Yeah, I agree. It's a great starting place. Recently I needed a piece of information that I couldn't find anywhere through a regular search. ChatGPT, Claude and Gemini all gave a similar answers, but it was only confirmed when I contacted the company directly which took about 3 business days to reply.

Paging Ray Bradbury......... https://www.libraryofshortstories.com/storiespdf/the-veldt.pdf

Didn't know it only applied to UWP apps on Windows. That does seem like a pretty big problem then. it is mostly for compatibility reasons. no win32 programs are equipped to handle such granular permissions and sandboxing, they are all made with the assumption that they have access to whatever they need (other than other users' resources and things that require elevation). if Microsoft would have made that limitation to every kind of software, that Windows version would have probably been a failure in popularity because lots of software would have broken. I think S editions of windows is how they tried to go in that direction, with a more drastic way of simply just dropping support for 3rd party win32 programs. I don't still have a Mac readily available to test with but afaik it is any application that uses Apple's packaging format. ok, so if you run linux or windows utils in a compatibility layer, they still have less of a limited access? by which I mean graphical utilities. just tried with firefox, for macos it wanted to give me an .iso file (???) if so, it seems apple is doing roughly the same as microsoft with uwp and the appx format, and linux with flatpak: it's a choice for the user

And then price us out

Realistically, you don't need security, NAT alone is enough since the packets have nowhere to go without port forwarding. But IF you really want to build front end security here is my plan. ISP bridge -> WAN port of openwrt capable router with DSA supported switch (that is almost all of them) Set all ports of the switch to VLAN mirroring mode bridge WAN and LAN sides Fail2Ban IP block list in the bridge LAN PORT 1 toward -> OpenWRT running inside Proxmox LXC (NAT lives here) -> top of rack switch LAN PORT 2 toward -> Snort IDS LAN PORT 3 toward -> combined honeypot and traffic analyzer Port 2&3 detect malicious internet hosts and add them to the block list (and then multiple other openwrt LXCs running many many VPN ports as alternative gateways, I switch LAN host's internet address by changing their default gateway) I run no internal VLAN, all one LAN because convenience is more important than security in my case.

Law enforcement officer

Found it in my settings, not sure how I’ve missed it. Been a Bitwarden user since the first LastPass hack.