QUIC works hand-in-hand with HTTP/3’s multiplexed connections, allowing multiple streams of data to reach all the endpoints independently, and hence independent of packet losses involving other streams. In contrast, HTTP/2, which is carried over TCP, can suffer head-of-line-blocking delays if multiple streams are multiplexed on a TCP connection and any of the TCP packets on that connection are delayed or lost.

SCTP was going to do that too. It hasn’t seen much uptake.

https://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol

Features of SCTP include:

• Delivery of chunks within independent streams eliminates unnecessary head-of-line blocking, as opposed to TCP byte-stream delivery.

Honestly, a lot of people are probably posting in !selfhosted@lemmy.world when their questions really are better-suited to another community. Not just on hardware, but on other technical questions. I don’t think that it’d be a bad thing if they posted in the other places.

However.

End of the day, you need to split up a community when either (a) the traffic is too much of a firehose of content to be able to identify the most-interesting stuff, which isn’t the case for me for this at all or (b) there’s too much unrelated stuff showing up and people are getting a lot of stuff that they don’t want thrown at them. I think that there’s enough overlap between the interests and knowledge of most of the subscribers here and what’s covered that it’s probably not producing a lot of stuff that they aren’t interested in or where their knowledge isn’t relevant.

Like, we have a handful of video-game-specific communities, but they see so little traffic that just using general-purpose video gaming communities like !games@lemmy.world still works pretty well. Maybe some genre-specific communities, like !shmups@lemmus.org.

I think that if we, say, grew the Threadiverse userbase by a factor of ten, then some of the higher-traffic communities that exist now really should split up. But as it is, I personally am not too fussed about having more-centralized stuff from a user standpoint. I tend to say “I’d like to have more traffic in the communities I’m in” than “there’s too much traffic and I need help in filtering it down”.

change the default SSH port

Any port scanner — take nmap — is going to turn this up. $ nmap -p0-65355 <hostname> takes a little longer than checking a single port, but what’s the threat that you’re worried about? Someone brute-forcing a password? That’s going to take a hell of a lot longer than that, and you use strong passwords that will make that wildly impractical, right? A zero-day remote exploit in OpenSSH’s sshd? If someone gets one of those, they probably aren’t going to waste it on you.

SSH is also trivial to fingerprint as a protocol. Here’s me running netcat to my local SSH instance:

$ nc localhost 22
SSH-2.0-OpenSSH_10.0p2 Debian-7+deb13u2
^C
$

It ain’t rocket science to identify an SSH server.

I personally think that port-knocking isn’t a great idea and just adds hassle and brittleness to something, but I’d do a port-knocking setup before I tried running sshd on a nonstandard port.

If you honestly don’t trust SSH, then okay, fine, wrap it with a VPN or something with real security so there’s another layer (of course, that raises the issue of whether you trust the VPN software not to have remote exploits). Or have one host that you can reach and bounce from there to another host or something.

There are ways that I’d say are useful to try and secure an SSH instance. Use keys rather than passwords. Whitelist user accounts that can be connected to remotely.

But anyone who is likely to be a real risk to your system is going to be able to find an ssh server running on a nonstandard port.

I’m rather concerned about what I do when my Surface Pro 7 dies

Well, most of what I’ve seen expects memory prices to be coming down in 2028. So if it’s got two years of use in it, you’re probably good.

If you’re desperate for a laptop sooner and cheaper, you can get used laptops on eBay (well, maybe somewhere else if you’re not in the US; dunno what the used PC market is like globally).

so I figured that using pipewire to co-ordinate this would be the easiest way forward, except it turns out that it’s a (GUI) user space process, which doesn’t make sense on a server with no GUI users.

I’m not entirely sure what you mean by “(GUI) user space process”, but if it’s that it’s a systemd user process (e.g. it shows up when you run $ systemctl --user status pipewire rather than $ systemctl status pipewire, which appears to be the case on my system, where there’s one instance running per user session), then you probably can run it as a systemwide process, where there’s just one always-running process for the whole system. IIRC, PulseAudio could run in both modes. I don’t know if you have concerns about security on access to your mic or something, but that could be something to look into.

searches

Sounds like it’s doable. Not endorsing this particular project, which I’ve never seen before, but it looks like it’s possible:

https://github.com/iddo/pipewire-system

PipeWire System-wide Daemon Package (Arch Linux)

This package configures PipeWire, WirePlumber, and PipeWire-Pulse to run as a single system-wide daemon as the root user. This setup is optimized for headless media servers, HTPCs, or multi-user audio environments.

every hardware website I’ve checked so far, either don’t have any mini pcs, nucs or similar, or they have zero information about the hardware.

