It’s unlikely since it uses the field ID and not the text, so it wouldn’t know which question went with which answer.

It’s so rarely needed to actually use these anyway, that it’s a non-issue IMO. You should never opt to use security questions as they are terrible from a security standpoint. This is just for when they are required by stupid websites.

You definitely should still check this, but even with proper indexing settings Windows is still garbage at search and has been since XP.

And this is coming from one of the only people who ever defends MS on Lemmy.

Yep, that would work fine for the first line of defense. Eventually, you can expand it to copy, replicate, or drive swap the onprem backups offsite somewhere (e.g., cloud, office, or family member) if you want to protect your data from site loss (e.g., house fire).

The only thing missing is a good backup.

If you are storing anything important – especially Immich and Vaultwarden data – you should have a good offsite protection strategy. And even the HASS config should be backed up with versioning because rebuilding from scratch could be painful once you get deep into it.

I’ll let others chime in on possible good backup options because I use Veeam and Azure, which really isn’t in the spirit of this community, and I’d be interested in good open source options myself.

Also, RAID (mirroring) is NOT a backup.

Lol Microsoft is not even close to a walled garden. This is just them removing the password manager feature that nobody used from their authenticator app.

No that’s not how it works. Handling a larger address space (e.g., 32-bit vs 64-bit) maybe could affect speed between same sized modules on a very old CPU but I’m not sure that’s even the case by any noticeable margin.

The RA in RAM stands for random access; there is no seeking necessary.

Technically at a very low level size probably affects speed, but not to any degree you’d notice. RAM speed is actually positively correlated with size, but that’s more because newer memory modules are both generally both bigger and faster.

Hard disagree. It only applies for things you cannot change but should try to accept rather than stressing over it.

If you say “it is what it is,” in reference to things you could change but choose not to, well that’s on you.

Same here. No issues.

Device information

Sync version: v24.03.26-14:56
Sync flavor: googlePlay

The easiest way that doesn’t affect the main network would be to use a travel router. Its WAN IP would be the private IP it gets from the main network (over wireless since that’s your only option). And it would NAT your network onto that IP and then you can do whatever you want on your network.

I’m not sure if that Mikrotik router will do this but it might. You basically need something that can connect to an SSID and use that interface as its WAN interface. The wireless factor here is really limiting your choices. If you had a wired uplink to the main network you could use any router/gateway/firewall you wanted. You could also use an AP in bridge mode to connect to the main network’s SSID and wire it to the WAN port of any router of your choice.

You don’t really need to use VLANs to separate your network from the main network unless you want to share any of the same layer 2 segments (basically wired Ethernet) while keeping it isolated. But it doesn’t really sound like that applies in your scenario. Of course using VLANs within your network would still make sense if that applies (for example, to separate your server traffic from your IoT traffic).

Definitely malware, as everyone has already said.

https://www.malwarebytes.com/blog/news/2025/03/fake-captcha-websites-hijack-your-clipboard-to-install-information-stealers

They’re only killing the crappy store/UWP version that nobody used anyway and only caused confusion. The normal OneNote bundled in Office isn’t going anywhere as far as I know.

That said, I’ve moved a lot of my note taking to Obsidian. It’s not a perfect replacement but it’s a fantastic markdown editor and now I use both for different use cases.

Multiple monitor support would be nice but that’s probably a ways off.

I heavily use both and this is objectively untrue.

This is a good answer.

To add, for Linux kernels, the maintainer use a shim EFI package with the distro’s keys (e.g., Canonical’s keys for Ubuntu) which loads the maintainer-signed kernel. And Microsoft signs the shim to keep the chain intact.

I don’t deal with hardware much anymore, but I’d take Aruba over Cisco any day. But for everything else, yeah fuck HP.

I’m Ron Burgundy?

As another poster mentioned, QubesOS with anti evil maid will work, but that’s the defense against state actors too and is overkill for this threat model.

BitLocker or any FDE using SecureBoot and PCR 7 will be sufficient for this (with Linux you also need PCRs 8+9 to protect against grub and initramfs attacks). Even if they can replace something in the boot chain with something trusted, it’ll change PCR 7 and you’d be prompted to unlock with a recovery key (don’t blindly enter it without verifying the boot chain and knowing why you’re being prompted).

With Secure Boot alone, the malicious bootloader would still need to be trusted (something like BlackLotus).

Also make sure you have a strong BIOS password and disable boot from USB, PXE, and anything else that isn’t the specific EFI bootloader used by your OS(es).

I will never understand how anyone could come to thinking aspic was a good idea.

https://en.m.wikipedia.org/wiki/Aspic

And what about taking a nice drive down Jean Baptiste Pointe du Sable Lake Shore Drive?