Good post, nothing else I have to add though.

Hey I don't know your technical capability, but Steve Gibson pointed out the lowest knowledge way to get an isolated network just by buying two more cheap NAT routers. Your current router stays routing internet, but in LAN1 you plug in one of the new routers, let's call it your home network, and LAN2 of your internet router plug in the other router and call it insecure. Plug in your WiFi access points into home and your devices. Plug in work laptop and other IoT to insecure. Home won't be able to talk to insecure, and insecure can't talk to home. This is all because of NAT. Just make sure the home network range is a different range to the insecure.

Otherwise it's just a vlan on router and switches and access points with no firewall rules that allow INSECURE to HOME.

You might already know all this in which case never mind!

https://www.grc.com/nat/nat.htm

I thought this was an onion article.

At this point we want antivirus and anticheat out of windows kernel. Microsoft killing access to it will genuinely fix Linux compatibility issues.

It couldn't be more win-win.

Microsoft is trying to test that approach. The company tested restricting kernel access to third party security vendors in the past, with Vista OS in 2006, but had to backtrack the move.

Symantec and McAfee then claimed Microsoft’s decision to shut off access to the kernel amounts to “anti-competitive behavior.”

Without kernel access, this software may struggle to perform in-depth behavioral analyses of processes and applications, to meet its objectives, said Varkey. “Blocking this access can limit the software’s ability to detect and prevent sophisticated attacks.”

They can't be trusted, kick out everyone's access to the kernel. Everyone must use API and that can be interpreted.

I keep asking the pets for their owners secrets but they don't tell me? I've tried pats, compliments and treats? Am I doing it wrong? How are you getting them to tell you about their owners?

Hate to break it to you, but most IT Managers don't care about crowdstrike: they're forced to choose some kind of EDR to complete audits. But yes things like crowdstrike, huntress, sentinelone, even Microsoft Defender all run on Linux too.

What do you do with Home Assistant?

"Oh well I automate a noise complaint form submission. It's integrated with my noise level detector and with a custom python lookup for the most recent airplane departure"

(that guy probably)

No.... It's malware. It's not a virus, it's malicious. It's malware.

I'm not sure what to read into tho whole article, it reads like an onion article from a normal place.

Maybe it's me taking the crazy pills today.

The Nintendo lawyers are full time, this is just a Thursday to them. You're keeping those lawyers employed by giving them work.

The messaging around this so far doesn't lead me to want to follow the fork on production. As a sysadmin I'm not rushing out to swap my reverse proxy.

The problem is I'm speculating but it seems like the developer was only continuing to develop under condition that they continued control over the nginx decision making.

So currently it looks like from a user of nginx, the cve registration is protecting me with open communication. From a security aspect, a security researcher probably needs that cve to count as a bug bounty.

From the developers perspective, f5 broke the pact of decision control being with the developer. But for me, I would rather it be registered and I'm informed even if I know my configuration doesn't use it.

Again, assuming a lot here. But I agree with f5. That feature even beta could be in a dev or test environment. That's enough reason to know.

Edit:Long term, I don't know where I'll land. Personally I'd rather be with the developer, except I need to trust that the solution is open not in source, but in communication. It's a weird situation.

I mean, the rdp is from Linux to Windows for desktop application access, so it's the right tool for that job.