computergeek125 @ computergeek125 @lemmy.world

Posts

0

Comments

255

Joined

2 yr. ago

Sometimes I'm watching something to analyze or I just really liked a song.

I also use j/l, left/right, and ./, for those three different types of scrubbing

The only number skip I use is 0 to rewind. Kinda helpful NGL.

It's this supposed to be a dad joke as an anti joke?

Any VPN that terminates on the firewall (be it site to site or remote access / "road warrior") may be affected, but not all will. Some VPN tech uses very efficient computations. Notably affected VPNs are OpenVPN and IPSec / StrongSwan.

If the VPN doesn't terminate on the firewall, you're in the clear. So even if your work provided an OpenVPN client to you that's affected by AES-NI, because the tunnel runs between your work laptop and the work server, the firewall is not part of the encryption pipeline.

Another affected technology may be some (reverse) proxies and web servers. This would be software running on the firewall like haproxy, nginx, squid. See https://serverfault.com/a/729735 for one example. In this variation of the check, you'd be running one of these bits of software on the firewall itself and either exposing an internal service (such as Nextcloud) to the internet, or in the case of squid doing some HTTP/S filtering for a tightly locked down network. However, if you just port forwarded 443/TCP to your nextcloud server (as an example), your nextcloud server would be the one caring about the AES-NI decrypt/encrypt. Like VPN, it matters to the extent of where the AES decrypt/encrypt occurred.

Personally, I'd recommend you get AES-NI if you can. It makes running a personal VPN easier down the road if you think you might want to go that route. But if you know for sure you won't need any of the tech I mentioned (including https web proxy on the firewall), you won't miss it if it's not there.

Edit: I don't know what processors you're looking at that are missing AES-NI, but I think you have to go to some really really old tech on x86 to be missing it. Those (especially if they're AMD FX / Opteron from the Bulldozer/Piledriver era) may have other performance concerns. Specifically for those old AMD processors (Not Ryzen/Epyc), just hard pass if you need something that runs slightly fast. They're just too inefficient.

You say that like I don't already have like 400 tabs open across all computers.

I've got one to add that should be used more often than it is.

Wouldn't that require running the service as an admin?

Counterpoint: if you system is configured such that the mere act of trying to send an email results in serious delays and regular bounces, you're doing email wrong. Even push notifications may require third party routing through Google, Apple, or similar to get to the core OS in some cases.

Yes, I recognize that hosting an SMTP server is difficult these days and can't always be done at home due to IP restrictions. But that doesn't mean you have to have an email server at home. I have a third party email on my domain and I can dispatch SMTP which arrives at expected non-delayed times even to Google and Microsoft accounts.

I honestly wish more software would simply speak to an SMTP server of choice rather than defaulting to just hitting the CLI mail send or attempting a direct SMTP connection.

Actually, I legally can't make money off of it for reasons that would dox me.

I already pay for both VMware and Microsoft licensing among several others. If I can get my SSO by saving a little bit of money by using a different product, I will. I don't mind paying for software I use when it makes sense, I only disagree with companies up-charging features like SSO that should be available to all customers.

You have my sword!

You'll find a lot of pessimistic people here because there are few unicorns when a commercial company buying an open source project didn't go badly for the open source people. Most of the time after a sell-out the projects ends up under highly restrictive licensing, features behind paywalls, and many other problems making it a shadow of its former self.

The most notable recent examples I can think of is IBM buys Red Hat buys CentOS, and that ended with forks as AlmaLinux and Rocky Linux. Oracle buys MySQL ended up forked as MariaDB. Businesses love to push their commercial offerings on open source products, and it's not always in the form of plain old support agreements (like the people behind AlmaLinux). Often (this is common especially in databases) they'll tax features like SSO, backups, or literally simple the privilege of having stable software. Projects like CentOS and VyOS don't have stable OSS versions, and soooo many databases will put LDAP/Kerberos behind the commercial product, charging monthly or yearly operating costs.

Even GitHub (which to be clear was closed source to begin with, but is a haven for F/OSS so I'll give it an honorable mention here) started showing Microsoft-isms after M$ bought the platform.

I have something like 40-60 machines between hypervisors, VM, and physical. Central auth is an absolute must for that scale. Sure I could just re use the same password 60 times, but if that gets popped, I'd also have to change it 60 times (adding config management is a soon to be completed task)

Just because you've used it professionally, doesn't mean it's OK.

Run the installation file to install the RDPwrap dynamic link library (DLL). This software provides the necessary functionality to enable Remote Desktop from a Windows 10 Home system.

          begin
        if not Reg.OpenKey('\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core', True) then
        begin
          Code := GetLastError;
          Writeln('[-] OpenKey error (code ', Code, ').');
          Halt(Code);
        end;
        try
          Reg.WriteBool('EnableConcurrentSessions', True);
        except
          Writeln('[-] WriteBool error.');
          Halt(ERROR_ACCESS_DENIED);
        end;
        Reg.CloseKey;


  

So essentially the RDPwrap software subverts Windows 10 Home security to enable Remote Desktop Connections.

Even without disassembling their shim DLL, just their readme language and installer code doesn't give me warm fuzzies about this software's ability to survive legal scrutiny or a Microsoft audit.

Just like with backups, in my professional IT Admin opinion: if its expensive enough to need remote access, it's expensive enough to remote access the right way. There's plenty of free remote options on Windows that don't require monkey patching the core services and using a Home license professionally. Plus, if you have more than a few Windows installs, you probably want Group Policy anyways, so you're up to the pro license key for that anyway, plus the Windows Server license key(s) for the AD controller.

Yeah, windows is expensive when used professionally. If you need windows that badly deal with it or talk to your software vendors about getting Linux or Mac software.

If you're ok leaving a monitor plugged in (but can be off), my go-to is Parsec. Bonus points is that it works without needing a VPN (it uses UDP NAT hole punching like Chrome Remote Desktop). If you'll be far far away from home, Chrome Remote Desktop tends to be slightly more reliable over high latency than parsec for me - but that could just be because I tuned mine for super low latency when nearby.

Good news is, you can run both at the same time and see how they treat ya! (And both are free for base use, but parsec has a handful of premium features you can pay for if you like it) I have Parsec, CRD, RDP, and SSH all set up in various forms to get back "home" when I'm not.

He's just stunned!

Can't tell you how many times I've googled things and found my own posts and bug reports.

Sounds like they were [puts sunglasses on] Doom'd

(Does anyone else hear metal playing?)

That got a lot darker than I expected

As someone who has not played the original, what do you mean "removed crowns"?

Voyager shows those both as strikethrough

This elicited a genuine laugh from me.

Excellent work, OP. I can feel the scope creep in my bones.