Hello,
> It's one's job to fight through misinformation. If we didn't hold
> people accountable, then anyone can argue that they heard the
> information from somewhere else. If I tell you 2 + 2 is 12 or worse
> spread that nonsense to small children, it is not OK for me to excuse
> that under the notion that "someone told me that though". It's my
> responsibility to scrutinize such information; and if not, don't speak
> as an authority on the matter and keep my mouth closed.
You make a valid point, and I see your point of view on it now.
Furthermore it is my bad for not being more careful and double checking
facts before saying them, I apologise for following what anyone says
without ever questioning the validity of the statement.
Also, there is the other issue that when someone repeats something
incorrect, it then spreads, and then before you know it a large number
of people have been fed disinformation. So I guess you should always
double check your facts, no matter how experienced you are, to ensure
you never accidentally start a chain of disinformation.
But I understand that I was partly at fault for not validating the
facts, I apologise.
> The only thing I said that can be construed as "policing your grammar"
> was my use of "[sic]" in your quote which in hindsight I regret. I am a
> "reformed grammar Nazi" after learning a lot more about linguistics,
> but I prefer using "[sic]" when quoting as I don't want the "mistake"
> to be attributed to me.
I guess in certain cases it is not terrible, especially when said
grammar makes the conversation hard to follow, but it is something which
should be used in moderation.
> This is not attacking your grammar but your "logic". How can you say
> "I never said the NAT makes my setup and more secure" when you
> literally said "however, NAT on the other hand does provide some
> security"? C'mon, you _are_ supporting NAT as a security measure; and
> that is patently false. This is not an opinion. If you cannot understand
> that, then it is a waste of time to try and convince you what is
> actually "secure" and what is not. Do you use NAT for IPv6? If not, then
> you are not even consistent with your own "logic".
This is bad on my part again, I tried to make a point initially and
expressed it incorrectly, then I proceeded to try to clarify the point,
and then just ended up conflicting myself.
In essense there was a point I was trying to make, and I failed to
articulate it twice, and ended up conflicting myself, so I give up on my
initial point, better to avoid more conflict :)
No I do not NAT IPv6, and honestly, I do not know anyone who would.
Having globally routable addresses was always how the internet was
designed, before it grew to big and we exhausted IPv4, and thus NAT
became a big deal. I believe NAT is useful for small other things, such
as NAT bridges which are used for containerisation and virtualisation,
but apart from that I believe the main reason NAT became so big was the
lack of IP addressing, and that only, thus why would anyone want to use
it with IPv6?
Hopefully one day IPv6 single stack will be the norm, and we will not
need to traverse NAT so much, it is one of the main reasons why peer to
peer networks struggle so much, and lets not even get started on the
insecurity of uPnP which was invented to break through NAT easier, so I
guess in the bigger picture NAT does cause more security concerns than
it looks like on the surface.
> I don't "like" being insulted, but I don't feel bad when it happens. I
> have pretty thick skin, but I do acknowledge that does not apply to
> everyone. I thought what I told you was more candor than "insult", so I
> apologize.
I did not understand the intent of the email, I took it as a personal
attack which was on my part. This lead it to becoming more heated than
it should have been. Sorry for my mistake.
>
> I do not hate you or really anyone. I agree that one should not
> "feel scared to ask for help", but I find honesty and logic more helpful
> than trying to tiptoe around something in fear of offending someone. I
> don't agree that that works for everyone though; so if candor upsets
> one, then I will hopefully learn to not offer help to that person in
> the future.
Same as above, I apologise for misinterpreting the nature of the email
and taking it as a personal attack.
> Again, this is a _logical_ rebuttal not a grammar one: you _did_ say how
> much it increases complexity by, namely "a lot". Here is the quote:
> "Because vlan's increase complexity by a lot"
Ah, I didn't even realise. But subjectively they would, because I have
never played with vlan's before, so for me it would increase the
complexity of the problem, for someone who has messed with them before?
I assume its a piece of cake.
> I tried to illustrate that it wasn't "complex" by any reasonable
> definition of "complex", and that was a more "advanced" switch in
> contrast to "simpler" ones that have a GUI you can use. This was to
> support the argument that VLANs on neither OpenBSD nor the switch's
> side are complex. Just look at how long you have tried to get your
> setup to work. How can you call that less "complex"?
Admitidly, vlan'ing at this point would have probably worked out of the
box and would have not led to this. However, on the other hand vlans are
used to separate networks which is an undesired side effect here.
And also, no I can not just simply give up and move to vlan's now, even
if it is a lower complexity, if something is possible, I will not give
up until I get it to work, even if I end up changing it later on down
the road, its more to prove I can do it and know how to, rather than
running away from a problem and hoping I never walk into it again.
> Yet you have the money to pay for an expensive ISP and "premium to order
> a custom laptop"? I also mentioned other switches that offer GUIs to
> enable VLANs. Some of these can be had for $150 or less.
Admittedly yes, if I was more responsible with money I could buy nicer
gear, such as managed switches.
