM and it works great even without punching inbound holes on the firewall, which is the case with vanilla Wireguard. Tailscale can also be used as the encrypted tunnel to sync two NAS between them as described by Will in his video. It just works!
@regwatson2017
8 ай бұрын
Here's another issue that I and a lot of others have. The damn disk access lights never stop blinking. No matter what I do I can't get the device to go into sleep mode. I can only believe this is causing extra wear and tear on my disks.
@BoraHorzaGobuchul
8 ай бұрын
Actually, disks don't like start-stop cycles, so having them spin 24/7 is actually better
@DaystromDataConcepts
8 ай бұрын
As a visually impaired DSM user, I'd like better screenreader accessibility. There are screen elements that simply aren't read at all, so I get a partial picture of most DSM pages. They're close, but need to just tweak a few things to make it easier for people in my situation. Yes, I know I am a niche case, but screen reader accessibility via a web based UI isn't uncommon.
@rikbootsman
8 ай бұрын
Yes agree! Especially on synology photos! Sharing between different nas systems of others would be great, quite some of our friends also converted to synology to store their data, but my album link cant be visible in their synology photos, would be great to have a one time sync/ continuous sync job that runs daily/weekly. And opening a synology album link via whatsapp for example always opens up the website, even for users with the synology photos app installed, this should not be the case, really makes it a lot easier for the parents to upload their photos by simply clicking the link and automatically be in the album where they are already logged in via the app and can add photos from their personal space
@PowerUsr1
8 ай бұрын
Keep in mind that QuickConnect is keeping Synology in the middle of the flow. They do have the ability to peak inside and see whats being transferred. For environments that need security this is an obvious problem and its best moving to VPN if possible which in 2024 shouldnt be an issue for a single company. Synology offers OpenVPN built in or use IPsec/OpenVPN on the firewall. I would avoid quickconnect for the MITM that it presents.
@lucabertagnolio9166
8 ай бұрын
I beg to disagree. They can see flows of traffic, but cannot "peak inside" as there is no SSL inspection possible since the connection is end-to-end encrypted using a certificate emitted by a CA on which they have no control. They simply do NOT have the private keys needed to access the SSL encrypted traffic, IMHO.
@SmallSpoonBrigade
7 ай бұрын
@@lucabertagnolio9166 TBH, they control the software on the device, if we can't trust them to not have a key to the SSL, then we can't trust them to not have some other type of backdoor either. At that point, you might as well roll your own and block anything not going through a VPN.
@tjmitchell42
6 ай бұрын
The biggest thing to me would be able to sync changes in photos. For instance, deleting something from photos when i delete it on my phone. Plus having the ability to select rules for free up space. For instance, delete pics on phone older than a year.
@dkostasx
8 ай бұрын
What they have to do 1st is to deprecate the 1Gbps ports on their DS NAS units
@pcread
7 ай бұрын
A Twingate Client would be good. The connector works great in Docker, but It would be brilliant to be able to connect into a Twingated network.
@stephengrieve8nt
8 ай бұрын
The only other thing I would add is the Synology CMS neeeds work, it's been the same forever, either make it more like a full Group Policy management tool or remove it, at the moment it seems like a bit of a half way house. Great video by the way, a lot of good points in your hit list 🙂
@DavidM2002
8 ай бұрын
I'm with you 100% on Synology Drive. I was going to set it up a few months ago and then realized how much folder structure would have to be created and how much I would have to change my existing structure. Even for my limited needs, I was not going to go there. I just needed to share / sync files so SyncThing fit my needs perfectly.
@kissinuk
8 ай бұрын
On photos I would also add the ability to view people who it thinks have only been identified in one photo (currently it's a minimum of two). I've lost count of the number of times I need to view individual photos to tag my daughter just because it didn't identify her. I'm referring to when you go to 'People' / 'Show Hide People' / 'Show more'.
@greatwavefan397
8 ай бұрын
Saving this for when I plan my DIY NAS
@nrjonesy
8 ай бұрын
Synology Photos needs to be customisable for photographers' creating their own business brand, allowing photos to be shared with clients without the "synology photo" branding.
@fnerf0
8 ай бұрын
Not using synology photos JUST because I cannot set which folder to look into. What a stupidity.
@kg4dni
8 ай бұрын
My biggest pain point is not being able to edit within the Synology app like I can with Apple Photos or Google Photos. I can't find a good workflow and I rather not depend on Lightroom. Photomator isn't even good enough yet to recommend. It still has some bugs with the sliders staying put after changing them.
