As someone who spent their early/mid teenage years steeped in ‘anti-sjw’/gamergate trash, I can tell you she’s very much part of the problem.

Literally that was her point. Vote for Harris, but that’s not good enough on its own.

Glad I just finished moving my rack over to mikrotik…

No most millennials are also too lazy because they stopped giving a shit about computers when it stopped being a requirement to use the internet like 10-15 years ago because smartphones.

Most who did haven’t in at least a decade, and wouldn’t unless you put a gun to their head.

For some reason the vast majority of people seem to just want to ignore the machines that literally run our society, and its fucking maddening.

FFS the amount of people who I work with in IT and even then don’t really give a shit about their daily computing is absolutely fucking baffling.

Its really just a smattering of people from all ages who actually know how to use a computer because they’re actually interested in doing so.

On one hand what’s going on is a travesty, on another we already tried this. It didn’t work. We fucked up by meddling with the middle east in the first place.

I don’t really know there’s a solution for the west at this point, more than just a lesson to learn about minding your own fucking business next time.

How do you fix an oppressive society when half of its citizens seem more than willing to oppress the other half?

Well that’s an assumption…

Also what’s the point of being anti-ai when you’re already anti-cpyright?

The issue isn’t generative AI, its capitalism. The AI just makes capitalism’s bad parts more efficient, or is at least supposed to.

Next time use matrix.

Pfsense is a lot more feature rich than openWRT, especially when it comes to firewall features. Personally I just use openwrt to run my access points.

I would replace that eero unit with an old dell optiplex with pfsense, and forego trying to virtualize PFSense.

Not sure what hardware is in that eero, but if you wanted to keep it as just a basic AP, that isn’t a bad plan.

After that get a second optiplex for publicly hosted stuff. Keep that on a separate port on your PFSense machine, completely firewalled off from the rest of your network via pfsense, only allowing traffic from LAN to your server.

Physically separating your internal network, and publicly hosted services, as much as possible is the goal.

If you can only afford one new piece of hardware, I’d get the pfsense box, and set it up as a wireguard VPN server, disabling the direct port forwards to the VM running Minecraft. Though your friends would need to install a VPN client, and youd have to provide config files.

A used optiplex on eBay usually isn’t much more money to get up and running than most Linux SoC’s after all the adapters and kit is purchased, and they’re usually specced out way better.

Actually if you wanted to do physical DMZ separation, and wireguard you’d really be doing good, but that’s probably a little paranoid.

You’re adding attack surface by keeping them separated only by vlan. VLAN hopping exploits exist, especially in older firmware, ESPECIALLY on EoL units.

Pfsense is a proper router/firewall built on one of the most hardened networking stacks on the planet. Plus it catches regular software updates, no matter how old your hardware is. You can run it on an old PC with a cheap quad gigabit nic card from eBay if you’d like.

If I might ask, what do you have handling your inter-vlan routing/firewall? Is it the same box you use to handle the firewall/routing between your WAN and LAN?

Is this machine sitting in your LAN, or on its own firewalled off network with a DMZ? No matter how secure it is, you don’t want it on the same network as the machine you do your taxes on.

A good poor mans option is to get a pfsense box with 3 NIC’s. One for WAN, one for LAN, and one for the machine you publicly host with.

Setup firewall rules so that LAN can reach the MC host on needed ports, but not the other way around.

Been using this in my homelab. Pretty great for Linux machines.

If you need to host for a windows network, samba can provide a Windows Server 2008 level AD DC, as well as print and file servers.

You could always install bare LDAP and Kerberos, but then again you could also try eating a cinderblock.

There are alternatives, but they all have their usecases and compromises in comparison. Most businesses want a cookiecutter one size fits all solution. AD is the closest thing.

Which is why I’m no longer interested in supporting them lol.

You don’t get to run a commercial entity under the guise of open source software, and giving back to the community, while prioritizing inter-compatibility with the king of EEE over the most popular FLOSS alternative.

Rocky has been good to me, but I still miss centos.

Honestly the only thing I’ve had trouble getting working with freeIPA with no alternative is some sort of centralized ROM management. Then again they all kinda lack any sync features with retroarch which is what would really bring me to them anywho.

Pretty much. Its nice but I find trying to get it to do anything other than cookie cutter operations requires you to not only go around the GUI, but in many cases break it.

Also lotta shit that was supposed to work sucked too. The GUI always seemed to have a 50% chance of clobbering my ACLs when editing them, and encryption was either entirely password based, or the keys where stored with no passphrase on an unencrypted dataset.

My rocky nas has Luks on mdraid for the root which hold the keys for the zfs pools, and CLI based acl management is pretty ezpz once you learn it.

That’s what I’ve been doing for a good bit now.

I used to do a split environment on ad but I didn’t feel I was really getting anything out of windows, other than ease of use with TrueNAS.

Still haven’t gotten TrueNAS working with FreeIPA, but running a NAS off of rocky isn’t too bad either if you don’t mind the extra setup.

The nice thing about downstream distros is you don’t actually have to deal with redhats shit to use their stuff.

Unrelated but this pissed me off.

using a Microsoft innovation called Active Directory

The only Microsoft innovation there was Embracing, Extending, and Extinguishing LDAP and Kerberos.

I will NEVER forgive boomer admins for allowing that. I don’t mean to be presumptive, maybe its just where I work, but old guard windows admins seem to be fucking lazy dipshits as a rule.

I’ve never met sysadmins/engies who give so little a shit about what they’re setting up and why. If you only care that it works, and not how, why the fuck are you in this industry? Go get an MBA like the unskilled, uncaring sap you are and fuck off from my special interest.

Man that got derailed quickly lol, though I guess it explains why they’re all using domains they don’t own…

Yes and no, if you have large-scale projects that require a ton of people, donations can be necessary.

Just because you take donations doesn’t mean you have a profit motive.

Also processing time, especially on weaker hardware or with bigger files.

Recommending an advanced Linux OS to a newbie isn’t empathetic.

I agree, I don’t think everyone needs to know how to use niche CLI utilities or minimalistic tiling WMs. I do think you should be able to easily navigate a windows-like UX such as Mint.

Expecting a user to know how to install an OS isn’t empathetic.

No, I think that’s about where the average persons knowledge should end. The fact that the average person doesn’t know this is exactly the issue I’m getting at.

Re-installing an OS is easy, It’s like knowing how to change a tire, or check your oil. Booting off of a USB stick and clicking next a dozen times isn’t hard.

I don’t know I entirely agree with this take. Computers are literally the most powerful tool for creation in all of human history.

You should absolutely be expected to put effort into it.