Snowplow8861

joined 1 year ago
[–] [email protected] 2 points 11 months ago

Sure was! You need to be on top of paid and free and open source software from a security stand point. There's no shortcut no matter what you think you're paying for. Your threat model might be better when the service automates a Web proxy for you, but that's only one facet. You trade problems but should never feel like you can "set and forget". Sometimes it's better for you to do it yourself because there's no lying about responsibilities that way.

[–] [email protected] 4 points 1 year ago (1 children)

Almost like that xkcd joke...

[–] [email protected] 3 points 1 year ago (2 children)

Plex was how last pass got hacked. https://www.howtogeek.com/147554/lastpass-data-breach-shows-why-plex-updates-are-important/

You still need to do stuff even if it is plex.

[–] [email protected] 7 points 1 year ago (2 children)

To back off your post, does anyone have one for Australia?

[–] [email protected] 6 points 1 year ago (1 children)

I don't think that works on my Samsung TV, or my partners iPad though. :)

Although not especially effective on the YouTube front, it actually increases network security just by blocking api access to ad networks on those kinds of IoT and walled garden devices. Ironically my partner loves it not for YouTube but apparently all her Chinese drama streaming websites. So when we go travel and she's subjected to those ads she's much more frustrated than when she's at home lol.

So the little joke while not strictly true, is pretty true just if you just say 'streaming content provider'.

[–] [email protected] 1 points 1 year ago

There have been a few cases where ports are blocked. For example on many residential port 25 is blocked. If you pay and get a static ip this often gets unblocked. Same with port 10443 on a few residential services. There's probably more but these are issues I've seen.

If you think about how trivial these are to bypass, but also that often aligns to fixing the problem for why they're blocked. Iirc port 10443 was abused by malicious actors when home routers accepted Nat- pnp from say an unpatched qnap. Automatically forwarding inbound traffic on 10443 to the nas which has terrible security flaws and was part of a wide spread botnet. If you changed the Web port, you probably also are maintaining the qnap maybe. Also port 25 can be bypassed by using start-tls authenticated mail on 587 or 465 and therefore aren't relaying outbound mail spam from infected local computers.

Overall fair enough.

[–] [email protected] 147 points 1 year ago* (last edited 1 year ago) (4 children)

It's paraphrasing Torvalds himself though. It's a cheeky title.

"... and I have absolutely no excuses to delay the v6.6 release any more, so here it is,"

[–] [email protected] 4 points 1 year ago

Bring free on cloudflare makes it widely adopted quickly likely.

It's also going to break all the firewalls at work which will no longer be able to do dns and http filtering based on set categories like phishing, malware, gore, and porn. I wish I didn't need to block these things, but users can't be trusted and not everyone is happy seeing porn and gore on their co-workers screens!

The malware and other malicious site blocking though is me. At every turn users will click the google prompted ad sites, just like the keepass one this week.

Anyway all that's likely to not work now! I guess all that's left is to break encryption by adding true mitm with installing certificates on everyone's machines and making it a proxy. Something I was loathe to do.

[–] [email protected] 0 points 1 year ago (1 children)

After I followed the instructions and having 15 years of system administration experience. Which I was willing to help but I guess you'd rather quip.

From my perspective unless there's something that you've not yet disclosed, if wireguard can get to the public domain, like a vps, then tailscale would work. Since it's mechanically doing the same thing, being wireguard with a gui and a vps hosted by tailscale.

If your ISP however is blocking ports and destinations maybe there are factors in play, usually ones that can be overcome. But your answer is to pay for mechanically the same thing. Which is fine, but I suspect there's a knowledge gap.

[–] [email protected] 1 points 1 year ago (3 children)

Are you sure? Did you want to troubleshoot this or did you just want to give up?

I've got two synology nas connected to each other directly for hyper backup replications at clients because both units are on cgnat isps and there's no public IP. And it just works.

[–] [email protected] 3 points 1 year ago (1 children)

Didn't understand that by willing you meant wanting.

view more: next ›