The main benefits to paying for certs are

• as many said, getting more than 90 days validity for certs that are harder to rotate, or the automation hasn’t been done.
• higher rate limits for issuing and renewing certs, you can ask letsencrypt to up limits, but you can still hit them.
• you can get certs for things other than web sites, ie code signing.

The only thing that matters to most people is that they don’t get cert errors going to/using a web site, or installing software. Any CA that is in the browsers, OS and various language trust stores is the same to that effect.

The rules for inclusion in the browsers trust stores are strict (many of the Linux distros and language trust stores just use the Mozilla cert set), which is where the trust comes from.

Which CA provider you choose doesn’t change your potential attack surface. The question on attack surface seems like it might come from lacking understanding of how certs and signing work.

A cert has 2 parts public cert and private key, CAs sign your sites public cert with their private key, they never have or need your private key. Public certs can be used to verify something was signed by the private key. Public certs can be used to encrypt data such that only the private key can decrypt it.

Wifi can easily do 20m with decent equipment. With a directional antenna can go a surprising distance, ie many KM, if there isn’t a physical barrier.

I have some unifi APs and my garage openers keep connecting to the AP at the opposite side of my house about 25m away through a few walls (including one cinder block wall). I have one unifi AP in wireless bridge mode that goes 20m-25m (what the openers are supposed to be connecting to), which has its own IP that could be pinged.

For non-ethernet/wifi solutions, there are loRaWAN based power meters/monitors/switches, but you may have to diy one of you are looking to keep costs down.

That would still technically be a math problem. I’m not sure if it falls in combinatorics, statistics/probability, or scheduling, but I’ve had problems like this on math and cs exams.

I’ve been dealing with lawyers and court recently, they may be above average in terms of intelligence and drive but most wouldn’t be extremely above that average. I’ve had to explain fairly basic math, with easy numbers (fractions like 1/2 and 1/3 regarding pay structure), several times already. Ie

• base = 100
• bonus = 1/2 * base
• total = base + bonus.

Still had to explain that bonus is 1/3 total not 1/2 total.

Taxes on $300k in a year would make it impossible. Would probably have to make $400k in a year to have a chance with expenses and living frugally or 2-3 years @ $300k/year.

You can, and for Linux generally have to, manage your own secure boot keys and signing your own kernal, united, modules, etc. Conacal and Red Hat have signing keys iirc, but distributions can and do get the shim boot loader signed so secure boot works. The arch wiki has a page on how to setup secure boot . Many distros installers do end up signed as well so you can go through the full install process with secure boot enabled.

Short answer no, but you can add the source IP as part of the http header https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/ then you have to log that bit of the header at the app level.

There can be ways of your are using ipv6, basically turning your cloud host into a router, but but ipv4 you would have to have a 1:1 mapping and setup the routing carefully to make it work.