The problem is that this also applies within a radius around a “port of entry”. So everybody that lives within about 100 miles of the coast, an airport, or a rail line that crosses a border — which is probably about 80+% of any country.
Trust me, if you go to Japan you will go to a 7-11 whether you want to or not. They are absolutely everywhere, like “ubiquitous” is an understatement. I think when we were there we went to 2-5 convenience stores per day just because they were just so… convenient…
Cardiff, Wales. One of the few places in the world that felt like a Real City while also having its own distinct culture and feel. Every other city I’ve been to feels like the same sort of dull corpo-district monoculture.
Old Montreal also has a bit of this, but only the central city areas, the outside periphery quickly devolves back into the “this could be anywhere in North America (version francaise)”
When you fly on Air Canada there’s a unmutable ad for the Alberta oil sands right after the safety announcement before takeoff. It’s surreal enough, but it’ll be so much worse when they start doing this kind of shit too.
I don’t need artificial intelligence in my terminal. Do you know how many times some troll has posted about “rm -fr /” on Reddit and other shitty forums, which then gets gobbled up and laundered by LLMs? Not letting that anywhere near my prod servers with valuable data.
I wouldn’t put a lot of trust in Telegram. Not only is their cryptography off by default, it’s a bespoke hand-rolled non-standard algorithm that might not work as well as they say. Oh, and it’s been potentially backdoored by the FSB (Russia’s CIA) for six years.
I did it back in 2020 when we all had nothing better to do. Got as far as installing X11 and Openbox, and halfway through setting up the toolchain for Firefox.
It was fun - the kind of fun digging a big hole is. It’s not for everybody, but I sort of enjoyed it.
So basically the “conventional” generation methods use a Big Thing spinning at a specific speed to generate AC power. Solar and wind spit out DC which has to be converted to AC and also synchronize to the rest of the grid.
Hydroelectric, nuclear, coal, methane, all use a big-ass turbine at exactly 60.00 Hz to supply the grid. This is fairly easy to sync, since a change to load or supply will slightly change the physical rotation of the generators. If the load increases, it will draw down the speed of the turbines as it pulls on it harder. When the load is more than the generators can supply, or changes too quickly, it can cause a breaker to flip to prevent damage to the equipment.
With DC generators, the inverter connected to the grid works differently. It has to sense the frequency changes and react based on “external” factors. Right now there aren’t really widespread protocols to signal this type of grid conditions to solar/wind farms, so they have to be a bit more careful and preemptively disconnect to prevent damaging the inverters.
So it’s an entirely solvable problem. It just requires the industry (and ERCOT) to be proactive…
Index funds, yes of course. Individual stocks, absolutely not. They have way too much power and control and too little oversight to not abuse their positions of authority.
I’ve been using Thunderbird with the OWL and TBSync plugins for exchange for years with good results. Obviously some things won’t work (teams integration, provisioned signatures, mail merge, etc) but it’s good enough that I only need proper outlook/OWA less than once a month.
Another option is “installing” the webapp as a PWA. I tried that for a bit but found notifications to be unreliable.
It’s fine. RAID is not a backup. I’ve been running simple mirrors for many years and never lost data because I have multiple backups. Focus on offsite and resilient backups, not how many drives can fail in your primary storage device.
Not sure how to do that in docker, I’ve run mine as a plain old PHP-FPM site for years and years. It might be something that can be tweaked using config files or environment variables, or might require building a custom image.
ClamAV is slow and doesn’t catch the nastiest of malware. Its entire approach is stuck in 2008. It’s better than nothing for screening emails, but for a private file store it won’t help much considering that you’ll already have the files on your system somewhere. And most importantly, it slows down file uploads 10x and increases CPU load substantially. The only good reason to use ClamAV for nextcloud is if you will be sued if you don’t!
It needs some tweaks to be snappy. The defaults are really bad.
Gonna paint this on my roof to break some spy satellites
Oh my god this is what happens if grandma smokes too much crack
This was my setup from about four years ago. Other than moving suricata elsewhere, it’s largely the same. Worth a shot if it’s something you’re into!
https://nbailey.ca/post/linux-firewall-ids/
OpenBSD is also great, I’m just more familiar with the Linux tools. All the required tools are in the base image, and they have a great official guide:
Yep. Firewall, routing, dhcp, dns, everything you’d expect from a gateway device. Plain Debian (or really any distro) can do it all. With a 1gbps bi-directional connection fully saturated it will run at about 10% cpu on my very crappy low power Celeron CPU.
Plus, there’s no web UI full of janky and insecure CGI scripts to exploit, and software updates are forever (well, until x64 is deprecated, so basically forever).
IPtables on Debian because I like my life to be boring and unchanging.
For about a year I was running a full out of band IPS on my network. My core switch was set up with port mirroring to spit out a copy of all traffic on one port so that my Suricata server could analyze it. Then, this was fed into ElasticSearch and a bunch of big data crap looked for anomalies.
It was cool. Basically useless because all it did was complain about the same IP crawler bots as my nginx logs. But fun to setup and ultimately good for my career lol.
I choose not to think about it or include it in my mental threat model, the same way I choose to not worry about thermonuclear warheads.
If there’s some exploitable backdoor and Intel gets owned, we’re all boned and there’s nothing we can really do about it. I don’t have anti-ballistic-missile systems, and I also don’t have the capability to make an entire hardware/firmware/os from scratch.
So instead focus on the things you can control and are more likely to happen. Don’t plan for doomsday, plan for every day.