In an enterprise imaged Windows laptop they and you probably wouldn’t have superuser privileges in order to keep yourselves from doing stuff like deleting core Windows dependencies. Maybe they give you full administrative access at your company but if you deleted the Program Files folder to save time you’d be blamed by pretty much everyone.

You guys obviously have root privileges or else you wouldn’t have been able to delete the system’s core Python2 installation. And frankly you must have literally manually deleted it because the package manager would have told you what havoc you were about to enact and made you tell it to do it anyway.

But what’s even weird to me is that most python devs I know, including myself use python virtual environments (venv) to use different versions and package bloat control from something like pip but keep it all nice and neat.

If you wanted python3 to be the default you have to change the PATH in Windows or if you don’t know what you are doing I guess reinstall whichever python with a .MSI an hope it does it for you.

Meanwhile, in Linux you can just use the alternatives utility to literally pick your preferred versions and it takes care of the paths for you.

And with the HDMI issue? You must not be using the same graphics drivers and someone is using proprietary graphics drivers (won’t have the issues you’ve described) and the other is using open source versions (you’ll have the issues you’ve described) because companies are shitty about their proprietary closed standards.

Which brings up another point. You say you all use the same laptop model and OS but you don’t all use the same drivers? There’s no baseline? There’s no control?

This sounds like a Hell of your own making. This is why users in general should never have full administrative privileges and they should be tailored down to just what you need. Epecially if they haven’t yet learned the basics of the OS they are using because they are at best a danger to themselves and at worst a vulnerable laptop inside the network.

It does represent freedom.

Kent can fork the kernel if he wants with all the fixes he wants in it and distribute it as he sees fit. This particular instance of the kernel (which happens to be original – the upstream), Linus has to balance allowing some fixes other developers want to include versus a ‘minor’ release of the kernel during this cycle (because it is a minor version release, not a major one). Kent could then also stop other developers from contributing to his fork but then those people could just fork his kernel fork and do what they want.

You as a user are free to use any of them. You’re even free to take Kent’s PRs right now with everything done in the kernel at this point, compile it and run it yourself if you want. You could even market it as something and sell it all if you want for a profit if you can get the customers. You’re free to do all of that. You can do it right now if you want.

Having a NAT on a consumer router is indeed the norm. I don’t even see how you could say it is not.

I never said NAT = security. As a matter of fact, I even said

It was not designed for security but coincidentally blah blah

But hey, strawmanning didn’t stop your original comment to me either, so why stop there?

Let me tell you: All. Modern. Routers. include a stateful firewall.

I never even implied the opposite.

To Linux at least, NAT is just a special kind of firewall rule called masquerade.

Right, because masquerade is NAT…specifically Source NAT.

I’m just going to go ahead an unsubscribe from this conversation.

So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.

Holy. Fucking. Shit.

Are you saying that everyone’s router’s firewall drops all packets from connections that originate from outside of their network?

Because, as I said:

layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.

The NAT doesn’t have to operate at layer 7 to be effective for this because

coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.

Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it

barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

Added some clarification in my first sentence so it makes a bit of sense.

The word you are looking for is firewall not NAT.

No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.