There are really two reasons ECC is a “must-have” for me.

• I’ve had some variant of a “homelab” for probably 15 years, maybe more. For a long time, I was plagued with crashes, random errors, etc. Once I stopped using consumer-grade parts and switched over to actual server hardware, these problems went away completely. I can actually use my homelab as the core of my home network instead of just something fun to play with. Some of this improvement is probably due to better power supplies, storage, server CPUs, etc, but ECC memory could very well play a part. This is just anecdotal, though.
• ECC memory has saved me before. One of the memory modules in my NAS went bad; ECC detected the error, corrected it, and TrueNAS sent me an alert. Since most of the RAM in my NAS is used for a ZFS cache, this likely would have caused data loss had I been using non-error-corrected memory. Because I had ECC, I was able to shut down the server, pull the bad module, and start it back up with maybe 10 minutes of downtime as the worst result of the failed module.

I don’t care about ECC in my desktop PCs, but for anything “mission-critical,” which is basically everything in my server rack, I don’t feel safe without it. Pfsense is probably the most critical service, so whatever machine is running it had better have ECC.

I switched from bare-metal to a VM for largely the same reason you did. I was running Pfsense on an old-ish Supermicro server, and it was pushing my UPS too close to its power limit. It’s crazy to me that yours only pulled 40 watts, though; I think I saved about 150-175W by switching it to a VM. My entire rack contains a NAS, a Proxmox server, a few switches, and a couple of other miscellaneous things. Total power draw is about 600-650W, and jumps over 700W under a heavy load (file transfers, video encoding, etc). I still don’t like the idea of having Pfsense on a VM, though; I’d really like to be able to make changes to my Proxmox server without dropping connectivity to the entire property. My UPS tops out at 800W, though, so if I do switch back to bare-metal, I only have realistically 50-75W to spare.

I have a few services running on Proxmox that I’d like to switch over to bare metal. Pfsense for one. No need for an entire 1U server, but running on a dedicated machine would be great.

Every mini PC I find is always lacking in some regard. ECC memory is non-negotiable, as is an SFP+ port or the ability to add a low-profile PCIe NIC, and I’m done buying off-brand Chinese crop on Amazon.

If someone with a good reputation makes a reasonably-priced mini PC with ECC memory and at least some way to accept a 10Gb DAC, I’ll probably buy two.

This is very situational. I’m not a contractor, but I spend a significant portion of my time doing hobbies that require power tools. I don’t need a drill that will last for an entire day at a jobsite. Ryobi works fine for me. On the other hand, I wish I had never spent $600 on a cheap planer; I knew I’d want a better one eventually, and sure enough, I found a need to upgrade after a few years. Now I’ve spent $3600 on planers. I could have just gone with the $3k one and saved myself $600.

If I’m going to use it once, I borrow it. If I’m going to use it every few months, I buy a cheap one. If I’m going to use it every week, then it’s worth it to me to buy something I can keep for at least a decade or two.

I think I’m misunderstanding how LDAP works. It’s probably obvious, but I’ve never used it.

If my switch is expecting a username and password for login, how does it go from expecting a web login to “the LDAP server recognizes this person, and they have permissions to access network devices, so I’ll let them in.”?

Also, to be clear, I’m referring to the process of logging in and configuring the switch itself, not L2 switching or L3 routing.

Like several people here, I’ve also been interested in setting up an SSO solution for my home network, but I’m struggling to understand how it would actually work.

Lets say I set up an LDAP server. I log into my PC, and now my PC “knows” my identity from the LDAP server. Then I navigate to the web UI for one of my network switches. How does SSO work in this case? The way I see it, there are two possible solutions.

• The switch has some built-in authentication mechanism that can authenticate with the LDAP server or something like Keycloak. I don’t see how this would work as it relies upon every single device on the network supporting a particular authentication mechanism.
• I log into and authenticate with an HTTP forwarding server that then supplies the username/password to the switch. This seems clunky but could be reasonably secure as long as the username/password is sufficiently complex.

I generally understand how SSO works within a curated ecosystem like a Windows-based corporate network that uses primarily Microsoft software for everything. I have various Linux systems, Windows, a bunch of random software that needs authentication, and probably 10 different brands of networking equipment. What’s the solution here?

I’m a big fan of ZFS, and I use it extensively. For a single hard drive, though, wouldn’t ext4 and a few NFS shares make a lot more sense?

I use it a lot for code improvements. “I’m doing XYZ in my code. This is not efficient. Is there an algorithm to improve this?” Often times, there is.

Even when I’m by myself, I often get the feeling like I’m in a “bubble,” and everything I’m looking at outside of myself is some other reality different from my own. It’s not a positive or a negative feeling, just kind of weird.

So to answer your question: Yes.

In the US at least, most equipment (unless you get into high-and datacenter stuff) runs on 120V. We also use 240V power, but a 240V connection is actually two 120V phases 180-degrees out of sync. The main feed coming into your home is 240V, so your breaker panel splits the circuits evenly between the two phases. Running dual-phase power to a server rack is as simple as just running two 120V circuits from the panel.

My rack only receives a single 120V circuit, but it’s backed up by a dual-conversion UPS and a generator on a transfer switch. That was enough for me. For redundancy, though, dual phases, each with its own UPS, and dual-PSU servers are hard ro beat.

What is human connection, though? It’s your brain releasing dopamine because you spent time with another person. It matters to you because it makes you feel good. Other things can make you feel good, too. The difference is that hobbies and activities won’t let you down. They won’t stop being your hobby because they’d rather spend time with someone else. People are unreliable and ultimately selfish at heart.

