Storage Options for Movies, TV Shows

[ruff_hi]

A few questions before I build a home NAS ...

1. Where do you store their movies, tv shows, etc that they own (DVD, Blu-Ray, recorded)?
2. How do you protect against disk failure?
3. How do you protect against something more catastrophic (destruction of house)?
4. If you backup your data, where, how, etc, etc?
   • Cloud backup? Another hard drive? Offsite hard drive? Raid? Other?
5. What sort of disk preference do you have (as in RPM, capacity, etc rather than brand)?

[LuckyDay]

1. Where do you store their movies, tv shows, etc that they own (DVD, Blu-Ray, recorded)? I personally use a NAS, but it's only 3TB, I don't rip Blu-Ray, and I just store TV/Movies that are favorites.


2. How do you protect against disk failure? Raid 1 for me.

3. How do you protect against something more catastrophic (destruction of house)? I don't personally, but there are many cloud based backup solutions (Carbonite, BackBlaze, etc.). I'm not sure how these deal with multiple TBs of storage and video content.

4. If you backup your data, where, how, etc, etc? I only back up sensitive data to Dropbox.

5. What sort of disk preference do you have (as in RPM, capacity, etc rather than brand)? For an HTPC I just use the most reliable I can find based on reviews and build quality, RPM doesn't show me a performance increase (unless we're talking SSD) and capacity is personal preference/need.

[Bryan]

1. A Windows Home Server machine, though I'm debating upgrading it to Windows 8.1 and using storage spaces.
2. Backups for now, if I use storage spaces, a mirror.
3. If that happens, I really don't care about what was on the DVR. I backup important documents and photos offsite, I'm not worrying about 2TB of TV.
4. For media, an external drive on the WHS box.
5. I usually use 7200RPM, though it really doesn't matter.

[Dgr_874]

Since I subscribe to Office 365, I have unlimited storage space from Microsoft for $100 a year, I just back everything up to the cloud.
All my media is on there, pic, movies, TV, everything. I have had no issues in the 6 months I have been using it.

[LuckyDay]

Since I subscribe to Office 365, I have unlimited storage space from Microsoft for $100 a year, I just back everything up to the cloud.
All my media is on there, pic, movies, TV, everything. I have had no issues in the 6 months I have been using it.

That's interesting to me as I haven't used any of these cloud services, but have thought of trying it. I didn't know Office 365 included unlimited storage.

How are the download and upload speeds?

[wiretap]

1. Where do you store their movies, tv shows, etc that they own (DVD, Blu-Ray, recorded)?
On my personal-built file server running WHS 2011. 22TB of storage and 16TB is filled with data.

2. How do you protect against disk failure?
I run FlexRAID RAID-F with 2-disk parity to guard against any 2 disks failing. I am going to soon transition to SnapRAID or ZFS since those technologies protect against data rot and silent disk errors.

3. How do you protect against something more catastrophic (destruction of house)?
I have a friend that also has a gigantic server and we sync our collections once every few months.

4. If you backup your data, where, how, etc, etc?
See above. This is because I have over 16TB of data.. uploading it to something like CrashPlan or Backblaze would take far too long on my 10mbit upload speed.

5. Cloud backup? Another hard drive? Offsite hard drive? Raid? Other?
Good cloud backups would be CrashPlan or Backblaze if you have the upload speed to do so. They have unlimited space and no throttling.

6. What sort of disk preference do you have (as in RPM, capacity, etc rather than brand)?
I prefer Western Digital Green drives, or HGST. They have lower failure rates than Seagate drives, and this is shown through extensive studies such as the one Backblaze did with thousands of hard drives:
https://www.backblaze.com/blog/what-har ... uld-i-buy/
https://www.backblaze.com/blog/hard-dri ... mber-2014/

[Dgr_874]

Since I subscribe to Office 365, I have unlimited storage space from Microsoft for $100 a year, I just back everything up to the cloud.
All my media is on there, pic, movies, TV, everything. I have had no issues in the 6 months I have been using it.

That's interesting to me as I haven't used any of these cloud services, but have thought of trying it. I didn't know Office 365 included unlimited storage.

How are the download and upload speeds?

Yup, it includes unlimited storage. http://blogs.office.com/2014/10/27/oned ... bscribers/

Speeds are pretty slow though. I don't know if its a limitation of the service or just my crappy set up.

Its so cool to just sign in anywhere and have all my stuff available. Even the videos play right in the browser.

[crawfish]

Two backup sets, one kept off site in a bank safe deposit box and rotated monthly with the local backup. I also do regular comparisons between local storage and the current backup set to detect bit rot. I also maintain a database of hashes so that if I ever do find a discrepancy, I can easily determine which file is bad. Note that a small safe deposit box (3x5") can hold at least four hard drives. Finally all my drives are encrypted with Bitlocker, including the ones devoted to multimedia. This guards against theft and relieves me from ever worrying about data leakage. Once I'm past the boot stage, it's all completely seamless.

