Guys a madman, didn’t even ask for a ticket.
The real question is : Why did you invite anyone over, before having a guest VLAN set up ? Classic beginner mistake.
I have two seperate guest VLANs, one for my family, and one for the people I love.
Whatever happened to just talking to each other? I’m glued to my devices all day every day, yet even I ignore the phone during holiday family gatherings.
Nobody’s forcing you to go; if you prefer be on the internet rather than interacting with your family, please just stay home.
Edit: Downvotes be damned, I stand by what I said. If this asocial shut-in who hasn’t had a friend since 2014 (because people annoy me) can come out of my shell a few times a year, and spend some time with the people I grew up, so can you. No excuses.
One day they will all be dead or estranged, and you will regret not looking up from your phone for two hours to spend quality time with them when they were alive and in your life, as you die alone in your nursing home (assuming you’re rich enough to afford assisted living, that is). Don’t say you aren’t warned.
Sounds like the network people at my company. They are asking us to spend more time in the office, but they don’t provide enough desks, they don’t provide working wired LAN and they only provide semi-working Wifi. All with proxies that don’t work and filters that don’t let me access the webapp I am supposed to maintain, which is blocked for “being a commercial website”. Thanks, I know, I have to program that crap.
I’ve only ever met two types of IT professional. Either:
- Their home network is immaculate and smooth as butter. It connects quickly and integrates with everything. They can manage it all from their phone, but they don’t have to because it’s all automated. Their server room (a) exists and (b) is cable managed. There’s a wireless access point and connected smart speaker in every room, including the garage and the back patio, but they’re carefully located for maximum sound coverage and to prevent signal interference. Their home theater is substantially better than a movie theater, and their media server is packed to the gills with content. Network security is hardened, with bespoke subnets for every user and tunneling for the media server and smart home functions. You feel a sense of calm and ease when connected to their network. “Everything I do at work, I try out at home first.”
Or:
- Their “home network” is a single Belkin router from 2011. They’ve had it since college, and it takes 9 minutes to reboot (which they have to do daily). It doesn’t even have Tomato on it and still uses the default password. They still watch OTA TV and Blu-Rays, so the wifi is exclusively connected to the smart switch that their tea kettle is plugged into so they can start their hot water before they come downstairs. You feel guilty even asking for the wifi password. “Why would I do any network stuff here? I do IT all day at work, the last thing I want to do is even touch a Cat5 cable at home.”
“Everything I do at work, I try out at home first.”
Absolutely no fucking way! And anything that touches work is isolated, their opsec sucks so much they didn’t even realized they mandate “security solutions” with known backdoors.
I think it means they setup new tech on their homelab to learn how everything works and how to break it. Then when a problem arises where one of these solutions is needed at work, you can implement it without any large issues. It makes sense if your hobby is close to or adjacent your day job, and you are on Salary, and your boss treats you right.
Yes, I’m not doing almost any of the things we do at work in my network.
I’m absolutely not running the same software. I’m not organizing the information the same way. I’m not using the same infrastructure abstraction, and even less configuring it in any similar way. I’m not writing the same languages.
The work environment is dictated by consensus between many people, with varying expertise, and weighted by how much work one is willing to put into each aspect of it. Each of those parts lead to bad tech, even though they lead to good people organization.
You are telling me that you can’t proof of concept something without a matching tech stack? Or learn exactly how a new tech works? It also sounds like you should never give your work any of your personal time, you won’t gain anything except for more work.
Isn’t this basically just rich IT guy vs poor IT guy?
No, it’s 'my life is IT and i never stop working" guy, and “IT is just my job” guy.
I just order a new router on Black Friday to replace my 10 year old one. I also only console game now because PC gaming is too much of a headache. I spend my money on outdoor gear and pets, not technology. My new router is $90 bucks. I can’t fathom why I’d ever need a wifi 7 quad band router with 9Gbps of throughput for a home network, other than pure bragging rights. All my devices are like 5-10 years old and barely support wifi 6 anyway.
