Yes, that does indeed sound like you have all the stuff necessary to make this work.
In my home network this wouldn’t work, as I’m running all my stuff in containers on multi-purpose servers, and therefore I can’t really split things per VLAN. Most other people in the homelab/self host community also use their servers for multiple purposes at the same time, so VLANs alone often doesn’t cut it.
Yeah, it’s lacking an avoidance system, as Slate will also tell you, so just make sure there’s nothing between you and your destination when you activate it.
That depends a lot on what you do with them…
VLANs work on a layer where devices can either reach each other or they cannot.
Let’s say you have your main desktop computer in the “main” VLAN, and your Jellyfin server in the “jellyfin” VLAN, and a third server for your home-assistant in the “home-assistant” VLAN, and finally some IOT devices in the “iot” VLAN.
You connect the VLANs as follows:
Remember that all connected VLANs much be bidirectional.
Now someone compromises your Jellyfin. They now control and has access to everything on the Jellyfin server, but they also have network reachability to your main computer, because your “main” and “home-assistant” VLANs are connected. They can now try to exploit your main computer.
If they are successful in exploiting your main computer, then they can use your main computer to jump to the home-assistant server because again, these two VLANs are connected. And you likely have the credentials for accessing home-assistant available on your main computer somewhere.
Now they are on your home-assistant server, and they can now start trying to exploit your IOT devices.
If VLANs are connected, they don’t care which direction the traffic flows.
If you want to control traffic flow directions you need a firewall. A firewall can sit between VLANs and block traffic coming from one to other, but not the other to the one.
If Jellyfin gets compromised, you risk everything else on the same server getting compromised, as well as everything that server can reach.
VLANs can certainly reduce what is at risk, but wouldn’t the machine running the Jellyfin client be reachable from the Jellyfin server? And if they manage to move laterally to the client machine, what could they then reach from there?
No, there’s never any shortcuts that doesn’t require you to fly to the other planets…
There is autopilot, so you don’t have to fly completely manually. But you will still have to take off and land yourself. And wait while autopilot flies to the destination.
For me, this bit became complete muscle memory, and a bit of time to reflect and contemplate what I had learned. Almost a bit meditative.
But yeah… If it only ever felt annoying and cumbersome to you, then I can certainly see why the game wouldn’t be enjoyable.
Sure… If someone managed to stream some of my media… They probably earned it… But then they exploit a vulnerability to perform arbitrary code execution, and leverage that to hack everything else on my network…
Fair enough, I must concede that it’s probably not for everyone…
It’s worth mentioning that most of the places that are hard to reach do have hidden shortcuts, that makes them much easier to get to, once you learn the shortcut.
Also you can enable a setting that pauses the game while you are reading Nomai text, or talking to people.
There’s an interesting video on YouTube by TeeHallums who investigated why some people bounce off of Outer Wilds, in the video he also interviews Alex Beachum (the creative director for Outer Wilds), and discovers an interesting pattern in all the people he has experienced bouncing off the game: https://youtu.be/msABa06aiT0
Outer Wilds is my favorite game yet…
What have you discovered?
The start of the game is rather confusing and aimless. What’s going on? Where am I going? Why am I going? What am I supposed to do?
In the mid game, the tempo picks up, as you see more and more pieces fitting together. You explore in a targeted fashion. Every new discovery is exhilarating.
In the late game the discoveries become fewer and further in between. The last bits of the puzzle seems to not quite want to fit together… Until it suddenly clicks… You understand what you must do, you know what is at stake, but not the consequences.
For me it was The Butterfly Effect.
Are you a software developer? And to you actually enjoy programming? Because Factorio is made especially for those people…
There’s a special place in my brain that kicks on the dopamine when I solve a tricky programming problem. Factorio hits the exact same spot.
If you like Factorio but are not a software developer: Have you considered becoming a software developer? Because you just might have what it takes 😉
Dunno… Somehow that seems like a feature to me 😉
Well… That depends entirely on your threat model…
In my setup, the backup is encrypted locally, and then uploaded to Backblaze. If I leak my encryption key, then yes, Backblaze and any state actor that can compel Backblaze, might be able to read my backup (and the same goes for an encryption vulnerability). But since the connection to access the backup is also authenticated, the rest of the public would not be able to read my backup. If I leak my access credentials, then everyone could get my encrypted backup data, but not be able to decrypt it. Of course if I leak both the access credentials and the encryption key, then yes anyone that obtains both can read my backup.
