IP is like an address to a big skyscraper where a company operates. You are the delivery man and must go to 201.154.76.19 and deliver something. When you get at the reception, you tell them you have a package to deliver to Mrs HTTPS, at room (port) 443. Since Mrs HTTPS is well known and has cleared your entry before, you’re allowed to enter this room and only this room.

If you were to get at the same address and try to access other rooms you would either get refused because they are closed, or if open, someone would specifically need to be in the room so you can deliver something

Malicious actors that wanted access to the building could try to disguise their deliveries and enter the building, that’s why the default policy of most firewalls is “reject” and you specifically need to open a port and have a program listening to it if you want incoming connections.

deleted by creator

AMD is the gold standard for general user PCs in the last 5+ years. Intel simply cannot compete at the same energy expenditure/performance. At the same/close price/performance, Intel either burn a small thermonuclear power plant to deliver comparable performance, or simply is worse compared to similar Ryzens

Ryzens are like aliens compared to what AMD used to be before them

So I’d go with them

As for the GPU, if you want to use Linux forget Nvidia

My most paranoid config is disabling Ipv4

That’s it. If someone wants to attack me, they will need to adopt IPv6!

It really is

From what I get the higher ups wanted to implement those measures to comply with some certification or whatever

Problem is there are workstations from before this decision that are completely open and will probably never be upgraded; and you get new ones that are completely closed to the point workers would rather use their own hardware

If it’s possible to bypass this locked shitshow and just connect through another machine, then it’s really just a half assed measured don’t you think?

I mean it’s not straightforward doing it and probably the guys who would be the easiest victims and entry points can’t bypass the VPN connection to another machine like I could. But then, those who can do it, can also set up stricter firewall rules and control from their own machines, rather than using windows

I understand that. But among the peers working there are some using windows without any further protection. Why do I need to be the one getting IO-bombed by a software that scans the same files that were gathered from an internal git server anyway, when there are people whose protection is literally “pls don’t tresspass”

I trust my system way better: data at rest is encrypted with LUKS instead of bitlocker’s sucky encription; openvpn conf was upgraded by me because it admins use 128 bits keys for some reason. Etc.

Sophos is so cool! It locks down my work Windows computer so hard, and hook on every file open, that it makes the build time 4 times slower on projects. It keeps the computer so safe that I just don’t use it, I learned about namespaced vpn connections in Linux and just use my main computer with namespaces to work lol

Thank you, I managed to get it working with MediaMTX and DockoVPN I still don’t know how I would manage dynamic IP changes during the days I’m away, that would break the VPN

Thanks, I will look into setting up Home Assist

I don’t think VLC alone could handle auth/permissions/encryption

Interception by a third party is highly unlike, as the transport layer of basically everything is encrypted nowadays. What is left unknown is what can Meta do once the file is on their servers, as you’ll have to trust Zuckk’s word and Zuckk’s encryption