If dns resolved then it's not blocked. You need to look at your network.
Bypass dns connect to the ip and port. What happens?
biscuitswalrus
joined 2 years ago
This won't work, your wan ip isn't dynamic, it's on the ISP NAT network and your resulting ip to public services is shared across many customers. CG-NAT.
I don't know where you work but don't access your tailnet from a work device and ideally not their network.
Speaking to roku, you could buy a cheap raspberri pi and usb network port. One port to the network the other to roku. The pi can have a tailscale advertised network to the roku, and the roku probably needs nothing since everything is upstream including private tailscale 100.x.y.z networks which will be captured by your device in the middle raspberri pi.
I guess that'd cost like 40 ish dollars one time.
Curious if someone would then add how well the games on steam deck run in comparison.. Though that's not exactly legal I suppose
I went through a ghibli catalog watch while travelling in Japan one time, including Hiroshima peace Park (another "do once" thing. On the flight home I watched grave of the fireflies for the first time. I do not recommend watching it on a plane in public, when most everyone is sleeping so you try (fail) to keep your ugly sobbing to yourself.
Great movie
They could be, but I assume say like an apple device won't install a ccp root authority unconditionally. Huawei and xiamoi probably could be forced, but the browser too, like Chrome, Firefox and safari need to also accept the device certificates as trusted.
But the pressure in Europe would likely be to trade within Europe, you must comply.
It fundamentally destroys the whole trust of PKI if this did go ahead. We just need to hope it does not.
If your browser and device has a state sponsored CA certificate it's not trivial to bypass. Transparently all certificate traffic could be intercepted by an ISP. Look at Europe already trying. Once someone malicious (to you) is a trusted certificate issuer you no longer can verify either the destination nor the privacy of the content.
Ssl based vpns are also decrypted. And vpns which use public key for identification would no longer be trusted.
A country for example could enact their mandatory certificate authority that they control. Then have ISPs who are in the middle use what was mandatory a trusted CA to act as the certificate issuer for a proxy. This already exists in enterprise, a router or proxy appliance is a mitm to inspect ssl traffic intercepting connections to a website say Google, but instead terminates that connection on itself, and creates a new connection to Google from itself. Since the Google certificate on the client side would be trusted from the proxy, all data would be decrypted on the proxy. to proxy data back to clients without a browser certificate trust issue, they use that already mandated CA that they control to create new certificates for the sites they're proxying the proxy reencrypts it back to the client with a trusted certificate and browsers accept them.
It's actually less than theoretical, it's literally been proposed in Europe. This method is robust and is already what happens in practice in enterprise organisations on company devices with the organisations CA certificate (installed onto organisation computers by policy or at build time). I've deployed and maintained this setup on barracuda firewalls, Fortigate firewalls and now Palo alto firewalls.
Right up there battling broadcom for worst.
My kind of guy.
My glasses usually get worn
I usually wear my glasses before the next appointment too.
view more: next ›
I've worked with Windows environments from 2003 until still today migrating to azure. The biggest skills gap with technicians and engineers administrating Windows is actually networking. This single point connects every single service server and user and yet dns, dhcp, routing and it's protocols, link layer technologies like vlans interface configurations aggregation and more is so poorly understood that engineers and technicians often significantly mistake problems. Almost all issues happen around network layers 2-4 or layer 8 (the end user).
It doesn't need to be first but no matter what os or component, networking is core and the single biggest return on investment for systems admin types.
Sure other basic skills are required but just being able to test TCP by telnet or understand each hop, and is the server listening? What process ID is listening? Did someone configure rdp off 3389 and that's why it doesn't work? Was the host file edited and that's why it's resolving some old ip for this hostname? Why is it going out the wan interface of the router when it should be going over an ipsec tunnel?
All this and more has nothing to do with Windows, and yet, anything that isn't just user training or show and tell about how to do something, there's a good chance it requires you to follow the networking layers to make sure behaviour is expected.