I’m thinking of picking up an old HP Microserver (gen8) and was wondering if it is a bad idea from a security standpoint.
I mean it’s only 10 years old - is there any exploit or something like that?
What about a N36L Microserver?
I’d probably run Debian headless on it.
I’d only use it for Syncthing and as a backup NAS.
UPDATE
Everybody made really good arguments against the microserver and I won’t be getting one. Thank you for your inputs
I got one 1-2 years ago for ~250€, with a Xeon and 4GB of RAM.
I use it as a “NAS on steroid”: basically a NAS-like storage + data processing server (Paperless-NGX, downloader (games I bought on DRM free stores + Usenet), Syncthing middleman…)
It’s exactly what I wanted (with the limitation I had) so it’s perfect for me (it’s still on the 4GB of RAM and I don’t need more even with the dozen of container I run).
If the form factor is irrelevant for you, just get the equivalent tower (normal HP Proliant Gen8, or something more recent) for half the price with the same spec, you’re paying basically double for the MicroServer form factor.
From a security standpoint, it’s irrelevant. Yes the CPU are vulnerable to all the shitty Intel flaws (that Intel thought would never be discovered), but they’re all solved via kernel mitigation (that cost you 50% of the performance the CPU originally had)
Be warry of 3 things if you buy it:
-
Finding the cable to use an SSD in the ODD slot is harder than you think (only a single brand make it), it’s also harder than you think to configure the raid card to use it (and it sometimes but rarely resets) - this is only relevant if you want to use that slot
-
First 2 sata slots are SATA3, others 2 are SATA2 (and they’re not fast), ODD slot is SATA2, I think, I might be wrong
-
The motherboard chipset has a bug: you must disable one of the virtalization option (I don’t remember which) if you virtualize / run a RDP docker container, otherwise the system will freeze after 30-1h of running said virtualized stuff in the background (took me days to find the solution, it’s not documented anywhere on the internet except for like one place)
-