Well, if they give you the manufacturer and model number, you should be able to look them up with the manufacturer.

I’m not on there, but you might have more luck in !localllama@sh.itjust.works

You might also want to list the hardware that you plan to use, since that’ll constrain what you can reasonably run.

Ah, so I bet what they’re doing is looking like a single VPN from the Android OS level, setting a default route into that, and then doing routing in userspace.

I have not used such a configuration, but I believe that it’s fine to have multiple WireGuard VPNs concurrently up, at least from a Linux client standpoint. I have no idea whether your phone’s client permits that — it could well be that it can’t do it.

Your routing table would have the default route go to a host on one of them (and your Internet-bound traffic would go there), but you should be able to have it be either. Or neither — I’ve set up a WireGuard configuration with a Linux client where the default route wasn’t over the WireGuard VPN, and only traffic destined for the LAN at the other end of the WireGuard VPN traversed the WireGuard VPN.

From Linux’s standpoint, a WireGuard VPN is just like another NIC on the host. You say “all traffic destined for this address range heads out this NIC”. Just that the NIC happens to be virtual and to be software that tunnels the traffic.

EDIT:

It sounds like this is an Android OS-level limitation:

https://android.stackexchange.com/questions/261526/are-there-technical-limitation-to-multiple-vpns

In the Android VPN development documentation you can find a clear statement regarding the possibility to have multiple VPNs active at the same time:

There can be only one VPN connection running at the same time. The existing interface is deactivated when a new one is created.

That same page does mention that you can have apps running in different profiles using different VPNs at the same time. That might be an acceptable workaround for you.

https://en.wikipedia.org/wiki/.wtf

I have additional sound deadening material if I need to apply it but I’m not there yet.

That’s probably a pretty good idea in terms of cost. I checked earlier when I made the comment to see what the price difference these days was, and IIRC a non-isolated 18U is ~$800 and an isolated 18U is ~$1800. They aren’t putting anything like $1k of sound-absorbing material into the rack.

Heh. Someone else in this thread posted an image that has three disconnected Elitedesks just stacked on each other on the bookshelf housing their homelab, another powered-on one, and what I think might be two or three more Elitedesks that are partially-obscured.

Thanks!

I’m still not using one. The problem is that you’ve got two classes of devices that haven’t quite converged to what I want.

UPS

Traditionally, the purpose of UPSes isn’t to keep systems running (other than through very short outages). It’s to do one of the following:

• Provide a small amount of buffer until a backup power system, like a generator, has time to come online.

• Give the systems time to shut down cleanly. If the user is right there, they have time to save their work. This was particularly an issue before journaled filesystems became the norm, since an unclean shutdown in the era when Windows was using FAT, Linux was using ext2, and MacOS was using HFS had at least the possibility to corrupt your filesystem. They have the ability to report their charge level to an attached computer so that it knows when the battery level is critical and then software on it can start it shutting down. On Linux, the most-common software package to do this is Network UPS Tools, or NUT.

These things don’t need a lot of capacity. They rarely get drained, so they usually use lead-acid batteries, which are heavy and don’t have many full charge-discharge cycles in them (but are pretty happy staying fully charged all the time). You can still get these. The lead-acid batteries are replaceable, though, so an old UPS can keep going for a very long time.

Powerstation

These are designed to keep attached devices running for a longer period of time. Unfortunately, they have a couple of important limitations for powering computer systems.

• They do not normally have the ability to report their charge level. Irritatingly, they do nearly always have a voltmeter rigged up to some software to map voltage to charge remaining to drive a ‘charge remaining’ display on the device, and there are USB HID device classes for reporting charge levels to a host OS, but for some reason, powerstation manufacturers don’t seem to have an interest in making a powerstation that has the latter functionality. NUT does have a USB HID backend, which means that it can monitor and shut down a system if they’d expose it. I’d really prefer the ability to treat one of these as a laptop-style battery, as Linux (as well as other OSes) have the ability to hibernate on low battery. On Linux, these show up as /sys/class/power_supply/BAT*, and there’s lots of software to display charge information and act based on low levels…but AFAICT from looking around the kernel, there is no way to get the kernel to deal with a USB HID device reporting remaining charge like this as a BAT device.

• Computer power supplies can only smooth out so much of an interruption in their power. Computers rely on something on the order of a 10 millisecond transfer time after AC goes out until the UPS needs to be running full-tilt. searches ATX PSUs apparently are only required to operate for 16 milliseconds without power. Other hardware attached may or may not actually deal well with interruptions, but obviously the shorter the transfer time, the better. It looks like line-interactive UPSes tend to do something like 3-6 milliseconds. The problem is that a lot of powerstations have a transfer time in excess of this.

