I get very far by just keeping a set of folders for each piece of equipment in a git repo.

Pictures, etc, and sometimes the PDF manual if I bother.

The difficult part here is being consistent over time - making sure you mark down when you bought things, serial numbers, etc. a proper website/app will force you to do this, but there is flexibility in having whatever convention you like most

Strongly agree. A guide for dead simple setups would be incredibly useful (e.g. gsuite as idp, oauth for a single app).

It took me a few days to get that basic setup working, and a few days more to improve it. But once it was up, it was rock solid.

Keycloak might seem a little daunting to start with, but is basically glue between your idp (ldap) and whatever apps need to authenticate.

or in Jerboa

Yes. I’ll read the content, but I try to avoid interacting.

Mind you, db0 himself is a tankie, although he doesn’t seem to insist on imposing that on the users or communities on his instance.

EDIT: I stand corrected. Apologies to db0 for lumping him in with that crowd.

TCP Selective Ack is very much a thing, but it does take extra memory so lots of TCP stacks exclude it or disable it by default.

TCP was never designed with wifi in mind. TCP retransmission was only ever meant to handle drops due to congestion, not lossy links.

Tmux is a wonderful complement to mosh. Together you get persistence even when your local client loses power (speaking from experience)

I worked with mosh for years to connect to servers on other continents. It was impossible to work otherwise. It only has two small warts: forwarding, and jump hosts.

The second is fixable/ish with an overlay network, but that isn’t always an option if you don’t control the network. I tried to solve this with socat but wasn’t able to configure it correctly - something about the socket reuse flag was very unhappy.

Also that in order to exploit this it requires an active man in the middle. Which requires any of the following:

• Reverse proxy hijack/NAT hijack - from a compromised machine near the server
• BGP hijack - stealing traffic to the real IP
• DNS hijack - stealing traffic to send to a different IP
• Malicious/compromised network transit
• Local network gateway control
• WAP poisoning - wifi roaming is designed really well so this is actually easier than it sounds.

Almost all of those have decent mitigations like 801.x and BGP monitoring. The best mitigation is that you can just change your client config to disable those ciphersuites though.