Doubts about NS8

I started in 2000 with Mitel. For my SME. Good decision in this time and NS7 is still a good decision right now.

1 Like

It does. But podman relays on RH. So the whole idea is a dependency of RH, and also the distro’s which use podman. Alter/change anything in podman and the whole server NS8 is in trouble. I’m not talking about one single app, like it could be in NS7. Or in a traditional (not containerized, or perhaps better using docker? YES - I know the pros and cons) debian server. Isn’t it?

Wait a moment, do I get this right? I’m able to plug my 3TB USB drive (or spare harddrive) in and backup? That’s it? Because this is exactly what I do today and this is the way I’d like to have it in future.

I’m backing up local. Bandwith does not matter. Internet neither. AFAIK the S3 protocol is not open source.

I understood, that for a backup a S3 compatible drive is needed. Right? What reason for? Why not using a spare harddrive? Or simple USB-disk. Plug in and backup/restore. You tell me.

Maybe there’s a misunderstanding. IMVHO I don’t see any improvement with a container structure in security. Assuming the server setup is correct and up-to-date. For small business and part time admins I see more a question of overwhelming due to complexity.

Please tell me about the argument of security risks. I already asked about ransomeware. Which for me today is one of the highest risks for a company. In this forum I was told containerization could not help. Even one more important argument for easy backup and restore. I wrote about the daily/weekly routine checking your server. Now, please you tell me about your practical security concerns which are in NS8 safer as ever before. Right now, I don’t have one. I feel the technical security argument/discussion is more theoretical.

Security is not only from a technical view. To me security means also beeing able to control and maintain your IT. Right now I don’t see that I’m able to deal with NS8 in this whole complexity. Mostly every company needs IT. A long time ago I decided for the structure behind the workstations is to stay with linux. Til today I am (with help from the communities and some literature) able to maintain my network and IT for myself. I don’t want to change this. We’re not living from IT. We just need it. That’s all.

Where have I been largely incorrect? Maybe I did not understand - but I do always try to be correct. You and everybody else may always show me the light and correct me. I appreciate to learn.

Not vague, eh? Why not being more precise?

Comparing NS7 vs NS8? In what way things are getting worse comparing NS7 to NS8? Did you read my post(s) above?

  • no more SME (for me)
  • this is the very first distro I’m not able to test out of the box. Even OS/2 from IBM was easier to test
  • too complex in various ways (you’d probably saying - there! he’s vague AGAIN. I started early to test NS8. Of course with ONLY my needs. I started to share in the forum my experiences while installing/testing. I wrote in this forum what I expect from a SME server/distro. Why should I test things I don’t need?)
  • for me no really practical improvement vs NS7 (I can’t see one right now)
  • a lot more dependencies as before
  • no easy local backup and restore

Again - I really appreciate the work of the devs. I don’t want to offend anyone. Neither I want to influence anybody.

This is based on my personal tests, reflections and observations, and are only needs for my IT.



All this will still run on Debian (My favorite, I don’t trust Rocky, Alma, Oracle nor RH!)., even if RH / IBM pulls the plug.

If using a real hypervisor underneath, like Proxmox PVE with PBS for Backups, all these arguments become moot…

Disaster Recovery, or single file / folders, a matter of minutes. (On almost any hardware!).

Using decent hardware for storing TBs, not as long as you might imagine, maybe a LOT faster!

No matter if using NS7 or NS8, you’re still free to implement and use a private cloud, running on your own hardware and on your own network(s). Never heard of interconnected buildings belonging to a single company?
I’ve worked for clients with several buildings, all wired with Fiber, and as Backup a dedicated Wireless (Richtfunk) with automatic failover. All buildings had their individual Internet connections, and firewalls to protect everything, all configs synched to the central site.

To be honest, I have great difficulty believing you as a german still use a horse based transport, instead of the well known (good) german cars (Good does NOT include the Trabbi)! I even doubt you have an emergency backup hookup for using real "horse power " on your car…

Can a real “car mechanic” repair your car, or does he need a laptop with the right software and expensive Interface?

What if you bring in your car for service, and Internet happens to be “down” in that town at the moment? I do read that Germany is having great doubts in their own Infrastructure… The federal railways are even competing with Mexico for the most delayed trains in the world!

A smalll side kick from your southern neighbor, Switzerland, which still has punctual trains (97%!).


In the english language, can’t and won’t are two similiar sounding phrases, but the implied meaning can differentiate a great bit!

Can’t implies that the capabilities aren’t available, wheras won’t implies that you do not want to, for whatever reasons!

