NaibofTabr

Er, wouldn’t that also set the value of human life to $0?

Surprising. Can’t imagine why.

Ugh, I don’t want to live in a tipping point in history.

Remember, RAID (or RAID-adjacent) is not a backup.

This. So much this. OP please listen to and understand this.

Even with full mirroring in RAID 1, it’s not a backup. Using the second drive as an independent backup would be so much better than RAID.

You SHOULD NOT do software RAID with hard drives in separate external USB enclosures.

There will be absolutely no practical benefit to this setup, and it will just create risk of transcription errors between the mirrored drives due to any kind of problems with the USB connections, plus traffic overhead as the drives constantly update their mirroring. You will kill your USB controller, and/or the IO boards in the enclosures. It will be needlessly slow and not very fault-tolerant.

If this hardware setup is really your best option, what you should do is use 1 of the drives as the active primary for the server, and push backups to the other drive (with a properly configured backup application, not RAID mirroring). That way each drive is fully independent from the other, and the backup drive is not dependent on anything else. This will give you the best possible redundancy with this hardware.

Which means it’s the US on one side an the rest of the world on the other

It won’t work out this way, no matter what happens.

1. Pacific Rim nations will probably stick with US interests over European interests, because the US is the only thing between them and China (at the moment). Europe doesn’t have the global presence or the interest to operate in the Pacific. This includes: Taiwan, Japan, Australia, New Zealand, South Korea, Singapore, the Philippines, etc. Even if the US is showing itself to be a less reliable partner, it is still not (yet) an active threat to their interests the way that China is.

2. Ukraine under Zelensky won’t just surrender to Russia and will probably tolerate a lot from the US in order to continue their defense efforts unless they are somehow offered EU membership/protection explicitly. I could see Ukraine breaking ties with the US if it meant joining the EU.

3. The above might give Trump the excuse to say openly that Ukraine “didn’t want peace” (via surrendering to Russia) and then declaring open support for Russia in the name of “peace”. Then it’s an out-and-out US-Russia partnership.

4. China will continue to pretend neutrality, continue to manipulate its rivals into destabilizing, continue using its neighbor countries to export its environmental disasters, and then invade Taiwan. If that doesn’t provoke direct conflict with the US, the rest of the Pacific Rim starts to look really vulnerable.

5. South America is… complicated. Obviously a lot of nations like The Dominican Republic and Colombia would side against the US with Venezuela. Argentina wouldn’t. Is Venezuela under direct US control/occupation at this point? Brazil is a founding member of BRICS, so they’re probably aligning with China and/or Russia, but they’ll probably stick to conflict avoidance as much as possible.

6. India might make some public statements of condemnation of imperialistic behavior to score political points, but that would be it. The only way they get involved in any conflict is if China is on the other side (or maybe Pakistan, but that’s more complicated).

7. Iran is in so much trouble right now with Tehran being completely out of water, and the internal economic strife. They’re still a power in the region, but not really in a position to influence things beyond their borders.

8. Canada won’t support US aggressive actions, but will also do almost anything to avoid direct conflict with the US. That’s a very difficult position which will produce confusing, noncommittal and seemingly self-contradictory actions and statements.

9. Africa…? No idea, really.

Whatever you do, and whoever you end up working with, document document document. Take notes.

And I mean on paper, in a notebook, something that can’t crash or get accidentally deleted and doesn’t require electricity to operate.

You’re doing this for yourself, not for a boss, which means you can take the time to keep track of the details. This will be especially important for ongoing maintenance.

Write down a list of things you imagine having on your network, then classify them as essential vs. desired (needs and wants), then prioritize them.

As you buy hardware, write down the name, model and serial number and the price (so that you can list it on your renter’s/homeowner’s insurance). As you set up the devices, also add the MAC and assigned IP address(es) to each device description, and also list the specific services that are running on that device. If you buy something new that comes with a support contract, write down the information for that.

Draw a network diagram (it doesn’t have to be complicated or super professional, but visualizing the layout and connections between things is very helpful)

When you set up a service, write down what it’s for and what clients will have access to it. Write down the reference(s) you used. And then write down the login details. I don’t care what advice you’ve heard about writing down passwords, just do it in the notebook so that you can get back into the services you’ve set up. Six months from now when you need to log in to that background service to update the software you will have forgotten the password. If a person you don’t trust has physical access to your home network notebook, you have a much more serious problem than worrying about your router password.

Because they want step-by-step guidance and support, and design help, and long-term support, not just a few questions answered.

This is a job. The kind of work that IT consultants get paid for. A fair rate would be US$100/hr, minimum, for an independent contractor.

You can just use openssl to generate x509 certificates locally. If you only need to do this for a few local connections, the simplest thing to do is create them manually and then manually place them in the certificate stores for the services that need them. You might get warnings about self-signed certificates/unrecognized CA, but obviously you know why that’s the case.

This method becomes a problem when:

1. You need to scale - manually transferring certs is fine maybe half a dozen times, after that it gets real tedious and you start to lose track of where they are and why.
2. You need other people to access your encrypted services - self-signed certs won’t work for public access to an HTTPS website because every visitor will get a warning that you’re signing your own encryption certs, and most will avoid it. For friends and family you might be able to convince them that your personal cert is safe, but you’ll have to have that conversation every time.
3. You need to implement expiration - the purpose of cert expiration is to mitigate the damage if the cert private key leaks, which happens a lot with big companies that have public-facing infrastructure and bad internal security practices (looking at you, Microsoft). As an individual, it is still worthwhile to update your certs every so often (e.g. every year) if for no other reason than to remind yourself how your SSL infrastructure is connected. It’s up to you whether or not it’s worth the effort to automate the cert distribution.

I’ve used Letsencrypt to get certs for the proxy, but the traffic between the proxy and the backend is plain HTTP still. Do I need to worry about securing that traffic considering its behind a VPN?

In spite of things you may have read, and the marketing of VPN services, a VPN is NOT a security tool. It is a privacy tool, as long as the encryption key for it is private.

I’m not clear on what you mean by “between the proxy and the backend”. Is this referring to the VPS side, or your local network side, or both?

Ultimately the question is, do you trust the other devices/services that might have access to the data before it enters the VPN tunnel? Are you certain that nothing else on the server might be able to read your traffic before it goes into the VPN.

If you’re talking about a rented VPS from a public web host, the answer should be no. You have no idea what else might be running on that server, nor do you have control over the hypervisor or the host system.

Huh, isn’t duckweed pretty easy to grow?

Yes, you are the very bravest of armchair warriors. Congratulations on the virtue signaling.

And so did Rimworld, and there’s room for more.

That didn’t happen.
And if it did, it wasn’t that bad.
And if it was, that’s not a big deal.
And if it is, that’s not my fault. <-- you are here
And if it was, I didn’t mean it.
And if I did, you deserved it.

A Narcissist’s Prayer

What are you, 12?

“asked”?

Build a bridge out’ve 'em!

Targeting US citizens exercising their right to free expression is anti-American.

This is a ploy. Cuellar publicly snubs Trump to appeal to anti-Trump voters and drag votes away from other, better candidates.

Good! So, how do we tell whether they are made of wood?

…states’ rights?