Why can’t you just have a long lived internally signed cert on your archaic apps and LE at the edge on a modern proxy? It’s easy enough to have the proxy trust the internal cert and connect to your backend service that shouldn’t know the difference if there’s a proxy or not.

Or is your problem client side?

Automated certificates are relatively new and pretty neat. Killing off the certificate cartels is an added bonus.

You could try a path unit watching the cert directory (there are caveats around watching the symlinks directly) or most acme implementations have post renewal hooks you can use which would be more reliable.

You could try using the DNS challenge instead; I find it a lot more convenient as not all my services are exposed.

I have smart plugs from Innr, Samsung, Aqara (I think) and have never experienced the problem you’re speaking of. Mine are all ZigBee – not sure what yours are.

That said, I just got a bunch of Shelly EM Mini G4 and put them in some PowerPoints and they work great.

If you don’t mind some basic wiring they’re easy to set up.

https://youtu.be/L3LbxDZRgA4

I consider someone being hard to replace as a problem that may or may not be their fault. If they’re actively hoarding knowledge and skills, it’s better to bite the bullet.

Personally, I try to make myself unnecessary in my roles by empowering my people. If they can’t operate without me being arbitrarily absent for a month, I’ve fucked up.

I’m all for tolerance but why should the circumstances of the individual matter? A single non-parent might have just as good a reason for being late.

Not really with the same flexibility.

You only get usable capacity of the smallest disk in a vdev or you have to add a new vdev with your newly sized disks.

Unraid lets you mix and match however you like and get all the usable capacity (as long as your parity is your largest sized disks).

Sure. Open the app drawer, long press an app and there’s a weird icon towards the bottom of the list with a plus symbol that’ll let you add a new tag.

After you’ve done that you can long press on the tags at the top to add/remove apps in bulk.

I can’t argue, but there are benefits.

If you need something running 24/7 then on-prem may work out cheaper for you. Keep in mind you need a team of server monkeys to keep that running, and your company’s security certifications will come nowhere near that of a major cloud provider.

Cloud is good for elastic workloads. And you can save money that way if you’re set up for it. A simple lift and shift will always be more expensive. But doing things like moving build tasks to spot instances and auto scaling capacity in peak periods is a huge win. No need to over provision your DC and no need to upgrade your hardware – generally AWS releases new products at roughly the same price as old but with increased performance. You get upgrades “for free”* with no capex.

Again I’m not saying that your circumstance means that cloud isn’t more expensive. But there are medium term benefits.

AWS refused to offer hybrid as an option for years. They’ve changed their tune in the past 5 or so. No reason not to take advantage and do what mix makes sense for you.

I’m legitimately curious to understand more (not challenging your assertions). They offer hosted Jira/Confluence and probably other stuff no-one cares about.

What’s the problem with adoption?

Cisco, HP, and many other “Enterprise” switches will take a minute or two to start forwarding frames after boot.

Doesn’t really excuse Ubiquiti but that’s what they’re trying for.

Octopi and Smart Launcher also have tabs.

I was until the announcement. It worked for me. I liked the tag based app drawer and nova search.

I’m now oscillating between smart launcher and octopi launcher. Changing your habits is difficult.

Why are you searching for a solution to a problem you don’t have?

There’s nothing wrong with systemd.

A litre of cola.

Honestly, these days I have no idea. When I said “wouldn’t recommend” that wasn’t an assertion to avoid; just a lack of opinion. Most of my recent experience is with Cloud vendors wherein the problem domain is quite different.

I’ve had experience with most of the big vendors and they’ve all had quirks etc. that you just have to deal with. Fundamentally it’ll come down to a combination of price, support requirements, and internal competence with the kit. (Don’t undermine the last item; it’s far better if you can fix problems yourself.)

Personally I’d actually argue that most corporates could get by with a GNU/Linux VM (or two) for most of their routing and firewalling and it would absolutely be good enough; functionally you can do the same and more. That’s not to say dedicated machines for the task aren’t valuable but I’d say it’s the exception rather than rule that you need ASICs and the like.

I agree. GeoIP was never a good idea, but here we are. Any ASN could be broken up and routed wherever (and changed) but it’s still far too prevalent.

I might be misunderstanding. It’s definitely possible to have as many IPv4 aliases on an interface as you want with whatever routing preferences you want. Can you clarify?

I agree with your stance on deployment.