The oldest vehicle I’ve owned, a 2004 Ford escape couldn’t even make it to 17 years old. The axle snapped due to rust damage. Road salt is so terrible for vehicles, roads and the environment

Personally, I think setting up a reverse proxy for accessing Jellyfin would be fine, just make sure you’ve got your firewall setup accordingly to limit exposure should someone gain access to the container/VM running Jellyfin

Oh the best part is it was all to fix a problem on Microsoft SharePoint. Not even on-prem SharePoint!

Yeah Powershell has way more weird limitations than Bash but it’s way better than using cmd.exe

I actually had to do that due to something preventing me from upgrading to Powershell 7 on my workstation. Adapted my script for Linux and ran it in Powershell in Linux

As an administrator, powershell is an essential tool these days. There are tunables that Microsoft simply only exposes via powershell even in their cloud Microsoft 365 environments. Just last month I had to rely on Powershell to trim previous versions on SharePoint, and 2 weeks ago I had to use Powershell to adjust a parameter on Exchange.

But also being able to pop a Powershell session and quickly apply a registry fix or run a diagnostic command or even just install a piece of software without disrupting a user’s work is absolutely brilliant (plus saves a call when I can just email back and say “I’ve pushed it remotely, reboot and it should be sorted now”)

Building off of this, the PDF standard supports all sorts of craziness. It can have embedded math and logic similar to excel files, to the point there’s templates available for banks which will automatically calculate entire loans (including weird ones like balloon mortgages and variable interest rate stuff) without leaving Adobe Reader, and the recent Doom PDF and Linux PDF projects exploit the fact that pdfs support embedded javascript.

There’s also an actual market for enterprise PDF templates like the banking ones I described with automatic calculations and whatnot. So some people literally make their living selling PDFs to businesses that businesses actually use

I used it briefly in a class around 2015ish. It worked about as well as any Adobe software does, but honestly it was really difficult to use and quite frankly it probably would take just as long to learn the HTML and CSS skills necessary to make a decent website as it would to learn how to make one in Dreamweaver

Does she have the eyesight to see the quality difference?

Blocking VPNs isn’t really possible. You can block known IP ranges but ultimately there’s so many ways to encapsulate and encrypt traffic that no solution is 100%. I have specifically worked at places in which those in management positions are interested in sniffing DNS queries to “see what people are up to on company time” and those happened to also be the employers that were doing sketchy things that may or may not have been legal

I’ve seen a grand total of one influencer make a good argument for a VPN and that was Alan Fisher saying “have you observed your work skirting regulations that they shouldn’t be? Are you potentially reviewing legal materials on your work’s WiFi that your place of work might prefer you didn’t know about? To help avoid retaliation, you might need a VPN such as one from today’s sponsor…”

More like they operate a tollroad to the playground and are concerned about why there’s so many trucks of wood chips costing them much more to maintain the road to the playground. And OP freely admitted they’re taking truckloads of woodchips from the playground.

Except the analogy also doesn’t work because ultimately piracy isn’t taking, it’s just copying and sharing copies. There isn’t really a good analogy without directly describing digital distribution and piracy. Maybe an analogy involving a solar farm and a transmission company? Except that gets into technical details that are just as technical as just explaining it as it is

We are swiftly reaching a time where boycotting companies run by people you disagree with will negatively impact your ability to function. Consider abandoning this type of purchasing in the future.

Oh no please don’t boycott! The current boycotts are actually costing companies money and we can’t have people learning that boycotts can actually work!

Y’know what that was terrible writing on my part. Where I put “physical vlan” I just meant specifying each port be a specific vlan rather than a trunk port that has multiple clans on in

I should probably proofread more and write less when tired

Physical wire tapping would be mostly mitigated by setting every port on the switch to be a physical vlan, especially if the switch does the VLAN routing. Sure someone could splice an ethernet cable, which would really only be mitigated by 802.1x like you already said, but every part of this threat model makes zero sense. You ultimately have to trust something (and apparently in OP’s case that’s a third party VPN provider that charges extra to not block LAN access while connected and they remain entirely on the free tier of)

But at the very least, not trusting everything on the network is a very enterprise kind of threat model, so using standard enterprise practices of network segmentation, firewalling, and potentially MAC-binding and 802.1x if so desired isn’t a bad idea, if for no other reason than it might lead to a career in network administration. And honestly I mostly want to get OP to not think of VPNs like a magical silver bullet and see what other tools exist in the toolbox

Wait you’re seriously using a free VPN?

Sounds far more likely that either someone misunderstood that residential IPs change frequently/may be shared by multiple subscribers or the ISP made an error when responding to a subpeana and provided the incorrect IP. Unfortunately both are all too common with privacy enforcement

If you really think the ISP router is snooping and can’t by bypassed you could simply double-NAT your network with a trusted router and call it a day. Much less VPNing and much less unusual decisions of trust and threat model involved then

But supposing you absolutely do not want to tack on additional costs, then the only solution I see that remains is to set up a private VPN network, one which only connects your trusted devices. This would be secure when on your I trusted LAN, but would be unavailable when awat from home.

Traditionally this would be performed by creating a dedicated network of trusted devices. Most commonly via a VLAN for ease of configuration. Set the switch ports that the trusted devices are connected to to use that vlan and badabing badaboom you’re there. For external access using Tailscale or one of the many similar services/solutions (such as headscale, netbird, etc.) with either the client on every device or using subnet routing features to access your trusted network, and of course configure firewalls as desired

LLMs have been trained so heavily on Linux documentation that you can even have it hallucinate a Linux terminal at you!

The “support” most importantly includes security updates. You better bet every hacking group has been working at finding fresh zero days for Windows 10 and is stockpiling them to start hammering any PCs that can’t be upgraded this October