Its never transmitted, can be stored in HSMs. Anything that’s handled wrong is unsafe

dont think so. what i gatherd passkeys is a public/private key scheme, much like pubkey auth in ssh logins.

I love it, have serial (rj45), no more need for monitor/keyboard setup in my “server room”. I have some raspberry-pi in my “family”-vlan, so i can always ssh/serial on to my proxmox. considering my secret superpower is “locking myself out from my firewall” this is really comfortable.

I’m just running debian trixie. I really don’t like openwrt and pfsense. I deal a bit with openwrt from time to time on embedded devices, APs or the like… just incredibly complicated to configure the firewall, which comes with like 28 default policy I would not know why I need those :D

I like the many ports. Internally I have everything over one port with plenty of VLANs, but I like my ISPs directly connected to cut out the switch and leaves my firewall as sole single point of failure. at least for internet reachability of my services.

my current project is integrating the multi homed wan and vpn choices into my home assistant. sadly it seems to be complicated to to route specific traffic (like .*bbci?.co.uk) via specific tunnels. sni detection is broken thanks to ech. Not sure if ech is even employed by bbc (akamai/amazon/fastly), but if i try to policy-route this traffic i cant watch :-( have to set the whole device to the VPN and it works fine.

I believe a recent raspberry pi would do easily. But it all depends on your requirements regarding diskspace, disk-io, network interfaces, cpu.

i personally run some china box for this: https://de.aliexpress.com/item/1005006970782594.html 5x2.5GBE and dual-disk support. so i have proxmox on zfs"raid" there, one container is my firewall that does more or less what i described above, but runs a ton of services.

I had an Intel NUC before for that, but it broke.

He can keep it. Just degrade the original, obviously crap router to a modem. If it lacks this functionality then create a transfer net between it and your server. Connect your internal networks to your box, run your own dhcpd if you need. Get in control of your network. Have you box do the routing, masquerading, translations.

If you need the WiFi of your router, this gets harder, but can still be made to work by defining a 2nd network on the link between isp-router and user controlled router. If not supported by router then via manual IP config of clients.this does usually not work in modem setups but with the transfer network only. Port forwarding on ISP router needs to be possible in all scenarios with transfer net.

Sounds like a fun project and possibly a deeper dive into selfhosting territory:)

if you can’t enforce copyright, how do you stop others from giving it away for free and editing it, making it foss…?

guess this is satire. zero trust and byod mix well, just isolate from your shit and you are done. block port 25 outgoing and known c2 IPs to not taint your IP.

and of course you need to tag the new network on all your switches, routers, APs… not to forget testing and integration in your monitoring system. 45 minutes is absolutely fine.

😜

sqlite is absolutely awesome

Founders: Steve Huffman Aaron Swartz Alexis Ohanian

if you don’t need those, why burden the program with another dependency?

🤯

the ton of negative articles. /s

it’s fine as long as you reboot before each call

can i order the svg?

Ah, it looked like the work of a lasercutter… Guess I’m stealing the design :D

KEIN GOTT, KEIN STAAT, KEIN KABELSALAT!

love it :D

that’s awesome! I’m just migrating all my data to πfs. finally mathematics is put to a proper use!