This isn’t the best or most popular way to do it, but: https://learn.microsoft.com/en-us/windows/wsl/install

There is a way built into windows to deploy and use Linux from inside windows.

It’s not the most pure experience, but it’s a way to make sure you have something like a feel for how some parts work before jumping in any deeper.

A bootable USB stick is another way to try before you commit. Only reason I might suggest starting with trying it the other way first is in case you run into issues connecting to the Internet or something you won’t feel totally lost. Having to keep rebooting back into windows if you have a problem can be frustrating, so getting a little familiarity with a safety line can help feel more confident.

Issues with a USB boot are increasingly uncommon, as an aside. Biggest issue is likely to be that USB is slow, so things might take a few moments longer to start.

From there, you should be pretty comfortable doing basic stuff after a little playing around. Not deep mastery, but a sense of “here are my settings”, “my files go here”, “here’s how I fiddle with wifi”, “here’s how I change my desktop stuff”. At that point a dual boot should work out, since you’ll be able to use the system to find out how to do new things with the system, and also use it for whatever, in a general sense.

If it’s working out, you should find yourself popping back into windows less and less.

No, I think it’s saying that opensuse breeds Linux distros, and is trying to get Debian and arch to rub cloacas.

Also, opensuse once bit off a little chunk of someone’s ear.

Calm down, jeez. You said you have a system for generating passwords. Scheme is just a word for a system of doing stuff in a security setting.
I’m literally just asking what your system is and you’re acting like it’s the most aggressive thing ever.

Do you expect everyone to agree with you immediately? Disagreement isn’t aggression, it’s the starting point for the debate you keep mentioning.

There’s a principle in security, https://en.wikipedia.org/wiki/Kerckhoffs’s_principle, roughly summarized as “the enemy knows the system”. It’s the notion that you should be able to fully describe everything about your system except the secret key and still be secure.

My concept is a bit like this (don’t wanna give it all away):

That’s always a concerning thing to encounter at the beginning of a description. That implies that there’s an awareness that if you knew how the system worked it would be weaker, which in a security setting is considered a very notable defect.

If we’re looking at the actual security of the system you describe through that lens, the name of the company doesn’t add to your security. Neither does your word substitution rules. The secret in your system is the passphrase and the number you’re using to modify the letters from the company name.

Now, using a passphrase is good, but it kinda felt like you were implying that you use the same passphrase for all services and then modify it. That’s not a good idea, since it reduces your effective security to a single number.
Additionally, a passphrase should be random words, not a known phrase. If the phrase is grammatical it reduces the security pretty fast since it’s weirdly easy to guess word sequences.

Adding a character to the end of a password during rotation is also a bad idea. Anyone breaking a password database will automatically try with a series of characters tacked onto the end specifically to catch that, so a password of yours that got leaked years ago can be used to figure out your current password just by checking it with different endings.

A better system would be to write a truly random password down on a sheet of paper along with 31 others. Now fold up the piece of paper and put it in your wallet.
You are already adept at keeping paper in your wallet secure, and anyone not in physical proximity to you has to fall back to the usual tricks to get at your stuff.
Better yet would be to use a password manager, ideally one you can export to something you carey, encrypted, with you while you go.

Uh huh. When was I rude? You started by calling me ignorant, and I just asked you some questions about your system. You seem extremely defensive, since it seems to take only the smallest disagreement for you to dismiss someone as ignorant, lacking common sense, and unable to hold a discussion. Take a breath, and try actually explaining your system so there can actually be a discussion of what is or isn’t wrong with it.

I’m not looking for a fight, but I am extremely skeptical of your scheme because it’s one that people bring up often, and it’s never done in a secure way. Maybe yours is, but there’s no way to know if you don’t actually say what it is.

How often does any of that happen to you?

For the second one, that seems unlikely, and you can just type the password you read off your phone.

The printer scenario seems both unlikely, and has nothing to do with password managers.

If you’re memorizing your passwords, you need to factor in the likelihood you forget, and for the actual security of the password. It sounds like you’re memorizing weak passwords, which is the heart of the problem, not a downside to password managers.

What’s your system? I love hearing about people’s great systems for generating passwords. How much entropy does your system produce per password?

You’re extremely confident for someone disagreeing with literally every security professional I’ve talked to, and considering I work in the industry, that’s a lot of people.

Because your brain is terrible at remembering random data. Your simple system is extremely unlikely to produce passwords of any particular quality.

Also, I have 170 passwords saved. I don’t know how many of those live in the category of “once every six months”, which is too infrequent to remember easily.

To each their own I suppose. “Catsup” has always just seemed like a weird affectation to me.

For the first one… Not sure I get it. It was originally ketchup, and has been predominantly spelled that way for hundreds of years. It was spelled that way before ketchup even had tomato in it.

Typically people propose switching everything to UTC.

The read this doesn’t work is because humans are still bound by a diurnal cycle and you won’t have everyone wake up at 0800, since for some people that’s the time in the middle of when the sun sets and rises.
So you still need to communicate to people across space where the sun is or will be for you at a time in the future, or otherwise relate where in your wake cycle you’ll be.
Tied to this is legal jurisdictions. Within a legal jurisdiction it’s important for regulatory events to be synchronized. For things like bank hours, school hours, government office hours, things like “no loud noises when people tend to be sleeping”, “teenagers old enough to have a job aren’t allowed to work late on school nights”, and what specifically constitutes “after hours or weekend labor” for the purposes of overtime and labor regulation you need your definition to be consistent across the jurisdiction. Depending on where you are in relation to Greenwich a typical workday can start at 1900 Friday night/morning, and extend until 0300 Saturday morning/afternoon. Your “weekend” would start when you woke up around 1800 Saturday evening/morning.

