Step 1: License the technology for very cheap or free to competitors.

Step 2: Include features but its free because ads. Pay small monthly fee for ad-free.

Step 3: Revise CANNBus or replace it with new system. Make it a ‘standard’ so that aftermarket units can provide features but will also serve ads from the original car manufacturer and its DRM. Anyone reverse engineering the system gets sued into the ground for DMCA/Copyright laws because now they are bypassing DRM.

Step 4: Everyone gets ads regardless. Also, you must pay subscription fee to basically use the car. Ads are to “keep costs down” for features and/or car purchasing price.

Step 5: After everyone is mad, give slightly higher cost for subscription for ad-free.

People that complain are told 'It’s just one coffee a month. No big deal."

Step 6: Offer a 5-year (non-transferrable or refundable) plan that you can just roll into the price of the car loan and ‘locks in the price’ and 'You don’t have to worry about it anymore." Maybe toss in lame very small discounts for certain branded charging stations while on the plan. People already sign up for credit cards, give away their personal info. and become loyal customers to gas stations to save single digit percentages off on fuel.

People that buy new every 5 years usually buy the package.

People that try to save money and buy used cars pay the subscriptions.

Step 7: Double monthly price for ad-free tier and market it to “we had to raise prices for those that want a premium experience but kept the ad-based subscription fee cheap. We had to pass the cost somewhere.” This will increase the demand for those 5-year plans.

Overall new car purchase demand increases a bit because of those plans.

Over the course of 15 or 20 years there will be an entire generation of drivers used to ads always being in cars and will just accept subscriptions and ads are just the way it’s always been that way and that it must be that way.

For the EU, it’ll probably be different where the car can perform basic functions without ads but ‘premium features’ for stuff like traction control, auto lane following, etc. will probably still be behind the system I’d imagine.

/usr used to be the user home directory on Unix…well most of them. I think Solaris/SunOS has always been /export/home as I recall.

You need SPF, DKIM, DMARC with a RUA set up to an email that doesn’t bounce. That’s pretty much it. I’ve been running email servers a long time and actually set up email from a new domain/IP a couple of years ago as well.

This is true. If you have DMARC and your RUA set up (with a working email (or one that doesn’t bounce at least)) along with SPF and DKIM, Google and MS will accept your mail. The only time it won’t at that point is if your IP is in the same /24 as a known spammer but so long as the spam stops, you’ll fall off the list. Some of the common spamlists allow you to request your IP be removed by request and I can only recall one list that almost nobody uses that makes you pay for the removal though there may be more I don’t recall.

Here’s how to delete the SBAT policy that the Windows Update applies.

It updates Secure Boot in the BIOS, so you could completely remove Windows but the Secure Boot update would still be in the BIOS and affect the boot loader.

I used to do this on one of my sites that was moderately popular in the 00’s. I had a link hidden via javascript, so a user couldn’t click it (unless they disabled javascript and clicked it), though it was hidden pretty well for that too.

IP hits would be put into a log and my script would add a /24 of that subnet into my firewall. I allowed specific IP ranges for some search engines.

Anyway, it caught a lot of bots. I really just wanted to stop automated attacks and spambots on the web front.

I also had a honeypot port that basically did the same thing. If you sent packets to it, your /24 was added to the firewall for a week or so. I think I just used netcat to add to yet another log and wrote a script to add those /24’s to iptables.

I did it because I had so much bad noise on my logs and spambots, it was pretty crazy.

Lynx is still actively maintained. I use it from time to time when I don’t feel like leaving the command line to look something up or whatever. It works really well still. So long as all you care about is text.

If you like to use reader mode you’ll probably like Lynx.

There are a couple of OEMs like System76 and Starlabs that sell laptops with Linux on them, provide tech support for customers and so on.

And no, installing most distros aren’t hard. You just click the buttons to proceed and fill out the username and password box, select your time zone and select your wi-fi network if you’re using wifi.

