• 7 Posts
  • 108 Comments
Joined 2 years ago
cake
Cake day: June 30th, 2023

help-circle

    1. I don’t think this is a problem with tailscale but you should check. Also you don’t have to pipe all the traffic through your tunnel. In the allowed IPs you can specify only your subnet so that everything else leaves via the default gateway.
    2. in the DNS server field in your WireGuard config you can specify anything, doesn’t have to be RFC1918 compliant. 1.1.1.1 will work too
    3. At the end of the day, a threat model is always gonna be security vs. convenience. Plex was used as an attack vector in the past as most most people don’t rush to patch it (and rightfully so, there are countless horror stories of PMS updates breaking the whole thing entirely). If you trust that you know what you’re doing, and trust the applications you’re running to treat security seriously (hint: Plex doesn’t) then go ahead, set up your reverse proxy server of choice (easiest would be Traefik, but if you need more robustness then nginx is still king) and open 443 to the internet.











  • My company bought 5 snapdragon laptops to test - ended up returning all of them. They’re not bad per se, the operating system that they’re expected to run is. Windows for ARM has a looong way before it is production ready. Their biggest hurdle is the translation layer (similar to Rosetta 2 which works near flawlessly) that is so bad that if your program doesn’t have a native ARM build, you’re better off not even bothering. I’ve seen an article indicating that they improved it a lot in the current Windows insider build but we’ve already returned the laptops and switched over to AMD. In my opinion if Microsoft truly cares about Windows on ARM then it will be ready in a year or so. If they don’t… probably 2-3.

    As per Linux, it works great, but that’s because most of the packages are FOSS and so compiling them for ARM doesn’t take a lot of effort. Sadly, Security at our company insists we run Windows so that spyware antivirus software can be installed on all end user machines.