→ Think the difference between “Kann nicht” and “will nicht”, even in german the same differences…


Yes, NS8 is still in Beta!
Rome wasn’t built in a day, as the proverb goes!

This proverb is more than fitting, as Nethesis, the company behind NethServer (NS8) is an Italian Company, and the historic and beautiful City of Rome is the capital of Italy.

And believe it or not - they are still building in Rome, like in any other inhabited city, town or village worldwide!

Yes, a lot of the polish is still missing, it still looks more like a common pebble, than a potential diamond!

Local Backups, very important for SMEs, still fail due to SSL certificates…

But there’s still time til RC or Final, and I do hope for the best!
We do have some good devs on the team!

My 2 cents

I’m not a fan of backups on the same system as the data you’re backing up, but you could still do this–install Minio, set its storage to be on that hard drive, and then back up to your Minio installation.

There’s an open-source implementation of it, Minio–it’s AGPL3. Which is available in the NS8 software center, and also as an available storage protocol in TrueNAS. I expect it’s also present in other NASs, but haven’t checked.

Or Backblaze, or MS Azure.

All I can do is guess, but my guess would be that the devs feel the same way I do about local backups, which is to say that they’re pretty much useless. But again, if you want to, you should be able to do it using Minio as I’ve described above.

So your concern isn’t that NS8 is less secure than NS7, just that it isn’t more secure? I don’t think I’d agree with that either, but that is a different concern than I’d understood you to have.

Do you think such admins understood the ins and outs of everything in NS7, but will be unable to do so in NS8? I really don’t believe that’s the case. I suspect that for most NS7 users, as for most SME users, as for most e-smith users before that, the server is a black box–they interact with it through the web UI, and possibly with a few CLI commands copied and pasted from a guide somewhere, but with minimal, if any, understanding of how things work under the hood. That is, after all, how it’s been marketed for well over 20 years.

No, I don’t expect it would. So your complaint here is that NS8 doesn’t protect against something that NS7 also doesn’t protect against?

Containers do isolate one application from another, which objectively increases security compared to a system like NS7. How much importance you assign to that particular increase in security is, I suppose, up to you.

In your repeated assertion that NS8 depends on cloud services, for one. Though I’ll admit I hadn’t considered local backups.

…which is the same as “no more SME,” which boils down to “you don’t feel you sufficiently understand how it works.” Which I guess is fair enough, but surely you didn’t understand how everything worked under the hood in NS7/NS6/SME/wherever you started with this ecosystem. I don’t doubt, if you choose to, you can reach a sufficient level of understanding with NS8.

…in its current beta stage.

Not being based on an EOL OS isn’t a practical improvement?

I don’t really think there are. It depends on podman, of course. And yes, that’s a RH project, but it’s pretty widely used and it’s open-source–if RH were to close the source (which they haven’t yet done with anything else), it could be forked by any other interested party.

As above, I don’t put much value on this, but to each his own. I don’t know the devs’ reason for not including it; if they’re using restic as I think I saw mentioned, it doesn’t seem it should be hard to add.

Hi all,

I know that NS8 can run on different OS like Debian, Rocky, etc.

Correct me if I’m wrong, but the core of NS8 is running on Alma ?

I agree with you, but June 2024 is not so far away to develop/test/fix everything in NS8 and mainly, come with a full detailed documentation…

Think about how long it took to get from 6 to 7 to 7.9 while using the same structure. It will be faster using a different one ?

As written above, SME/Nethserver took several years to arrive where it is now.
You think the dev team, as many and as good as they can be, will acheive the same quality in just a few months ?



I’m refering to this, when talking about S3:

So much for “hardcoding” options into the config when they’re not supported from the outset!

My 2 cents

1 Like

full detailed documentation

According to Microsoft, in a statement to court, the latest and most valid documentation on the CIFs protocoll, also known as SMB (Server mounted Block) or other names, in the Linux World implemented by the Samba Team s Samba (Andrew Tridgell’s brilliant creation!). MS had to admit that due to personell fluctuations, the documentation was “somewhat incomplete”, and the most relevant version is the current source code (Also NOT publically available!)…

Yet it is the most used network file system by far!

I’d be satisfied if the docs are on a level par with NS7 at introduction!
And that was VERY flakey, as you recall!


I’m not sure what you mean by the “core of NS8.” The VM images they’re providing, at least right now, are on Rocky, not Alma. I believe it will run equally well on any EL9 clone (or on EL9 itself), but naturally haven’t tested this. But it installs (and runs, so far as I’ve tested it) without issues on Debian 12 as well. As @schulzstefan has pointed out, NS8 requires podman, which is a RH project, but it is of course available for Debian as well, and no doubt other distros as well.

