TMP stuff

config/general/general.md

@@ -8,10 +8,6 @@ breadcrumbs:
 
 ## Resources
 
-### Security
-
-- [Cipherli.st](https://cipherli.st/)
-
 ### Miscellaneous
 
 - [Text to ASCII Art Generator (TAAG)](http://patorjk.com/software/taag/#p=display&f=Slant&t=)
@@ -48,6 +44,6 @@ breadcrumbs:
         - `2606:4700:4700::6400`
 - Justervesenet NTP (JV-UTC):
     - Info: [Justervesenet: NTP-tenester frå Justervesenet](https://www.justervesenet.no/maleteknikk/tid-og-frekvens/ntp-tjenester-fra-justervesenet/)
-    - Address: `ntp.justervesenet.no`
+    - Address: `ntp.justervesenet.no` (Warning: IPv4-only)
 
 {% include footer.md %}

config/general/linux-examples.md

@@ -120,31 +120,50 @@ breadcrumbs:
     - `nload <if>`
     - `iftop -i <if>`
     - `speedometer -t <if> -r <if> [...]`
+    - `dstat -tcyn --net-packets 60`
 - Monitor per-process usage:
     - `nethog`
 - Test throughput:
-    - Internet: `speedtest` (the official one, not `speedtest-cli`)
+    - Internet: `speedtest` (from [speedtest.net](https://www.speedtest.net/apps/cli))
     - Internal: `iperf3`
-- Show sockets:
-    - `netstat -tulpn`
-        - `tu` for TCP and UDP, `l` for listening, `p` for protocol, `n` for numerical post numbers.
-    - `ss -tulpn` (replaces netstat version)
-- Show interface stats:
-    - `ip -s link`
-    - `netstat -i`
-- Show interfaces and addresses:
-    - IPv4 and/or IPv6 plus MAC: `ip [-46] a`
-    - Only global IPv4/IPv6: `ip <-46> a show scope global`
-- Show neighbors:
-    - `ip n`
-- Show routes:
-    - `ip r` & `ip -6 r`
-    - `netstat -r`
-- Show multicast groups:
-    - `netstat -g`
+- Show interfaces and addresses (with `ip`):
+    - General: `ip [-c] [-46] [-s] {l[ink]|a[ddress]} [-br] [sh [if]]`
+    - Option `-c`: Color.
+    - Option `{-4|-6}`: IPv4 or IPv6 only.
+    - Option `-s`: Show stats (bytes, packets, errors, dropped, etc. for RX and TX).
+    - Option `-br`: One line per interface (MAC address and status for `link`, addresses for `address`).
+    - Argument `scope global`: Only global addresses (excludes localhost/`host`, link-local/`link`, etc.).
+- Show neighbors (with `ip`):
+    - General: `ip [-c] [-46] n[eighbor]`
+    - Option `-c`: Color.
+    - Option `{-4|-6}`: IPv4 or IPv6 only.
+- Show routes (with `ip`):
+    - General: `ip [-c] [-46] r[oute]`
+    - Option `-c`: Color.
+    - Option `{-4|-6}`: IPv4 or IPv6 only.
+- Show multicast addresses (with `ip`):
+    - General: `ip [-c] [-46] ma[ddress]`
+    - Option `-c`: Color.
+    - Option `{-4|-6}`: IPv4 or IPv6 only.
+- Show multicast routes (with `ip`):
+    - General: `ip [-c] [-46] mr[oute]`
+    - Option `-c`: Color.
+    - Option `{-4|-6}`: IPv4 or IPv6 only.
+- Show sockets (with `ss`):
+    - Example: `ss -tulpn`
+    - Note: `ss` replaces `netstat` and is mostly option compatible.
+    - Option `tu`: Include TCP and UDP sockets (no UNIX sockets).
+    - Option `l`: Include listening sockets (no client sockets).
+    - Option `p`: Show protocol (requires root).
+    - Option `n`: Don't translate port numbers to common service names.
 - Show misc. stats:
-    - `nstat`
-    - `netstat -s` (statistics)
+    - Show kernel SNMP counters: `nstat`
+    - Show per-protocol stats: `netstat -s`
+- Bring interface up or down:
+    - Note: Your network manager probably has a more appropriate way to do this.
+    - Directly up or down interface: `ip link set dev <if> {up|down}`
+- Traffic shaping and link simulation:
+    - See `tc` to simulate e.g. random packet drop, random latencies, limited bandwidth etc.
 