A couple of my co-workers are the former. They will be doing penetration testing at 2am form their home lab in the morning because they their default mode is work work work. If i’m up at 2 am i’m watching TV and snacking.
I monitor security updates, but my co-workers like get excited and ramble on anytime a new patch/attack is documented. I don’t get it. They revel in doing updates and rebuilding their VMs fresh every few weeks, I groan and clone.
Nah, I could afford nice shit but I’m still using a ubiquity edge router 8 from 10 years ago.
There is probably something to be said that there is an in between to those two extremes. The “my network is made of a Hodgepodge of shit my employer threw out that still seems to work and brand new things I replaced because I had to”
My first draft of this did mention that there was a version of the second type of IT guy who cobbled everything together with workplace castoffs and conference swag, but I couldn’t figure out how to make it work without just being over-wordy.
deleted by creator
The guy she tells you not to worry about VS you.
I’m in the meme. In the shitty paragraph.
Are you my boyfriend/roommate?
Edit: he and I are both IT folks, but he handles all the Windows issues in the house. I handle Linux issues. He handles the router because it’s closer to his desk so it’s easier for him to threaten.
That seems optimal, I would be terrified at the thought of a Windows admin touching me.
no, just me, gabe newell
I want to be the first, but I am definitely closer to the second. I’m trying to find a reasonable middle ground.
Like, I want to have a nice home network with a proper NAS, Pihole DNS, Plex/Emby/Jellyfin media server, all my music properly tagged, little mediaplayer/emulation/game streaming endpoint boxes on each TV, etc. But I don’t have the time or money to do it right at the moment.
So I have my desktop set up to share out my media folders as SMB shares when it’s powered on, and I’ve used a few tools to get my video content organized right for Kodi. I’ve got Kodi installed as an app on the Xbox Series X plugged into the family room TV. The other TV has a Chromecast dongle with VLC sideloaded and set up to connect to the SMB shares, because I’m too lazy to get my Kodi setup on it. Every room in the house has an ethernet port, and most rooms have a dumb switch so as much hardware can have ethernet connection as possible. I’ve run my music collection through MusicBrainz Picard, and separated it into a properly tagged and organized folder, and one for stuff that isn’t.
Well I sit kind of between these
Like I’m not getting a dedicated router and have no server room in my apartment, and my consumer router only supports two VLANs (main and guest). But I’d say the rest is rather sophisticated with all machines defined in my NixOS config, including automated generation of firewall and reverse proxy rules for which I wrote custom modules.
Media server isn’t super full but connected to jellyseer and the rest of the stack, accessible over TLS (Let’s Encrypt certificates) only, with the option to have users managed via IDM.
However, I only have devices on my network that I somewhat trust, with an Android TV box being the worst offender. The smart TV was never connected to my network.
Would be cool to isolate my work PCs somewhat (I work from home with company provided equipment) but it’s just not worth the trouble in my opinion. Not switching out a low power device that does most for two different devices that both use more power (since you usually need a router and a modem).
deleted by creator
I’m almost the first (I run multiple VLANs and SSIDs using pfSense and Ubiquiti hardware) but my server is an old PC sitting under my desk and my cable management strategy is mostly “out of sight, out of mind”. I’m also heavily invested in the Apple ecosystem, especially for smart home stuff, so not everything is open source. Basically I have a complex network setup because I actually make use of it, but I really don’t enjoy working on it and if there’s an easy solution, I’ll go for it.
For the smart stuff: HomeAssistant
It is life changing once you get it running.
I got already 5 vendors and 3 different communications (BT, Matter, WiFi) integrated.
It truly is awesome
I’m in the middle. At work, I play it fairly conservative, applying well established solutions to well-known problems.
I have friends whom I advise and assist with their networks that absolutely fall into the first category.
MY network is is like the lab of a mad scientist, everything tinkered with right up to the edge of breaking. My home router collapses multiple times a year due to the wonky chaos I ask it to do. Home automaton sequences that are more complex than most rube goldberg machines. Metaphorical sharp edges and loose clutter everywhere, but an unholy abomination that works better than it has any right to - until I scrap it all to rebuild it from scratch next week.
