borari

Exactly this.

@uranibaba@lemmy.world, I self host my media server, my *aars, my Usenet client, Home Assistant, dns server, and have some loud af r710s for standing up test AD and simulated network environments. My website is hosted on Google Cloud, moved from AWS bc free tier ran out and g cloud is like $0.42 a month. It’s just whatever makes sense for the thing being hosted.

I don’t have FDE (BitLocker) enabled on my Windows 11 gaming PC. It sits in my house and has nothing on it but video games and video game related shit. I don’t even have my password manager installed for logging in to Steam, GoG or whatever other launcher. I manually type passwords in from the vault on my phone if the app doesn’t support QR code login like discord. Also I paid for this ridiculous m.2 nvme drive, I’m not going to just give up iops bc i want my game install files encrypted.

I don’t use FDE on my NAS. Again it doesn’t leave my house. I probably should I guess, bc there is some stuff on there that would cause me to have industry certs revoked if they leaked, but idk I don’t. Everything irreplaceable is backed up off site, but the down time it would take to rebuild my pirated media libraries from scratch vs just swapping disks and rebuilding has me leery.

I have FDE enabled on both my MacBooks. They leave the house with me, it seems to make sense.

I don’t use FDE on Linux VMs I create on the MacBooks, the disk is already encrypted.

My iphone doesn’t have the option to not use FDE I don’t think.

I use encrypted rsync backups to store NAS stuff in the cloud. I use a PGP key on my yubikey to further encrypt specific files on my MacBooks as required beyond the general FDE.

I’m like a generation younger than you at least and I’m on the default terminal and tmux train, so I’m saying you’re not out of touch.

It has not defaulted to root prompt in many years.

Damn. You’ve given me a vision of a future where people call applications that are installed locally and don’t leverage any cloud/server backend for any functionality “self-hosted” programs and I hate it.

It is pretty easy. There’s tons of tutorials and walkthroughs for doing it, but anyone familiar with UIs will be able to work it out pretty quickly I think. Maybe a friction point in using the filter query, but again there’s tons of walkthroughs and guides for using it online.

If you can’t conceptualize a packet, or sockets, or network flows, even with the help of online guides/manuals, I guess it wouldn’t be easy. In that case I’d be wondering why someone would want to use those tools in the first place though, as then they probably wouldn’t have the skills necessary to leverage the information gleaned from the tool in any useful way.

Edit - As we’re in the self-hosted community, I’d argue that anyone who is self-hosting anything would probably be able to easily install wireshark and view http requests, both individual packets and the stream as a whole.

This is very anecdotal, but both myself and the vast majority of my peers use macOS as their base host system. I work in cybersecurity, specifically offensive penetration testing. Myself, most of my coworkers, and probably half of my peers I’m competing against at local conference CTFs or that I know at local meetups are using a MacBook host with VMs spun up to need.

Something like 75% of my job is done in a Linux VM. Doing it on a MacBook is infinitely more pleasant than any other laptop I’ve ever tried using, regardless of what OS it’s running.

Also, and again extremely anecdotal, the most technical people I’ve ever known were all using hackintoshes when I knew them, and would use MacBooks when away from the home/office.

I really don’t understand where this “Mac products are for non-technical people who want to appear technical” trope comes from. MacOS is a phenomenal product for non-technical people. My partner is the least technical person in the world, but they started using macOS in art school and found it intuitive and easy to use. As a technical person, I appreciate the polished UI built on top of the Unix kernel and that I can do everything I need to do from a terminal shell. The fact that the product is excellent for both wildly disparate types of users is testament to how great it is imo.

Holy shit that got spicy. I was not expecting a Ukrainian and a Serb to start bickering back and forth while stacking racks over the level of support a country gave to the Nazis in WW2 on a kernel mailing list like they were in the comments here on Lemmy.

I get that tensions are high, and for many people the geopolitical reality is their homes being used as cover on an active front line, but like bro your actual fucking name is attached to these messages. At least I keep my most unhinged shit on a semi-anonymous platform. They need to lock it the fuck up.