 #### Tcpdump
 

config/linux-server/debian.md

@@ -139,7 +139,8 @@ The first steps may be skipped if already configured during installation (i.e. n
 1. Update MOTD:
     - Clear `/etc/motd`, `/etc/issue` and `/etc/issue.net`.
     - (Optional) Add a MOTD script (see below).
-1. (Optional) Enable persistent logging:
+1. (Optional) (Buster) Enable persistent logging:
+    - Note: Persistent logging is the default for Debian 11/Bullseye, but not Debian 10/Buster.
     - In `/etc/systemd/journald.conf`, under `[Journal]`, set `Storage=persistent`.
     - Note: `auto` (the default) is like `persistent`, but does not automatically create the log directory.
     - Note: The default journal directory is `/var/log/journal`.

config/network/juniper-junos-switches.md

@@ -114,11 +114,18 @@ breadcrumbs:
     1. Set IPv6 address: `set family inet6 address <address>/<prefix-length>`
 1. Setup static IP routes:
     1. IPv4 default gateway: `set routing-options rib inet.0 static route 0.0.0.0/0 next-hop <next-hop>`
-    1. IPv6 default gateway: ``set routing-options rib inet6.0 static route ::0/0 next-hop <next-hop>``
-1. Enable Ethernet flow control:
-    - **TODO**
-1. Enable EEE:
-    - **TODO**
+    1. IPv6 default gateway: `set routing-options rib inet6.0 static route ::0/0 next-hop <next-hop>`
+1. Disable/enable Ethernet flow control:
+    - Note: Junos uses the symmetric/bidirectional PAUSE variant of flow control.
+    - Note: This simple PAUSE variant does not take traffic classes (for QoS) into account and will pause _all_ traffic for a short period (no random early detection (RED)) if the receiver detects that it's running out of buffer space, but it will prevent dropping packets _within_ the flow control-enabled section of the L2 network. Enabling it or disabling it boils down to if you prefer to pause (all) traffic or drop (some) traffic during congestion. As a guideline, keep it disabled generally (and use QoS or more sophisticated variants instead), but use it e.g. for dedicated iSCSI networks (which handle delays better than drops). Note that Ethernet and IP don't require guaranteed packet delivery.
+    - Note: It _may_ be enabled by default, so you should probably enable/disable it explicitly (the docs aren't consistent with my observations).
+    - Note: Simple/PAUSE flow control (`flow-control`) is mutually exclusive with priority-based flow control (PFC) and asymmetric flow control (`configured-flow-control`).
+    - Disable on Ethernet interface (explicit): `set interface <if> [aggregated-]ether-options no-flow-control`
+    - Enable (explicit): `... flow-control`
+1. Enable EEE (Energy-Efficient Ethernet, IEEE 802.3az):
+    - Note: For reducing power consumption during idle periods. Supported on RJ45 copper ports.
+    - Note: There generally is no reason to not enable this on all ports, however, there may be certain devices or protocols which don't play nice with EEE (due to poor implementations).
+    - Enable on RJ45 Ethernet interface: `set interface <if> ether-options ieee-802-3az-eee`
 1. (Optional) Configure RSTP:
     - Note: RSTP is the default STP variant for Junos.
     - Enter config section: `edit protocols rstp`

config/virt-cont/proxmox-ve.md

@@ -232,8 +232,11 @@ The "Cloud-Init" notes can be ignored if you're not using Cloud-Init. See the se
 
 *Using Debian 10.*
 
+**TODO** Script this and use snippets. The UEFI boot order fix, though ...
+
 1. Download a cloud-init-ready Linux image to the hypervisor:
-    - Debian: [Debian Official Cloud Images](https://cloud.debian.org/images/cloud/) (the `genericcloud` variant and `qcow2` format)
+    - Debian cloud-init downloads: [Debian Official Cloud Images](https://cloud.debian.org/images/cloud/) (the `genericcloud` or `generic` variant and `qcow2` format)
+    - **TODO**: `genericcloud` or `generic`? Does the latter fix the missing console?
     - Copy the download link and download it to the host (`wget <url>`).
 1. Note: It is an UEFI installation (so the BIOS/UEFI mode must be set accordingly) and the image contains an EFI partition (so you don't need a separate EFI disk).
 1. Setup a VM as in the general setup section (take note of the specified Cloud-Init notes).