Trainguyrom

Trainguyrom , 6 days ago

I got one for work. It literally just pastes into ChatGPT

Trainguyrom , 6 days ago

it’s not just parents either. some people are just like that when they travel.

Dude I flew out somewhere for a work training and it was 11x easier than my parents ever made it out to be. Just read the signs, follow the directions and get there about 1-2 hours before boarding. The biggest hassle was finding coffee in the Orlando airport (I ended up finding it tucked in the back corner of a bar)

The whole experience was more enjoyable than I ever remember flying being and it just comes down to going with the flow and being ready to roll with the punches

Trainguyrom , 6 days ago

Nah they would get freaked out by the smallest inconvenience and just getting to the gate was an odyssey for them somehow. With my own kids I've got plenty of things I look back on and go "oh yeah I understand why my parents did that now" but also plenty of things where its 100% "how the heck was this such a challenge for my parents to handle?"

Trainguyrom , 6 days ago

qbittorrent search makes it stupid easy too

Trainguyrom , 6 days ago

With the amount of password resets I have to do at work, I can't say I'm shocked

Trainguyrom , 6 days ago

Folder structures are a bizarre thing for many people

When learning about this I learned that in the analog days folks would actually put physical folders inside of physical folders and it both makes tons of sense and is mind blowing at the same time. -Late Millennial born to IT parents

Trainguyrom , 6 days ago

I have memories of some random afternoons at the consulting firm my mom worked at, where everyone's just poking at spreadsheets. I can't imagine how cool the memory of going into the server farm and doing some hardware work there would be

Trainguyrom , 6 days ago

UN, which... failed to keep dictatorships out

The UN while created with noble intentions certainly fell for the paradox of tolerance. They tolerate the dictatorships and human rights abusers because if they didn't they'd be much less empowered to take action against them, or worse they'd form their own competing UN made up of nations motivated to join them and you'd just end up with another NATO and Warsaw Pact for example. It's damned if you do, damned if you don't.

Ultimately the challenge comes down to how do you ultimately tame the leaders of the world who have absolute power. The founding fathers of the United States of America thought they had the solution with democracy and the many checks and balances they implemented into this new form of government they setup, but even that has its challenges and failures that they never could have forseen. The UN was the next experiment, trying to take the similar principles onto the world stage, and it's been less successful (but at least has had some successes)

Trainguyrom , 6 days ago

And I use AI to determine the right brightness level for my phone screen (that was a feature added several android versions ago)

Trainguyrom , 6 days ago

Signing the photo on the camera would achieve this, but ultimately that's just rehashing the debate back when this Photoshop thing was new. History shows us that some will fight it but ultimately new artistic tools will create new artistic styles and niches

Trainguyrom , 7 days ago

Mothman has a hella nice butt tho

Trainguyrom , 9 days ago

This year was the first year I worked in an office that didn't recognize Juneteenth. Someone still found a way to complain about people expecting Juneteenth off work and blamed Zoomers for it becoming the norm like it's a bad thing

Trainguyrom , 18 days ago

There's even extreme edgecases where a compromised machine being part of a botnet actually improves security because the malware shores up security to help itself remain persistent and not find itself removed/blocked by other malware or attackers

Trainguyrom , 19 days ago

The short answer is that new Bluetooth codecs have made the latebcy pretty much unnoticeable

Trainguyrom , 19 days ago

• Milk and potatoes can give a good base of vitamins and minerals.
• Potatoes are pretty cheap and very easy to grow if you have the time and will to try it. Just toss a few potato halves into a bin of dirt, water periodically and you'll have more potatoes than you know what to do with
• Toast can be a fairly cheap breakfast, although not very filling. It's easy to quickly eat as you run out the door too
• I've found making sure your dinners have multiple dishes actually makes the food go further and helps in saving money on groceries overall compared to not
• A bag of freezer veggies can keep in the fridge for almost a week pretty easily, and it's very easy to pour a bit out, nuke it in the microwave for 30-60 seconds and help round out your meal.
• Hotdogs cook very well with ramen noodles (you can also sprinkle in some frozen corn too!), and that can make 2-3 meals for a single person
• if you're in the states, Aldi is genuinely a really good option to save money on groceries, plus their store brand stuff usually has less sugar than name brand
• white rice is usually dirt cheap and a good base source of nutrients

