Hey I don’t know your technical capability, but Steve Gibson pointed out the lowest knowledge way to get an isolated network just by buying two more cheap NAT routers. Your current router stays routing internet, but in LAN1 you plug in one of the new routers, let’s call it your home network, and LAN2 of your internet router plug in the other router and call it insecure. Plug in your WiFi access points into home and your devices. Plug in work laptop and other IoT to insecure. Home won’t be able to talk to insecure, and insecure can’t talk to home. This is all because of NAT. Just make sure the home network range is a different range to the insecure.

Otherwise it’s just a vlan on router and switches and access points with no firewall rules that allow INSECURE to HOME.

You might already know all this in which case never mind!

https://www.grc.com/nat/nat.htm

I thought this was an onion article.

Thank you sir

It’s solving a real problem in a niche case. Someone called it gimmicky, but it’s actually just a good tool currently produced by an unknown quantity. Hopefully it’ll be sorted or someone else takes up the reigns and creates an alternative that works perfectly for all my different isos.

For the average home punter maybe even up to home lab enthusiast, probably not saving much time. For me it’s on my keyring and I use it to reload proxmox hosts, Nutanix hosts, individual Ubuntu vms running ROS Noetic and not to mention reimaging for test devices. Probably a thrice weekly thing.

So yeah, cumulatively it’s saving me a lot of time and just in trivialising a process.

If this was a spanner I’d just go Sidchrome or kingchrome instead of my Stanley. But it’s a bit niche so I don’t know what else allows for such simple multi iso boot. Always open to options.

Don’t waste time on pandering to proof of ability when actions speak louder than words. The release of your research is personally something I’m looking forward to regardless of your history or experience. I will interpret your research and evaluation with my own bias and sceptical stance. I’d rather question you afterwards if your article left questions unanswered or unclear.

Jumping the gun now and questioning you before we start just wastes both our time.

Good luck with your research!

Probably because it uses nothing online, including the voice to text. It’s only local device. A rare claim for those kinds of features.

Gog doesn’t* (as often?) sell licenses that can be revoked as part of purchasing eula and therefore shouldn’t really have to remove the misleading ‘buy’ word.

Many steam games you don’t own and aren’t buying, you’re being granted access that can be revoked by the property owner. That’s not just steam.

*I’m not a big Gog or games purchaser in general so I’m not sure if that’s accurate. I’m sure you get the point though.

I think you probably don’t realise you hate standards and certifications. No IT person wants yet another system generating more calls and complexity. but here is iso, or a cyber insurance policy, or NIST, or acsc asking minimums with checklists and a cyber review answering them with controls.

Crazy that there’s so little understanding about why it’s there, that you just think it’s the “IT guy” wanting those.

Sr-iov works already though? That’s not needed for this. The motherboard presents the pci bus to the guest regardless of what’s plugged in. Works fine.

This is when you want many guests to have shared graphics by partitioning a gpu. So the host still retains it and presents the graphics card to guests. You need to partition the ram up equally though, so useful only in VDI generally where you want a RTX A6000 like card to split to 10 guests each with 8gb of ram, and they share the gpu, but keep their individual video ram. Economy of scale can work out in graphics or maybe ML situations. Not so useful at home since you’ll probably have a Rtx 3080 with like 10-12gb of ram, and at most you wouldn’t want to split it below 8gb for modern games and partitions need to be equally sized. For 10g two = 2x5gb which would be a poor experience probably. Lots of frame stutters as it switches stuff between ram to video ram.

Hope that helps. Unless this technology unlocks better partitions it’s more about opening to vdi and machine learning in a full open source context like proxmox rather than just the driver being locked behind hyperv vmware and citrix hypervisor/xen and a big yearly license. Maybe it still needs that yearly license.

This is possible now, but in xen or vmware you need to buy a nvidia license to unlock this feature. You can trial it for a minute in a lab but you can’t give 4 guests each 2gb of vram on your graphics card without Nvidia specialist proprietary driver on both the host and the guest.

For vdi where you can buy 48gb rtx a6000 graphics cards, with architects (for example) each user getting each about 8gb each, you can 10 guests concurrently per card. Which at a few hundred architects scales better than buying many $5000 dollar workstations that struggle with WFH.

