SwizzleStick

At that point I would expect control of it, or at least for it to respect the configuration it is given. If neither are true, then it just doesn’t go online at all. If that’s part of the main function, then I find an alternative or live without it.

Nothing on the inside should be sending anything to the outside that can’t be inspected before it leaves, with the exception of stuff that is directly driven by a human (guests browsing, etc).

This is the best way, really. Generally, you have much more control over what you plug into it.

A display shouldn’t have anything even approaching what can be called an ‘OS’ on it. Yet here we are.

Sometimes even that’s not enough. I’ve had some questionable kit before that would just ignore the DNS settings fed to it if it thought they were no good, and fall back to something else preconfigured.

pfSense is a wonderful tool for situations like that. Anything intended for local use only here just doesn’t get outside at all. Handy for stuff like a fire stick that only needs to be calling up a local media library.

It can also mangle any DNS requests going out to a different server and redirect them to itself instead. You could do this without it with iptables/nftables on a generic Linux box, but pfSense makes it much friendlier.

There are other packages that can do the same, but physically all you need is one piece of hardware as a bouncer that manages connections between inside/outside.

I usually get up by 5. If breakfast isn’t out by 6, I will certainly know about it.

They are a useful backup to have.

Nah - I just can’t address a question to the right user, you’re all good haha

Was about to say, £s not pence :) 50s will also out you as a tourist, if nothing else does. Whereabouts are you planning to visit? Just London for the touristy stuff or going for more of an explore?

As mentioned above, electronic payments are now the norm here and have been for ages. Shouldn’t have any problems using a phone or contactless card to pay in most places. Chip/PIN covers most everything else & when you get prompted to insert the card as a security check after trying contactless.

Swipe & sign is possible last time I checked, but pretty much defunct with chip/PIN being readily available. Cash only places are rare and usually associated with food or drugs.

.zip isn’t blocking UK access via apps/api, but it is for browsers. I like VPNs and supporting my home instance, so here I am :)

If you’re bringing cash, bring it in 20s and below. 50s aren’t used much at all as they arouse suspicion - many smaller places will flat out not accept them.

Hope you enjoy the trip :)

Also good, thanks.

Not that there’s much to maintain, it’s a one-and-done thing. This would resolve the unsigned extension though :)

Thanks for the hint on libredirect/redlib, that looks very serviceable.

I’ve frankensteined a horrible unsigned extension that’s half bad human code and half AI garbage that autoredirects reddit links to their archive.org version.

Does the job, if a little slowly, without this little shit getting in the way:

That’s even worse. A an almost literal in-house driveby. It’s not bloody hard to see potential problems.

This computer has a strange doo-hickey poking out of it that I know nothing about. Maybe I shouldn’t just slap a new OS on it. Nah fuck it. Need to meet planned quota. Send it and run lol.

There’s a reason our PCB pick’n’place machines run Windows XP. And why that ‘Y2K compliant’ lathe over there is rocking '98. And why that tyre balancing machine at the shop over the road is in the same boat.

Bad IT.

I remain thankful that Win11 is fussy about what it will install on. It needs at least:

• UEFI boot mode & GPT partitioning of the disk
• TPM 2
• Secure Boot capability

Nixing any one of these will prevent an automatic upgrade, regardless of what group policy etc is in place. On a bunch of new Win10 builds from a while ago, I set them up as CSM/MBR and turned off the TPM in BIOS. Absolutely no chance of surprises there, even if I accidentally mark a machine for upgrade.

My network is small though, < 50 clients. When the bullet must be bit, I have the time to add the client to the ‘will upgrade’ AD group & go over things with the user(s). Then run through converting MBR to GPT, switching to UEFI and enabling the TPM again.

After that it takes care of itself and pulls down a load of QoL fixes post-upgrade.

I don’t think you’re the first nor will you be the last to be smacked with a driveby install that fucks up your equipment, sadly :(