NB: The one thing I don't back up is Recorded TV, which I consider expendable due to DRM and the huge MPEG2 file sizes.

[wiretap]

Two backup sets, one kept off site in a bank safe deposit box and rotated monthly with the local backup. I also do regular comparisons between local storage and the current backup set to detect bit rot. I also maintain a database of hashes so that if I ever do find a discrepancy, I can easily determine which file is bad. Note that a small safe deposit box (3x5") can hold at least four hard drives. Finally all my drives are encrypted with Bitlocker, including the ones devoted to multimedia. This guards against theft and relieves me from ever worrying about data leakage. Once I'm past the boot stage, it's all completely seamless.

NB: The one thing I don't back up is Recorded TV, which I consider expendable due to DRM and the huge MPEG2 file sizes.

Just an FYI.. Bitlocker isn't secure. We use Passware forensics kit at work and it can crack Bitlocker encryption in no time at all. It also bypasses TrueCrypt, FileVault and PGP. The programs needed to decrypt FDE are anywhere from $300-$900, but they're also floating around on torrent sites so essentially anyone could get a hold of your data. Ideally, you'd want to use something like Xen + Phalanx. You can look up Defcon speeches on this on YouTube to understand it a little better, and go to privacy-pc.com to read up on how to implement it. (that is if your paranoid/serious )

[crawfish]

Just an FYI.. Bitlocker isn't secure. We use Passware forensics kit at work and it can crack Bitlocker encryption in no time at all. It also bypasses TrueCrypt, FileVault and PGP.

Riiiiiight. That's why you can't swing a dead cat without hitting people like Schneier screaming about the insecurity of these products and how anyone can break them instantly. This site needs an emoticon for ROFLMAO, because just doesn't cover it. I don't know about the other products, mainly because I don't use them, except that I recall Schneier said he was moving to PGPDisk after the TrueCrypt discontinuation in May 2014, but no one has ever reported a meaningful hack of BitLocker or TrueCrypt, one that goes beyond brute force or doesn't require access to the live system or a memory image thereof or is not aided by tampering and subsequent logon, e.g. Evil Maid. None of that is an issue for my hard drives sitting in a safety deposit box, nor is there an issue for my PCs at home unless the crackhead that would steal them at a minimum breaks my Windows password and somehow recovers my keys before powering down.

[jec6613]

The primary storage location is a Windows Server 2012 R2 box with storage spaces and 10 TB of RAID 5. I use Western digital Red drives (six 2 TB at the moment, with three open bays) and Intel Pro series SSD for the SSD cache, which is protected with RAID 1. Link to the network is 2 Gbps, and between the SSD cache and the speed of the 5400 RPM drives in the RAID array, I have no problems with performance. There's also two 300 GB 10k Velociraptors for the OS to boot from, and some spare RAM

I have three tiers of backups: critical data, which ends up on OneDrive, Code 42's servers, and my mother's house. Important data, which goes to Code 42's servers and my mother's house, and then less critical data (DVD images and such) which only back up to Code 42. Additionally, since I have a database of every movie I own, in the case of destruction of the house, insurance will buy me new ones.

For DVR'd TV, that stays in a 1 TB drive on the media center PC itself ... it's just easier.

[wiretap]

Just an FYI.. Bitlocker isn't secure. We use Passware forensics kit at work and it can crack Bitlocker encryption in no time at all. It also bypasses TrueCrypt, FileVault and PGP.

Riiiiiight. That's why you can't swing a dead cat without hitting people like Schneier screaming about the insecurity of these products and how anyone can break them instantly. This site needs an emoticon for ROFLMAO, because just doesn't cover it. I don't know about the other products, mainly because I don't use them, except that I recall Schneier said he was moving to PGPDisk after the TrueCrypt discontinuation in May 2014, but no one has ever reported a meaningful hack of BitLocker or TrueCrypt, one that goes beyond brute force or doesn't require access to the live system or a memory image thereof or is not aided by tampering and subsequent logon, e.g. Evil Maid. None of that is an issue for my hard drives sitting in a safety deposit box, nor is there an issue for my PCs at home unless the crackhead that would steal them at a minimum breaks my Windows password and somehow recovers my keys before powering down.

You are mostly right and odds are it will never happen to you, however remaining ignorant isn't going to solve the underlying problem. Also, you don't need to worry about brute force cracking time when you have a 9TB array of rainbow tables that can find the password autonomously while you sleep. Every encrypted standalone drive a vendor has brought into work, we could get into it within a few hours of rainbow tables scanning.

