There are really two reasons ECC is a “must-have” for me.

• I’ve had some variant of a “homelab” for probably 15 years, maybe more. For a long time, I was plagued with crashes, random errors, etc. Once I stopped using consumer-grade parts and switched over to actual server hardware, these problems went away completely. I can actually use my homelab as the core of my home network instead of just something fun to play with. Some of this improvement is probably due to better power supplies, storage, server CPUs, etc, but ECC memory could very well play a part. This is just anecdotal, though.
• ECC memory has saved me before. One of the memory modules in my NAS went bad; ECC detected the error, corrected it, and TrueNAS sent me an alert. Since most of the RAM in my NAS is used for a ZFS cache, this likely would have caused data loss had I been using non-error-corrected memory. Because I had ECC, I was able to shut down the server, pull the bad module, and start it back up with maybe 10 minutes of downtime as the worst result of the failed module.

I don’t care about ECC in my desktop PCs, but for anything “mission-critical,” which is basically everything in my server rack, I don’t feel safe without it. Pfsense is probably the most critical service, so whatever machine is running it had better have ECC.

I switched from bare-metal to a VM for largely the same reason you did. I was running Pfsense on an old-ish Supermicro server, and it was pushing my UPS too close to its power limit. It’s crazy to me that yours only pulled 40 watts, though; I think I saved about 150-175W by switching it to a VM. My entire rack contains a NAS, a Proxmox server, a few switches, and a couple of other miscellaneous things. Total power draw is about 600-650W, and jumps over 700W under a heavy load (file transfers, video encoding, etc). I still don’t like the idea of having Pfsense on a VM, though; I’d really like to be able to make changes to my Proxmox server without dropping connectivity to the entire property. My UPS tops out at 800W, though, so if I do switch back to bare-metal, I only have realistically 50-75W to spare.

I have a few services running on Proxmox that I’d like to switch over to bare metal. Pfsense for one. No need for an entire 1U server, but running on a dedicated machine would be great.

Every mini PC I find is always lacking in some regard. ECC memory is non-negotiable, as is an SFP+ port or the ability to add a low-profile PCIe NIC, and I’m done buying off-brand Chinese crop on Amazon.

If someone with a good reputation makes a reasonably-priced mini PC with ECC memory and at least some way to accept a 10Gb DAC, I’ll probably buy two.

I think I’m misunderstanding how LDAP works. It’s probably obvious, but I’ve never used it.

If my switch is expecting a username and password for login, how does it go from expecting a web login to “the LDAP server recognizes this person, and they have permissions to access network devices, so I’ll let them in.”?

Also, to be clear, I’m referring to the process of logging in and configuring the switch itself, not L2 switching or L3 routing.

Like several people here, I’ve also been interested in setting up an SSO solution for my home network, but I’m struggling to understand how it would actually work.

Lets say I set up an LDAP server. I log into my PC, and now my PC “knows” my identity from the LDAP server. Then I navigate to the web UI for one of my network switches. How does SSO work in this case? The way I see it, there are two possible solutions.

• The switch has some built-in authentication mechanism that can authenticate with the LDAP server or something like Keycloak. I don’t see how this would work as it relies upon every single device on the network supporting a particular authentication mechanism.
• I log into and authenticate with an HTTP forwarding server that then supplies the username/password to the switch. This seems clunky but could be reasonably secure as long as the username/password is sufficiently complex.

I generally understand how SSO works within a curated ecosystem like a Windows-based corporate network that uses primarily Microsoft software for everything. I have various Linux systems, Windows, a bunch of random software that needs authentication, and probably 10 different brands of networking equipment. What’s the solution here?

I’m a big fan of ZFS, and I use it extensively. For a single hard drive, though, wouldn’t ext4 and a few NFS shares make a lot more sense?

I have always used Amcrest cameras; they’re not expensive, and they tend to work well. They do make requests back to amcrest.com, but I don’t know for sure if that’s anything nefarious or if it’s just part of their built-in “cloud” capability or perhaps they’re looking for firmware updates. They integrate nicely with BlueIris or Frigate. I use BlueIris in a VM with virtual network adapters to my home network and my “camera” VLAN. BlueIris is accessible through a reverse proxy, but the cameras themselves have no access to the outside world.

If you’re able to find a camera that doesn’t try to “call home,” I’d be surprised. At the very least, most manufacturers build in some kind of cloud accessibility into the camera’s firmware. In their defense, I think that most consumers want this capability; it’s much easier just to use the manufacturer’s app than to set up a self-hosted DVR.

So to answer your question, no, I don’t have a good suggestion, but I also don’t think that what you’re asking for really exists (as unfortunate as that is). You could always set up a small SBC (like a raspberry pi) with a USB camera, but at that point, it’d probably be more cost-effective to just buy off-the-shelf cameras and some VLAN-aware networking hardware.

This is one of several reasons why I keep all my cameras and any other IoT devices on a separate VLAN that has no access to the internet and no access to the rest of my home network. The only bridge is my DVR server, but that’s something I can’t get around.

Before it was set up this way, I saw a huge amount of requests on my DNS server from the cameras, each one resolving the manufacturer’s domain name. It was probably innocuous, but why take the risk? There is absolutely no reason whatsoever that a security camera needs access to anything.

In the US at least, most equipment (unless you get into high-and datacenter stuff) runs on 120V. We also use 240V power, but a 240V connection is actually two 120V phases 180-degrees out of sync. The main feed coming into your home is 240V, so your breaker panel splits the circuits evenly between the two phases. Running dual-phase power to a server rack is as simple as just running two 120V circuits from the panel.