Right now we solve this problem by deciding on a consistent set of numbers for where the sun is across some area that inevitably lines up with legal jurisdiction. Then we use a lookup table to translate our conception of where the sun is to where it is elsewhere.

Without timezones you instead need to use the same type of lookup table to find the position of the sun at the time and place of interest, and then try to infer what the situation would be.

We have UTC now, and people inevitably already use it where it makes sense. It’s just usually easier to have many clocks that follow similar rules than it is to have one clock that’s interpreted many different ways.

Okay. You’re still doing tech support either way. I have no way of knowing how much free tech support you’re willing to give, hence my caveat of how much you’re willing to support them.

Netflix would disagree. People feel like they’re supposed to be getting access to a service, and if they’re not getting it they’ll complain to the nearest party to what isn’t working. In this case that’s you or Netflix being asked questions about why the router isn’t working.
That it’s wrong or irrational has nothing to do with who’s getting asked the question, and who’s the first line of troubleshooting when the service doesn’t work.

If people didn’t ask the wrong people questions, Netflix wouldn’t need support articles on how to reset your router.

Honestly, you’re supporting a chunk of her network by being a media provider in the first place. “It won’t play” doesn’t usually come with an assurance that it’s not a device or network issue.

Neither plex nor jellyfin seem remotely worth the effort to provide to others in my opinion, I just felt like sharing that there are ways to afford network protection to locked down devices.

I’ve got no real care for jellyfin one way or another, just sharing that there’s ways to make the network obey.

I think giving people access to my media server is asking for too much trouble personally. Now you’re dealing with forgotten passwords, people using your bandwidth at weird hours, and you basically become the media fairy, responsible for finding whatever it is people want, and then dealing with their issues when their device can’t codec at it for whatever janky reason.

I’m good at setting boundaries with family so it’s not stressful, just more annoying than I want to deal with.

Depending on their router and how much IT labor you care to do for these people you can actually configure a site to site VPN tunnel. All traffic for a particular address range will get routed through the VPN automatically.

It used to be a high end feature but it’s made it’s way into general routers since it doesn’t really require many resources and it lets you label it as having more home office features.

Walk me through that analogy, and what point you’re trying to make. My hammer doesn’t typically have unexpected interactions with things I’m not hammering. When I build a bookshelf, I don’t have to make sure my desk is clean to keep people I let borrow books from unlocking my front door without a key.

Do you think that improper setuid isn’t a common enough vulnerability to have a name and designation?

What constitutes a security nightmare if not something that requires a large and annoying amount of work, and can be made insecure by a mistake somewhere else?

I would describe need to proactively go out of your way to ensure a program is simple, minimal, and carefully constructed to avoid interactions potentially outside of a restricted security scope as a “security nightmare”.

Being possible to do right or being necessary in some cases at the moment doesn’t erase the downsides.

It’s the opposite of secure by default. It throws the door wide open and leaves it to the developer and distro maintainer to make sure there’s nothing dangerous in the room and that only the right doors are opened. Since these are usually not coordinated, it’s entirely possible for a change or oversight by the developer to open a hole in multiple distros.
In a less nightmarish system a program starting to do something it wasn’t before that should be restricted is for the user to get denied, not for it to fail open.

https://www.cve.org/CVERecord/SearchResults?query=Setuid

It may be possible, but it’s got the hallmarks of a nightmare too.

Yup. Violating IP licenses is a great reason to prevent it. According to current law, if they get Alice license for the book they should be able to use it how they want.
I’m not permitted to pirate a book just because I only intend to read it and then give it back. AI shouldn’t be able to either if people can’t.

Beyond that, we need to accept that might need to come up with new rules for new technology. There’s a lot of people, notably artists, who object to art they put on their website being used for training. Under current law if you make it publicly available, people can download it and use it on their computer as long as they don’t distribute it. That current law allows something we don’t want doesn’t mean we need to find a way to interpret current law as not allowing it, it just means we need new laws that say “fair use for people is not the same as fair use for AI training”.

I mean, you have your answer right there. It’s not like Harvard is a particularly untrustworthy source for diet recommendations.

Why are you doubting the number? If you feel fine and don’t want to change, don’t. Everybody is different and has different needs, and you might just need less, but anyone reputable is going to give the same rough range.

“a drink” contains roughly the same amount of alcohol regardless of type, so a daiquiri should get you about as inebriated as a beer.
Some caveats: since drunk people drink more, some places have specials earlier in the evening or on some drinks where you can make it a double for no or low upcharge. That glass now has two drinks in it.
Some drinks are easier to drink fast, which makes you feel the effects faster and stronger, so you might perceive yourself to be “more drunk”, even though it’s really just hitting you all at once. Delicious sugary drinks that mask the alcohol flavor are notorious for that.

It takes about an hour to process a drink; sugary drinks will inevitably give you an upset stomach; water and food help keep your stomach settled ; you’ll have a better time not having a drink you could have and feeling good than having a drink your shouldn’t have and feeling gross, so if in doubt say nah.

You’ll be fine with one with a meal with someone you know. A second is probably fine in the circumstances but more than that is iffy.