Lots of "just use X" comments but the article is about showing the bare minimum/how easy the core part of routing actually is.

Also, if you have ever used docker or virtual machines with NAT routing (often the default), you've done exactly the same things.

If you have ever enabled the wifi hotspot on an android phone also, you've done pretty much what the article describes on your phone.

All of these use the same Linux kernel features under the hood. In fact there is a good chance this message traversed more than one Linux soft router to get to your screen.

Yeah I find it more interesting to see how it's built from scratch, then I can decide if it's worth doing myself or just using X. I think this is a good software principle in general.

Basically any computer is a router if you're brave enough.

Windows PCs had (have?) that Internet connection sharing feature for a long time. It was really just a checkbox to enable NAT too.

Sometimes I think combining a firewall/router/switch/AP/file server/etc into a device called a "router" really confuses people. Even people who should know better.

It is much, much easier than it used to be. The documentation and videos alone available make something like this a very welcoming learning experience that anyone can complete step by step by pausing a video and replaying it.

Like most things, really. I used to build routers from old PCs, but eventually those tiny appliances caught up with the performance/functionality I need.

You can do a lot of routing on a $70 Mikrotik, although they might not be "easy".

I really want to end up with one of these for at least a few months: https://mikrotik.com/product/rds2216

At $2k out the door that's way more reasonable than I thought it'd be.

Too bad I can't fill it with old spinning rust.

And no (mention of) ECC.

On printed page five of the brochure [0] it mentions

  Size of RAM   32 GB ECC
  RAM type      DDR4

On the one hand, it'd be nice if that was mentioned everywhere that the RAM size was mentioned. On the other hand, perhaps ECC RAM is effectively mandatory for Enterprise equipment, so mentioning it is redundant? IDK, I don't often purchase that sort of stuff.

[0] <https://cdn.mikrotik.com/web-assets/product_files/RDS2216-2X...>

It's because it's mandatory that it should be front and center on any list of specs. But better late than never, I guess. Thanks for digging it up.

> It's because it's mandatory that it should be front and center on any list of specs.

Eh... I could go either way on that. Spec sheets and marketing copy for these things don't include the phrase "Runs on electricity!" because that property is effectively mandatory. If ECC is effectively mandatory for enterprise-grade networking gear, I can totally see not mentioning it.

On the other hand, I'm pretty sure it's -infuriatingly- not at all mandatory for SOHO/"prosumer" gear, so it's important to mention for things you're selling in those markets.

For sure, it's a path and passage towards devices like that.

Everyone has a starting point, starting with soemone has lying around is one thing.. the quicker they can get going the more they can get to leveraging the real power in most devices.

the naming is part of the confusion. consumer "routers" are really NAT gateway + DHCP server + DNS cache + WiFi AP + maybe a firewall, all in one box. separating them makes each piece clearer.

There's also a layer 2 switch connecting the pieces together.

You don't even need more than one NIC: https://en.wikipedia.org/wiki/Router_on_a_stick

Iirc classic WRT-841 and similar "300Mbit WiFi" generation 4-100Mbit-ports Wi-Fi routers had the CPU attached via an on-SoC gigabit link to a vlan capable switch that has the 4 100BASE-TX ports exposed.

Are there links I can read up on this? Ethernet as on-chip bus blows my mind.

I guess it's cheaper than having to redesign an entire SoC, but still...

These SoCs are often purpose built for networking. The CPU just connects to an internal switch chip instead of an external jack.

Mikrotik makes block diagrams of some of their Routerboards available. This is a hAP AC3, for example

https://i.mt.lv/cdn/product_files/RBD53iG-5HacD2HnD_201031.p...

It runs on a Qualcom IPQ4019 single-chip Wi-Fi system-on-chip (SoC)

Not super practical for everyone, but definitely valuable as a mental model shift

This is addressed on the known issues page [1].

Basically it does not need dedicated hw acceleration because it can use generic vector instructions to reach similar speeds. I wonder how true that is though.

[1]: https://www.wireguard.com/known-limitations/#:~:text=WireGua...

An official government source is teaching users to ignore security warnings about expired certificates.

