Yeah absolutely if he’s downloading Linux ISOs, just use a VPN and you’ll be fine 99% of the time. TOR if he is doing anything else surrupticiaous. 😬

Absolutely! Wireguard (for example) uses UDP 51820 (normally) which will mlre than likely be blocked, but that won’t stop you from using something like cntlm to proxy it over an allowed port like 443/80. DPI or some intercepting proxies would likely still filter it.

Client seperation is implemented by the AP. There’s lots of info, it’s called client isolation normally. check this out

Good explanation, a note that most public WiFi will use client separation. Macca’s, starbucks, airplanes etc you will only ever see your device and the gateway. (More for other people that are reading, I assume you know this 😄)

It depends on his threat model and what he’s trying to hide really. Public WiFi is fine, as long as you validate/check the SSL cert it’s using is from your bank and is legitimate. Using public WiFi with a VPN is more secure as long as you trust your VPN provider. If he’s asking these questions, then he’s probably not doing banking though, and should ideally be using VPN+TOR or something similar.

Yes a VPN will hide your IP address from the server you’re connecting to. The VPN service will still see your IP and may log/record it. You also have to watch out for things like DNS leaks.

LMAO they really are inept 🤦‍♂️

I’ve moved a couple of domains to dnssec and it’s great, simple DNS.

Yeah the whole app is really responsive, works great on minimal resources. Excellent for sharing hikes and trails!

Have you seen owntracks? They have client apps too.

Same! Two zpools on one Debian VM, shares NFS etc for everything else. I pass through PCIe sata cards to the VM, too.

Still does nothing when scanning the entire ipv4 address space achievable so quickly. You can also use services like shodan to find vulnerable services on any ports.

Use SSH keys, stay upgraded. Make management services (SSH, RDP, admin services) accessible only via VPN (WireGuard). Only expose 80 and 443 to the internet, if necessary.

Never heard of DeSEC before, but it looks damn cool! Been looking to get away from CloudFlare.

Not open source… Kinda trash move.

That’s just how they work. They terminate SSL, and then connect to your source server as a client, this gives them access to read anything submitted to your or any other sites they manage in the clear.

Sync is the best client currently IMHO.

Yep, Immich is tha bomb! Able to completely clear out google photos!

Interesting setup, mines very similar. Except with ZFS and no DMZ 😅 I’m thinking of setting up vlans for automation too, how do you handle updates and software downloads on that lan?

I believe they don’t fit in the built in tip holder.

But it’s paid 😭 I spose I could try it for a month.

I made a poc https://modder.lemmyverse.net tool that I’m hoping to expand on for Lemmy tooling 😄

All your reports are belong to us!

Ahh this sounds awesome! Would be nice to put a bunch of MP3s in a folder and be able stream them!

I run my own instance because the content on it will always be very snappy, since it mirrors the text content that I’m subscribed to. It’s distributed like email or RSS are, in that you choose to subscribe to something, and then it is federated onto your instance when new activity occurs.

Have a look through the community list and subscribe to stuff!

Sometimes it takes a minute.

Yeah it takes maybe a day and then it’s solid!

Yeah it takes maybe a day and then it’s solid!

This is great!

Ahhhhh, PHP… 😭

This is the correct answer, lots of communities are affected. PS4 is another one.

Instead of going to the effort of managing a fork, why not just submit a PR with hCapcha to the base repo 🤣 As a Dev, it’s not that hard.

Haha, mines gone up just a bit too since running Lemmy :D