Max

I use bitwaarden and stratum since it has a wearos app as well and it’s nice to use that for 2fa codes

Entirely unrelated, but I love how this makes it seem like magical items emit radiation that gets blocked by objects and gets detected by the geiger counter spell that is detect magic.

Why shutdown the homelab in the first place? Are you trying to save on power consumption?

The other idea I had was to use another lower power device spoofing the server’s Mac. But it seems like it would require an ethernet hub and those don’t really exist anymore.

On an entirely different note, as far as I’m aware secure boot should have zero noticeable performance impact, and if it does, that means that something is going horribly wrong. Guides tell you yo disable secure boot because it’s annoying/semis complicated to administer and makes installing out of kernel modules harder (like the nvidia drivers), not because it has a performance or stability impact on the system.

Hmm. If it’s persistent across installs then something is definitely borked. My next step would be to download the livecd images of a couple distributions and see if the audio works while booting into any of those live environments (ventoy makes this really painless)

When you reinstall, you’re not keeping any configuration, right?

If none of the livecd images work I’d liveboot windows and see if audio works there. If it doesn’t, definitely a hardware issue. If it does, then see if it starts working under Linux again. If it doesn’t, then something is incredibly cursed and I’m out of ideas since it used to work there.

Edit: a stupid question: do you have the right output profile selected for the card. Something like stereo duplex?

That sounds like a pretty cursed occurrence. As you get more familiar with the structure of your operating system, I’ve found diagnosing and fixing weird issues gets a lot easier. You also get a better sense of what component is responsible for what and what commands let you investigate.

I think it’s reasonable to say that weird issues don’t stop though. At least for me. I always had tons of weird occurrences on windows too. What feels different about Linux is that I try and figure them out because it’s possible I can. Where on windows I would just accept that x was broken.

For a random question in case it’s the same no audio bug I encountered recently: Do you happen to play audio via HDMI? And does any audio sink (speakers, etc…) show up in sound settings?

Also do you happen to be using an nvidia gpu (and if so, is it a laptop with an Intel CPU as well?). That freezing issue used to happen to me all the time with some games and it was entirely due to nvidia’s Linux driver bugs.

Yeah it’s worked everywhere I’ve tested. But that’s only really been airport WiFi, so I’m not sure it’s indicative of it working in general. It’s easy enough to setup for testing that it’s probably worth a shot

I like zerotier over wireguard because it’s one layer lower. So anything that uses Ethernet frames can be routed over it like it was a network switch plugged into your computer. This is probably why mdns works.

Sorry I completely misread your comment to be saying that the maximum efficiency was 50% not that it occurred at 50%.

I don’t think this is quite right. See https://physics.stackexchange.com/questions/647487/can-you-exit-the-event-horizon-with-a-rocket/647494#647494 Though it depends on what you mean by ‘gravity’

I believe for the highest efficiency you only want to use about half of the rated power of the PSU. So if your system draws 350W, 700 is a very reasonable power supply

How does paleo art work now? What’s done differently?

This is a really good question!

I believe the general answer is, until the compressed file is indistinguishable from randomness. At that point there is no more redundant information left to compress. Like you said, the ‘information content’ of a message can be measured.

(Note that there are ways to get a file to look like randomness that don’t compress it)

By default, an enencrypted boot drive is not sufficient to be able to decrypt a LUKs drive. If you have to type in your password to start the computer/unlock LUKs then you should be good.

If you’ve setup a keyfile or TPM based decryption of LUKS, then your data is probably not safe (though a TPM based decryption could be if the OS is secure and secure boot is setup properly)

In this case, if you have another server then you could setup a mutual tang/clevis system where each device gets the keys it needs from the other server on the LAN. Both would be LUKs encrypted. So if one is online the other gets the required key from the online one while booting. But if both are offline then no keys are available and you have to type in a LUKS password to boot. Something like https://www.ogselfhosting.com/index.php/2023/12/25/tang-clevis-for-a-luks-encrypted-debian-server/ but what they do with multiple servers is probably overkill

I semi-regularly put the milk in the cupboard and usually realize when I try to put the cereal in the fridge and it doesn’t fit

I think this is only true for some non intuitive definition of “temperature” of the light source. Fireflies aren’t a blackbody radiator, while the sun largely is. You absolutely can use non-equilibrium/non-blackbody light sources to heat something to hotter than the source. For example, lasers can heat something extremely hot while remaining “cool” (unless you’re considering the non equilibrium temperature of their excited atoms/electrons, which isn’t really fair.)