My rack only receives a single 120V circuit, but it’s backed up by a dual-conversion UPS and a generator on a transfer switch. That was enough for me. For redundancy, though, dual phases, each with its own UPS, and dual-PSU servers are hard ro beat.

I probably should have specified I’m using libcurl, but I did try the equivalent of what you suggested. I even tried setting a list of user agents and having it cycle through. None of them work. A lot of anti-scraping methods use much more complex schemes than just validating the user agent. In some cases, even a headless browser will be blocked.

Speaking from experience, be careful you don’t become over-zealous in your anti-scraping efforts.

I often buy parts and equipment from a particular online supplier. I also use custom inventory software to catalog my parts. In the past, I could use cURL to pull from their website, and my software would parse the website and save part specifications to my local database.

They have since enacted intense anti-scraping measures, to the point that cURL no longer works. I’ve had to resort to having the software launch Firefox to load the web page, then the software extracts the HTML from Firefox.

I doubt that their goal was to block customers from accessing data for items they purchased, but that’s exactly what they did in my case. I’ve bought thousands of dollars of product from them in the past, but this was enough of a pain in the ass to make me consider switching to a supplier with a decent API or at least a less restrictive website.

Simple rate limiting may have been a better choice.

I’d like to hope that by the time Win10 is no longer supported, we have Win12 that doesn’t suck. The way things are going, though, I doubt it. I’m expecting that Win10 will be the last version of Windows I use.

I still prefer Windows over Linux for gaming and software development, but everyone has their limit. I am strongly opposed to advertisements, and when I can no longer block ads from my operating system, it’s dead to me.

I use a mixture of Linux and Windows 10 LTSC on my PCs/servers/VMs. I will be the first to admit that Windows does sometimes make sense to use. My desktop PC and my dev environment are both Windows 10.

That being said, what is the advantage in using Windows 11 over 10? As far as I can tell, it’s worse in every way. Built-in ads, a crappier UI, forced obsolescence with TPM requirements, and “feature” bloat that nobody asked for.

10 was a clear improvement over 8, but 11 just seems all-around worse.

I did some research on this, and it turns out you’re absolutely correct. I was under the impression that ECC was a requirement for a ZFS cache. It does seem like ECC is highly recommended for ZFS, though, due to the large amount of data it Storrs in memory. I’m not sure I’d feel comfortable using non-ECC memory for ZFS, but it is possible.

Anecdotally, I did have one of my memory modules fail in my TrueNAS server. It detected this, corrected itself, and sent me a warning. I don’t know if this would have worked had I been using non-ECC memory.

One thing to keep in mind if you go with an i5 or i7 is that you won’t have the option to use ECC memory. If you’re running TrueNAS, you’ll need ECC memory for the ZFS cache. A Xeon E5 v2 server is old, but still has a more than enough power for your use case, and they’re not particularly expensive.

If you need something more powerful, you can find some decent Xeon Gold systems on eBay, but they’ll be a bit more pricey. The new Xeon W chips are also an option, but at least for me, they’re prohibitively expensive.

I have ReVanced on my phone, STN on my TVs, and uBlock+SponsorBlock on my PCs. I was looking for an alternative that I could run on a server and would replace the various different apps I’m using. TubeArchivist ended up working perfectly for me; your mileage may vary.

I decided to give up on it. Looking through the docs, they recommend that due to “reasons,” it should be restarted at least daily, preferably hourly. I don’t know if they have a memory leak or some other issue, but that was reason enough for me not to use it.

I installed TubeArchivist, and it suits my needs much better. Not only do I get an archive of my favorite channels, but when a new video is released, it gets automatically downloaded to my NAS and I can play it locally without worrying about buffering on my painfully slow internet connection.

I’m strongly in favor of keeping things compartmentalized. I have two main servers: One is a Proxmox host with a powerful CPU and a few hard drives set up in a fast but not-so redundant array (I use ZFS, but my setup is similar to RAID10). Then a have second server that runs TrueNAS; the CPU is slower, but it has a large amount of storage (120TB physical) arrayed in an extremely fault-tolerant configuration.

My Proxmox box runs every service on my network, but all that gets stored the hard drives are the main boot disks. It backs up daily, so I’m not so concerned about drive failure. All my data is stored on the NAS, and it’s shared with the VMs via NFS, SMB, or iSCSI, depending on which is more appropriate.

For you, I’d recommend building a NAS, and keep all your important data there. Your NUC can host your services, and they can pull data from the NAS. The 256GB on your NUC will be more than enough to host whatever services you need.

4 Mbit is exceptionally slow by today’s standards; when I signed up for internet access (there’s only one provider available where I live), I told them “I will pay for whatever the fastest connection is that you can offer.” Turns out that’s just single-channel DSL. They won’t even install bonded DSL where I live, and believe me, I’ve tried. I do have Starlink as well, but because of the land around me, it’s always going to be obstructed by the land topology; when I calculated how high I would need to raise my antenna to avoid obstructions, it was several hundred feet. My pfSense box does a good job of routing traffic between my DSL connection and my Starlink connetion (and falling back when Starlink is obstructed), but for hosting anything, I need a stable connection. That leaves me with just my DSL connection.

Are you sure Youtube doesn’t pick video quality based on connection speed? It will frequently drop down to 360p when my connection speed is particularly shitty that day, and I’ll have to manually increase it (I’d rather have occasional buffering than a blurry mess).

Unfortunately, the only people who would actually want to see my home videos (family) live several thousand miles away. I’m also not sure they would even know what to do with an external HDD. Not a bad idea, though.