Good lord. If you’re trying to recreate cicada 3301, it’s not going well.

That’s because only one interface is really being used. A TCP session will reset if the hop count or metric changes all the time, the SYN/ACK wouldn’t work.

Oh, you are failing one over if the other fails? That’s not the same thing as configuring two interfaces with the same IP, gateway, at the same time, which is what I thought you were trying to do.

Is it possible to configure interfaces this way? Yes.

Will it work? No, not without bonding, and not with WiFi as one of the interfaces.

You are trying to de-jargon topics, and that’s fine, but the two following categories do not help, they are localized habits and don’t have any value to non-english or nontechnical people, or both:

• shortenings: a11y for accessibility is not a common contraction, it’s not helpful for anyone to understand the term itself
• names of services: CF for cloudflare is not something worth defining. Names change, and you wouldn’t see this in a professional document. It’s like defining “lol”, the acronym is shorthand in typed communication, not technical jargon.

Side note, DNS stands for domain name system, it has never meant domain name service.

I personally find bots annoying, half the content on the internet is already bots.

Ia it the best probably not but its still good well functioning equipment, for what it offers.

Sure, for “power users”, maybe a small business, it’s fine. It’s just not very sophisticated under the hood. The point of Ubiquiti is the “easy” part.

but also good gear mostly

I used to believe this. Then I flashed openwrt on my two ubiquiti access points and they are actually more stable and faster.

Ubiquiti is great at marketing.

It’s fine for me

once gadgetbridge finishes support

You do realize gadgetbridge is entirely volunteer-driven, right?

Idle power is determined some by the system controlling its own load, but also by the PSU itself. HP and dell units lock down which PSU you can use with them, but lots don’t, meaning you can get a 19v 90W power supply or a 19v 175W power supply, but it won’t mean anything if the PSU doesn’t have the ability to scale down with load.

That’s what those bronze/silver/fold/platinum ratings are about on atx PSUs.

Anyway, good list. This was just a comment about that. Power is weird.

The author says that Linux should be as usable for grandparents as it is for children

My problem with this statement constantly bombarded on us is that it assumes that someone somewhere out there who cares.

To me, it seems that is the actual deciding factor in sticking with Linux… Realizing that if you want something that doesn’t exist, you’ll have to make it.

These tools need to be studied, trained for, and applied purposely in order to be most effective.

No shit, welcome to 2021, sir.

Not sure what kind of engagement you want, this is the easy and obvious part. The real hard question is what we’re going to do about it. I don’t think anyone disagrees with this, we were all saying it in 2018.

Remember all those american movies where a foreign national goes “hey, america! John Wayne!”?

Us westerners are all going to be that: “hey, chine! Jackie Chan!”

Oh, yeah, absolutely. Suricata was created not long after snort, in the days when an ids did the gathering and the correlation.

You’re totally right, the way most people and orgs do it today is to ship ids logs to a siem for the correlation, overall easier to manage. ELK is the go-to for most, not sure about wazuh, I’ve only seen it in the homelab space, but it might work.

There is a distro (not totally open source) called SELKS, which sets up suricata, elastic and some other tooling (kibana) in a commonly-used setup. I deploy it a lot because it saves time with the non-security setup with dB’s and such. Pretty easy to point syslog to it and you can see alerts right away and start tuning.

I’m envious of your position, I learned a lot setting this stuff up.

The mirrored traffic will retain their VLAN tags and Suricata can parse these tags.

I’m not sure how far down this path you’ve gone, but suricata will not automatically correlate primitives into actual alerts from different vlans without transforms, which are cpu-intensive for what they do.

You may want to pull your tap/span/mirror from a point where they converge, like internal side of network egress.

How did you monitor your vlans with suricata? I have enough trouble tuning a couple subnets, never mind tuning for correlation between 3 or 4. This assumes you have different subnets per vlan, of course.

Btrfs and ZFS do online defrag

News to me for ZFS. Are you talking about the recently implemented rewrite? Because “defrag” isnt really what that does, it simply consolidates metaslab data to (possibly) free up low-use blocks.

Using ZFS fragmentation profile import/export and/or enabling dynamic gang headers can certainly help with high fragmentation.

deleted by creator

From my perspective

Are you aware that I don’t have your perspective?

I wanted to know more about your project, from your own words. Instead I got a lecture about how “dumb” I am, so I’m no longer interested, because you seem like a jerk. Whether that was intensional or is coming from an ill-adapted social outlook, I’m still not sure of.

You seem to care more about being correct than talking about your project, which is your choice, I suppose.

I’d close this with a glib sign-off like “have a nice day”, but I’m not sure having a nice day is within your array of skills.

Agreed. I’ve seen 172 addresses self-assigned before, even though the apipa spec says it should be 169.254.x.x.