Hi @Andy_Wismer,

So bye bye small offices, newbies, junior admins…

Only Pro will be able to use this brand new OS with its new containers architecture.
Then if so, I’m sure they will wait until this new OS has proven itself before implementing it.


1 Like


Ask @stephdl if he has time to tell you about Alma.


I don’t really think so…

To this day, a great majority of NS / SME users still don’t understand the e-smith template system, and are puzzled why after a reboot the config in /etc reverts to something older…

These people use NethServer (NS7) as Dan says, like a black box.

Some people had a really good idea of what was going on behind the scenes in NethServer.
Some just had a foggy inkling
Others even, had hardly a clue: “It does mail…” :slight_smile:

Yet for most of the above, NethServer 7 worked!
And still does…

My 2 cents

1 Like

Thank @danb35 @Andy_Wismer to put counter ideas here.

Yes NS8 is a new product with a new architecture and new stuffs make fears

I recall to have read Charlie brady around 2014 where I were fully involved in the SME Server that virtualization brings complexity and makes harder restoration in case of broken OS

What to understand of that. Yes IT is moving and yes you must adapt yourself

Relevant to what I read here we have people of the community that wants to leave the boat because they are too many development in NethServer.

Just awful from a developer point of view

Sorry I do not get you

Firewalld is the key. You could trigger any valid command but since we have no gateway firewall feature planned I guess you won’t have an UI to do it

This is planned in the firewall part of nethsecurity or use opensense/pfsense/ipfire…

1 Like

Salut Stéphane!

Yes, I also recall Charlie having “bouts of senility” in public years ago.


And I still maintain that using virtualisation makes for far easier and faster disaster recoveries than any native install directly on hardware.

My 2 cents

No. Personally I like new things. But as older you get and more experiences you have, as more you will be very careful when it comes to far-reaching decisions.

AFAIK Charlie is still alive (on koozali last activity July 14, 2019, 10:52:39 AM). Or Ian Wells. Feel free and ask them about the structure of NS8. They’ll be polite enough to give you an opinion. If you appreciate.

Yes. I understand totally and with full respect for the work and ideas for NS8 of all devs.

But a part of the “market” does not feel comfortable with ideas out of an ivory tower (not my words, someone else used this phrase already.) It has to be a together from the very start of new products between the expectations from the market and the skills and theoretical possibilities from a development point of view. AFAIK the needs for R&D are coming from the market. At least as it’s not like an invention like the telephone or the telefax.

Is there a poll in the community - not a poll between the devs - what improvement the market would appreciate as successor from NS7?

The risk driving this way? Loosing customers.

On the other hand - the risk being overtaken on the sidelane. Means for customers living in the past and missing improvements.

Now, great efforts have already been made to NS8. Countless hours from devs and testers were done. IMPO it must not happen, that NS8 fails to the market. My appeal would be to listen carefully to the concerns of the so called customers and try, wherever it’s possible, to improve or make it easier.

Last words - if NS8 is meant to be SME, then take a very close look to the SME customers and users. WHO is using SME, and WHAT FOR are SME installations in the field used, and WHO is the sysadmin for the classical SME installation/network. I remeber @alefattorini started a poll. Are there any results?

Or you have to find new customers and users for NS8. Which per se is surely also possible. And legit.

1 Like

I would suggest being careful underestimating even partime sysadmins and “so called” SME users. If you allow.

1 Like

Hallo @schulzstefan

Not underestimating - don’t forget, I’m also one of those answering questions here, and these Template questions are often asked…
I think MrMarkuz and other supporters here can confirm this too!

There are also plenty who just need a few tips how it works, and they do what is needed.

My 2 cents

1 Like

May you allow me my very humble and insignificant point of view: don’t make the mistake trying to play with the big players. You will need tons of resources and money, money, money to stay on the field. If you make a mistake, you’ll sink or you’ll getting eaten. Try to swim in your bathtub. In case carrying a swim ring can help. This is meant for me and my core business I’m living from.

1 Like

It’s more than 20 years ago, we need to move forward. Don’t you think?

I confirm that NS is not a classical SME distro. It’s an application server platform built upon a distro.

We’re not going too far away from SME, because most of our clients and users are SME, for Nethesis and the NS project wouldn’t be a smart move :slight_smile:
We’re just giving a new tool container-based to SMEs market, cloud-ready, and fully compatible with a hybrid scenario.

No, we’re not going on public cloud. With NethServer 8 you can create your private cloud, your own data and users. It’s the opposite. BTW Ns8 will work pretty well on bare metal and hypervisor, so… what are we talking about here?

I hope you will change your mind

That’s a great comparison Andy thank you :smiley: