Ah very true. It comes in third in terms of "cool" factor, looking more like something a local retirement home would take to bingo night than something deserving the astrovan name. But I respect it nonetheless.
A classic example is Docker inserting its firewall rules before everything else, causing any "published" ports to be wide open even if a firewall ruleset was configured. They might have fixed this, or doubled down on their design choice. Either way, that kind of complexity can really bite you if you're not careful.
Hey, op here, this was almost a decade ago, but I'll try to describe what's going on here. It's kind of a crappy picture.
* WAN connection comes in by coax, into my cheapo cable modem (off screen), and then by Ethernet into the franken-NIC sitting on top of the laptop.
* The NIC on top is a normal PCIe card, but with the bracket missing. The ExpressCard riser [1] is connected by a mini-HDMI cable, the flat black cable, which curves up, around, and back in from the left side into the laptop
* Then, the blue cable on the side of the laptop is a VLAN trunk going into the Cisco switch on port 23/24, outside the picture.
* From there, another port on the switch is setup as an access/untagged port going into one of the LAN ports on the D-Link acting as the access switch
I don't think it was set up here, but at one point I also had a dock under the ThinkPad, with the serial adapter wired up to the switch's console port so I could manage everything by ssh'ing into the router.
Also note that all the cables were hand-crimped because I was too cheap to buy new patch cables at the time.
I was in college, and truly had more time than money back then. it's the kind of doohickey made by only somebody very young, very crazy, or a bit of both. ;)
A good QA team will be the definitive experts on a piece of software. They have more complete and in-depth experience than sales, engineering, or anybody else. A single software engineer might know their specific piece, but your QA tester will know everything.
Even easier, just throw together some iptables rules & install dnsmasq. Obviously out of reach of most non-techy people but it's not much worse than most self-hosted things people build. I've even done it with USB-Ethernet dongles.
Maybe "whitebox" stuff will have a moment here. Buy a ARM based "computer" that just happens to have a built in switch and 802.11 radio, and separately purchase an SD card with the OS on it.
Or, perhaps this will be VyOS's time to shine... https://vyos.io/
Can't really see anything really happening in the consumer space, but maybe business/enterprise will move in one direction or another.
The easiest one I've set up was ClearOS. I was happy enough with OpnSense but when I upgraded a network card I had issues with driver compatibility because of the FreeBSD core. ClearOS being Linux it worked out of the box, and getting ClearOS set up seriously only took me like fifteen minutes. I was shocked.
I love my NixOS thing, because I am part of the cult of NixOS, but it's probably something I wouldn't recommend for most people because it was kind of a pain in the ass to get working. The reason I do it now is because it lives on the same box that is my server.
I've looked into Vyos, it sort of reminds me of the Cisco stuff and it looks interesting, but it never seemed sufficiently better than my NixOS thing.
I really don't think that the Nix language is nearly as bad as people say it is once you get used to it, and I've been using NixOS since before ChatGPT was released so I've gotten pretty ok with it. Plus, there are niceties like being able to use variables for things like interface names which makes it pretty nice.
Also, something kind of nice about NixOS is that once you get it working, it kind of stays working. I have my config file backed up to Sourcehut, and I'm relatively confident that the configuration file is an accurate representation of reality.
Yeah, considering the number of corporate IT products that count anything from a port scan to requesting /wp-admin a "thwarted cyberattack" I can see this going very poorly when every cowboy IT manager gets their sheriff badge.
There have been plenty of inflection points like that throughout history. Famously, Jimmy Carter installed solar heating on the roof of the white house. Reagan took them down shortly after.
It seems like we never quite learn our lesson about energy security...
It's kind of funny how the US military, the largest single consumer of fossil fuels on the planet, didn't consider that disrupting the largest source of fossil fuels would impact them.
Countries reliant on oil coming through the strait will have to find other sources, pushing prices up, unless the USA implements price and export controls on producers in its own soil that will reflect in the USA's economy which is very reliant on oil.
https://en.wikipedia.org/wiki/Astronaut_transfer_van
Notably, not the Chevy Astro / GMC Safari van.
https://en.wikipedia.org/wiki/Chevrolet_Astro
Both are iconic, but one more than the other