There’s a few ways to “detect” VPN traffic, and you’re missing some but port blocking is one of them. Rerouting over 443 is a possible workaround, but depending on the network architecture they can still detect VPN traffic using deep packet inspection.

Blocking ports is a very simple mechanism to prevent things and it doesn’t take long for a business to grow into IT management that involves more sophisticated methods like DPI.

VPN protocols have distinguishable packet headers/metadata/handshakes/etc. DPI can easily identify and block those, or any other known protocols, if they have it configured to do so.

Server equipment is not on any normal burglar’s list of items to nab. It’s such a low risk I think it’s completely not worth worrying about.

It’s incredibly unlikely they’ll know what they’re looking at in the first place, and won’t be assed to carry out heavy switches and PC gear “just in case” to look it up later. They want to get in, check rooms and closets, drawers, etc and GTFO before you come home or a neighbor notices. Computers aren’t as expensive as they used to be. Gaming laptops might look attractive, but other than that you’re fine.

They want jewelry, cash, guns, good tools, silver, modern game consoles, expensive bicycles, etc. These are all things that are easy to carry and pawn or sell well on the street. Nobody is selling switch gear at a pawn shop or to random people, so even if they know the value of what they’re looking at (extremely unlikely) they’ll leave it because it’s too hard to fence.

If you’re that worried about theft then set up good full disk encryption and have off-site backups of your data (should do that anyways) but you don’t need to worry about physical security at home, at least not specifically in regards to your home lab.

Businesses are at much higher risk for hardware theft, from employees or from others that are targeting the locations specifically because they DO understand the value and have a way to offload the gear, but those same people won’t be randomly breaking into people’s houses hoping they’ve got Cisco gear in a closet somewhere.

Probably less, yeah. Do you get them from the hopper style that drops from the bottom, or bins you scoop from?

If hopper I’d expect you to catch some sometimes because they settle down to the bottom, but if you scoop them from the top of bins I think it’s pretty unlikely you’d ever find any.

Your day may come. Be vigilant! Best to find them on the counter than in your mouth. Some brands, or bean types, have a lot more than others. Black and red beans have had the most for me, in that order. It sucks because it’s harder to spot the rocks in the black beans, too.

Yeah I find them more often in brands from foreign foods sections. Often times they’re better quality beans for a lot cheaper though!

I’ll take the couple minutes to scan for rocks if it means I’m getting better beans any day of the week. Fucking love beans, haven’t ever met one I don’t like.

Nice! Maybe I’ll try that. What else did you have in the pot?

Sure!

TLDR: mirepoix, garlic, ground mustard, ground thyme, basil, salt, pepper, bacon

I cut a pack of decent quality bacon into strips and start it a sizzlin

Then, dice equal parts carrot, onion, and celery (mirepoix) while the bacon is cooking

I crank the heat and sautee the mirepoix in the pan with the bacon, then I add the beans with the soak water and some salt (don’t go crazy, the bacon has salt too, and I add cheese at serving also)

Bring to boil and then reduce to simmer until the beans are mostly cooked, stirring and adding water as needed.

When things are cooked pretty well throw in a diced tomato (or a can), a bulb of crushed garlic, ground mustard, dried basil, and ground thyme. Let it cook a bit until the flavors develop, then adjust seasoning, salt, pepper etc. Sorry I don’t have measurements, I eyeball everything. I cook the soup a long time so by the end it will stick if you don’t stir fairly frequently because the lentils and some beans have dissolved. I like the soup thicc so that also contributes to it sticking.

The thyme and basil are the stars here, the thyme especially.

I usually eat it with some rice and some grated Monterey Jack cheese on top.

I use jasmine rice and put a small amount of olive oil in the pan, then crush a garlic clove per cup of rice I’m cooking and sautee gently (don’t burn it!) as soon as the garlic has cooked a bit I add a cup of dry rice to the pan and stir it around real good, add the water, and salt it. Rice should not be bland, motherfuckers!

I think it was more of an issue when I was younger for sure, but I still find them occasionally. I eat a ton of beans though.

Lots of bags of dry beans have rocks. Little black pebbles usually, like coarse sand.

Some brands have them more often than others but you can easily break a tooth on them so I always toss them on the counter and scoot them around to check.

They don’t. As I said in another post, the lentils break down first so it gets ugly but it’s nice and thick.

I’ve never pressure cooked them, just soak overnight but that might be a way to cook them without stirring too much, and keep the lentils formed correctly.

I dunno, the way I do it is a favorite so I’m not experimenting any more.

I fucking love these.

I just throw the seasoning packet away, never used it at all. Just use the bean mix itself, it’s really good, HOWEVER be aware that some of the “beans” are actually lentils, and they break down into a mush faster than others.

If you cook the beans a long time in your soup as I do then it gets REALLY bad looking. We call it “ugly soup” because it’s ugly AF but DELICIOUS.

