I wish there was one single unifying regex standard.

(obligatory xkcd in 3…2…)

Therefore the laptop is the disk controller and if you gracefully shut down the OS it will take care of all the housekeeping tasks to prepare a disk for safe shutdown (flush cache to disk, park heads on spinning rust, etc) and then it will be safe to turn off the PSU.

If you shut down the computer gracefully first before you power the disks off it should be ok more often than not, but you really should try to have everything on the same system so this can all be coordinated by the OS and the hardware.

As others have said, avoid powering the disks off before the OS has had a chance to shut down or your disks will NOT be in a recoverable state when everything comes back online.

I’m not even sure the setup you are describing would benefit at all from a different storage method, even “regular” writes could be in memory or controller buffers. External drives are not meant to have their power cut.

Probably not a lot of space savings, but certainly a reduction in complexity, which helps programmers keep everything together and frees their time to work on the newer stuff

Trademark suit from the premium cable channel in 5…4…

A lot of what Linux lacks is UI design, and at least 50+% of that is just because of what we got used to using other products.

Linux doesn’t work on TV

proceeds to name 3 distros that not only work but do gaming

My brother in Christ…

I had a double NAT setup like that. Run a firewall like OPNSense as a Proxmox VM, and give it a WAN interface on the ISP router’s IP range; then run everything else on a different subnet, using OPNSense as the gateway. On the ISP router, put OPNSense’s WAN IP in the DMZ. Then, do all your hardening using OPNSense’s firewall rules. Bonus points for setting up a VLAN on a physical switch to isolate the connection.

The ISP router will send everything to OPNSense’s WAN IP, and it will basically bypass the whole double NAT situation.

That is absolutely not the reason ANYONE recommends it, unless you are a complete noob and entirely unfamiliar with computer security at all, and are just pulling assumptions out of your ass. Don’t fucking do that, don’t post with confidence when you’re just making shit up because you think you know better. Because you don’t.

If there is a vulnerability in SSH (and it’s happened before), attackers could use that to get into root directly, quickly, and easily. It’s an instant own.

If root login is disabled, it’s way less likely that whatever bug it is ALSO allows them to bypass root login being disabled. Now they have to yeah, find a user account, compromise that, try to key log or session hijack or whatever they set up, be successful, and elevate to root. That’s WAY more work, way more time to detect, to install patches.

If the effort is higher, then this kind of attack isn’t going to be used to own small fry servers; it’s only be worth it for bigger targets, even if they’re more well protected.

If you leave root enabled, you’re already burnt. You’re already a bot in the DDoS network.

And why? You couldn’t be bothered to type one extra command in your terminal? One extra word at the start of each command?

Sorry bitch, eat your fucking vegetables

This is terrible advice.

“Just turn off your firewall bro, please bro, everyone just paranoid please bro enable remote root login bro 😢”

Then you can’t gain root privileges on your server. Are you really arguing for less security because it’s inconvenient?

This is end-user behavior and it’s honestly embarrassing. You should realize your security posture is much more important than “I left my phone on the other room”

The orange menace apparently just defunded it so we’ll see

Does Caddy use certbot to do the renewal? A long time ago DNS was a pain but now it seems like a lot of providers are supported.

If you are really looking for hassle-free this is it. LetsEncrypt root certificates are already trusted by most devices so when your friends come over and wanna control the media library or whatever you don’t need to install your locally hosted CA’s self-signed certificates on their phone.

Also certbot and a cron or systemd timer is all you need; people have rolled all these fancy solutions but I say keep it simple.

Hehehehe yeah you put it on full blast in your buddy’s dorm when he’s down the hall in the bathroom

I’m partial to AdGuardHome myself, but PiHole does the job well

Why would anyone use containers without compose?

Especially people who are newer? It’s far easier.

This is the way to go. Way more flexible than hardware raid and getting better all the time.

In ZFS-speak, instead of RAID 10 you’ll be doing “mirrored vdevs”

Quick, now lean a firewall with a good IDS

and fail2ban

I don’t think they do it to make us dumber (there are other methods for that) but to make it accessible to people who don’t already know better.

So, in this case, inadvertent is correct; Although it’s not without side effects.