Is it possible to configure interfaces this way? Yes.

Will it work? No, not without bonding, and not with WiFi as one of the interfaces.

You are trying to de-jargon topics, and that’s fine, but the two following categories do not help, they are localized habits and don’t have any value to non-english or nontechnical people, or both:

• shortenings: a11y for accessibility is not a common contraction, it’s not helpful for anyone to understand the term itself
• names of services: CF for cloudflare is not something worth defining. Names change, and you wouldn’t see this in a professional document. It’s like defining “lol”, the acronym is shorthand in typed communication, not technical jargon.

Side note, DNS stands for domain name system, it has never meant domain name service.

I personally find bots annoying, half the content on the internet is already bots.

Ia it the best probably not but its still good well functioning equipment, for what it offers.

Sure, for “power users”, maybe a small business, it’s fine. It’s just not very sophisticated under the hood. The point of Ubiquiti is the “easy” part.

but also good gear mostly

I used to believe this. Then I flashed openwrt on my two ubiquiti access points and they are actually more stable and faster.

Ubiquiti is great at marketing.

It’s fine for me

once gadgetbridge finishes support

You do realize gadgetbridge is entirely volunteer-driven, right?

Idle power is determined some by the system controlling its own load, but also by the PSU itself. HP and dell units lock down which PSU you can use with them, but lots don’t, meaning you can get a 19v 90W power supply or a 19v 175W power supply, but it won’t mean anything if the PSU doesn’t have the ability to scale down with load.

That’s what those bronze/silver/fold/platinum ratings are about on atx PSUs.

Anyway, good list. This was just a comment about that. Power is weird.

The author says that Linux should be as usable for grandparents as it is for children

My problem with this statement constantly bombarded on us is that it assumes that someone somewhere out there who cares.

To me, it seems that is the actual deciding factor in sticking with Linux… Realizing that if you want something that doesn’t exist, you’ll have to make it.

Oh, yeah, absolutely. Suricata was created not long after snort, in the days when an ids did the gathering and the correlation.

You’re totally right, the way most people and orgs do it today is to ship ids logs to a siem for the correlation, overall easier to manage. ELK is the go-to for most, not sure about wazuh, I’ve only seen it in the homelab space, but it might work.

There is a distro (not totally open source) called SELKS, which sets up suricata, elastic and some other tooling (kibana) in a commonly-used setup. I deploy it a lot because it saves time with the non-security setup with dB’s and such. Pretty easy to point syslog to it and you can see alerts right away and start tuning.

I’m envious of your position, I learned a lot setting this stuff up.

The mirrored traffic will retain their VLAN tags and Suricata can parse these tags.

I’m not sure how far down this path you’ve gone, but suricata will not automatically correlate primitives into actual alerts from different vlans without transforms, which are cpu-intensive for what they do.

You may want to pull your tap/span/mirror from a point where they converge, like internal side of network egress.

How did you monitor your vlans with suricata? I have enough trouble tuning a couple subnets, never mind tuning for correlation between 3 or 4. This assumes you have different subnets per vlan, of course.

Btrfs and ZFS do online defrag

News to me for ZFS. Are you talking about the recently implemented rewrite? Because “defrag” isnt really what that does, it simply consolidates metaslab data to (possibly) free up low-use blocks.

Using ZFS fragmentation profile import/export and/or enabling dynamic gang headers can certainly help with high fragmentation.

deleted by creator

From my perspective

Are you aware that I don’t have your perspective?

I wanted to know more about your project, from your own words. Instead I got a lecture about how “dumb” I am, so I’m no longer interested, because you seem like a jerk. Whether that was intensional or is coming from an ill-adapted social outlook, I’m still not sure of.

You seem to care more about being correct than talking about your project, which is your choice, I suppose.

I’d close this with a glib sign-off like “have a nice day”, but I’m not sure having a nice day is within your array of skills.

Agreed. I’ve seen 172 addresses self-assigned before, even though the apipa spec says it should be 169.254.x.x.

Easynews and nzbgeek.

Well worth the 30euro each per year.

Am I about to make a mistake?

Probably not. I’ve been a longtime Linux user/admin and I like to get under the hood with storage and networking.

Nothing wrong with proxmox at all, I used it for almost a decade.

You can get creative with Linux.

1. Install on 512mb, remove and trim system services, and lower the memory. Running KVM is by itself likely not going to let you do that, I suspect.
2. Use Alpine as you say.I run many alpine containers on between 25MB and 60MB, I give them 256MB, but it’s way overkill.

Regarding alpine, be prepared to find differences from glibc and systemd distros in places you don’t expect. PHP (god forbid you should need it) is a right mess on alpine. Mongodb will not work on alpine. Stuff like that.

I may take some challenge on this, but the tcpip stack seems faster on alpine than in debian, at least in my use cases.

Proxmox has a lot of tools I don’t need and I didn’t like how proxmox manages storage. Now I use Incus, mostly because incus doesn’t care about your storage back-end, networking, etc.

It’s not that obvious on Voyager, but hey, thanks for being passive aggressive about it.