You can do manual partitioning but why would you if you don’t know what you’re doing?

Installing software in the GUI is as easy as installing software from the Microsoft Store. Just search or look around and when you see something you want, just click the Install button.

I get the sentiment but defense in depth is a methodology to live by in IT and auto updating via the Internet is not a good risk to take in general. For example, should Crowdstrike just disappear one day, your entire infrastructure shouldn’t be at enormous risk nor should critical services. Even if it’s your anti-virus, a virus or ransomware shouldn’t be able to easily propagate through the enterprise. If it did, then it is doubtful something like Crowdstrike is going to be able to update and suddenly reverse course. If it can then you’re just lucky that the ransomware that made it through didn’t do anything in defense of itself (disconnecting from the network, blocking CIDRs like Crowdsource’s update servers, blocking processes, whatever) and frankly you can still update those clients anyway from your own AV update server which is a product you’d be using if you aren’t allowing updates from the Internet in order to roll them out in dev first, phasing and/or schedules from your own infrastructure.

Crowdstrike is just another lesson in that.

What I usually do is set next boot to BIOS so I have time to get into the console and do whatever.

Also instead of using a browser, I prefer to connect vmware Workstation to vCenter so all the consoles insta open in their own tabs in the workspace.

Having a NAT on a consumer router is indeed the norm. I don’t even see how you could say it is not.

I never said NAT = security. As a matter of fact, I even said

It was not designed for security but coincidentally blah blah

But hey, strawmanning didn’t stop your original comment to me either, so why stop there?

Let me tell you: All. Modern. Routers. include a stateful firewall.

I never even implied the opposite.

To Linux at least, NAT is just a special kind of firewall rule called masquerade.

Right, because masquerade is NAT…specifically Source NAT.

I’m just going to go ahead an unsubscribe from this conversation.

So, really, you were “correcting” me for you and your specific setup at the very beginning because your router’s firewall has a deny rule for all inbound connections because I must have been confusing what a NAT and what a firewall is because I must have been talking about your specific configuration on your specific devices.

Holy. Fucking. Shit.

Are you saying that everyone’s router’s firewall drops all packets from connections that originate from outside of their network?

Because, as I said:

layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated.

The NAT doesn’t have to operate at layer 7 to be effective for this because

coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

The point is that the SPI firewalls are not protecting against the majority of the attacks we’ve seen for decades now from botnets and other arbitrary sources of attacks, except, perhaps targeted DDoSing which isn’t the big problems for most home networks. They must worry about having their OS’ and software exploited and owned in the background, which doesn’t get much of an assist from a router’s firewall.

Obviously, this is however true for the NAT since the NAT are going to drop connections originating from outside the network attempting to communicate with that software to exploit it

barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

They are not layer 7 firewalls for the network which are going to be where most the majority of attacks are concentrated. No citation needed unless you believe they are layer 7 firewalls or using something like Snort.

Added some clarification in my first sentence so it makes a bit of sense.

The word you are looking for is firewall not NAT.

No the word I’m looking for is the NAT. It was not designed for security but coincidentally it is doing the heavy lifting for home network security because it is dropping packets from connections originating from outside the network, barring of course, forwarded ports and DMZ hosts because the router has no idea where to route them.

Consumer router firewalls are generally trash, certainly aren’t layer 7 firewalls protecting from all the SMB, printer, AD, etc etc vulnerabilities and definitely are not doing the heavy lifting.

By and large automated attacks are not thwarted by the firewall but by the one-way NAT.

You’d better hope that you can NAT ipv6 because if you aren’t behind a CGNAT and then your LAN is completely exposed without a NAT you’re very likely going to have devices exploited.

NATs on people’s boundary has been doing pretty much all of the heavy lifting for everyone’s security at home.

Fedora + snapper. If you want Arch’s AUR, then Fedora + snapper + Arch distrobox.