• 1 Post
  • 77 Comments
Joined 2 years ago
cake
Cake day: June 10th, 2023

help-circle

  • Physical wire tapping would be mostly mitigated by setting every port on the switch to be a physical vlan, especially if the switch does the VLAN routing. Sure someone could splice an ethernet cable, which would really only be mitigated by 802.1x like you already said, but every part of this threat model makes zero sense. You ultimately have to trust something (and apparently in OP’s case that’s a third party VPN provider that charges extra to not block LAN access while connected and they remain entirely on the free tier of)

    But at the very least, not trusting everything on the network is a very enterprise kind of threat model, so using standard enterprise practices of network segmentation, firewalling, and potentially MAC-binding and 802.1x if so desired isn’t a bad idea, if for no other reason than it might lead to a career in network administration. And honestly I mostly want to get OP to not think of VPNs like a magical silver bullet and see what other tools exist in the toolbox



  • Sounds far more likely that either someone misunderstood that residential IPs change frequently/may be shared by multiple subscribers or the ISP made an error when responding to a subpeana and provided the incorrect IP. Unfortunately both are all too common with privacy enforcement

    If you really think the ISP router is snooping and can’t by bypassed you could simply double-NAT your network with a trusted router and call it a day. Much less VPNing and much less unusual decisions of trust and threat model involved then


  • But supposing you absolutely do not want to tack on additional costs, then the only solution I see that remains is to set up a private VPN network, one which only connects your trusted devices. This would be secure when on your I trusted LAN, but would be unavailable when awat from home.

    Traditionally this would be performed by creating a dedicated network of trusted devices. Most commonly via a VLAN for ease of configuration. Set the switch ports that the trusted devices are connected to to use that vlan and badabing badaboom you’re there. For external access using Tailscale or one of the many similar services/solutions (such as headscale, netbird, etc.) with either the client on every device or using subnet routing features to access your trusted network, and of course configure firewalls as desired



  • They always have used hardware closely related to existing workstation or PC hardware, but the difference is now they try so much less hard to hide it, through crossplay, lack of platform exclusives, and just less trying to innovate on how the games are played. Part of it is that game inputs have largely been standardized, part of it is that the more similar to a bog standard PC the console is, the easier it is for developers to port their existing games, and part of it might just be that platforms aren’t feeling pushed to innovate as much


  • It’s absolutely incredible how big the gaming industry is now. Where 20 years ago it was extremely male, and mostly limited to 20-30 year olds now it’s everyone! Children and retirees, men and women and everything inbetween or further out to the fringes! And I’m not just talking phone games (which is a gigantic market on its own) at the MSP I work at we’ve had retired folks bring in gaming computers for service or just drop off older gaming computers for recycling


  • The funniest part is that the best selling video game of all time (Minecraft) currently has an MSRP of less than $30, which technically gets you 2 games because Microsoft/Mojang maintain 2 completely separate codebases for Minecraft (Java edition and bedrock edition) and has to design, program, test and debug everything twice, once for each codebase




  • This is where I’m at too. If I go crazy and start installing stuff natively to experiment I end up with extra stuff auto configured that’s no longer needed and random problems I’m too lazy to figure out how to solve. Flatpak doesn’t do that and I don’t have to worry about that. I can install random stuff to play with and uninstall it cleanly. Some packages need more system access than flatpak gives natively and with those I’ll make the decision of if I want to set it up and tear it down manually or not.

    Storage is cheap, my time not so much.


  • If you are administrating systems it’s extremely useful to know how to work with stuff by command line, both for remote administration via SSH or Ps-session and for rapid troubleshooting/settings changes and of course for emergency recovery when everything is super broken.

    Honestly I personally use a mix of both GUI, CLI and hosted admin portals (the 11 ton gorilla in the room everyone arguing over GUI vs CLI forgets about) and will shift between tools depending on what is best for the given job.

    Of course if you’re just an owner-operator, see Joe Average in Anytown America with his household laptop, the GUI tools are the only thing you’ll want to use and even that might get overwhelming or scary, but Joe Average is more often than not these days going to not even own a computer and instead just use their phone. That’s the other thing many folks in these threads forget, is the home computer is a market on life support. The average “not a computer person” does not own a computer at all, they use their smartphone for literally everything







  • I certainly agree, but you can’t replace your entire software, server and groupware stack in a day. Start by transitioning the easiest stuff off of Microsoft, tie it into your existing stack then slowly transition away. Shutting off the last domain controller is a lot easier when you only have a handful of Windows workstations that rely on it than when you have 5000 of them


  • You seem to be missing the point. All software has a point where it reaches end of support. The problem is Windows 11 has significantly increased the system requirements so that only computers produced in the last 7 years or so are “compatible” and lots of perfectly workable but slightly older machines are now destined for the ewaste burn pit purely because of that decision