Album

Frame rate, wide screen, mouse input… You can pretty much do anything you want with the game. Vs an emulator that runs the official ROM as it was.

That’s what the title of the post implies. It’s a problem away from home.

The Adblock is at home

Use wireguard to stay on your home network.

What are you just a walking meme parrot? Are you a bot? How is this a leopard face eating thing when there’s millions of people who didn’t vote for this and are afraid to get deported from the country they were born in. Either you still think it’s their fault for the way they were born or you don’t understand that the particular idiom refers to people who decided their own fates by choosing to hang out with leopards.

Lol I get it on this one.

Unfortunately this app is abandoned. Homie took my money and ran.

US T-Bills only.

This is my biggest regret purchase lmao. Which is good. But yeah I basically never used it. Very unlike me because I would rather eat my bad decision. But it’s was so laggy I turned it off and waited for updates that never came. Took me years to finally throw it away.

Yep so you know it’s bad because Royal blood is pretty thick.

Depends on the docs but if they’re written well you’re best served by reading them in full. Rftm before looking at best practices and tips.

Problem is a lot of people don’t understand how to read a doc. There’s a terminology, phraseology, syntax. I have so many instances of people who say they didn’t see the answer in the docs and then you look and it’s right there. But the human mind tends to discard info it doesn’t understand how to process.

If you think you know how the Internet works but haven’t read the RFCs you might not know as much as you think you do. Read pretty much every one on ipv6 because the second hand resources are absolutely garbage.

If crabs could read there would be no stopping them.

“Forgot my wallet?”

Must be nice to say from your private Hawaiian island

Ayyyyy!

Love systemd thanks for the writeup 👍🏽

Mauna Loa is a national treasure. It’s one of the greatest things about America.

Wrt lan deny all for the fam, it’s mostly hard on gamers cuz games tend to use wide port ranges and outbound IPs are potentially home isp networks not the game servers. But yeah it takes some time and research to really lock it down.

Most stuff is running through web protocols though. So right off the bat you create allow rules for any LAN device to hit ports: 80, 8080, 443, 8443 which are your common http and https ports. That’s gonna get most ppl what they need.

I do ASN based allows for certain applications like Google, Facebook, etc.

For consoles they’re pretty locked down so just give them full allow to the Internet. I don’t do that actually but it’s probably the better way.

IOT devices get only the ports they need to the IPs they need.

when you said you are using unbound instead of using DoT forwarding, you mean instead of allowing clients to DoT forward, right?

No I mean my unbound resolves DNS for something like microsoft.com all by itself. It calls up the root name servers, finds the com nameservers, then asks the com nameservers for Microsoft. And for any subdomains it asks the MS name servers. This is instead of relying on external forwarding services like 8.8.8.8 or 1.1.1.1 or quad 9 or whatever. At least the former two are sure to be aggregating this data.

Additionally I do not allow devices on my network to reach out to external port 53, or 853 to circumvent lookups on my unbound by reaching out directly, which would then bypass the DNSBL. Anything for port 53 gets NAT’d to the unbound server. You can’t redirect TLS attempts so those get hard blocked.

Curious to your IDS solution

Securicata is what opnsense uses. Pretty easy to set up.

I have an n100 box that I put opnsense on for routing, firewall, DHCP, DNS and IDS. It uses unbound for DNS and so I’m leveraging the blocklist functionality in unbound. And then I use unbound to resolve instead of using DoT forwarding.

Dnsbl is only a small component of effective network security. Arguably the firewall is most important and so I have a default deny all for any device on my LAN trying to reach the Internet.

All applications need specific allows. Thus internally no device can use dns over tls because 853 is blocked by default. Then I use a DNSBL to catch known DoH by domain since the cert is provided by domain name.

It’ll also be wrong in every application you run in your browser. Even local sites.

Bad mortgages, bad ratings agencies, and definitely bad issuers.

Thanks for rephrasing. The thing is with regulation when there’s a caveat/condition it’s forbidden not just a correctness check. I think the underlying sentiment is correct, a blanket ban on something is surely easier to enforce than a nuanced approach.

But that’s my whole point since the first post. A blanket ban on securitization just locks away the whole tool when really we should just work to implement effective regulation.

The real problem is that law and subsequent regulation lags behind innovation. Like AI or crypto would be an example. So back in 2008 there was a lot of lag on securitization as an innovation. Subsequent to the crisis, in 2025 market reg is well established on securitization products and derivatives.