A layered defense is always best. Nothing is 100%, but knowing your threat model will help define how far you have to go and how many layers you want in the way. Defending against State level actors looks different than swatting the constant low effort bot traffic. You’re right, if a bad actor gets root on your machine, all security is forfeit. The goal is to minimize that possibility by keeping applications and packages updated and only allowing necessary connections to the machine. You mentioned wireguard or tail scale. Set that up first. Then set up the host firewall to only allow outbound traffic onto the VPN to the required ports and endpoints on the LAN. If the VPS isn’t hosting any public facing services, disable all traffic except the VPN connection from and to the public Internet both on the cloud provider’s firewall and the host firewall. If it is hosting publicly accessible services then use tools like fail2ban and crowdsec to identify and block problem IPs.

Firewall rules on outbound traffic from the VPS to the LAN would do it. Allow traffic to the hosts and ports that the VPS needs to reach and block everything else.

That’s true, from a certain point of view. What they actually did was give everyone a common target. We still get everything compressed and limited into a flat line, just now we don’t have to adjust the volume on our stereo between songs.

The Happening

Oh yeah, the movie where nothing actually happened and they gave away the twist ending halfway through the movie.

I was looking for the text to post it. That was the first thing I thought of too.

:waves hand: We’ve always been at war with Eurasia

Agreed.Also, Windows and OSX, unless you want to have to call your nephew who’s Good With Computers™ every couple of weeks. If you’re just using a browser for everything and never messing around like a good majority of people, Linux is just as good as either of those. Linux has gotten to the point where it’s Grandma proof if you stick to a distribution that prioritizes stability. If you choose a distro that prioritizes bleeding edge software versions, you may come across more bugs and breaking changes.Then you’ll need the troubleshooting skills mentioned here. Most of us are here to learn and mess around; the troubleshooting skills grow from that mindset.

I agree with your lack of affection for cloud services, but I think your view might be a little skewed here. Does a senior mechanic need to understand the physics of piston design to be a great mechanic, or just gather years of experience fixing problems with the whole system that makes up the car?

I’m a Senior Systems engineer. I know very little about kernel programming or OS design, but i know how the packages and applications work together and where problems might arise in how they interact. Software Engineers might not know how or don’t want to spend time to set up the infrastructure to host their applications, so they rely on me to do it for them, or outsource my job to someone else’s computer.

I’ve seen it explained elsewhere and it makes sense to me. Kidnapping usually implies a person being taken with the intention of negotiating for their release, where disappeared is more often associated with avoidance of giving any substantial information to a party seeking their return.

I feel like you’re wrong here. Moses and Joshua were pretty big into the whole genocide thing. Deuteronomy 20:16 for example is pretty clear about that, among many other examples.

Except for the weapons we sold them, the intel reports we provided, etc, etc.

Before he was sworn in even. https://www.pbs.org/newshour/politics/watch-trump-promises-to-settle-war-in-ukraine-if-elected

I’ve had way too many conversations with people that simply can’t comprehend how that works. “But then we’d have to do everything so much earlier, it would be dark all the time.” I try to explain that we’d still do everything at the same time of day, just call it something different, but they just can’t wrap their minds around that.

Same as it ever is. Their Russian handlers and their mouth breathing, Nazi loving supporters.

You might even say he’s extra manly; so manly he wants to spend all his time with men and as little time as possible with women.

Perhaps they’re carried. It would be pretty easy to grip them by the husk.

I like my Denon Heos setup: 2 TVs, home theater, receiver in my office connected to my computer and speakers in 7 other locations. Works great with Music Assistant, and doesn’t require a cloud connection. It can pull firmware updates if you want but I’ve blocked all Internet access for those devices with no loss of functionality.

Accession to NATO usually requires border disputes to be resolved. Last I knew Canada, the US and Turkey were also standing in the way.

For about a month until it’s shut down as insufficiently worshipful to our corporate overlords.