There are some LFP UPSes now, but these have their own disadvantages. They tend to be fairly pricey, and the batteries are often not replaceable, which means that unlike the old lead-acid UPSes, when the battery dies (which will take longer than with a lead-acid battery), the whole device is also going to the landfill.

And lastly, you have the problem that while lead-acid batteries are pretty mature and prices are pretty stable, LFP battery prices are coming down (and sodium-ion might start competing with them for fixed batteries). If batteries are cheaper in the future, waiting means a better deal.

I don’t currently run a UPS on my systems (though I have in the past). I kind of decided that if I’m going to run a UPS, I’m probably going to just bite the bullet and use the combination of a traditional lead-acid UPS and an LFP powerstation, with the UPS plugged into the powerstation. In that configuration, the powerstation provides provides the longer-running power, and the UPS deals with short transfer time and warning computer systems that power is about to go out. This isn’t perfect, because (a) your computing devices can’t see the remaining charge on the powerstation in an outage (b) at some point, one still has to toss the LFP powerstation, and (c) there’s a little extra hardware involved. However, it also has a number of benefits:

• Lead-acid UPSes pretty much always have replaceable batteries. One can keep the UPS around, though the batteries will have to be periodically replaced.

• The UPS will provide time for the system to shut down.

• UPSes are designed specifically for this, and have short transfer times. You don’t need to worry the way one might about a powerstation having marginal transfer time.

• You can get a lot of AC-related functionality in UPSes, like online capability (which will clean up the power, if you want), which isn’t generally available in powerstations.

• You can upgrade the “powerstation”, even (if you want) doing a build-your-own thing with separate cells and an inverter and charge controller (which is generally more cost-effective for larger systems) down the line. These discrete-component systems are also a lot easier to provide human monitoring of remaining charge, since you can pick the components (and worst case, all you need to do is connect a voltage sensor that can talk to a computer to it), though they don’t integrate as nicely off-the-shelf with something like NUT as do traditional UPSes.

I’m not saying that this UPS+separate-battery-system is the only route to take, but I spent some time banging my head on it, and wanted to share if anyone else is similarly thinking about the same thing – that there may be a good argument to have a traditional UPS and some kind of separate battery system.

I remember looking at Sysracks racks a while back when I was trying to find sound-absorbent enclosed racks (which they do make, though I didn’t get one; wasn’t willing to pay for it, as they come at a very large premium). They were one of the very few companies making them. I don’t think that those particular ones are the sound-absorbent models, but their name stuck in my head.

Old system 76 machine from a while back. Its what is running a majority of my services for self hosting. Only one screw keeps the case together, since I get into the insides quite often.

If you get bored and adventurous:

https://en.wikipedia.org/wiki/Computer_case_screws

Computer case screws are the hardware used to secure parts of a PC to the case. Although there are numerous manufacturers of computer cases, they have generally used three thread sizes.

The #6-32 UNC screws are often found on 3.5" hard disk drives and the case’s body to secure the covers. The M3 threaded holes are often found on 5.25" optical disc drives, 3.5" floppy drives, and 2.5" drives. Motherboards and other circuit boards often use a #6-32 UNC standoff. #4-40 UNC thumb screws are often found on the ends of DVI, VGA, serial and parallel connectors.

You might be able to get a box of thumbscrews in the appropriate diameter and go toolless. I’ve had a number of computer cases that ship with those (my current desktop case just uses magnets, doesn’t even have the thumbscrews). I have had a lot of less-than-ideal toolless things in the past, including poorly-designed toolless hard drive mounting stuff that wound up being a lot more work than the traditional tool-requiring stuff, but for the screws that keep the case closed, going toolless has always been a big win for me.

Re: the cabling up top there, there’s some Reddit subreddit devoted solely to people showing off their spiffy cable-routing.

searches

Might be:

https://old.reddit.com/r/CableManagement/top/?sort=top&t=all

Though that looks like in-PC-case cabling. I thought that it dealt more with network cables.

searches more

Ah. I think this:

https://old.reddit.com/r/cableporn/top/?sort=top&t=all

It looks like we do have a !cableporn@lemmy.world, but basically nobody is posting.

beverages

That desk is about a million times cleaner than mine.

¯_(ツ)_/¯

You want a double-backslash in Markdown.

¯\_(ツ)_/¯

yields

¯_(ツ)_/¯

Whereas:

¯\\_(ツ)_/¯

yields

¯\(ツ)/¯