@MC-ExcaliburProject
8 ай бұрын
Also, why can't you view specific folders in the timeline view? For example, I have personal and work stuff in different folders; in the timeline view, everything is mixed. Why can't I specify which folder to view lol?
@SpaceRexWill
8 ай бұрын
I completely agree!
@terranceroberts6259
8 ай бұрын
I am a beginner of all beginners at this stuff. I have set up the NAS. All I want to do is put video and photos on it so my family, from different computers, can access them in the simplest possible way. Id also love to see how a person (as a family member) then can login; and how does he login. Does he have a new user?. Does he need a synology account? How does he get this account?. GRRRRRRRRRRRRRRRRRRRRRRRRRRR
@syl764
8 ай бұрын
Allow Active Backup for Business to backup Hyper-V virtual machines from Windows 10/11 Pro rather than just Windows Server. It even did it on DSM 6 an still works if you had set it up previously. Most annoyingly, it can do it if you SSH in and manually edit config files. Why can't it do it by default on DSM 7?
@nickverstand
8 ай бұрын
Quickconnect Pro is exactly what I was thinking when I first saw the crazy slow upload/download speeds on the current quickconnect. It would make it much less necessary to use third party options like dropbox/google drive with dsm to get decent speeds.
@EricOnYouTube
8 ай бұрын
Hello, Will. Can you explain how the 5 bay expansion unit works? Thanks.
@tobydavis166
7 ай бұрын
I have a question. I am setting up a Synology Nas. I have tons of photos from Amazon photos, google photos, iPhoto, phone, old computers, etc. each time go to upload them it creates separate files to them. is there a way to merge them all and have them index them on one timeline? Right Now each file has their own timeline. I just want them all in one place and have a way to get rid of duplicates.!!!!!!
@davidputt4638
8 ай бұрын
Darn! Too bad a ups couldn’t save that data. For NAS would you recommend a pure sign wave ups? Or is a standard one ok?
@jungleboyfromoz
8 ай бұрын
I wished they’d change the frequency the OpenVPN connection would attempt to reconnect after dropping out (currently every 30 seconds for only 5 minutes) I did change this to one year but after every update it changes back to 5 minutes. It’s such a pain
@johann-sebastianbach2839
8 ай бұрын
I would like to have temperature sensitive fans, so that there is less noise and less wasted energy.
@sitte24
7 ай бұрын
They are already, you can even manipulate the fan curves yourself, just not in the UI
@samuelmain5124
8 ай бұрын
Great video. It would be nice if the active backup for business for Outlook could backup personal accounts. It only supports business accounts.
@sitte24
7 ай бұрын
This one might be a limitation on Microsoft side
@vardagsteknik6576
8 ай бұрын
Do you not have an UPS at your Mac?
@SpaceRexWill
8 ай бұрын
haha its was actually the camera (use a wall AC adapter for it) that died. Well that and all the lights. I film on a laptop
@vardagsteknik6576
8 ай бұрын
@@SpaceRexWill Oh. Bummer.
@ChristopherJohnsonIsAwesome
8 ай бұрын
Update their client apps to work with a modern Linux kernel version. I'd love to use Active Backup for Business again.
@BoraHorzaGobuchul
8 ай бұрын
Easy switching between personal \ shared \ all music in DS Audio app is also sorely needed. Currently you have to go to settings to do that, which is idiotic. And they would benefit greatly if they hired somebody who actually know how to make good audio player apps.
@ajeerson
7 ай бұрын
Is it possible to get the 'Photo' map work like a normal map? Browsing via SMB.
@TWARDOWSKY.
8 ай бұрын
I also have ideas on what to improve, I send a lot of suggestions for improvement via their official portal, unfortunately I don't see any effects or feedback. Do you have a more effective way to report it to them, through which channel or how to increase the likelihood of implementing the change?
@SpaceRexWill
8 ай бұрын
I really wish I knew the answer to this as well. I have looked around and not really seen anywhere. The only way that I have really been able to do anything is put it in a video like this and see if it sticks. Which is not something that 99% of the user base can do
@mendozairis
8 ай бұрын
Just wishing Synology introduces more VPN options natively such as WireGuard
@joseignaciogarciaalemany1830
8 ай бұрын
adtive backup for bussines to usb external disk
@yesmanhk
8 ай бұрын
i have dropbox and i dont understand why synology not have the same thing for NAS. i checked the photo and i can't add shared user under access permission page, any idea?