I spent way more time than I care to think about figuring out how to get my porch lights to come on at 7am and turn off 10 minutes before sunrise without breaking when sunrise happened before 7am. I tried some serious Rube Goldberg nonsense in multiple iterations, until finally I decided to just add another “turn off the lights” at 9am every day. Most of the time it doesn’t do anything because the lights are already off, but on DST day it accomplishes my goal of making sure they don’t run all day, since 9am is always after sunrise.
If you’re using home assistant there is a “sun” integration.
My lights turn on 30 minutes before sunset and turn off 30 minutes after sunrise.
My wife didn’t want them turning on and off at the same time every day because observers could see the pattern… at least this way it’s a little more hidden.
(Side note, I just realized I said the times slightly wrong. We actually wanted it on at 6:30 and off 15 minutes before sunrise.)
Yeah, I had it turning off before sunrise just fine. The problem is that we didn’t want to turn them on until 6:30, but on the longest day of the year, sunrise actually happens at 6:14, which means that the lights would get the signal to turn off before they got the signal to turn on, which would mean that the lights would stay on all day until the night automation turned them back off again at 10pm. Which…probably doesn’t make a difference, but it would bug my totally-not-neurodivergent brain.
Anyway, I don’t use Home Assistant, but that’s probably the one I’ll choose the next time I move.
Yep. You can also use the sun’s position in the sky as well; I had one of the AIs write up the YAML.
Light sensor trigger?
The porch lights in question are actually string lights, and I just assumed that the power outlet they’re plugged into was too deep on the porch for a light sensor to be reliable. I could definitely be wrong, though.
There are separate light sensors.
The point of automation is that it doesn’t matter where anything is, they all can talk to one another.
Oh, yeah. I think if it was a problem I was willing to spend any more money on than I already had, I could’ve potentially ended up there.
What does a tomato have to do with a router?
“tomato” is an open-source router firmware package. You can use it to access settings that the manufacturer intentionally hides away, or to set up features like UPnP more easily. Some versions even enable features like a built-in NAS (just bring your own drives), networked printer support, or running a publicly-facing website on your router.
Along with packages like DD-WRT, it’s a pretty common modification for a lot of tech-savvy users to make.
Though, to be honest, I’m not entirely certain that a 2011 Belkin router would be compatible with Tomato (probably?).
Simple solution: log the kid into your neighbor’s wifi.
Guest vlan? Smart.
Blocking 80/443 knowing all to well everything depends on those: evil.
Throttling to 56k: the original original poster just being a dick.
Took 45 minutes: Maybe find another job. You’re not good at it.
Conclusion: The sister was right. Evil incompetent dick.
Took 45 minutes: Maybe find another job. You’re not good at it.
Bit harsh.
The OpenWRT guest wifi guide isn’t a simple switch like you would get on your OEM router, but involves manually setting up a bridge device, a new firewall zone, and a new AP on one of your radios.
This can take some time if you want to do things the right way. 10 minutes to setup with no extra config steps. Add another 10 if you need to move around your firewall rules, and another 20 for random debugging.
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface
Although, you set it up once. After that it’s just a checkbox.
I have a feeling this is satire, and I’m usually the type of person to miss the joke and think it’s genuine
Even if it is satire, doesn’t mean we can do a full breakdown, especially for comedic value.
What idiot IT specialist does not run a segregated VLAN for guest wifi access? That is just rude.
And separate wifi networks that are connected to different vpns from around the world.
45 minutes setting up an alt vlan?
Was he getting paid by the hour?
The experience of managing a consumer-grade LAN appliance:
Open web browser
Start typing 192.168.0.1
It auto-inserts 192.168.0.12 because that’s the IP address of your NAS, and you’ve logged into it to adjust something at some point in the last six months. You register it has done this as you’re releasing the Enter key.
click Back.
Type the IP address again, this time carefully deleting the 2 it oh so helpfully inserted.
