I did a large scale data rationalization and migration project for a company that is heavily regulated. They can be asked to prove they have this or that document from seven years ago, for no other reason than they should have it. Not having it means big fines and negative press.

Hundreds of Tbs of data got appropriately labelled and migrated, even more got left behind on the old system till it could be decommissioned safely after a period of parallel running.

As part of the decommissioning the data was backed up twice, and I wanted the backup properly tested with some random file restores. Not a full restore, just a few random restores just a proof of life test that the backups worked. I was told that wasn’t a reasonable request and it wasn’t needed as the architect in charge of backups trusted his backup team and he “designed pragmatic solutions”.

I still mean to call in to the regulator in a year or two to trigger a restore request, lets see if a pragmatic solution design is actually the same as performing some basic testing.

If I am relying on it, I buy from brands I trust. No brand is going to be perfect but some are clearly going to be lower risk than randoms from aliexpress. Its as much to do with reliability, achievable duty cycle (rather than promises of duty cycle), support (especially how easy it is to get a replacement under warranty), how long they will push firmware updates for, than just security trustworthiness.

Pretty much any device is going to have a vulnerability or potential for a back door at some point but the company being transparent about the issue and fixing it promptly is worth a lot. Its the same reason I would have a Google or (premium) Samsung phone, I trust that they will support the phone for the time period they say they will, something I would not do with say Oneplus based on my past experience of them.

I buy electronics from aliexpress all the time, but nothing I rely on day to day like a router, simply because I am shit out of luck getting it replaced quickly if it goes wrong, even if I want to get a replacement. I have a cheap mikrotik hex I keep as a backup of a backup (my APs are my primary backup for my router), and this is fine for a week or so but I would not want to be out a month or more with it.

I guess you could plan in proper redundancy as I have, or may be you can afford a an outage, so may be you don’t need that. If I cannot work, I cannot earn, so I have backup internet, routers, wifi etc. planned into my install.

I think what someone else wrote about defense is depth is the real key here. I have my network divided into separate VLANs that are firewalled off from each other, so one for IoT, one for cameras, one for my TVs and other screens, one for my devices. This means if something is compromised they still have to get across the network and it simplifies my firewall rules as I am applying them to subnets rather than individual devices in a self maintained group. It makes it easier to say block external DNS queries and redirect to my pihole for my IoT and TVs but not my personal devices as I would have a good reason to go external.

May be you do not have a lot of devices, I realize I am nearer the upper end of a home network with over 50 active devices and it will be over kill if you only have a laptop and a phone on your network.

Nice, it does look a fun project though!

From scratch? Or a kit?

I’ve never tried a wireless keyboard (despiteowningmore than 50), still waiting on my Pearl three years after I ordered it lol, that would have been my first.

All my splits are cabled, so it’s no issue for me.

Another option is home row layer keys, duplicating the layer options in pairs so a and h, s and j, and so on so you have the same layer from each side.

Smaller boards I use home row mods (control, super, and so on), and that works extremely well for me.

ZMK also has a layer tap key that would suit for this, normal key press of your choosing and layer activation while holding: https://zmk.dev/docs/keymaps/behaviors

I have a large selection, but I rarely use them for anything other than media keys and teams call functions. Other stuff like windows management in sway are all done on higher layers on my (40%) keyboard.

My preference is for something with at least one knob as knobs are my preference for things like scrolling, volume control, and zoom.

If you can find latching switches, these are great for triggering layers so you can get more out of your pad. You can obviously do latching layer changes without such switches in QMK, but you really need to trigger leds to help you remember which layer you on otherwise.

Pad I use the most is a CapsUnlocked CU7 that I got just before they imploded as I love the weight of the knob.

Do you mean keys thst you hold down with your thumb while your fingers are on the home row or something else? For the former, I use split space keyboards and map the left one to enter on press, layer on hold, the right one to space on press, and a different layer on hold. That gives me more keys that you would get on a 70+ keyboard. I find this considerably easier than trying to use pinkies on shift and symbols on what is my top row, qwerty row.

Typically, I map tab and the traditional enter key to tab on press, another layer, and backspace with the same layer as tab. This layer I use for window management in sway for home row and anything else I am missing that I really want.

Another fan of pikvm, love mine. I have it plugged into a HDMI switcher so I can control four boxes from one pikvm. It does use some pins so if you wanted to control the power switches you have to do some extra work.

Worth considering if you want to get a UPS at the same time for the NAS, pikvm and any networking you have. Will all last longer with one to avoid random power cuts or surges.

If you need to access it remotely I would strongly suggest getting wireguard or some other reliable VPN setup rather than exposing the web interface to pikvm directly to the internet.