The custom laptop was my entire savings, and considering it will be
vital for my education I do not believe I have done the wrong thing,
even if I could have done it cheaper.
I have always feared managed switches though, cheaper ones are fine, but
the more expensive enterprise ones cost pennies and its because they are
license locked. Also I heard most modern switches are cloud locked too,
and its a whole can of worms I do not want to dive into. When your
switch is able to talk freely to cisco's servers, that is when it gets
scary, it has one role which is switch packets, not send telemetry and
information over to cisco.
> You paid for a more advanced setup but then aren't really willing to pay
> for more properly configuring it. Bizarre.
You have no idea :P
Most of the hardware is old, I bought most of it second hand, the UPS is
second hand and a good 7-8 years old, luckily just replacing the lead
acid battery got it back up and running. The modem is an old openreach
modem I got off ebay. The router is a raspberry pi 4 I had lying about,
the server is a bunch of old hardware smashed together and somehow it
works (one of the disks is a good 10-15 years old and still spinning...
somehow), then the server cpu is a ryzen 5 3600, which is overkill for a
server and sucks up more energy than is needed, but hey it had bent pins
and somehow managed to get it to fit into the socket.
I used to use an old 1000baseT switch from netgear which was like 10
yeaars old, it drew like 12w, a £7 dumb switch I replaced it with draws
2-3w, and i only replaced it because link negotiations was broken on the
netgear switch, it kept advertising 100baseT unless you unplugged it and
plugged it back in again and then it would be back to 1000baseT until
the next day, and it was a headache so I replaced it.
It wouldn't be my network if it wasn't the most random, weird setup you
could think of.
> "Many more years of experience"? Haha, not quite. I starting tinkering
> with networking and OpenBSD in general two years ago in my free time. I
> don't and likely never will possess the knowledge many networking
> wizards have, but I suppose that makes my points that more damning: that
> even I, a "dumb person on the Internet", pokes holes in your networking
> setup. I don't have a PhD in networking nor am I even a network
> administrator for a large company (or any company really).
Still more experience than I got, and 2 years is not a small amount of
time, that is 2/3 of the way to a degree :P
I always hated networking until I forced myself into it about 6-8 months
ago now. but admittedly 99% of the time I put off anything networking
related.
> I was reached out by at least one person privately that supported my
> candor. While I won't use that to downplay your feelings, I do believe
> that at least partially supports my response.
1 for Zack, 0 for Polarian -_-
In all honestly, when looked at from the right perspective you never
really said anything which was wrong, just it was very blunt.
> You have bitten off more than you can chew. You started this journey
> "building a router for a company" when you lack _so_ much knowledge
> that that is kinda scary. I'm glad you are learning, but how could you
> possibly think you had the knowledge to start there? You have to learn
> to walk before you learn to run. Now you expect the patience of
> better people than me to hold your hand when you don't grasp the
> basics.
I always bite off more than I can chew, I have so many unfinished boxes
that I am running out of places to store all the half complete projects :P
This is not for a company, but for myself, and I am thankfully not a
company :)
Also I do believe you are exaggerating how much knowledge I lack. Sure I
have some significant gaps, but I also know well above the networking
requirement for my age, so making it sound like I am a complete idiot is
a little disappointing. Also don't mistake stupid mistakes as lack of
knowledge. Also as you have already expressed brutally, this setup is
simple, at least from a enterprise networking standpoint. I do not think
I have dug a big enough grave yet for you to make the statement that I
lack scarily amounts of knowledge, and chuck me into the pit :P
I will admit especially 6 months ago, my IPv6 knowledge was horrendous,
but you can not fully blame that on me. I had never seen IPv6 in my
life, well I have, but I had the knowledge like I didn't see it. UK ISPs
do not give out IPv6, so little ISPs give IPv6, so when A&A gave me
IPv6, it was exotic. I tried reading the specification, but reading a
bunch of information is not experience in implementing the use of IPv6.
Thanks to Crystal and a few others I got IPv6 to work quite easily.
Computing really is a subject where your skill depends on how much hands
on experience and tinkering you have done, and how much effort you had
put in, and me procrastinating and avoiding networking really shows, its
not easy to learn if you start networking and then take a 4 month break
to come back to your setup and think "wtf does this do?".
Also as for holding my hand, no thank you. I have read the relavent man
pages a hundreds of times over at this point, I have read the networking
section of the openbsd handbook. Also you speak as if you know the
problem with my current setup, if you do it would be nice to know what
it is since I have slammed my head against the wall for 8 hours or so
already, and especially how I got brutually torn apart last time on the
mailing list, I tried everything before even thinking of posting to the
mailing list, I had drafted an email when i gave up, then I had some
optimism to give it another go. There is obviously something really
small my eyes are missing, and I do not think asking for a third set of
eyes to point out where the error lies for me to fix it is holding my hand.
--
Polarian
GPG signature: 0770E5312238C760
Website: https://polarian.dev
JID/XMPP: polarian@polarian.dev
No comments:
Post a Comment