As others have mentioned here, there is a lot of natural overlap with vps renting, hardware re-use, gerenal approaches to managing infrastructure, docker, and Linux in general. I don’t even mind networking questions here.

When questions stray in that aren’t really that relevant, like beginner Linux questions, someone is generally nice enough to point to a more appropriate community.

What I think wastes time in this community are the gatekeeping topics like “your vps isnt self-hosting”.

Awesome.

Reminds me of the pain setting up mythtv, but thr rewards were worth it.

Well, seems like it was time well spent in any case.

If you have classic upstream buffer bloat, there are a couple of traffic shaping algorithms (cake and fq_codel) that work really well with the majority of competent routers, including opnsense/pfsense.

Traffic shaping is definitely a can of worms, but fun to learn.

Wow, you diagnosed buffer bloat and applied the fix to your LAN side? Sooo much work…

The problem is unlikely to have been on the proxmox side. Multiqueue only allows virtio to multithread TCP connections via the host CPU using more than one virtual cpu, but this is essentially like aggregating a network link; it will increase bandwidth, but not throughput. Besides, the actual limit for the proxmox internal bridge and virtio NICs is “whatever the cpu can manage”, which is sometimes over 10Gb. It’s unlikely to be slowing down traffic coming from your vms.

Good lord. If you’re trying to recreate cicada 3301, it’s not going well.

That’s because only one interface is really being used. A TCP session will reset if the hop count or metric changes all the time, the SYN/ACK wouldn’t work.

Oh, you are failing one over if the other fails? That’s not the same thing as configuring two interfaces with the same IP, gateway, at the same time, which is what I thought you were trying to do.

Is it possible to configure interfaces this way? Yes.

Will it work? No, not without bonding, and not with WiFi as one of the interfaces.

You are trying to de-jargon topics, and that’s fine, but the two following categories do not help, they are localized habits and don’t have any value to non-english or nontechnical people, or both:

• shortenings: a11y for accessibility is not a common contraction, it’s not helpful for anyone to understand the term itself
• names of services: CF for cloudflare is not something worth defining. Names change, and you wouldn’t see this in a professional document. It’s like defining “lol”, the acronym is shorthand in typed communication, not technical jargon.

Side note, DNS stands for domain name system, it has never meant domain name service.

I personally find bots annoying, half the content on the internet is already bots.

Ia it the best probably not but its still good well functioning equipment, for what it offers.

Sure, for “power users”, maybe a small business, it’s fine. It’s just not very sophisticated under the hood. The point of Ubiquiti is the “easy” part.

but also good gear mostly

I used to believe this. Then I flashed openwrt on my two ubiquiti access points and they are actually more stable and faster.

Ubiquiti is great at marketing.

It’s fine for me

once gadgetbridge finishes support

You do realize gadgetbridge is entirely volunteer-driven, right?

Idle power is determined some by the system controlling its own load, but also by the PSU itself. HP and dell units lock down which PSU you can use with them, but lots don’t, meaning you can get a 19v 90W power supply or a 19v 175W power supply, but it won’t mean anything if the PSU doesn’t have the ability to scale down with load.

That’s what those bronze/silver/fold/platinum ratings are about on atx PSUs.

Anyway, good list. This was just a comment about that. Power is weird.

The author says that Linux should be as usable for grandparents as it is for children

My problem with this statement constantly bombarded on us is that it assumes that someone somewhere out there who cares.

To me, it seems that is the actual deciding factor in sticking with Linux… Realizing that if you want something that doesn’t exist, you’ll have to make it.

Oh, yeah, absolutely. Suricata was created not long after snort, in the days when an ids did the gathering and the correlation.

You’re totally right, the way most people and orgs do it today is to ship ids logs to a siem for the correlation, overall easier to manage. ELK is the go-to for most, not sure about wazuh, I’ve only seen it in the homelab space, but it might work.

There is a distro (not totally open source) called SELKS, which sets up suricata, elastic and some other tooling (kibana) in a commonly-used setup. I deploy it a lot because it saves time with the non-security setup with dB’s and such. Pretty easy to point syslog to it and you can see alerts right away and start tuning.

I’m envious of your position, I learned a lot setting this stuff up.

The mirrored traffic will retain their VLAN tags and Suricata can parse these tags.

I’m not sure how far down this path you’ve gone, but suricata will not automatically correlate primitives into actual alerts from different vlans without transforms, which are cpu-intensive for what they do.

You may want to pull your tap/span/mirror from a point where they converge, like internal side of network egress.

How did you monitor your vlans with suricata? I have enough trouble tuning a couple subnets, never mind tuning for correlation between 3 or 4. This assumes you have different subnets per vlan, of course.

Btrfs and ZFS do online defrag

News to me for ZFS. Are you talking about the recently implemented rewrite? Because “defrag” isnt really what that does, it simply consolidates metaslab data to (possibly) free up low-use blocks.

Using ZFS fragmentation profile import/export and/or enabling dynamic gang headers can certainly help with high fragmentation.

deleted by creator