curbstickle

That's... Insane feedback.

But sure.

Your first sentence was about physical switches...

There already is a logical separation that makes perfect sense - out through VPN with no network access initiated by that VLAN to the other two internal. That'd a security step that's pretty clear and valid off the bat.

So again - I don't follow anything of what you're driving at, no. Because from the first sentence in your first comment forward isn't making any sense.

Please, clarify, because I don't know why you'd even bring up different switches for an extremely basic logical separation.

You dont need to have the same subnet on different vlans. You also dont need them to each have a router, that isn't how this works.

Each VLAN gets a gateway, in a subnet accessible within that VLAN.

Under no circumstances do you need a separate physical router for having 2 VLANs on the same network. That's not how VLANs work.

Doing all of this on a router doesn't make sense without a physical separation though

I'm going to have to say, I have zero idea why you would suggest this for something that is logical, and specifically not physical.

Logical separations and vlan segregation for trust models is standard practice (though hopefully more will trend towards a zero trust model, but irrelevant here). There is zero need for any physical separation. What are you talking about?

Not OP, but logical separation and firewall rules is a needed first step for security. They already mentioned in the post that one vlan has dedicated outbound (via VPN only) and doesn't have access to their .200.

Physical switches per vlan is completely unnecessary, and entirely why vlans are used rather than subnets.

HP/Lenovo/Dell workstation tiny/mini/micro will be cheaper and better supported. Price-wise, I've set up 4-5 reasonably powerful t/m/m machines for the cost of my M2 Mac mini.

Which is nice for some of the development work I do, but for a server I personally won't use anything other than Linux, and I wouldn't recommend anything else either. Apple adds some funkiness that can be a complete pain (IMO) with some tools, Linux is the only server solution worth using.

So if you want a Mac, go for it, but if you want a server as the most important part, I'd say get an x86 based bit of hardware.

Still the agents mistake.

They could set the start/finish area to be masked, they could set their run info as private, they could have just the run stats (but no GPS) shared, etc.

This isn't a strava issue, just Secret Service Agents being bad about Secrets when doing their Service.

If the noise will interrupt daytime work they will. Or if its close to the deadline and the GC is going to owe a ton of money for being late. Or they have to do some core drills above an occupied floor.

The rare part would be alone and not part of a crew, and more telling, being near the front desk. Construction in a building with a front desk is usually forced to go through the freight entrance only.

I wouldn't say jabber is dead, xmpp is still pretty well used. Not enough IMO, but still in use and with readily available modern servers. Jitsi is xmpp+jingle (sip signalling) after all.

Not advocating for defederation, I'm just pointing out that blocking an instance isn't going to achieve their goal.

Obviously defederation is too large scale. Ideally, there would be an option for people to block users from the instance when blocking an instance, or something like that.

This would avoid the exact scenario you mention because it would come down to the user level, so that troll would have to put in quite a bit more effort to get around that. Unfortunately, that's not currently an option, along with some other features I'd love to see on Lemmy.

Again, I'm just pointing out that blocking an instance does not achieve their goal.

You can block the instance, which blocks those communities, but that doesn't block those users on them to be fair. That has to be done individually.

Personally I am comfortable ignoring individuals (and not painting everyone on an instance with the same brush) and would prefer metas/groups/whatever you'd like to refer to them as for my subscriptions, so I'm definitely not the target user of this post.

But just being clear, a user blocking an instance doesn't block the users from that instance, so if that's their goal, no, that's not enough.

No worries, hope it works out for you!