@SpaceRexWill
8 ай бұрын
Make sure user has access to photos
@yesmanhk
8 ай бұрын
@@SpaceRexWill I have 2 accounts, Sam2 and An , both user with user access and photo access ,i login to s_admin with admin right , and I can't see that setting
@cyberwasp461
8 ай бұрын
Certificates drive me nuts. Only thing I've been bugging them about is Synology photos Personal Space! How hard would it be to add an indicator to show if a photo has been added to an album or not.
@droneforfun5384
8 ай бұрын
Thank you will. I would be satisfied if they could just KEEP the viewing order of photos once it is set, and apply the setting to all albums. Super annoying to change this setting OVER AND OVER 😣🥵😳 WHY SYNOLOGY, WHY!?
@syl764
8 ай бұрын
Make snapshot replication failover work for home folders.
@RC-1290
8 ай бұрын
What are the reasons for people to go with a self signed certificate, rather than one from Let's encrypt? Sure it takes a little bit to get it set up, but Synology's DDNS lets encrypt doesn't even require any open ports, and it sounds like you're talking about clients you helped to get set up.
@RC-1290
8 ай бұрын
5:43 you don't need to open it up to the internet for the let's encrypt certificate, because it uses the DNS-01 challenge. Which reminds me, you should update your tutorial, it's not necessary to open any ports.
@BoraHorzaGobuchul
8 ай бұрын
Home folder replication?
@ITSupport-q1y
8 ай бұрын
I Agree !!!
@IntoxicatedVortex
8 ай бұрын
As of 2020 SSL certificate issuance dictates a maximum validity of 1 year. This is something ALL certificate authorities must comply with. The change to 1 year certificates is probably related to this rather than Synology being arbitrary with it. With regards to QC, if performance is important then setting up the NAS to be on the internet is all that's required. DDNS is the lowest bar to jump.
@SpaceRexWill
8 ай бұрын
So thats only for signed certificates. If you want to self sign you can do 30 years
@IntoxicatedVortex
8 ай бұрын
@SpaceRexWill Sure, but there's a reason for it and it applies to self signed certificates just the same. Just because you can do something doesn't mean you should. We also expect Synology to protect us from the ills of the internet as best they can. Allowing a certificate to survive 30 years simply isn't doing that. Given how cheaply certificates come these days, and Let's Encrypt cannot possibly be cheaper, using self signed certificates is simply a dumbass thing to do.
@ruben34
8 ай бұрын
Just the ability to check users UID would allow me to NOT ssh into the nas just to find out the ID of the new user I just created. Like in control panel > Users > User properties > PUID and PGID
@SpaceRexWill
8 ай бұрын
Even better, set it there too! Like TrueNAS does
@SuspiciousAra
7 ай бұрын
But you can make your own 20 yrs self signed certificate you know :) i can send you one that is "synology" signed wink wink.
@michaelhull7873
7 ай бұрын
AND, is Synology listening? NO!
@chrisbertrand2969
8 ай бұрын
Your real wish should be to allow 3rd party packages that ran with root permissions/user have the "option" to be able to install with a "checkbox" that says, "Yes I understand this runs as a root user and let me install it" instead of, hey FU, we think we are Apple and will tell you what you can and will be able to run on YOUR hardware that you own. They have screwed so many people with their heavy handed BS and no way to get around it in their name of "security". No one asked. Now I'm forced to sit down and learn Linux, build a Dev environment, and test bed VM (so far both successfully) and try and rewrite a 3rd party app installer / scripts that multiple people use because of the DSM7's new "security" model. Wish for a user override, the rest is noise.
@PopularWebz
8 ай бұрын
What? Just put it in a Docker container. It's better to contain it anyways rather than making broad changes to the base OS
@chrisbertrand2969
8 ай бұрын
@@PopularWebz No what, if I wanted to use Docker, I would install it, I don't. The package ran find for several versions of DSM up until 7. Docker isn't the solution, it is another layer of BS. The users of the package have no interest or desire to use Docker either, so there's that. It isn't for Synology to tell me how to run my hardware. It isn't like this was day one operation and I'm asking for an exception, it's the other way around, it worked from day one and now you've screwed with my day to day because you can..... don't piss on my leg and tell me it is raining. There are no options without being a dev or paying someone to fix my issue or using the almighty "docker"... not interested. Give me the option to make my own damn choice about my own hardware. I don't need Synology choosing for me regardless of their intent. Or better yet, provide a tool that could convert .spk files from root user to a specified user on THEIR dime since it is their requirement. I will be voting with my wallet on the next NAS for sure.
@Paxtiny
8 ай бұрын
Stop advertising Synology as homelab equivalents. Yes, it runs many applications but you can watch it grind to a halt.