Trainguyrom , 19 days ago

Some people just randomly get hemmroids for no apparent reason

Trainguyrom , 18 days ago (edited 11 days ago)

Some neighbors did an experiment one year where they got a 3lb bag of potatoes, cut them all in half then tossed half of them into a garbage bin full of dirt and ate the other half, placed said bin of dirt and potatoes at thw side of the house and periodically watered it. They ended up with more potatoes than they knew what to do with and declared "never again"

Edit: just realized I half described that story already. I'll just add they had moved to the area from Idaho not long before trying this

Trainguyrom , 18 days ago

Don't forget to check food pantries. Many nonprofit foodbanks don't gate based on income, particularly those operated by churches. It's often stuff that's close to expiration, or very cheap brands that you might not want to eat, but it's better than literally only eating cream cheese and will give you more variety of calories and nutrients to work with

Trainguyrom , 29 days ago

I was too young to really know what was going on at the time but when my parents upgraded me from my Windows 98 spare parts PC they tossed Windows 2000 on the new PC and I remember it being quite wonderful. I never did get to experience Vista nor ME because my parents were well enough tapped into the computer scene to know what was up. Now I get to help them setup their first home server this weekend

Trainguyrom , 1 month ago

Presumably they could make entering or leaving the country very difficult. So if you have family/friends in the US or ever have a reason to travel back to the country (pleasure or business) you could find yourself saddled with more debt than you might ever be able to repay

Trainguyrom , 1 month ago

Didn’t he travel a good distance to “defend” a business

If I remember correctly he traveled from a neighboring town to Kenosha WI. But people get hung up on how he traveled from his home in Illinois all the way to Wisconsin to do this without bothering to look at a map and see that Kenosha is right on the border with Illinois

But he also immediately after getting bailed out went and did a photo op/party with white nationalists, I think I remember he even made white nationalist gestures for the camera so guilty or not he's a piece of shit

Trainguyrom , 1 month ago

like what midwesterners get up to when they dream up new “casseroles.”

I'm in this picture and I don't like it

Trainguyrom , 1 month ago

There's some research that says Santa, the Easter bunny, etc. are good for teaching kids skepticism. Plus it's fun. I'll often move their stuffed animals so it looks like they were doing something when the kids are asleep so they can get a little bit of magic

But, threatening with Santa is actually bad parenting because #1 it's a bit traumatic of a threat but #2 they'll figure out damn fast that you're bluffing. Never threaten a punishment you aren't prepared to dish out (and never dish out a punishment you wouldn't feel comfortable explaining to the kid as an adult)

Trainguyrom , 1 month ago

Young kids are extremely receptive to self-fullfilling prophecies, and very flexible. If they hate school, it's better to find out why and try to see if you can get them to like school. You can kinda trick them by trying to associate school with fun, talk about how much you enjoyed school as a kid, and try to get them to talk about things they did that they liked at school. Or the flip side is maybe you'll learn that there's something serious you need to help handle as a parent

Trainguyrom , 1 month ago

It really sounds like you need to dive into firewall rules. Generally you lean on your firewall to allow and restrict access to services. Probably the easiest place to start is to setup pfsense/opnsense since it has a really clean interface for setting up rules. Proxmox's built in firewall is nice too, but configuring the firewall per VM would probably get annoying and difficult after a while

And as you learn more about firewalls learning how subnetting works will allow for more efficient rules (for example, if you have 192.168.0.0/23 192.168.2.0/24 and 192.168.3.0/ 24 for your networks that you're allowing traffic to/from you can just enter one firewall rule for 192.168.0.0/22 rather than 3 separate rules)

Trainguyrom , 1 month ago (edited 1 month ago)

So from my experience you generally will have different zomes of security. Outside Internet is obviously entirely untrusted so block every incoming connection except those you really need, and even then ideally all remain blocked (especially for a home network). Then you generally have your guest network which might need access to some hosted resources but is largely just used by guests to connect to the internet, next is your client network where your computer likely lives which probably gets access to all hosted resources but no management access (or depending on how much you want to trust your primary PC, limit that to just your main PC) and finally your datacenter network where you hopefully trust everything running in there.

You generally work with these zones and write rules based on the zone the traffic is coming from, with some exceptions, such as I might not want to give the guest network any access to my data center network, except for access to my jellyfin so I'll create a rule allowing only tcp web traffic from that network to a specific port on a specific IP/hostname.

A common way to achieve this is with a DMZ network, a network that sits between all of your networks and relies heavily on routing and firewalls. Public services and routers get IP addresses on the DMZ, and your firewall only allows specific paths. The outside Internet can open connections to the web ports of the web server and nothing else, the web server can't open connections to your other networks, only specific machines/networks are allowed to access the SSH port of the web server, etc. the DMZ is where trusted and untrusted connections mix, hence why its named after the zone that belongs to both North and South Korea where both are allowed but also neither are allowed, where one only goes with specific purpose and explicit permission

I was a bit hesitant to do firewall rules based off of IP addresses, as a compromised host could change its IP address

Realistically any identifier you can write firewall rules based off of can be forged in some way. A rogue machine can change it's host name, IP address and MAC address (and many do randomize their MAC address these days) in enterprises this is generally mitigated through limiting a network to only Ethernet access or via 802.1X authentication on WiFi and potentially even Ethernet. (You can also take the approach of MAC address whitelists, and some switches even allow for "sticky" MAC addresses where the first MAC address that connects is whitelisted until either the switch is rebooted or an administrator explicitly clears/allows the MAC address)

However, if each host is on its own VLAN, then I could add a firewall rule to only allow through the 1 “legitimate” IP per VLAN

You could go crazy and do everything at L3 (which your idea is basically doing but with extra steps) but that sounds like far more effort than it's worth, since now you're making every client also act as a router, and you lose a ton of efficiency both in configuration and in routing & switching, plus you've now changed the type of threats you're vulnerable to.

Generally in the enterprise, risks like what you're trying to mitigate are handled through reporting. An automated alert email is sent when a new device connects to a network that should never have new devices connect to it, then you kill the connection and verify with the team of that was any of them and investigate if it wasn't.

Realistically as a home network your threat model is automated scripts and maybe a script kiddie trying to get in. You really just need higher than average security to mitigate such a threat model (and average security is a shit show)

I feel like I may have to allow a couple CT/VMs to communicate without going through the firewall simply for performance reasons. Has that ever been a concern for you?

Security is always a trade off of convenience and speed. You have to decide what is an acceptable compromise between security and efficiency

Generally anything virtual when you aren't sure what to do, you should look at what the physical solution would be. For example, network storage is very bandwidth intensive, latency sensitive and security intensive. This is usually secured at the physical level as a separate network with no routers so that most security can be disabled. So at the virtual level these would be tackled with a separate virtual network connected to a second interface, and firewall rules on other interfaces to disallow incoming and outgoing connections to the storage network

Edit: I just realized I never answered your first question. In short, from what I've seen most enterprises put one firewall from a vendor like Fortinet, Zscaler, Palo Alto, etc. right on the edge of the network closest to the internet then either entirely rely on that for firewall or rely on that for firewalling off the outside Internet then do additional firewalling with a different tool inside the network. For example, a bank I worked at had a pair of redundant L3 switchs (Nexus N9ks specifically) which handled all of the routing for all of the bank's networks, and connected between those and the internet was the Fortinet box which was managed by an outside vendor and while i was there as part of hardening ahead of a scheduled red team audit we setup firewall rules (I'm blanking on the Cisco term for it, but they're ultimately just firewall rules) on the L3 switches to limit access to more sensitive networks and services

Trainguyrom , 1 month ago

No problem! I'm just an information sponge and I've lucked out with really good mentors so far in my career to learn from

Trainguyrom , 1 month ago

Oooh that sounds like a good idea! I've been noticing how much meat is taking a bite out of my food budget and trying to play with ways to stretch it a bit more until the kids are in school and my wife can start working.

Trainguyrom , 1 month ago

In the mid-19th century there was a doctor in Vienna named Ignaz Semmelweis. He worked in a maternity ward and took extreme focus on the extremely high mortality rate in his ward, and Semmelweis eventually found that hand washing before providing care was extremely effective at reducing the mortality rate (consistent hand washing dropped it from 18% to 2% mortality rate) specifically doctors would do autopsies in the morning then (without any sanitization) move onto their duties in the maternity ward.