Say you make a friend. 60 years from now, you and your friend are both dead, and what’s left behind? Nothing. I’m not old, but I’m certainly not young either. It took me a while to realize that other people just don’t matter. In the end, nothing matters at all; everything you and I do is ultimately going to fade into irrelevance when we’re dead. Might as well make the most of the time we have alive, then; do something that makes you happy. Don’t rely on another selfish human being for your happiness.

You don’t. People need fulfillment, not human interaction. Find something you are passionate about and pour your time and effort into it. Buy a classic car and restore it. Learn how to make your own furniture. Start learning photography. Write a book. Develop a program or app. Start a fitness routine. Brew your own beer. Learn a foreign language. The list is endless.

What matters is doing something that brings you satisfaction. A hobby that involves creating something or improving yourself is so much better than wasting time with other people. Spend a day hanging out with friends, and what do you have at the end of the day? Nothing. Spend a day planting a garden, and what do you have at the end of the day? You have a nice garden.

Beer

I did some research on this, and it turns out you’re absolutely correct. I was under the impression that ECC was a requirement for a ZFS cache. It does seem like ECC is highly recommended for ZFS, though, due to the large amount of data it Storrs in memory. I’m not sure I’d feel comfortable using non-ECC memory for ZFS, but it is possible.

Anecdotally, I did have one of my memory modules fail in my TrueNAS server. It detected this, corrected itself, and sent me a warning. I don’t know if this would have worked had I been using non-ECC memory.

One thing to keep in mind if you go with an i5 or i7 is that you won’t have the option to use ECC memory. If you’re running TrueNAS, you’ll need ECC memory for the ZFS cache. A Xeon E5 v2 server is old, but still has a more than enough power for your use case, and they’re not particularly expensive.

If you need something more powerful, you can find some decent Xeon Gold systems on eBay, but they’ll be a bit more pricey. The new Xeon W chips are also an option, but at least for me, they’re prohibitively expensive.

I have ReVanced on my phone, STN on my TVs, and uBlock+SponsorBlock on my PCs. I was looking for an alternative that I could run on a server and would replace the various different apps I’m using. TubeArchivist ended up working perfectly for me; your mileage may vary.

I decided to give up on it. Looking through the docs, they recommend that due to “reasons,” it should be restarted at least daily, preferably hourly. I don’t know if they have a memory leak or some other issue, but that was reason enough for me not to use it.

I installed TubeArchivist, and it suits my needs much better. Not only do I get an archive of my favorite channels, but when a new video is released, it gets automatically downloaded to my NAS and I can play it locally without worrying about buffering on my painfully slow internet connection.

Oops. Yeah, I meant ZFS. Fixed.

That’s a very valid point, and certainly a reason to obfuscate the calendar event. I would argue that in general, if the concern is the government forcing you to decrypt the data, there’s really no good solution. If they have a warrant, they will get the encrypted data; the only barrier is how willing you are to refuse to give the encryption key. I think some jurisdictions prevent this on 5th amendment grounds, but I’m not not a lawyer.

I have a full-height server rack with large, loud, noisy, power-inefficient servers, so I can’t provide much of a good suggestion there. I did want to say that you might want to seriously reconsider using a single 10Tb hard drive.

Hard drives fail, and with a single drive, in the event of a failure, your data is gone. Using several smaller drives in an array provides redundancy, so that in the event of a drive failure, parity information exists on the other drives. As long as you replace the failed drive before anything else fails, you don’t lose any data. There are multiple different ways to do this, but I’ll use RAID as an example. In RAID5, one drive stores parity information. If any one drive fails, the array will continue running (albeit slower); you just need to replace the failed drive and allow your controller to rebuild the array. In a RAID5 configuration, you lose the space of one drive to parity. So if you have 4 4TB drives in a RAID5 configuration, you would have a total of 12TB of usable space. RAID6 lets you lose two drives, but you also lose two drives worth of space to parity, meaning your array would be more fault-tolerant, but you’d only have 8TB of space.

There are many different RAID configurations; far too many for me to go into them all here. You also have something called ZFS, which is a file system with many similarities to RAID (and a LOT of extra features… like snapshots). As an example, I have 12 10TB hard drives in my NAS. Two groups of 6 drives are configued as RAIDZ2 (similar to RAID6), for a total of 40TB usable space in each array. Those two arrays are then striped (like RAID0, so that data is written across both arrays with no redundancy at the striped level). In total, that means I have 80TB of usable space, and in a worst-case scenario, I could have 4 drives (two on each array) fail without losing data.

I’m not suggesting you need a setup like mine, but you could probably fit 3 4TB drives in a small case, use RAID5 or ZFS-RAIDZ1, and still have some redundancy. To be clear, RAID is not a substitution for a backup, but it can go a long way toward ensuring you don’t need to use your backup.

As someone who uses Nextcloud, why do you suggest obfuscating the name of the calendar event? My nextcloud instance is only accessible from outside my LAN via HTTPS, so no concern about someone using a packet sniffer on public WiFi or something of that sort. The server is located on my property, so physical security isn’t a real concern unless someone breaks in with a USB drive or physically removes the server from the rack and steals it. If someone was to gain access to my network remotely, they’d still need login credentials for Nextcloud or for Proxmox in order to clone the VM drive.

To be clear, I’m not disagreeing with you; I’m wondering if I may be over-estimating data security on my home network. Considering you’re posting from infosec.pub, I’m assuming you know more about this than I do.

Also, I feel like I need to say that the fact that OP even needs to consider data security for something like really makes me wonder how parts of our society have gone so wrong.