Of the things people complain about that systemd brings in, this is among the least offensive. It makes sense for an init system to provide such functionality, the function of spawning new system processes.

Additionally, in modern systems it doesn’t make sense to use such features. Spawning a new process per request or on demand doesn’t gain you much and does reduce performance.

Spawning new processes on most OS is pretty slow compared to other operations. Additionally, there would also be an increase in latency as the new process needs to be loaded, whereas most software these days can handle the new request in more efficient ways.

I think you can also try to reuse the same process for multiple requests, stopping it only once it has been quiet for a while. But this still doesn’t really help much.

Historically, i think it was used to try to save memory. But today its a bigger nusance than it is worth. I just checked how much memory sshd is using, and i think it is less than 10mb.

total kB 8508 6432 1160

And to be clear, you theoretically can’t save much if any memory doing this because you must have enough memory available to be able to run the process, otherwise bad things will happen or some other process gets oomed.

Additionally, spawning a new process per request can represent an availability violation. An attacker could launch a series of very slow connections to a server spawning a new process per request, causing a depletion of resources.

With all that said, I wouldn’t say there are no uses at all for this, it can be useful to make very minimal network connected software that does some very basic stuff in a secure network.

GRUB is still the standard bootloader in physical deployments because it is the most likely to work and supports most of the features you might want in a bootloader.

UKI based booting is interesting since it seems like it might support even more features. But the last time I tried to test it, there wasn’t a ton of documentation on it and the software still seemed a bit green and inflexible.

For example, my main computer right now has a completely redundant boot process. I have 2 disks which each have an efi system partition. And the root file system is btrfs raid1 across 4 disks. This was very easy to set up and completely supported by grub with no custom configuration needed. The only slightly tricky thing I had to do to install the second efi was to use an extra flag.

Missouri is already ignoring certain federal law, so it might not matter.

If you don't want to risk getting a ban at all, the only safe thing is to not connect to the internet at all. Maybe there is some level of safety, but it could take only one mistake.

If we assume that we fully understand how nintendo catches this, we would still only ubderstand at that point in time. They could still change or push updates which could cause you a problem.

If you want something similar to vim or neovim, but without all the fuss learning how to configure it and install plugins and such, you could try helix.

Which one is it?

It can and will work, but it will not be optimal. You will be able to connect to other peers, but other peers will not be able to connect to you. This usually isn't a big deal, but it's not great in situations where there are not many peers, and you need every connection you can get.

No, you should keep both udp and tcp port 53 open going out. blocking dns vc/tcp will result in dns being partially broken.

Why would you strip ipv6 if mullvad supports it. The reason people disable or block v6 are for 2 reasons, ignorance, and/or the vpn providor doesn't support ipv6. V4 and v6 can and usually do run at the same time (this is called dual stack), so if the vpn only touches the v4 side of things, v4 will be tunneled while v6 will be unaffected.

Also, the firewall doesn't matter if you use a torrent client that can just bind to the wg interface (assuming there is no nat being performed from the wg interface to the physical interface). The client will take one or all of the ips on the interface, which will make it impossible to leak IP directly assuming your switch or router doesn't also have an ip in the same subnet as your wg interface ip.

I don't know UFW, but if you run iptables-save or nft list ruleset i can take a look to see if it is sane.

But what i can tell is that it might work. You appear to be only allowing public traffic to wg. It should be noted that this setup will likely fail at some point because you are hard coding the IP. It should fail safe, but the public internet will not work.

Tbh, you might just consider using btrfs instead. Using pirated software to run a nas doesn't seem like a great idea when btrfs is so easy to use for making flexible storage arrays.

Wouldn't advise turning off ipv6. We are probably getting near the point where some public services will disable or offer v4 as only best effort, and when this happens, your connectivity will be broken for certain things if you disable v6. Heck, it's to the point now where all my home hosted services are v6 only.

The better solution is to just get a VPN that supports ipv6 like airvpn or mullvad. I think pia disables ipv6 while the tunnel is up, which is better than disabling ipv6 altogether.

To validate the tunnel is working properly you can use something like this.

https://ipleak.net/

There is also a Torrent Address detection section, that when you activate it, will provide a magnet link that will show your ip to ensure that it is tunneled properly.

You should more prominently ask for donations in any site update posts. The cost between a dedicated server and VPS is pretty big.