@PatricSjoeoe
8 ай бұрын
Synology as homelab is perfect. Stop complain :)
@RichardBuckerCodes
8 ай бұрын
#1 - stop calling china
@BoraHorzaGobuchul
8 ай бұрын
Photos are very inconvenient. Hate sharing albums, apparently can't share a single photo or a group of photos? UPD: turns out I can. But it's absolutely unintuitive, shared photographs appear instead of "Shared space" in "shared with me", which has a right to exist, but they definitely should appear in "Shared space" for those users who are allowed acces to the photo when it is being shared. Use case: each family member=user has his own photo folder, and shares some of those to a common shared space. The way it is done now doesn't work...
@yumahirayanagi712
8 ай бұрын
Great video! I would love to see broader support list for 3rd party drives.
@RobbieKiama
8 ай бұрын
Most of these are not some ground breaking new technologies.. It seems Synology just needs some good UX improvements
@SpaceRexWill
8 ай бұрын
That was the goal, add stuff here that was easily enough to implement, at least not crazy
@TheFPSChannel
8 ай бұрын
Love these. Especially the Dropbox-like share feature and the more understandable download area. Blackmagic annoys me the same way. I just want to go to a download list and instead I have to go though a e-magazine format, search for the latest update of something based on all the applications being sorted together by date the version added and then they try to trick you into adding your personal info again only to realize it’s not required. Software wish: a setup ‘wizard’ that from the start asks you a series of questions that ruthlessly optimizes your settings depending on your use. We shouldn’t need a Synology degree to figure out every single setting. Hardware wish: ditch USB-A ports for USB-C (it’s overdue - and I notice some competing products coming up that do this). Stay awesome Will (and Katie too!)
@Russell7777777
8 ай бұрын
If I understand it correctly, for quickconnect, you can have open ports even withhout static IP? Meaning if I open ports 5001/5000, use quickconnect to my NAS, it will find that ports are open and conenct directly? Without using direct IP:port for the address? Do I understand your comment correcty?
@masterjaykay1
2 ай бұрын
Synology should be paying you for this quality feedback 👍🏻👍🏻👍🏻👍🏻
@chrisd.5625
8 ай бұрын
Synology Drive is a cluster****. It mostly doesn't work properly, takes ages to connect even with opened ports or when connecting via VPN. And there is the "connection failed" issue on my phone which is just killing me. Tried every fix under the sun but might have to go back to a cloud provider again to have quick access to my data.
@skipguenter3711
8 ай бұрын
Besides that ABB linux client doesn't work on any recent distro (> kernel 5.13). Sure wish they'd update that client or quit saying ABB works for Linux clients.
@FrankieMead
8 ай бұрын
Remote Surveillance access simply does not work anymore while using DDNS. What gives?
@SmallSpoonBrigade
7 ай бұрын
I'd be happy if they'd just fix the terrible UI performance. I should be able to type my user name and password in and not be thwarted by having to wait multiple minutes for the OTP to try and then fail to work. This is 2024, that isn't acceptable.
@johnkurle5793
8 ай бұрын
A few things I wish synology would change in there 4 bay NAS units, put in intel core i5 or i7 CPU and support 32GB memory to be able to run some virtual machines and have 4 gigabit network ports.
@byrd203
8 ай бұрын
Always Use a UPS, no ifs and or buts, to safely stop recording if you not using a UPS on every piece of gear, that's not good for Electronics. Even the US gov is making it where any new Homes must have a whole home UPS nowadays. because of to many Fires. i blown out recording cameras before and TV"S and monitors
@wjauregui
8 ай бұрын
unrelated to this....but, id like to hear what you think about the new UGREEN NASync series
@petermarin
8 ай бұрын
Synology Photos improvements!!
8 ай бұрын
On top of all this, what we need from Synology is a wired router with 10g (2 of them) ports, not necessarily wifi for me as it would sit close to the fiber connection in the garage.
@kafaichan5472
8 ай бұрын
I like synology photo to add achieve function to not showing all photos to timelines.
@danibluray
7 ай бұрын
How about them to restore the compatibility with other drives? That is key, there's where we store our precious data.
@SocialWorkProfessor
8 ай бұрын
De-duplicator in Photos, please.
@davidwilliams6396
8 ай бұрын
You can use Tailscale which is wireguard based.