What about solvespace web build: https://github.com/solvespace/solvespace/tree/emscripten#building-for-web

I don’t know a lot about tailscale, but I think that’s likely not relevant to what’s possible (but maybe relevant to how to accomplish it).

It sounds like the main issue here is dns. If you wanted to/were okay with just IP based connections, then you could assign each service to a different port on Bob’s box, and then have nginx point those ports at the relevant services. This should be very easy to do with a raw nginx config. I could write one for you if you wanted. It’s pretty easy if you’re not dealing with https/certificates (in which case this method won’t work anyway).

Looking quickly on google for npm (which I’ve never used), this might require adding the ports to the docker config and then using that port in npn (Like here). This is likely the simplest solution.

If you want hostnames/https, then you need some sort of DNS. This is a bit harder. You can take over their router like you suggested. You could use public DNS that points at a private IP (this is the only way I’m suggesting to get public trusted ssl certificates).

You might be able to use mdns to get local DNS at Bob’s house automatically, which would be very clean. You’d basically register like jellyseer.local and jellyfin.local on Bob’s network from the box and then setup the proxy manager to proxy based on those domains. You might be able to just do avahi-publish -a -R jellyseer.local 192.168.box.ip and then avahi-publish -a -R jellyfin.local 192.168.box.ip. And then any client that supports mdns/avahi will be able to find the service at that host. You can then register those names nginx/npn and I think things should just work

To answer your questions directly

1. Yes I think just a box can work
2. I think locations are going to be a nightmare. don’t use them if you can avoid it. Also plain nginx really isn’t so bad, and you can learn pretty quickly. this is probably fine in npn though
3. I don’t think you need to dive into iptables or anything like that. Iptables would provide a lower level proxying (level 3 instead of like level 7), which could be useful if you’re running non http services, but isn’t necessary for 99% of web stuff.
4. I think part of the problem might be working with higher level systems like npn, but a lot of it is just that networking involves so many layers and there are multiple solutions to any problem, all of which require knowing somewhat what’s happening under the surface to understand why they’re failing

I’d be happy to try and give more specifics if you choose a path similar to one of the above things.

Yeah openwrt should be great. It uses nftables as a firewall on a Linux distribution. You can configure it through a pretty nice ui, but you also have ssh access to configure everything directly if you want.

The challenge is going to be what the ISP router supports. If it supports bridge mode then things are easy. You just put your router downstream of it and pretend like it’s a modem. Then you configure openwrt like it’s the only router in the network. This is the opposite of what you’ve suggested, using the upstream ISP router in pass through and relying on the openwrt router to get the ipv6 GUA prefix. (You might even be able to get a larger prefix delegated if you set the settings to ask for it)

If you don’t have bridge mode then things are harder. There’s some helpful information here https://forum.openwrt.org/t/ipv6-only-slaac-dumb-aps/192059/19 even though the situation is slightly different since they also don’t want a firewall. But you probably need to configure your upstream side on the openwrt router similarly.

Also looking more, the tplink ax55 isn’t supported by openwrt. If you don’t already have it, I’d get something that does. (Or if the default software on the ax55 supports what you want, that’s fine too. I just like having the full control openwrt and similar gives)

I’d recommend something that you can put openwrt or opnsense/pfsense on. I think the tplink archers support openwrt at least.

The ISP router opening things at a port level instead of a host level is kinda insane. Do they only support port forwarding? Or when you open a port range can you actually send packets from the WAN to any LAN address at that port.

Can you just buy your own modem, and then also use your own router? (If the reason you need the ISP router is that it also acts as a modem).

Does the ISP router also provide your WiFi? If it does you should definitely go with a second router/access point and then disable the one on the ISP router.