[crawfish]

You are mostly right and odds are it will never happen to you, however remaining ignorant isn't going to solve the underlying problem. Also, you don't need to worry about brute force cracking time when you have a 9TB array of rainbow tables that can find the password autonomously while you sleep. Every encrypted standalone drive a vendor has brought into work, we could get into it within a few hours of rainbow tables scanning.

What's your success rate for brute-forcing, say, 20+ character strong passwords used with BitLocker and TrueCrypt? Again, you are presented with a fully encrypted bare drive with no vulnerabilities like unencrypted pagefile or hibernation file, and you have no knowledge of the password length, characters used, etc.

If you could do this, it would be huge news.

[wiretap]

It is huge news regardless. It cracked my 16 character randomly generated password from Keepass used as the key in less than an hour. They may be using known random number generator algorithms to help speed up the process. I'm just saying with the tools available today it is getting harder and harder to encrypt data which leads us into needing fully encrypted platforms and take into account bypass methods and try to secure them.

[crawfish]

It is huge news regardless.

Regardless of no one talking about it? I know the company you mentioned, Passware, from hype news articles touting its ability to crack BitLocker, TrueCrypt, etc, articles that were dismissed as not news, because they relied on exploiting things I mentioned previously like access to a live system, unencrypted memory image, etc. If such a weakness is unavailable, then it falls back to brute force. I've not read their brute force method is anything revolutionary, which it would have to be for your claims about it to be true.

It cracked my 16 character randomly generated password from Keepass used as the key in less than an hour.

Can you be more specific? Exactly what did it crack? No one has reported anything remotely like you claim for the scenario I presented you with, brute forcing a bare drive fully encrypted with BitLocker or TrueCrypt and strong password, not even a 16 character one. It would be huge news if it could be done in "less than an hour", and that timeframe is actually above the "huge news" threshold by many orders of magnitude. But it is not news. The most startling result I know about is the Ars article in which "qeadzcwrsfxv1331" was matched to an MD5 hash, but that password is far from random, and MD5 is not recommended for this purpose. I would have to research it, but I expect BitLocker and TrueCrypt use a different technique that takes a lot longer than computing MD5.

If you are right, you should write Schneier and tell him all about it, because he was writing nonsense as recently as March 2014:

https://www.schneier.com/blog/archives/ ... ure_1.html

According to you, the article could have been condensed to, "It doesn't matter what you do, because it can be broken in less than an hour."

[wiretap]

It looks like he's covered Passware in past articles from last year and previous (admitting Bitlocker and Truecrypt are defeated), but not their newest software suite available to government and law enforcement. I'll have to ask him to write a new article. Using the 9TB rainbow tables and BOINC uplink, anything he's covered is out of date it appears. btw, it was an AES-Twofish-Serpent with Whirlpool hashing USB drive to be precise that I witnessed. Dismiss it if you like, but I know what I saw.

[jec6613]

It looks like he's covered Passware in past articles from last year and previous (admitting Bitlocker and Truecrypt are defeated), but not their newest software suite available to government and law enforcement. I'll have to ask him to write a new article. Using the 9TB rainbow tables and BOINC uplink, anything he's covered is out of date it appears. btw, it was an AES-Twofish-Serpent with Whirlpool hashing USB drive to be precise that I witnessed. Dismiss it if you like, but I know what I saw.

So ... how about a drive with a hardware chip on the SSD that's paired to the board, and you only get 1 try per second to unlock it, and it self-nukes after 100 tries? Because that's where state of the art is now, with Intel Pro series SSDs and modern laptops (and some desktops). BitLocker just adds an additional layer of security on top of it, but suffice it to say that if you pulled my SSD from my laptop, you'd destroy it in a matter of a few minutes with any of the tools available.

Encryption on the NAS or the servers is a whole other ball of wax, but for portable devices, it's hardware+software now.

[crawfish]

It looks like he's covered Passware in past articles from last year and previous (admitting Bitlocker and Truecrypt are defeated)

Post a link to "his admission that BitLocker and TrueCrypt have been defeated."

but not their newest software suite available to government and law enforcement. I'll have to ask him to write a new article. Using the 9TB rainbow tables and BOINC uplink, anything he's covered is out of date it appears. btw, it was an AES-Twofish-Serpent with Whirlpool hashing USB drive to be precise that I witnessed. Dismiss it if you like, but I know what I saw.

If you are right, and it's possible to take a bare, detached BitLocker or TrueCrypt drive protected with strong password and brute force it in less than an hour, with no help from things like unencrypted hibernation file, memory image of the live system, etc, you'll be breaking front page news with a 144 point headline font on every tech site there is, plus smaller headline fonts on CNN and all the mainstream news sites as well. Don't even wait for Schneier to reply; start threads at Wilders and similar. The world needs to know about this breakthrough, and papers need to be written on minimum acceptable strong password length, if it even exists.