@Crazy--Clown
8 ай бұрын
Cmon Synology, get ya shit together
@mistakek
8 ай бұрын
9) Dark Mode
@Luckdragon2000
8 ай бұрын
Thanks a lot for these videos. Your vids have been the #1 source as I make the decision whether or not it's worth the hassle of building my own NAS server or getting a 4-bay Synology to run two 8TB NAS drives and two 4TB SSDs for my PLEX and hybrid cloud storage.
@lucabertagnolio9166
8 ай бұрын
On the use of certificates, I wish that the Let's Encrypt certificate enrollment would NOT need to punch a hole in the firewall to expose port 80 for the HTTP-01 validation. DNS-01 does NOT need to have an inbound rule open, and it should become the standard for devices which DO NOT need to be directly accessible from the Internet. There is mention of DNS-01 but only in the context of DDNS, I need to better understand the use cases, and my customer would be a prime testbed for this later today!
@raycollington4310
8 ай бұрын
Funny that as a home user who has just installed a new Mac. I spent a fair while searching for Synology Drive Client and couldn't understand why the NAS model was relevant. Thanks Will
@richardrodgers1009
8 ай бұрын
If I could only have one wish granted, it would be for Certificates. I only manage 7 Synology NAS devices but Cert maintenance can be a total pain.
@marcel_max
8 ай бұрын
agreed with synology photos, after I upgraded to dsm7 it took me a while to understand the new design and I still think it's slow to reach photos I'm looking for.
@hassan_ksu
8 ай бұрын
Make quick connect faster. It's a nightmare to sync big files. I used to have Dropbox and the speed is about 3x to 5x sometimes even more. I love the systems but there is no way getting around the slowness. I don't want to set up VPN and give it to each family member. I just want it to work.
@hassan_ksu
8 ай бұрын
To add that I have Tailscale which I think it make it faster. I have to test but the other day I synced about 5GB it took like 3 hours. I know it's slow but usually it takes more than 6 hours or 7h. But I have to do this test more just to figure out was this a one off or a real change.
@mar4kl
8 ай бұрын
Great video, but I have to disagree with you on the self-signed certificate. What really needs to happen here is that Synology, as well as all other producers of storage devices, surveillance equipment, phone equipment and other gadgets that connect to networks, need to be building their products with PCI DSS compliance in mind. In Synology's case, the correct approach would be to ship new NASes with all services that impact PCI DSS compliance disabled by default, removing support for old protocols that are incompatible with PCI DSS compliance, and properly document the procedures for purchasing and installing proper SSL certificates for all services that need them in order to be PCI DSS compliant. I only have a few clients that use NASes and require PCI DSS compliance, and up to now I've been able to work around the problem by disabling the services that cause failures or creating a separate subnet for all credit card processing activity, but the day will eventually come when neither of those work-arounds will suffice. PCI DSS is here to stay and will only get stricter from here on out, and companies like Synology need to get with the program if they want to stay viable.
@SpaceRexWill
8 ай бұрын
So I would love to have both. By default have your PCI compliance, but then allow for users to manually create certs that are 30 year if the want to. Then you could use those Certs for just OpenVPN or ABB which would not be anti PCI
@SpaceRexWill
8 ай бұрын
For me I prefer PCI by default, but with the ability to break it if you want to. In my opinion a lot of the PCI 'requirements' are pretty dumb and a lot of the time are just hand waving. But to be fair thats the case anytime you write testable requirements for security
@mar4kl
8 ай бұрын
@@SpaceRexWill, the first time I encountered a PCI DSS compliance situation, that was my reaction as well. But I also come from a financial IT background, and I can see that the principles behind it are sound. The main problem, at the beginning, was that not every company that accepts or processes credit cards is a multi-location corporation with 10,000+ employees, and filling out those early questionnaires for my 25 heads and under clients involved clicking N/A and copying and pasting the same reasons why the questions didn't apply. The questionnaires have gotten a lot more reasonable, with introductory questions that mark out sections of the questionnaire that aren't relevant. Now they just need to do something about the one-size-fits-all network scan and make things easier for companies that don't store any cardholder data.
@timmkrause6684
8 ай бұрын
Long lived certificates are a security risk, that is the reason why they changed it.
@SpaceRexWill
8 ай бұрын
They are only a security risk if they are publicly signed. if they are self signed then there is not nearly the same risk
@timmkrause6684
8 ай бұрын
You give attackers 30 years of time to compromise your certificate. Right?
@chucksw1
8 ай бұрын
Thanks Spacerex! I hope Synology watches your video and implements your recommended improvements!
@AnythingGodamnit
7 ай бұрын
Interesting list - thanks. And here's me just hoping they'll finally allow me to select multiple encrypted shared folders and mount them all at once.
Пікірлер: 127