NaibofTabr

A well-reasoned and thoughtful response, with a clear demonstration of an experienced writer’s capacity for nuance.

*Edit: sarcasm aside, my point is that the comic should be interpreted as an indictment of a socioeconomic system which forces people into situations where they must burn themselves up in order to survive. It should not be interpreted as an indictment of Margaret’s life choices. Margaret is doing her best in a world that has not provided her the opportunity to really flourish as an individual. To judge Margaret for this is at best narrow minded.

This is an expression of privilege.

Beatrice comes from a background where she has access to affordable housing that doesn’t require her to work a high-income high-effort career or multiple jobs just to pay rent. She has a stable enough life that provides time to spend on personal hobbies rather than constantly working to cover expenses. Beatrice’s lifestyle is being subsidized by someone else. Beatrice does not have to work for a living.

Margaret is providing for herself, at the cost of luxury time. Her housing situation is less stable, and she’s aware of it, and feels trapped by the cost of it, which is her personal life and free time. Margaret has to work for a living.

Beatrice is privileged, and is judging Margaret’s life from her own place of privilege. Margaret is realizing that no matter how hard she works, she will never gain access to Beatrice’s level of privileged lifestyle, and that is crushing her soul.

Hmm…

Especially if you’re an Active Directory shop. Switching out that infrastructure is a heavy lift.

Win12 will be decent again

Windows 12 may stabilize a lot of the functional problems occurring in 11, but it will also have all of the new AI-powered end-user surveillance features they’re currently trying to implement fully integrated.

I do admit that I run Win10 IOT in VirtualBox for a few small programs that won’t run under Wine. Once a week, for a few minutes. I’m sorry. I don’t wear the shirt, because I feel like a fraud. Please forgive me.

Dude, virtualize all the things! In open source land, you run whatever code you want to because you can, and you don’t feel embarrassed about it.

Whatever you do, and whoever you end up working with, document document document. Take notes.

And I mean on paper, in a notebook, something that can’t crash or get accidentally deleted and doesn’t require electricity to operate.

You’re doing this for yourself, not for a boss, which means you can take the time to keep track of the details. This will be especially important for ongoing maintenance.

Write down a list of things you imagine having on your network, then classify them as essential vs. desired (needs and wants), then prioritize them.

As you buy hardware, write down the name, model and serial number and the price (so that you can list it on your renter’s/homeowner’s insurance). As you set up the devices, also add the MAC and assigned IP address(es) to each device description, and also list the specific services that are running on that device. If you buy something new that comes with a support contract, write down the information for that.

Draw a network diagram (it doesn’t have to be complicated or super professional, but visualizing the layout and connections between things is very helpful)

When you set up a service, write down what it’s for and what clients will have access to it. Write down the reference(s) you used. And then write down the login details. I don’t care what advice you’ve heard about writing down passwords, just do it in the notebook so that you can get back into the services you’ve set up. Six months from now when you need to log in to that background service to update the software you will have forgotten the password. If a person you don’t trust has physical access to your home network notebook, you have a much more serious problem than worrying about your router password.

Because they want step-by-step guidance and support, and design help, and long-term support, not just a few questions answered.

This is a job. The kind of work that IT consultants get paid for. A fair rate would be US$100/hr, minimum, for an independent contractor.

You can just use openssl to generate x509 certificates locally. If you only need to do this for a few local connections, the simplest thing to do is create them manually and then manually place them in the certificate stores for the services that need them. You might get warnings about self-signed certificates/unrecognized CA, but obviously you know why that’s the case.

This method becomes a problem when:

1. You need to scale - manually transferring certs is fine maybe half a dozen times, after that it gets real tedious and you start to lose track of where they are and why.
2. You need other people to access your encrypted services - self-signed certs won’t work for public access to an HTTPS website because every visitor will get a warning that you’re signing your own encryption certs, and most will avoid it. For friends and family you might be able to convince them that your personal cert is safe, but you’ll have to have that conversation every time.
3. You need to implement expiration - the purpose of cert expiration is to mitigate the damage if the cert private key leaks, which happens a lot with big companies that have public-facing infrastructure and bad internal security practices (looking at you, Microsoft). As an individual, it is still worthwhile to update your certs every so often (e.g. every year) if for no other reason than to remind yourself how your SSL infrastructure is connected. It’s up to you whether or not it’s worth the effort to automate the cert distribution.

I’ve used Letsencrypt to get certs for the proxy, but the traffic between the proxy and the backend is plain HTTP still. Do I need to worry about securing that traffic considering its behind a VPN?

In spite of things you may have read, and the marketing of VPN services, a VPN is NOT a security tool. It is a privacy tool, as long as the encryption key for it is private.

I’m not clear on what you mean by “between the proxy and the backend”. Is this referring to the VPS side, or your local network side, or both?

Ultimately the question is, do you trust the other devices/services that might have access to the data before it enters the VPN tunnel? Are you certain that nothing else on the server might be able to read your traffic before it goes into the VPN?

If you’re talking about a rented VPS from a public web host, the answer should be no. You have no idea what else might be running on that server, nor do you have control over the hypervisor or the host system.

at least somebody’s happy

Yeah man, this thing’s just a prototype for airframe design testing:

https://en.wikipedia.org/wiki/Lockheed_Martin_RQ-3_DarkStar

Tell me that wouldn’t create UFO sighting reports if it was seen flying around in 1996.

There is a government coverup, but it’s boring, it’s just to protect military secrets. People embellish because they want it to be exciting, otherworldly, special.

The problem is that many employers are requiring employees to use them.

Oh right… need to hire someone to go to the bar for me…

I am a banana!..

I mean… do you expect the results of these calls to be… good?

'Cause like, if your standards for the outcome of these calls aren’t too high, then just go down to the nearest bar and buy some half-drunk guy another round to make the call for you.

On the bright side, you probably won’t be obligated to call that person again!

Sure, then you get outbid by another contractor who is willing to cut corners.

Hey, would you like to buy some dehydrated water?

Easily produce your own water whenever you need it!

To make 1 liter of water, just add 1 liter of water!

If we had some ham, we could make ham and eggs, if we had some eggs.

Um, aren’t memory modules the commodity product that is in short supply?

This is basically eBay.