Wholegrain mustard is also a great addition to mash. Does very well as a side to beef.

Thank you, what a gem.

🧠 + a few slapdash notes in a password manager. It’s very organic, very human.

Occasionally leads to situations like this.

I think vent was the last of these I used before discord took off.

These days I just don’t voice.

Which in turn can be slang for vomit. Wonderful :)

I usually get up by 5. If breakfast isn’t out by 6, I will certainly know about it.

They are a useful backup to have.

That’s even worse. A an almost literal in-house driveby. It’s not bloody hard to see potential problems.

This computer has a strange doo-hickey poking out of it that I know nothing about. Maybe I shouldn’t just slap a new OS on it. Nah fuck it. Need to meet planned quota. Send it and run lol.

There’s a reason our PCB pick’n’place machines run Windows XP. And why that ‘Y2K compliant’ lathe over there is rocking '98. And why that tyre balancing machine at the shop over the road is in the same boat.

Bad IT.

I remain thankful that Win11 is fussy about what it will install on. It needs at least:

• UEFI boot mode & GPT partitioning of the disk
• TPM 2
• Secure Boot capability

Nixing any one of these will prevent an automatic upgrade, regardless of what group policy etc is in place. On a bunch of new Win10 builds from a while ago, I set them up as CSM/MBR and turned off the TPM in BIOS. Absolutely no chance of surprises there, even if I accidentally mark a machine for upgrade.

My network is small though, < 50 clients. When the bullet must be bit, I have the time to add the client to the ‘will upgrade’ AD group & go over things with the user(s). Then run through converting MBR to GPT, switching to UEFI and enabling the TPM again.

After that it takes care of itself and pulls down a load of QoL fixes post-upgrade.

I don’t think you’re the first nor will you be the last to be smacked with a driveby install that fucks up your equipment, sadly :(

And then it got worse

If you’ve got to have Windows, at least slap openshell on it for a normal, customisable start menu.

Anyone falling for this lacks a basic understanding of technology, and should not be near the Internet unsupervised until they do. Regardless of age - plenty of young folk blindly walking into shit too.

If you know people like this - please teach them. If you can’t teach them, at least set them up with foolproof tools. A non-chromium browser and ublock origin is a good start. If you’ve got the know-how, a DNSBL like a pihole (for whole home blocking) or adaway/blokada (for Android) are good additional layers.

And get their data backed up 😬

On Dell server hardware with the right cards/licensing, you can remove the need for physical access to the server to input an FDE password by leaning on iDRAC. This provides access to the console remotely during the boot process (and thereafter).

Alternatives exist that supposedly do the same thing, but I’ve never had to try them. Airconsole, pikvm, blikvm etc.

You can keep this interface unexposed by using wireguard to dial in when you’re away, as per your original thinking. Just make sure the endpoint isn’t on the server you’re rebooting…

It’s convenience over security, something that creeps in anywhere there is popularity. For those who just want x or y to work without needing to spend their day in the terminal - they’re great.

You’d expect these kinds of script to be well tested against their targets and for the user to have/identify the correct target. Their sources should at least point out the security issue and advise to grab and inspect before straight up piping it though. Some I have seen do this.

Running them like this means you put 100% trust in the author, the source and your DNS. Not a big ask for some. Unthinkable for others.

Whatever you get, go bagged over bagless for longevity. The bag is an effective first filter as well as crap storage.

Our Miele is still going strong after years of use. It has only ever needed a power switch replaced, which was a 5 minute job.

There was a special time in the XP heyday before WiFi routers (hell, just routers even) were common for home users. Without some kind of AV, loads of folk were basically just rawdogging the Internet with ADSL modems.

Simply being connected this way long enough at the height of the MS Blaster worm would almost guarantee a drive-by infection.

I love those little Lenovo boxes, also recommend.

Proxmox has also been good for me - great for just quickly spinning something up to play with before committing.

A third, and hopefully final attempt at getting an iredmail setup going. SPF, DKIM & DMARC all checking out fine. It’s actually working this time. Need to get the ISP to change our PTR record though, last bit of the puzzle.

Also picked up a used negate device, so we now have pfsense fronting everything. That’s allowed me to move the original router to a better location and put it in AP mode.

Emby media server moved off a Synology and into a proxmox container. Finally, we can stream high def with the hardware acceleration we weren’t getting before.

I have settled on Mullvad, for their simplicity and payment methods.

I run a split environment. Main router is set up ‘normally’ with what other people in the house and visitors would expect.

Attached to that is a Pi running an OpenVPN client and a hostapd server that broadcasts a separate WiFi network. Iptables on the Pi are set to only ever allow Internet traffic through the VPN as a killswitch (except for OpenVPN, to prevent a chicken-egg situation), and any wifi clients connected via hostapd are routed through it.

A script occasionally changes the VPN endpoint to keep it interesting. This Pi also acts as a qbitorrent client that stores downloads to a local NAS.

It’s a best of both setup that has been stable for over 5 years now.

Not another genre, but you should definitely check out Savlonic if you have not already.

Here’s the opener from their latest.