It really depends on how much you value your time and how good you are with configuration

A QNAP or Synology will work and be pretty simple to configure out of the box. Installing custom software is possible, but can be tricky as they require you to enable sideloading and custom apps can be hard to find. Both have supported app stores with available apps to do what you’re looking for (QNAP has apps for both torrents and Plex. Not sure about Synology)

However, you will get way more bang for your buck by building one from scratch using something like TrueNAS and the Arr stack, but this can require a fair bit of technical knowledge about configuring containers and securing network services(Especially if you want them to be accessible remotely)

Most people here do selfhosting as a hobby and as a result, the time spent trying new configurations is negligible as it wouldn’t be much of a hobby otherwise.

Just straight vanilla powershell is pretty good

Time to restore a whole machine backup to a VM with no network connectivity, and manually pull the command?

It’s not fear of the freedom, it’s choice paralysis. People want to go to one website, sign up for one account and then be part of a network with absolutely zero research beforehand. I like the fediverse, but the barrier to entry is higher than that because it first requires you to understand the technology at a base level.

Internet services getting shitty and then dying is nothing new. Look at MySpace, Digg, or any BBS. people just abandon the old one and join the new popular one. They’ll leave when it gets shitty enough and join the new thing

Sometimes you can have a thing that isnt a computer. Sometimes you can just have a glass door. I promise it’s okay.

I’m not sure I necessarily agree. Your assessment is correct, but I don’t really think this situation is security by obscurity. Like most things in computer security, you have to weight the pros and cons to each approach.

Yubico used components that all passed Common Criteria certification and built their product in a read-only configuration to prevent any potential shenanigans with vulnerable firmware updates. This approach almost entirely protects them from supply-chain attacks like what happened with ZX a few months back.

To exploit this vulnerability you need physical access to the device, a ton of expensive equipment, and an incredibly deep knowledge in digital cryptography. This is effectively a non-issue for your average Yubikey user. The people this does affect will be retiring and replacing their Yubikeys with the newest models ASAP.

Absolutely. If you are the CISO in a place where security is a top priority with adversaries that may have access to the equipment and knowledge to exploit this, you will absolutely want to retire the keys ASAP and replace them with the new model that is not vulnerable to this.

believe it or not, jail.

I tend to just check uptime before asking this question.

If I see the machine has been up for weeks and they tell me they rebooted it, I know i’m dealing with someone who doesn’t know that pressing the power button on the monitor doesn’t turn the computer off.

deleted by creator

Use it to program an functional DOS emulator for MacOS 8?

I also recommend this. EntraID is pretty handy and it was a fairly painless experience to get everyone using the Microsoft authenticator app on their phone for MFA. SSO via a registered app in Azure is just an added bonus.

Our typical user reaction is something like “Oh, like my banking app?” when we enroll them in MFA

So far, the only thing AI has shown to be pretty good at is summerizing a large amount of data, and even then it cant be fully trusted to not make mistakes.

Yes, it’s possible

You need a SIP trunk to connect to and a PBX server. I would also recommend a proxy server to obfuscate your SIP server as it will be constantly attacked.

It doesn’t technically need its own network, but having it on its own VLAN is recommended as you will want to have some QoS policies for the UDP voice traffic otherwise your call audio will be choppy

Apps get a one strike rule. The minute I get a notification I don’t want, that app doesn’t get to send me notifications anymore

This would turn the Internet into a hell scape if only because corporations could throw huge amounts of money around.

There would be incentive for the Pizza Huts and the Walmarts of the world to just assume control of the websites for any local competitors.

Domain squatting is incredibly scummy, but I have no idea how it would be possible to have any other system.

My understanding is that domains do expire unless you pay the fee to renew for another year.

Regarding unused domain names, how would anyone know if a particular name is being unused? Domain names are used for more things than browsable websites. You’d have to have a system that could determine if traffic is going to those names, which seems bad from a privacy standpoint and also pretty easy to script around.

I agree that for this size of network AD is definitely not something you want to deal with unless you want to learn how it works.

However, I’m not sure it really increases attack vectors to have it running, outside of the fact that it’s a new network service on the LAN. The out of the box default configuration is not bad these days, security-wise

Yes, that is what I meant.

Language is hard sometimes

This is more likely a case where the people that were only outside were never even convicted of a crime.

The FBI seems to be after the people they have credible evidence of actually engaging in violence or planned violence.