A layered defense is always best. Nothing is 100%, but knowing your threat model will help define how far you have to go and how many layers you want in the way. Defending against State level actors looks different than swatting the constant low effort bot traffic. You’re right, if a bad actor gets root on your machine, all security is forfeit. The goal is to minimize that possibility by keeping applications and packages updated and only allowing necessary connections to the machine. You mentioned wireguard or tail scale. Set that up first. Then set up the host firewall to only allow outbound traffic onto the VPN to the required ports and endpoints on the LAN. If the VPS isn’t hosting any public facing services, disable all traffic except the VPN connection from and to the public Internet both on the cloud provider’s firewall and the host firewall. If it is hosting publicly accessible services then use tools like fail2ban and crowdsec to identify and block problem IPs.

Firewall rules on outbound traffic from the VPS to the LAN would do it. Allow traffic to the hosts and ports that the VPS needs to reach and block everything else.

That’s true, from a certain point of view. What they actually did was give everyone a common target. We still get everything compressed and limited into a flat line, just now we don’t have to adjust the volume on our stereo between songs.

Agreed.Also, Windows and OSX, unless you want to have to call your nephew who’s Good With Computers™ every couple of weeks. If you’re just using a browser for everything and never messing around like a good majority of people, Linux is just as good as either of those. Linux has gotten to the point where it’s Grandma proof if you stick to a distribution that prioritizes stability. If you choose a distro that prioritizes bleeding edge software versions, you may come across more bugs and breaking changes.Then you’ll need the troubleshooting skills mentioned here. Most of us are here to learn and mess around; the troubleshooting skills grow from that mindset.

I agree with your lack of affection for cloud services, but I think your view might be a little skewed here. Does a senior mechanic need to understand the physics of piston design to be a great mechanic, or just gather years of experience fixing problems with the whole system that makes up the car?

I’m a Senior Systems engineer. I know very little about kernel programming or OS design, but i know how the packages and applications work together and where problems might arise in how they interact. Software Engineers might not know how or don’t want to spend time to set up the infrastructure to host their applications, so they rely on me to do it for them, or outsource my job to someone else’s computer.

I tell my kids, never start it, but if someone hits you, hit them back hard enough that they won’t want to do it again. I feel like this works all the way up to state level doctrine.

If you want to live vicariously, check out this playlist. A guy did just that and his channel is great.

https://www.youtube.com/playlist?list=PL0HiM4heFTOoxnxAnv_WJJArugTScPBUg

American here: can we please have measurements by mass not by volume and metric units. It would make repeatability so much easier.

While others are focusing on the legal aspect, which I guess is the question you actually asked, my first thought was bare minimum compliance while gathering evidence. Grab an old phone, wipe it completely, install the app with all new credentials not tied to you in any way, then just leave it running at work. They get their location data, just not anything usable, you get to submit a minimum number of receipts that doesn’t get you in trouble from purchases you would have made anyway, or not because why support scumbag companies. You get to gather more hard evidence of their assholery that way. Never install work apps on your personal phone. If they require something for your job, they should provide the hardware to run it on.

When you do things right, people won’t be sure you’ve done anything at all.

Perhaps they’re carried. It would be pretty easy to grip them by the husk.

deleted by creator

I like my Denon Heos setup: 2 TVs, home theater, receiver in my office connected to my computer and speakers in 7 other locations. Works great with Music Assistant, and doesn’t require a cloud connection. It can pull firmware updates if you want but I’ve blocked all Internet access for those devices with no loss of functionality.

For about a month until it’s shut down as insufficiently worshipful to our corporate overlords.

MAC is useless as a component of the security check. It’s trivial to change; either with a dongle, as you said, or in the network configuration of every major and minor OS.

Skype was a steaming pile for sure, but it had the ability to search for and message a distribution group and get an answer from whomever was available and I could pin it for future use. Now I have to know every name in a group and message them individually until I find someone to help or start a meeting to get everyone at once. It may just be how our Teams instance is configured, but I miss that feature. And who decided there should be a limit on how many people I can pin in Teams?

Another stupid looking crossover/small SUV with a horse on the grill does not equal sport sedan

Notepadqq

Still way behind for KDE though. I’m running Sid on my gaming machine and hoping they update some time soon. I have KDE Neon on my laptop and it works great, but with an Ubuntu base it’s still trying to shove Snap down my throat.

The US is, as a matter of fact, and never has been, a democracy. It has always been a representative republic. Direct democracy as your comment envisions it is very difficult to implement and results in mob rule. If this is something you strongly believe should be stopped, get in touch with your federal senator and congressional representative to make your views known. Call, email, write paper letters, and encourage others to do the same. Make it clear that they won’t be reelected if they allow this to continue. We don’t have lobbying money, but it’s hard to keep taking bribes if they no longer have a position with which to provide a return on that investment.