You can find 2.5G switches with a reasonable amount of ports on the cheap. For 10G though the cost is still prohibitive IMHO unless you are fine with 2 ports.
For cables, I think everything converged to cat6a a while ago, which is both reasonably cheap and perfecrly fine for 10G (up to 100m from what I remember)
Mikrotik has a couple 4-5 port 10 GbE switches (one has SFP+ ports, one has RJ45), and Ubiquiti has a couple small switches now that don't quite break the bank at least.
10G DACs are no cheaper than cat6, which is perfectly fine for 10G at most practical distances. Considering the target audience of these cards it seems pretty obvious to me that letting users "just buy a cat 6 cable" is miles more reasonable than having them buy a transceiver or DAC.
As for allowing to switch to fiber, that just seems orthogonal again to what these USB NICs are for, not to mention the SFP+ itself is probably more expensive than the NIC shown here...
DACs are very cheap (second hand and AliExpress) and they never use much W. If both machines are near each other though (which a DAC cable implies) and both run Linux and both support Thunderbolt, you might be better off with a direct ethernet over TB connection. Whether macOS supports such, I don't know.
The other side will then also need a low power NIC (of which fiber and DAC over SFP+ are less power hungry). What this article doesn't mention, is that there are also a lot of PCIe NICs on the market which aren't power hungry (RTL8127), as well as RTL8261C for switches/routers.
I've seen low power RTL NICs with SFP+ on it, too (example: [1]). With SFP+, you'll have a lot more versatility. DAC and SFP+ fiber are very cheap, btw. Especially second hand they go for virtually nothing. I have 10 SFP+ fiber lying around here doing nothing which I got for a few EUR each.
For me as European with high energy prices and solar energy gotten the beat next year (in NL), this is all very interesting.
There's a couple of good reasons why to opt for fiber in the home. You keep the energy between the different groups separated which can help. I also find fiber very easy to get through walls, allowing me to have multiple fiber connections through walls (currently I use 1x fiber + 1x ethernet for PoE possibilities from fusebox).
With all above being said, AQC100S is low power and does not get very hot. You can get these with SFP+ and PCIe/TB. They've been available for a while.
I just wish someone would come out with a PCIE 4x1 capable card with SFP - my main desktop’s non-GPU expansion slots are all 4x1 electrically and even the one you linked is a 3x2. As far as I can tell the only 4x1 cards available are RTL8127 or AQC113 RJ45 ones :(
I suppose an NVME riser is also an option, albeit janky.
Right, but I don’t think a x2 slot exists so hence being physically a x4 card. If you had an open ended x1 slot you might be able to run as PCIe v4 x1.
Also SFPs are always a gamble. Might work, might not, you have multiple options, meanwhile with copper RJ-45 you are guaranteed that a link will be established.
A big problem is that most of the checks and balances were designed around the assumption that each branch would be independent and adversarial with one another. Unfortunately, the existence of political parties cross-cutting the branches breaks this assumption, and they were created by the very founders who designed our government in the first place.
We've been limping around entirely based on the honor system, and after significant capture of the media by a few wealthy individuals, the parties have dropped any pretense of acting for the benefit of the country.
Paying taxes this year was more painful than it's ever been, because I am certain some of my money went to the billionaire grifters. If you think paying for good government is bad, try paying for horrible, corrupt government.
v6 adoption is often an all or nothing, because if you run both stacks, you have to ensure they are consistent. While you can reasonably do it on your home LAN, doing it across an entire infrastructure is the worst.
Now you have to make sure all your subnets, routing, VLANs, firewall rules, etc work exactly the same in two protocols that have very little in common.
It is the equivalent of shipping two programs in different languages and maintaining exact feature parity between both at all times.
v4 was built around the idea of multiple free standing networks linked by gateways. v6 was built around the idea of a universal network.
I dont care about what your LAN adress space look like when I'm in my LAN, because we are not in the same v4 network. I am sovereign in my network.
With v6, everyone is effectively in the same network. I have to ask my ISP for a prefix that he will rent me for money even for my LAN. If I want some freedom from said ISP prefix, I am mercifully granted the honor of managing ULA/NAT66 (granted I paid for a fancy router).
Also if I want any kind of privacy, I will have to manage privacy extensions and the great invention of having to use automatically generated, dynamically routed, essentially multiple random IPs per interface. How lucky am I to use such a great new technology.
Seriously v6 was created by nerds in a lab with no practical experience of what people wanted.
> v4 was built around the idea of multiple free standing networks linked by gateways
It was absolutely not. This is why early companies like Apple and Ford got massive IP allocations - each computer was expected to have a unique IP address.
NAT didn't exist until 14 years after IPv4 was created, in response to the shortage of IPv4 addresses, and in the RFC it is described as a "short-term solution", very clearly stated that his not how the internet is designed to work and it should only be used as a stopgap until we get longer addresses.
v4 and v6 were build around the exact same use cases.
> With v6, everyone is effectively in the same network.
Just like IPv4.
> I have to ask my ISP for a prefix that he will rent me for money even for my LAN.