Semmelweis had the seniority to mandate hand washing (specifically he identified Lyme to be very effective, but of course it's very unpleasant to wash with Lyme) he had the data to back up it's effectiveness, but what he lacked was the social capital to successfully shift the local medical culture to include handwashing before caring for sensitive prenatal and postnatal care. Specifically he was a dick about it. Because he was extremely outspoken about doing this unpleasant Lyme wash before providing care for which he couldn't provide a good theory as to why it worked, he was replaced as the director, continued his advocacy with limited success and eventually was placed in an asylum following a nervous breakdown where he died of sepsis from a caretaker not washing their hands.

His work was never recognized until long after his death. He probably could have had more success if he wasn't so annoyingly loud and outspoken about this hand washing thing. It was clearly the right thing to do but it took time and effort, wasn't entirely pleasant, and it wasn't yet the norm. He saved hundreds of lives while he was in charge and hand washing was mandated, but because his successor ended the handwashing mandate countless more died at his hospital alone.

The first successful soaps, in part created by a handful of individuals Semmelweis had inspired, were only successful when marketed as a cosmetic product to make you smell better (and by convincing people that they real!)

The point is, in advocacy, no matter how right you are, if you're fighting against "the way we've always done things" you will always have a significant uphill battle and have to play the politics and not be too upsetting to the order of things until some momentum is built, because otherwise, no matter how right you are, you can simply be written off as a lunatic and too annoying to be worth listening to

Trainguyrom , 1 month ago

abandoning semiconductor technologies and making computers out of simpler parts

I remember reading an article a while back about basically computing using cards which block or allow light to flow as a series of logic gates. Another way to think of it is reinventing the punch card.

Trainguyrom , 1 month ago

I interned at a bank and they do a credit check as a standard step for hiring someone. I also overheard HR at that bank talking about how they should stop running credit checks before hiring people because they can't use the info from that for anything and it just costs money to run the credit check

Trainguyrom , 1 month ago

It's a hilarious theory with zero evidence to back it up, but equally zero evidence to refute it. There's beauty in its possibility and ultimate unknowability

Trainguyrom , 1 month ago

One of my friends likes to say "the horrors persists but so do I"

Trainguyrom , 1 month ago

I haven't been so lucky. Grandma gave our first child both a phone and a tablet before she was 2 (against our wishes) and lets her have full unsupervised access to whatever she wants to watch. My wife now is a stay at home mom to keep Grandma's influence limited (she also plays fast and loose with regards to safety)

But back on topic, we usually ask the kids what they want to watch, and if we feel they've been watching too much trash television we'll say "let's watch something on PBS Kids" and let them pick something on PBS to watch (because that's our go to for higher quality kids content) so about 70% of their screen time is on high quality content and the other 30% is their choice.

Trainguyrom , 2 months ago

It almost looks to me like a renovation that ran out of money, and then either had a squatter for a few months or the person lived there on a shoestring budget for a few months

Trainguyrom , 2 months ago

From an admin perspective one of the best things to lab out is setting up a standard SMB server stack, which is 2x domain controllers, 2x DHCP servers, a file server, and a couple of desktop VMs, then practice setting it up to be nicely locked down like in a standard corporate environment. For example:

• redirect user directories to the file server and set permissions so only the user, admins and departmental managers can access files
• setup departmental directories on the share with departmental and managerial permissions
• setup group policies to lock down the desktops so that users just get a standard experience

But also make sure to set this up both in Windows Server with the full "Desktop Experience" as well as on Windows Server Core, and try to do so while following best practices with redundancy, network segmentation, etc. you could even get fancy and setup a remote site with redundant servers and replication to the remote site as well to experiment with how that works.

Then of course, once you have your virtual SMB network setup, try to break it. Fill up some of the VMs so it's out of disk space, corrupt one of the VMs and try to recover it, power off the servers when you shouldn't, cut some important virtual Ethernet connections and leave them severed for a while, or degrade the virtual ethernet connection and see what happens, delete the only domain controller and see what the best path to business continuity is, etc.

This covers a lot of the tickets and critical failures you'll see on a standard SMB network and will give you a good amount of exposure to a lot of what you'll work with in the "real world"

Trainguyrom , 3 months ago

To be entirely fair, the glass doors are terrible for refrigeration efficiency because the glass is far less insulated than the door with the screen is. It might actually save electricity by powering a screen that shows a picture of the product over a insulated door than just having a glass door.

This implementation looks ugly as heck of course but if there's a big enough energy efficiency gain I suppose it might be worth the trade off