Mistakes happen, some automation failed and the certs did not renew on time, whatever. Does not inspire confidence but we all know it happens.

But then to just instruct users to click through the warning is very poor judgement on top of poor execution.

No, because that's not what happened here.

The certificate they failed to renew was issued 2025-Mar-20th, and expired 2026-Mar-20th. That is a 365 day cert.

The maximum length for a new cert is now 200 days, with the 47 day window coming in three years: https://www.digicert.com/blog/tls-certificate-lifetimes-will...

Have you heard of automation? Cron? Certbot? You can schedule cert renewal and it happens automatically. It could be refreshed every 1 day, I don't care. The fact that it's so painful for you means you need to learn a bit more.

The problem comes when malicious actors start crafting documents with extra features that should not be parsed, but many software will wrongly parse them because they use the default, full featured parser. Or various combinations of this.

It's a pretty well understood problem and best practices exist, not everyone implements them.

Depends on where you are maybe? Cortland is still readily available here (Quebec). Hope it stays that way, I'm feeling slightly worried. Seems like the trend of trademarked new apple varieties has not quite caught up here yet as orchards are not interested in replacing tried and true stocks.

Yeah, I think my neighbor has a few Cortland trees in New England. Lots of Mcintoshes which aren't great for cooking but generally good for eating. Apples are probably about the last thing I'd say you couldn't get varieties of.

Yes. Besides AGPL makes a lot of sense for any web based tool, as it keeps the original intent of the GPL.

I don't get the hate/questioning on it either. It's a good balance if you want to prevent straight up cloning/stealing for profit motives while still making it open.

Most (all?) temperature monitoring tools on Linux rely on libsensors.

Seems like hardware maintainers never could agree on a standard way of exposing temperature on Linux.

Yeah, that's a pain. Every time I boot up new hardware, I wonder how many readings I'll be able to get this time, and if it's even possible. On one computer, I have practically all the temperatures, voltages, and fan speeds, while on another, I can barely read the CPU temperature alone. Not to mention the need to sometimes compile sketchy drivers from github...

Vibe coded netdata clone?

Yes, netdata was an inspiration, as I'd been using it for several years. Unfortunately, it stopped being what it initially was, and recently I was so disappointed that I decided to write my own tool. It's also true that I use AI models for coding, but I wouldn't exactly call it vibe coding, as I actively analyze what the models are doing and don't just blindly accept everything. I also try to thoroughly test my code, implement as many security-enhancing features as possible, and have multiple models review my code to catch as many bugs as possible.

netdata is pretty heavy on resources, especially disk writes. I'd appreciate improvement over it, but I won't try out this thing without indication that it improves anything. Especially with such useful features as space invaders built in…

It's a bit ironic (in the Alanis Morrisette sense) because NetData was built by a small community on Reddit to be small, lightweight, easy to deploy, open source, etc. Now it looks like any other commercial enterprise monitoring product.

That's fair. I can't resist putting easter eggs in my software, sorry :)

It's text submitted to APIs. Not real conversations.

It's air molecules vibrated by mucous membranes. Not real conversations.

Complicated airflow.

(https://www.youtube.com/watch?v=rlpg_rbjxRA)

> the bleeding edge of immutable Linux distros (GNOME OS, KDE Linux)

These are words but they don't make sense.

Corrected - I meant leading edge.

Context re:distros mentioned:

GNOME OS: https://os.gnome.org/ KDE Linux: https://kde.org/linux/

I’m pretty sure Linux doesn’t have a prostate, even with all the changes in the leading edge distros, and you’re commenting in the wrong post.

Pretty sure I didn’t want to post that here. But then I got rate limited and upon coming out of rate limit jail blindly pasted this comment where my page reloaded - my bad should have been here: https://news.ycombinator.com/item?id=47193047

Kdelinux uses pacman for now, but the eventual goal is systemd-sysext based mkosi images.

They are also considering moving to buildstream and join gnome.

"some of the newer ideas happening in this space are in the GNOME OS project and the KDE Linux project"

My Gentoo box is immutable. Right up until I run emerge.