Wait 3 to 5 business weeks while the 16-bit ARM microcontroller they put in these things serves a web page like old people fuck. It loads to a completely useless stats page that has no information that anyone has ever needed to know.
Click LAN Setup.
Wait 3 to 5 business weeks while the 16-bit ARM microcontroller they put in these things serves a web page like old people fuck.
Parse the wall of acronyms before you, click the link that says DHCP.
Wait 3 to 5 business weeks while the 16-bit ARM microcontroller they put in these things serves a web page like old people fuck.
It continues in that fashion until you get what you need done or your network stops working and you have to get a pen and press the Reset button on the back of the device.
IT professional doesn’t have local DNS? LOL
Imagine not having an opnsense firewall deployed as an IT professional
Wait 3 to 5 business weeks while the 16-bit ARM microcontroller they put in these things serves a web page like old people fuck.
This also goes for some NAS appliances and the in-dash console of newer cars. Underpowered ARM implementations are the scourge of this decade.
We’re missing the most important rule here. Did the nephew open a ticket?
Lol wtf? Why even spend 45 minutes doing that if you’re going to completely block those ports?
Just tell him “no”.
“oh I’m trying to fix it just give me a few more minutes away from everyone” lights joint
Wouldn’t it be enough to just create a seperate subnet?
Yeah, he did that…and then kept going for some reason. A separate subnet in a separate firewall zone that doesn’t forward anywhere but the internet should be sufficiently safe
Not for the kid.
Was he worried about the kid or his network lol?
por_que_no_los_dos.meme
Neither
Which actual IT guy supports antivirus?
Lol generally I’ll refer to the OS builtin tooling (XProtect/MS Defender) and EDRs as “Antivirus” otherwise the non-techies will freak OmG wE hAVe NO aV! And then the “anti”-viruses like mcafee and Kaspersky mysteriously spawns
And also on-demand AV software can be good for spot checks or if you’re sus of something.
It’s the “Real-time” shit that hooks into the kernel that needs to be avoided like the plague
When i was a windows person many moons ago i ran into viruses once or twice. Kaspersky was the only av in those days that effectively cleaned them from my system.
Now i am a linux dude. Where there doesnt really seem to be an effective antivirus solution because, even though malware exists, it’s so fucking sophisticated and stealthy you may never know it.
it’s so fucking sophisticated and stealthy you may never know it.
Even more reason to install an AV on Linux.
It is the whole point of an AV to prevent malware the user doesn’t notice.
Almost every malware tries to be invisible to the user. Because if they aren’t, they would be wiped off instantly. This goes for every OS.
There dont seem to be any particularly effective ones.
In my experience malwareis just so different in linux tho, like. Malicious udev rules, bpfdoor, that ssh things hears ago that allowed someone to basically eavesdrop on anything that was right there in the code.
If someone manages to get something malicious running on linux it’s a different ballgame from wjndows - theres so much bash everywhere that can be modified to do nasty things.
Im not saying an antivirus is a bad idea on linux or anything - but there really doesnt seem to be anything decent.
Clamav seems like the only game in town. And i have nonidea how effective that is anyway
Lock down their accounts so they can’t even install shit.
I legitimately can’t tell if this is a joke or some dude trying to do a humble brag post on LinkedIn. So many ‘look what I can do’ posts on that damn site.
No one that serious about network security wouldn’t already have a network dedicated to untrusted devices relatives could use. Definite joke, still entertaining 😂
This reads like a parody greentext except you know OP is a sysad so there’s no fucking way he’s that self-aware
I’m 95% sure this is parody because if it was real there’s no way this person’s family would ask them to host Thanksgiving. And nobody blocks 443 on a guest wifi… that’d block everything they’d even need the guest wifi for.
He is doing the right thing if only because he is preventing a child from playing Roblox.
He’d be a hero if he gave him a copy of Minecraft (or really almost any non-F2P game) to play instead.
Luanti.
wth is the point of a guest network if you have 443 blocked lmao.
Even my VPN port is 443 so it gets past basic port filtering because HTTPS is usually the only one allowed compared to other protocols.