Edit: I’ve NEVER found a rock in these also, not once in the dozens of bags, maybe hundreds, I’ve used.

I’d recommend using unifi/ubiquiti switches. They’re a bit pricey but they’re incredibly solid and you can manage them with a self hosted container of unifi controller software.

A good place to start is one of their 8port POE switches. I have a couple and they’re L3 switches (so you can do VLAN stuff like you want), and I’ve never ever had a problem with any of them. Even with the inexpensive ones their POE budget is pretty good, and great to power other switches or APs. They don’t power some cameras so you might need injectors for some thirsty gear.

The controller software is pretty good, and will let you manage the switches without getting into command line config at first (which can be a crutch so be cautious of that, especially if you want to branch out into other cheaper switches or take advantage of good 2nd hand gear deals you find).

But for your network I think an 8 port and a WAP are a good place to start. Get away from using your combo router as your wireless AP (or use both) and get some VLANs set up, and work on inter-VLAN routing and firewall rules.

How do you want to segment your network?

I recommend you have the following to start:

-management VLAN

-trusted devices

-guest/IoT devices

Just getting those three set up correctly will teach you a lot and let you environment. Firewall/routing rules to allow connections through in certain directions and not others is… fun to get the hang of if you’re new.

What are you planning on using as your router? Your combo router might tie your hands if that’s what you plan to use for everything. Combo routers generally suck at everything. You can get a cheap router also, edgerouter er-x is a fine choice but it’s not the best, but it’ll still outdo whatever you currently have, I’m sure. Put it behind your modem at your network edge and you can manage your vlan routing and your firewall on one device.

Additionally you can set up a VPN server on one of your PCs and set up static routes to allow you to tunnel in and access your network when you’re out (wireguard for the win).

Good luck on your journey! There’s a lot to learn so don’t get frustrated then your stuff doesn’t work. Back up your configs so you can revert back and be REALLY careful because it’s easy enough to make your stuff insecure by trying to make stuff work. Yeah it’ll function but next thing you know you’ve got a ransomware virus on your entire network… Not fun, I hear.

As you set up your VLANs look into VLAN traversal, it’s a means of network attack that allows attackers to cross over from one VLAN to another when you set up trunk/switch ports and VLAN tagging incorrectly. Again, your stuff will work but it’ll be vulnerable (not really a problem at home as long as your firewall works fine but still).

Edit: you can go with a router with several ports but I’d recommend you shy away from that if you have the money for dedicated devices. Routers are better at routing (L3) and switches are better at switching (L2). Their guts are built for different things and your network will be much faster if you use them for their intended purpose.

https://en.m.wikipedia.org/wiki/Burden_of_proof_(philosophy)

There was this asshole teacher, one of his students stole his car and crashed it through a set of double doors into the building. Destroyed the entire entryway and both sets of heavy duty doors.

Epic, man. Everyone hated that teacher and he had bought one of the new VW bugs when they first started making the new ones and he thought it was just so cool.

BJJ is one of the most “useful” when it comes to actually fighting (along with boxing).

Karate and TKD are more of an art/discipline. A well trained karate fighter will very likely outmove an untrained assailant, but someone moderately trained in BJJ will likely be able to subdue/get away from a very well karate or TKD fighter.

Honestly, BJJ is an amazing skill to have in a pinch, and it trains you in grappling with opponents that have a size/weight disparity.

Not all gyms/dojos use belts, even in BJJ. BJJ belts follow a pretty good progression based on skill, whereas karate (can’t say for TKD, never trained in it personally) often relies on performance of kata in order to progress to the next belt. Kata is choreographed movements, it’s more like a dance that you practice than an actual measure of ability to spar/fight.

If OP wants to get their kid into a fighting sport that’s fun and relatively safe, they can pick any discipline. If they want the added bonus of their kid being much better equipped to defend themself from a real aggressor they would do best getting them into BJJ, boxing, and then wrestling once they’re in middle/high school.

I would personally avoid boxing for my own kids due to the repeated head trauma and risk of fractures, but it’s the best real world striking training you’ll get, at least in the USA. BJJ and wrestling help you immensely once you’re on the ground, which is where 90% of street fights go within the first couple seconds, but a real, dangerous, fight is often over before it starts and countering a sucker punch or landing a decisive one yourself before the opponent can react is often the most important thing.

One of the downsides of BJJ is that it’s culturally tied to MMA in the USA now, which means that if OPs kid does BJJ for a while in their youth they’ll be more inclined to get into MMA in early adulthood, which is not something I would want for my children. But it’s a great skill regardless.

Not trying to go down a rabbit hole, nor invade your teen’s privacy, but have you done any kind of packet inspection on what’s going out/in? Teens can surprise you with the kind of stuff they’re up to sometimes.