Just like IPv4, if you need a static address.
> If I want some freedom from said ISP prefix, I am mercifully granted the honor of managing ULA/NAT66 (granted I paid for a fancy router).
Compared with IPv4, where if you want some freedom from said ISP subnet, you are mercifully granted the honor of managing RFC-1918 addresses/NAT (granted you paid for a router that doesn't screw it up).
> Also if I want any kind of privacy, I will have to manage privacy extensions
...which are enabled by default nearly universally
> and the great invention of having to use automatically generated, dynamically routed, essentially multiple random IPs per interface.
Make up your mind. Are rotating, privacy-preserving addresses good or bad? The way it works in real life, not in the strawman version, is that you (automatically!) use the random addresses for outgoing connections and the fixed addresses for incoming.
This is exactly why I decided not to enable IPv6 on my colo. When money is involved, the benefits of IPv6 simply do not outweigh the risk, in my estimation. If my side gig eventually pays enough to pay a contractor to handle networking then sure, that'll be one of the first tasks. But when it's just me managing the entire stack, my number one priority is security, and for now that means keeping things simple as possible.
I agree with you. While I can see some benefits to v6 on the internet, I find v4 to be miles easier and cleaner to work with in a LAN setup. Unfortunately though v6 oversteps on LAN features and makes bridging v4 and v6 way uglier than it should.
IPv4-with-more-bytes is not backwards compatible with IPv4. So you'd have to replace/upgrade every existing network stack, both hardware and software. To get, basically, the same effect as moving to IPv6.
> IPv4-with-more-bytes is not backwards compatible with IPv4
Neither is IPv6
> To get, basically, the same effect as moving to IPv6
The only thing that IPv6 solves which is of interest to 99.99% of the users is having more adressable space. The rest of IPv6 features are either things that nobody asked for, or things which are genuinely worst compared to IPv4.
I consider the mere fact of enabling IPv6 an unacceptable security risk, as I would now have to make sure my IPv4 and IPv6 firewall stack are perfectly mirroring each other. That would be trivial with IPv4-with-more-bytes, it's a nightmare with IPv6.
> I would now have to make sure my IPv4 and IPv6 firewall stack are perfectly mirroring each other.
You'd still have that in your IPv4-with-more-bytes, as you'll still probably end up running dual-stack to address those old-v4-only sites. Or you'd do the same with v6 and run a tunnel to translate those v4-only addresses to your v4-with-more-bytes. So you're in the same situation either way.
There were backwards-compatible protocols proposed, such as EIP, but the committee chose a backwards-incompatible protocol for v6. Their assumption was that v4 would run out of space in a single-digit number of years and everyone would be forced to migrate. The past 30 years have shown that not to be the case.
They went with SIPP, which was one of the backwards-compatible options. It should be kind of obvious from the vast number of backwards compatibility methods available in v6 that v6 is actually backwards compatible... but for some reason a lot of people either refuse to believe this or have double standards around what counts as compatibility.
That's what IPv6 is. People get so fixated on being annoyed at IPv6 they forget to actually think. Whatever you invent won't be any better than IPv6. Many people have tried.
If you change the address format even the tiniest amount, if you add one single additional bit, your new protocol is already completely incompatible with all existing IPv4 software and equipment.
But to catholics, the pope is the terrestrial embodiment of the holy spirit, and as such considered infaillible. Not recognizing the pope as such is incompatible with catholicism.
Papacy is a core part of catholicism, it's not a "pick and choose buffet".
This is a common misconception. The pope is only considered as speaking infallibly by the Catholic Church when speaking ex cathedra on matter of faith and morals. This is very rare and is considered to only have happened twice in history.
You can set up custom SecureBoot keys on your firmware and configure Linux to boot using it.
There's also plenty of folks combining this with TPM and boot measurements.
The ugly part of SecureBoot is that all hardware comes with MS's keys, and lots of software assume that you'll want MS in charge of your hardware security, but SecureBoot _can_ be used to serve the user.
Obviously there's hardware that's the exception to this, and I totally share your dislike of it.
> You can set up custom SecureBoot keys on your firmware and configure Linux to boot using it.
Right, but as engineers, we should resist the temptation to equate _possible_ with _practical_.
The mere fact that even the most business oriented Linux distributions have issues playing along SecureBoot is worrying. Essentially, SB has become a Windows only technology.
The promise of what SB could be useful for is even muddier. I would argue that the chances of being victim of firmware tampering are pretty thin compared to other attack vectors, yet somehow we end up all having SB and its most significant achievement is training people that disabling it is totally fine.
An unsigned hash is plenty guard to against tampering. The supply chain and any secret sauce that went into that firmware is just trust. Trust that the blob is well intentioned, trust that you downloaded from the right URL, checked the right SHA, trust that the organization running the URL is sanctioned to do so by Microsoft...
Once all of that trust for every piece of software is concentrated in one organization, Microsoft, Apple or Google, is has become totally meaningless.
Less than that actually, considering Rust has its own definition of what "safe" means.
reply