Many regular people use Microsoft Onedrive or Google Drive, which offers even less protection, but it’s certainly sufficient and well enough protected to keep your dissertation protected.
In most backup services you have the option to choose what gets backed up, and what does not. But sure, it entirely depends on who you want to protect yourself from.
If your main concern is state actors, then yeah… You probably shouldn’t use something like Backblaze. You should keep everything on your own hardware. And convince a friend or some family to have a NAS sitting somewhere that can host your backup destination.
For my case I’m mostly concerned about data continuity (not losing data). But privacy is certainly also a concern, and here I have chosen to believe that the encryption is sound enough, and that my ability to keep my encryption key safe, is sufficient for the data it protects.
Nice to hear… However I haven’t figured out how to get my HTC Vive to behave nicely on Linux…
I use Backblaze myself… But there are many other straightforward and easy backup solutions out there.
Just because the stereotype doesn’t quite fit your life doesn’t mean that there isn’t any help. Any psychotherapist or psychiatrist worth their salt would be just as capable of helping a man as they would be at helping a woman.
My wife went regularly to a therapist. At some point she convinced me to join, eventhough I thought I had no need for therapy… My wife is smart, she knew I would have use for therapy, and convinced me by asking whether I could join “to help her with her therapy.”
After very few sessions I realized that I definitely had some stuff to work through… And I can now say with certainty that going to therapy has been one of the best things I have done for myself and my wife.
There’s a lot of stigma around therapy, and especially couples therapy. Everyone we talked to immediately jumped to the conclusion that we had trouble in our marriage and that was why we went to therapy, even though that wasn’t the case. We quickly learned to say something like “oh, no no, it’s not because of each other. We go to therapy to learn to deal with the people who should actually be in therapy.” and that quickly shut people up.
People will probably have a similar stigma for your situation, because of the stereotype you mention. But it’s so worth it.
I would suggest starting some therapy yourself, but after a bit, try to invite your wife to join you. You can grow together.
Apparently a lot of couples where only one of them go to therapy end up splitting up… Because the person in the therapy grows, while the other is stagnant, it can lead to a lot of friction and frustration, to the point where one of them give up on the relationship.
Therefore I can only recommend going to therapy together. If you experience any stigma, talk to your therapist about it. They likely have some tricks up their sleeve you can use.
EDIT: Accidentally deleted an entire paragraph, which I have now rewritten.
Then against the Factorio devs publicly said they much prefer that you pirate the game over using a shady grey market key seller…
And when you set up a multiplayer server there’s even a checkbox to choose whether it should validate that players have a user account… Untick that and you can play with anyone who pirated the game.
To me it’s a pretty clear from the devs message: If you want the game, and want to support the developers, and can afford it, you buy it at full price. If you don’t want to support the devs or can’t afford it, but still want to play, you pirate it. And they even have a free demo, so you can try the game before making your purchasing decisions.
Train in the Distance by Paul Simon
Little Red Caboose (preferably the one performed by The Laurie Berkner Band): https://music.youtube.com/watch?v=OEUtoCv_ot8
The containers in my setup are running in a Kubernetes cluster. My Kubernetes cluster consists of 3 physical servers (one old desktop computer and 2 Intel NUCs).
On that cluster I run many different things, Jellyfin, Plex, *arr-stack, downloader, Immich, zigbee2mqtt, home-assistant, audiobookshelf, calibre-web, Forgejo, ArgoCD, Homebox, Paperless, Factorio servers, Velero, and a bunch of other stuff.
Because I run so many different things on the same 3 physical machines, using containers, then there’s no way to split this into VLANs.
I could make a “kubernetes” VLAN, but everything else on my network would need to be connected with it anyway. All my computers, phones and TVs need to access Kubernetes (Jellyfin), and Kubernetes need to access everything else such as EV charger, heat pump, and the power monitoring in my power meter. Therefore I need to control my networking at a different level.