For a home user, maybe being able to split for your two kids on a standard rtx 3070 with what like 8gb might be OK? Probably not though.

Right now I have a hacky way that isn’t really supported in nvidia to split graphics cards to two guest vms but it’s neither license compatible or what I’d call “production ready”. I’d like proxmox to be able to handle this out of the box because it’s already in the kernel.

I’ve no idea what this means with licensing though. The yearly license cost to allow you to use your driver is actually stupidly expensive. The Rtx A series cards are already dumb money.

Either way it’s a good thing, but probably not much news for the average enthusiast

Pop! Os

Imo.

Printers. Desk phones. Wmi service crashing at full core lock under the guise of svchost.

What an unhinged rant. Even 30 seconds after posting I can barely understand my point. I’ll leave it there unedited though.

The root cause of this issue that they identify, is 100% the kind of AI that they’ll build for this situation.

Old mate wants to use it to keep people on their best behaviour. The kind of subjective wording that whatever he doesn’t like, is the exact reason people lie in court.

Power to that thought process through systemising it, legitimising it, is exactly part of the problem.

What’s that American who said lies about the eating cats then justifying it by saying “I’d lie if it got the American public to wake up”. Let me get the quote…

https://www.mediaite.com/news/remarkable-confession-jd-vance-absolutely-floors-observers-with-comment-that-hes-been-creating-stories-about-migrant-pet-eating/

If I have to create stories so that the American media actually pays attention to the suffering of the American people, then that’s what I’m going to do.

Yep. It’s not infallible, it’s intentional. Intent goes into the creation of systems and implementations. These are the kind of people that want these systems. They’re justified in their own minds.

So to close the loop you linked that article and it’s point was:

More than half of wrongful convictions can be traced to witnesses who lied

Don’t give them reason for more ways to do so. Don’t give them legitimacy. That’s deterministic. It’s intent. It’s not failed if it worked. Your opinion on a system which is failed or fallible is not the same as the Oracle hocho who wants to be God.

They’re not sharing your values, morals, ethics or compassion.

I saw a sign on each street light on a bike path in my town that said “these street lights use aluminium cabling because the copper was stolen”.

Your plan will work.

Bleeping computer was blocking my vpn but that also sounds common. Not only is there heaps of controls through conditional access policies where you can use device compliance policies and mass download defender for office 365 rules to detect these things, Microsoft also allow a bunch of ways to circumvent that through publishing enterprise apps and leave it to you not to lose your keys. I use one such app a lot called pnp powershell so my powershell can access basically everything and do anything so I can script largely migrations and audits of those migrations into sharepoint. While I do remove that app at the end of my projects, most people just move on.

Of course pure speculation. It’s just not even hard to either footgun yourself, and fortinet have been known to be shooting themselves in the foot, even assuming they tried to put controls in, in the first place.

I’ll read the actual article when I get home to see how impacted I will be though. As a customer, seller and with certifications. Not to mention, maybe there’s something for me to learn about the whole thing anyway.

I deploy so many of these things. I don’t even know what to say.

Fortinet as a security company is like asking a sieve to hold water.

The amount of cvss 10 scores show they’ve got the high score.

If they protect their own network with Fortigate devices no matter the utp atp whatever, they’ve probably been breached for a while.

Hard not to be cynical.

This is no different to me having a email dedicated to searching for a house to give to real estate agents and someone saying “I don’t think it’s legal that a house has an email”. It was frustrating reading up until your comment that people just didn’t get it.

https://www.theverge.com/2022/8/21/23315513/google-photos-csam-scanning-account-deletion-investigation

Google looks. Google reports. Even if you did nothing wrong you’re guilty until you prove innocent and even then you’ll never get your account back.

Yeah as a sysadmin I’d also like to ensure casual readers note that windows 11 22h2 is EOL in Ends in 4 weeks (08 Oct 2024).

https://endoflife.date/windows

Please don’t run windows without security patches. Every month there’s about 4 active exploited zero day security vulnerabilities finally getting their patch. https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2024-patch-tuesday-fixes-4-zero-days-79-flaws/

Each month past end of security patch releases just grows your exposure. On Windows and Linux alike.

Coming in Windows 11 24h2 is live patch, Microsoft’s catch up to Linux (a decade late).