The guy beat you to it in 1996

When Red Green gets into consumer electronics…

One option I’ve run into particularly with some self hosted systems is with notices going to the wrong one of multiple systems logged in. If you have several phones/tablets/computers using the same account notices can get twitchy. Could try killing of some old logins and reset this one to refresh the token it uses to keep you authed.

The Ghz shouldn’t make a difference, so long as it’s on the same network. The spectrum used is the physical medium, a device on the WiFi and wired networks of the same network can talk to each other. Different AP may (should) be on separate channels within the given spectrum to avoid signal overlap, but still work the same.

Why would you have to specify what frequency it’s on? The only thing the phone would need to replicate to the device is the network ID and key.

Except my chats are not subject to public records act laws for oversight and public information, so if I choose to keep them off record it’s not illegal.

It’s impressive and somewhat concerning what people will pay for a name. Historic as it is Napster died long long ago

What you might call a stateful NAT is really a 1-1 NAT, anything going out picks up an IP and anything retuned to that IP is routed back to the single address behind the NAT. Most home users a many to one source nat so their internal devices pick up a routable IP and multiple connections to a given dest are tracked by a source port map to route return traffic to the appropriate internal host.

Basically yes to what you said, but a port forward technically is a route map inbound to a mapped IP. You could have an ACL or firewall rule to control access to the NAT but in itself the forward isn’t a true firewall allow.

Same basic result but if you trace a packet into a router without a port forward it’ll be dropped before egress rather than being truly blocked. I think where some of the contention lies is that routing between private nets you have something like:

0.0.0.0/0 > 192.168.1.1 10.0.0.0/8 > 192.168.2.1

The more specific route would send everything for 10.x to the .2 route and it would be relayed as the routing tables dictate from that device. So a NAT in that case isn’t a filter.

From a routable address to non-route 1918 address as most would have from outside in though you can’t make that jump without a map (forward) into the local subnet.

So maybe more appropriate to say a NAT ‘can’ act as a firewall, but only by virtue of losing the route rather than blocking it.

NAT in the sense used when people talk about at home is a source nat, or as we like to call it in the office space a hide address, everyone going to the adjacent net appears to be the same source IP and the system maintains a table of connections to correlate return traffic to.

The other direction though, if you where on that upstream net and tried to target traffic towards the SNAT address above the router has no idea where to send it to unless there’s a map to designate where incoming connections need to be sent on the other side of the NAT so it ends up being dropped. I suppose in theory it could try and send it to everyone in the local side net, but if you get multiple responses everything is going to get hosed up.

So from the perspective of session state initiation it can act as a firewall since without route maps it only will work from one side.

Assuming it’s not a 1-1 NAT it does make for a functional unidirectional firewall. Now, a pure router in the sense of simply offering a gateway to another subnet doesn’t do much, but the typical home router as most people think of it is creating a snat for multiple devices to reach out to the internet and without port forwarding effectively blocks off traffic from the outside in.

https://zadzmo.org/code/nepenthes/

For the self hosted version.

Did they get doge efficiency updates installed?

Yeah, but I try and keep as little MS as possible, so my DC is a Linux system, which works fine for LDAP and MS systems joining, but somewhat ironically I’ve yet to be able to get a Linux system joined to it. They actually have a helper app even outside of sssd but it seems to be poorly maintained. Was trying Bazzite again today based on another comment but no luck so far.

Meep meep!

What do you expect when the company is run by a loony toon?

The model here needs tuning, it hasn’t managed to mimick coherent human language yet.

Battle of who do you want to give all your usage data to so they spam you with ads?

There’s a reason why they’re cheap, never used Walmart ones but the Amazon tablets required extra fees just to not be a permanent billboard on the lock screen.

This is part of the annoyance of Nix as a desktop though. With windows you have 64bit and (for whatever reason) x86 versions of apps and it’s generally just assumed to work with what your running, unless you have an antique with win98 or something.

With Nix there are a a whole pile of possible variables and ways to install things. Particularly with people getting so used to phone/tablet app stores the need for easy install, use, removal is needed for mass adoption. Nobody wants to create folder structures and set environment variables to use some app.

For server hosting it’s the only way to go.

Gaming has improved significantly, although it’s rather frustrating that it’s by all these compatibility layers and such rather than native run.

For desktop, as a workstation and general purpose it’s ‘ok’ with rough edges. Things like (limited tests with a couple common distros like Ubuntu/Mint/Bazzite) the nextcloud app not supporting virtual files that have been available for a while in Windows and domain auth being twitchy where I’ve tried.

For the end user a big part is being able to just find an app and use it, no compiling or tweaking of settings needed for it to do what’s expected. Package managers help greatly, but with the huge number of distros out there it makes it really hit and miss to say just go for it. The relatively few times you can just download a Linux version of an app from a site (as people are prone to doing if they go read about something on the web) you often would have to go chmod +x it and quite possibly have to run it from a CLI rather than just click the downloaded app.

So usable yes, but in a place where I could just drop it on someone and say go to town less so…

Sweet, will have to take a further look at that. Had set it up to check the state of Nix games and it seems to be pretty decent (last I really looked was when StarCraft was still a big thing). Didn’t see anything in the settings about ldap/ad auth in my messing about though.

Largely because half the services I host are tied to a Univention DC, and so are the current Windows client machines, I’d like to maintain that state.

I know Ubuntu has an AD option when you set it up, but it doesn’t seem to work with any of the ‘AD compatible’ replacements I’ve tried.

Big thing holding me up is domain auth. Someone had decent luck getting something like Bazzite joined to a DC without major manual work?