Yes, but Google would not have done that if nobody used Firefox

Agree on both parts, but the second part can still be achieved from an unconnected car, you just can’t do it remotely

IPv6 does not require you to open your machine to the Internet, even without making use of a NAT. Sure you get an IP that’s valid on the whole internet, but that doesn’t mean that anyone can send you traffic.

Are these restrictions set out by the ISP or the dorm?

If you don’t do business with the ISP, then you don’t have to agree to and follow their terms.

So as long as the dorms doesn’t have rules against setting up your own WiFi, then you should be well within your rights to purchase an Internet connection from another provider, but since you are likely not allowed to get your own line installed, you are probably restricted to ISPs that provide a service over the cellular network.

Of course using a cellular connection will give you worse latencies for online games, but at least you can have your own WiFi with low latency for your VR.

If you want to be nice, you could then run as much of your Internet network over ethernet as possible, so you congest the air waves as little as possible, possibly only running the VR headset over WiFi, and maybe even only enabling the WiFi radio when you want to play VR. If all your WiFi devices support 5GHz, you might also completely disable your 2.4GHz WiFi, to leave the most congested frequencies alone.

To lower the chance of someone complaining about your WiFi, you should configure it as a “hidden network”, such that it doesn’t broadcast an SSID, and therefore doesn’t show up when people are looking for WiFi networks to connect to.

I really don’t see much benefit to running two clusters.

I’m also running single clusters with multiple ingress controllers both at home and at work.

If you are concerned with blast radius, you should probably first look into setting up Network Policies to ensure that pods can’t talk to things they shouldn’t.

There is of course still the risk of something escaping the container, but the risk is rather low in comparison. There are options out there for hardening the container runtime further.

You might also look into adding things that can monitor the cluster for intrusions or prevent them. Stuff like running CrowdSec on your ingresses, and using Falco to watch for various malicious behaviour.

No need for a physically separated network, that’s what VLANs are for

That sound like you need a more serious setup, where you can control the network priorities and set a QoS, so the devices that you use interactively get priority over the other devices.

So as far as I understand, you have

• Outer router (Comcast), which has WiFi enabled
• Inner router (your own), which has WiFi enabled, and further meshes with other WiFi mesh devices (or is the mesh separate?)
• A plain switch, for stuff you want cabled and fast

Is that correct?

Why not get the WiFi in the Comcast router disabled, and use your inner network exclusively, such that both WiFi and ethernet devices are on the same network?

That’s what I did with my network, and I even got the ISP to put their modem/router into bridge mode, so it’s completely transparent.

That makes perfect sense, and switching is definitely annoying then… But the person I responded to said they had multiple WiFi networks at home… E.g. Not on holiday

Why on earth would you have multiple WiFi networks in your home?

I have a few cheap cameras that can handle both WiFi and ethernet, they support an SD card, and they do continuous recording regardless of connection type.

ZFS doesn’t really support mismatched disks. In OP’s case it would behave as if it was 4x 2TB disks, making 4 TB of raw storage unusable, with 1 disk of parity that would yield 6TB of usable storage. In the future the 2x 2TB disks could be swapped with 4 TB disks, and then ZFS would make use of all the storage, yielding 12 TB of usable storage.

BTRFS handles mismatched disks just fine, however it’s RAID5 and RAID6 modes are still partially broken. RAID1 works fine, but results in half the storage being used for parity, so this would again yield a total of 6TB usable with the current disks.

SSD longevity seems to be better than HDDs overall. The limiting factor is how many write cycles the SSD can handle, but in most cases the write endurance is so high that it’s unreachable by most home/NAS systems.

SSDs are however really bad for cold storage, as they will lose the charge stored in their cells if left unpowered too long. When the SSD is powered it will automatically refresh the cells in the background to ensure they don’t lose their charge.

My home-assistant installation alone is too much for my Raspberry Pi 3. It depends entirely on how much data it’s processing and needing to keep in memory.

Octoprint needs to respond in a timely manner, so you will want to have the system mostly idle (at least below 60 percent CPU at all times), preferably octoprint should be the only thing running on the system unless it’s rather powerful.

If I were you, I would install octoprint exclusively on your Raspberry Pi 3, and then buy a Raspberry Pi 4 for the other services.

I’m running Pi-hole and a wireguard VPN on an old Raspberry Pi 2, which is perfectly fine if you are not expecting gigabit speeds on the VPN.

Well… If you want to earn A LOT of money before mainframes are entirely sunset, and are perfectly happy maintaining code that’s older than yourself and only working for very rigid banks… Then COBOL isn’t actually that bad of a choice…

If you like your sanity, you should probably tear clear, though.

Unfortunately true, but what a wonderful language it is.

It would be wonderful with something more granular than “NSFW”…

I would love if we got something even more granular like a "Content Warning: ".

Examples:

• Content Warning: nudity - might be a painting with nude people, might be a photo of nude people, in essence if it isn’t porn, but there’s exposed genitals, butts or breasts.
• Content Warning: porn - you can probably guess…
• Content Warning: gore - images with gore, people missing body parts, often dead as well.
• Content Warning: death - images with people dying, but without gore.
• Content Warning: blood - images with some blood, but no death or gore. (often seen in news articles)
• Content Warning: violence - people fighting, but without turning bloody.

These could of course be expanded with many more categories if need be.

EDIT: added violence by request

While shorter lived certs certainly improve the general security, certificate revocation lists are what you need if a cert gets compromised.

Wait until you set up cert-manager to issue both Let’s Encrypt certificates, as well as generating your own CA and issuing certs from your own CA where you can set the validity however want.