Edit - jfc, a few messages later somebody comes in with something along the lines of “Taiwan isn’t a country, it’s part of China. When reunification comes sanctions won’t be appropriate against Chinese entities.” Is Lemmy just a front end for this mailing list and I had no idea this entire time?

I mean is there a material pronunciation difference between the two conjunctions? I don’t think so, but I can still somehow manage to work out what people mean when they say use “your” and “you’re” in the same spoken sentence.

My dude. You are not a serious person. I’m blocking you so I don’t waste my time with you in the future. Enjoy your life I guess.

Wow you found three different articles, all about the same CVE, that the manufacture published a firmware patch for before any public disclosure was made. That’s definitely just as bad as pretending you don’t know about CVEs in your products lol.

You presented one that doesn’t have security vulnerabilities? Here’s yet another CVE out for trendnet: https://nvd.nist.gov/vuln/detail/CVE-2018-19239

Every. Single. Brand. Has. CVEs. I’ve used Mikrotik, I’ve used Cisco, I’ve used Juniper, I’ve used Ubiquiti. I have a trendnet Poe switch in my attic powering some cameras and an AP right now. I have no “problem” with any brand of anything.

I do have a problem with you implying that a company doesn’t take security seriously when they do. I start to think you’re intentionally lying when you lift up trendnet as the model, because they have quite an especially atrocious history of it.

https://www.rapid7.com/db/modules/exploit/linux/misc/cisco_ios_xe_rce/

We can go back and forth on RCEs literally all day. If your bar for using a product is “no RCEs”, get off the grid entirely my guy.

MikroTik is just as serious a network company as Cisco or Juniper, and vastly more serious from an enterprise networking point of view than trendnet.

Also where tf did OP mention anything about warranties?

Edit - https://medium.com/tenable-techblog/trendnet-ac2600-rce-via-wan-8926b29908a4

Edit - https://www.archcloudlabs.com/projects/trendnet-731br/

Edit - lol holy shit look how customer focused trendnet is! They just plugged their ears and pretended an unauthenticated RCE in their product didn’t exist haha. https://arstechnica.com/information-technology/2015/04/no-patch-for-remote-code-execution-bug-in-d-link-and-trendnet-routers/

Edit - oof yikes look there’s more. https://www.nccgroup.com/us/research-blog/technical-advisory-multiple-vulnerabilities-in-trendnet-tew-831dr-wifi-router-cve-2022-30325-cve-2022-30326-cve-2022-30327-cve-2022-30328-cve-2022-30329/

deleted by creator

deleted by creator

deleted by creator

You are a foolish person.

Yeah I’ve worked at WISPs that were pushing TBs through their core routers every day. Those core routers? Mikrotiks. Every apartment buildings core routers and fiber aggregation switches? Mikrotiks. You had to get down to the access layer switches that fed the individual apartments to hit Cisco equipment.

This person is just repeating some shit they read somewhere, hoping it makes them sound knowledgeable. In another post they’re recommending trendnet shit. Get back to me when you can set up BGP peering on your trendnet lol.

I can’t quite get a read on if you’re being sarcastic or not, but if you are you should know that there are curated porn blocklists for pihole. This obviously won’t stop anyone from accessing porn via nsfw channels on sites that are not exclusively nsfw, like lemmy, Reddit, tumblr, or whatever.

Run pihole with a MikroTik router at your houses demarc.

Set up firewall rules in the tik to redirect any packet with dst tcp/udp 53 outbound on wan to the pihole. If you’re worried about dns when pihole is down, create disabled rules to allow the dns traffic as well, then set up a scheduler script using if blocks to toggle the sets of rules depending on status. This will force any client on your network, even one with hardcoded dns IPs, to use the pihole.

If the client is configured for DoH you’ll just have to build out an ip block list in the MikroTik and block all known DoH IPs.

Create firewall rules to drop all vpn traffic you can, combining port based rules and similar IP lists as for DoH, but subbing in VPN provider IPs. If you want to route your home traffic over a vpn, set up a vpn client in the router itself and basically site-to-site your home to the vpn provider you use.

This would block the vast majority of kids trying to bypass parents blocks, but it’s asking quite a lot from the parents who don’t have experience configuring this stuff already.