I’m not sure why your resolver started acting up but what you’re describing doesn’t sound like normal cause/effect. Four people on a residential connection, even if you throw in a ton of electronic devices and iot/crap that calls home constantly shouldn’t cause any kind of ISP engagement.

Not like it really matters, for 99.9% of people having a forwarder is easy and just fine and there isn’t good reason to troubleshoot it if there’s a working solution. I’m pretty privacy conscious and I don’t even think having my own forwarder is worth the hassle, I am just choosy about my upstream.

If pi hole is configured to use another DNS it will still forward your request, just not to your ISP DNS server. Essentially you’re providing your DNS requests to a 3rd party, for a slight boost to performance (because they’ll have tons of stuff cached and can do recursive queries faster if you’re requesting a site not in their cache.) Your web pages will load faster because you don’t have an SBC trying to manually figure out what’s the IP for bigfuckdaddyhairbrushemporium.net

The downside is you’re exposing your DNS queries to a 3rd party and it’s a bit of a privacy hit, as the upstream DNS server you select has your public IP correlated with your DNS requests. Doesn’t really matter to most, but it does for some.

Even if your ISP did have something in place to try and prevent abuse I find it unlikely it would trigger over normal traffic. Do you have a huge network/many hosts/exposed services?

You haven’t really given enough information about your config to diagnose.

If you’re able to access it from your local network but not your outside network it’s a port forwarding/firewall or routing issue. My guess is it’s a firewall issue either on your network edge (likely integrated into your router) or on your server that’s hosting immich.

Unless you do one of the following you won’t be able to access it from outside your network:

-set up a VPN and tunnel into your network. Wireguard or tailscale/zerotier will be easiest.

-set up port forwarding correctly. Not my first choice, best to VPN in rather than poke holes in your firewall, especially if you’re a noob.

-set up a reverse proxy. This is a bit more complicated than a VPN or overlay VPN (tail scale etc), but it works fine and will be secure as well.

If you haven’t done one of those three things then you won’t be able to access anything from outside your network, for good reason - your firewall is by default set up to deny connections that are initiated from outside your network, so when you’re trying to connect from the outside it looks at your traffic trying to start a connection to your server and naw dawg’s it.

Edit: just saw from another comment you’re not able to connect from your home Wi-Fi. If that’s the case, are you running a VPN on your phone? That can cause problems. Have you tried using the server’s local IP instead of your external IP? 192.168.x.x most likely. You can try to disable the server’s firewall and see if that lets you connect as well. Is your server on the same subnet as your phone? 192.168.1.x and 192.168.2.x won’t talk unless you set your router up correctly.

Just shooting in the dark here without more info

Edit2: if you’re running inmich in a container or VM your configs on that might not be set up correctly to allow you to reach it as well. It can be a lot of things but my money is on firewall/routing somewhere. Start by making sure you’re trying to connect to the local IP of the server, then try to disable server firewall (don’t forget to enable it again whether that solves it or not), and see if that works.

I’ll caveat this by saying that I detest gerrymandering and think it’s one of the roots of the decline of the US political systems.

That being said, I’m going to answer a question you might not have even asked with a bunch of information that doesn’t answer things better than “it’s complicated.”

The easiest “fair” way to divide up districts is based on equal polygons (say squares that are XX miles/km on an edge, for simplicity’s sake). The issue is that this doesn’t take into account population gradients due to terrain and zoning, or cultural/ethnic clusters. So, on its face it looks reasonable but you’ll end up with districts that cover a city with 1 million people of diverse cultural makeup standing equal with a district of 1000 people that are culturally/ethnically homogenous. Not actually fair.

So, you can try to draw irregular shapes and the next “fair” way to try and do that is to equalize population. Now you quickly devolve into a ton of questions about HOW to draw the districts to be inclusive and representative of the people in the overall area you’re trying to subdivide.

Imagine a fictional city with a cultural cluster (Chinatown in many American cities for example), a river, a wealthy area, a low income area, and industrial/commercial areas with large land mass and low resident populations.

How do you fairly draw those lines? You don’t want to disenfranchise an ethnic minority by subdividing them into several districts, you might have wealthier living on the river, you might have residents with business oriented interests in the industrial areas AND low income… It quickly becomes a mess.

A “fair” districting can look gerrymandered if you’re trying to enfranchise separate voting blocs in proportion to their actual population.

The problem is that politicians play this song and dance where they claim they’re trying to be fair (until recently in Texas where GOP said the quiet part out loud and just said they want to redraw lines to get more seats) but in reality they are setting up districts that subdivide minority blocs into several districts that disenfranchise their voting interests.

It’s disgusting, it’s a clown show. But none of OPs photos are representative of what a good district looks like, because every location is different and there’s likely an incredibly small number of locations that would divide that cleanly, if any.

So, it’s complicated. Needs to be independently managed outside politics as best as possible and staffed by smart people and backed up by good data.