Will have to look into that, thanks.

One of my key implementation requirements, however, will be resiliency, which means simplicity will be a core feature. The more “moving parts”, the easier it will be to break.

flip phone

Almost all such phones are actually smart phones in a flip phone Edgar Suit. Especially if it has maps or YouTube or any kind of an App Store. I see a crapton of flip phones that run Android, which has all sorts of Google spyware piggybacking along.

I think there may be only two or three dumb flip phones or feature flip phones left on the market, and IIRC two are locked to specific networks.

If you want a bona-fide dumb phone, you might be limited to something like the rotary un-smartphone.

or toaster can’t do its basic job offline

pats my 1962 Sunbeam Radiant Toaster

Obligatory Red Dwarf toaster scene

Go for older laser printers. They’re bulletproof, cheap on toner, free of DRM, and even if they only come with an LPT port you can always build your own print server that gives you all the bells and whistles like AirPrint.

About 3-4 years ago I took a bit of a dive into the firmware of IoT devices. The utter lack of security and the amount of information being hoovered up to the mothership made me swear to never build anything “smart” into the renovations of my current home. Sure, there will be automation. There will be CCTV. There will be solar with battery backup for essentials. There will be conveniences of all kinds. But virtually all will be air gapped, incapable of remote rooting, and under my full control.

Hell, even my laser printers are HP models over two decades old - an HP 4050DTN and an HP 5000DTN - that are totally devoid of any DRM or “smart features” and can trivially take generic overstuffed cartridges that can do 20,000 sheets at 5% coverage.

For such an invasive piece of code (it seems to drop into my system with every major Windows Update), this would be a hilarious message to see.

Well, most of the fridge is already there. You just need to disassemble, sandblast the metal and paint (if the paint is in poor condition), replace the insulation with closed-cell spray foam, replace the refrigeration system with a modern Freon-free system, reassemble and put new seals on.

An old fridge can be quite simple, structurally speaking. It’s in the 70s and 80s when fridges started getting compact, difficult to repair, and disposable.

The fridge will likely operate far less efficiently than a modern fridge unless you have it rebuilt.

With that said, a rebuilt fridge - with a more efficient cooling system and better insulation and all seals redone, etc. - does not cost significantly more than a new midrange fridge.

My microwave is a 1977 Amanda Radarange. It can boil a cup of water in ⅕ of the time a modern microwave can.

Now granted, it has zero fancy settings and a simple number pad that does nothing but set how long you want the microwave to run.

But honestly, this simplicity is a large part of it’s charm. No connectivity needs, no features locked behind paywalls, no extraneous bullshit or never-used features. Just a tool that does only one thing, and does it exceptionally well.

I have an apostrophe

Scottish/Irish?

some companies see it as a SQL injection hack and sanitize it.

Which kind of apostrophe?

A straight apostrophe, fine - that can and does get used in valid SQL injection attacks. I would be disgusted at any input form that didn’t sanitize that.

But a curly apostrophe? Nothing should be filtering a curly apostrophe, as it has no function or use within SQL. So if you learn how to bring that up in alt codes (Windows, specifically), Key combos (Mac) or dead keys (Linux), as well as direct Unicode codes for most any Win/Mac/*Nix platform, you should be golden.

Unless the developer of that input form was a complete moron and made extra-tight validation.

Plus, knowing the inputs for a lot of extended UTF-8 characters not found on a normal keyboard is also a wee bit of a typing superpower.

A line break is a non-printable character. So it would only work in the scope of electronic storage. The minute it hits other media, the line break character is subject to how that media handles it’s presence, and then it is lost permanently from that step forward.

Plus, many input forms make use of validation that will just trim anything that isn’t a character or number, removing the line break character.

Can certain remote connections be whitelisted?

I have a number of non-tech family members that I remote assist and remote administer. Clearly, I need to be able to log in remotely via RustDesk whenever needed, and since RustDesk has no auto-updater, I would need to whitelist the website (and their GitHub page) as well.

His router is tri-band though meaning it has 2 5ghz transceivers.

Unfortunately, for many models - like the Linksys WRT 3200ACM - that second antenna (technically the third one if you include the 2.4Ghz one) doesn’t function at all without the manufacturer’s firmware. It’s a dead stick with any third-party firmware, and is 100% software-enabled.

I have found this fact to be reliable whether it is DD-WRT or OpenWRT, and across several different manufacturers including Asus and D-Link.

8Tb optical disks don’t exist. Much cheaper to just do spinning-rust or cloud.

If you are looking for Bar, it is highly likely that you are already looking specifically for a particular functionality - say, the action - for Bar. As such, it is irrelevant which method you use, both will get you to the function you need.

Conversely, while it is likely you will want to look up all items that implement a particular functionality, it is much less likely you are going to ever need a complete listing of all functionality that an item employs; you will be targeting only one functionality for that item and will have that one functionality as the primary and concrete focus. Ergo, functionality comes first, followed by what item has that functionality.

There is a reason why little endian is preferred in virtually 100% of cases: sorting. Mentally or lexicographically, having the most important piece of information first will allow the correct item be found the fastest, or allow it to be discounted/ignored the quickest.

That makes a lot more sense for your setup, then.

Fail2ban bans after 1 attempt for a year.

Fail2ban yes; one year, however, is IMO a bit excessive.

Most ISP IP assignments do tend to linger - even with DHCP the same IP will be re-assigned to the same gateway router for quite a number of sequential times - but most IPs do eventually change within a few months. I personally use 3 months as a happy medium for any blacklist I run. Most dynamic IPs don’t last this long, almost all attackers will rotate through IPs pretty quickly anyhow, and if you run a public service (website, etc.), blocking for an entire year may inadvertently catch legitimate visitors.

Plus, you also have to consider the load such a large blocklist will have on your system, if most entries no longer represent legitimate threat actors, you’ll only bog down your system by keeping them in there.

Fail2ban can be configured to allow initial issues to cycle back out quicker, while blocking known repeat offenders for a much longer time period. This is useful in keeping block lists shorter and less resource-intensive to parse.

Do either of the options you mentioned provide custom nameservers? As in, the ability for ns01.yourdomain.com to resolve to your account on their DNS servers?

Why the hell is it so complicated

One hell of a complex and crazy history in a very tiny space over the last two thousand years.

Hell, you could just cleave off the last thousand as a reference and be done with that. Although that does leave out some juicy origin stories.