Wouldn’t step by step instructions be quicker and more effective?

For this type of work, typically no, it’s quicker and more effective to have someone show you exactly how to do it.

Maybe federation should be based on allowlisting, instead of allowing instances by default.

That makes sense. I’ve seen the same behavior as OP. Usually when it happens, I open the Bitwarden app manually, and naturally when I switch back the detection is working normally again.

Why could this not just be a webpage with links instead of an image or PDF

Switching from Windows to Linux isn’t going to block them from monitoring your use of online services. Facebook doesn’t even do anything in the OS space.

*or the initial VPN connection request will not go through.

But mentioning DNS is a good point: if you’re addressing your VPN server by hostname, your client will need to be able to resolve that name somehow, either by running a DNS server elsewhere on your LAN and allowing traffic to the LAN (which is how I do it) or by allowing DNS traffic from the VPN client to a DNS server on the Internet.

That assumes they know which Microsoft account it was attached to, the password, and have another device to access that account and retrieve the recovery key. If they did the setup five years ago, they’ve probably forgotten all that info.

Only if they were a VPN app talking to the VPN server.

Add an allow rule for the VPN traffic on wlan0 to your VPN server.

Given that AES instructions have been implemented directly in the CPU since 2008, any performance penalty should be negligible.

Windows does not let you save the key to the drive being encrypted. (Unless you access it via SMB share, which I’ve done a number of times during setup before moving it off.)

They’re not forcing it. You can still create local accounts (though it takes some work) and it doesn’t require you to upload any keys. I have bitlocker enabled with a local account and no Microsoft account connection.

And people are pissed because they don’t realize, and when they don’t have the key any more, all their data is gone!

Which phone? Any custom ROM?

Keep in mind that you can’t restore data from one app to another. For stuff like photos it’s a full export and import outside of the app.

It’s a layer of security. Keep it on when you can. If you have issues doing something, then turn it off (and see if you can turn it back on afterward).

If you have a smartwatch, does it support contactless payment? I have a Fitbit that does, technically it implements Apple Pay even though Fitbit is owned by Google now. I was able to set it up just fine through the Fitbit app on GrapheneOS (though I don’t think I’ve actually tested it yet).

The whole reason I took this job is the stake in the company

Man I was suppressing the red flags up until now; this is the straw that breaks the camel’s back. You are going to get shafted at this job. It might be because someone is embezzling, they’re committing fraud in their manufacturing processes, or one of the owners is going to cut and run and leave the rest of you holding the bag. Maybe one day you’ll just show up and the doors are all locked.

You need to do absolutely everything by the book, document, document, document, CYA, and in a way that when shit goes south you’ll still have that documentation. And always have an exit plan.

There are plenty of document management solutions. What is the actual problem you’re trying to solve? Not just “it’s a mess” because I can solve that with a trash can. What are the needs of the users?

The value in those products is that it takes much less management, brings much greater reliability, and support teams if you have issues. If your dinky NAS shits the bed, the company’s data is gone, the company is kaput, you are all out of a job.

Of course there is a middle ground. I know there are plenty of open-source hosted products. They’re still subscriptions, but that monthly expense probably comes out cheaper than the time and effort building and maintaining your custom systems.

If you still really want to host it yourself, make sure you run through your disaster and recovery scenarios. You will have to have a 3-2-1 backup system. And remember because shit will go wrong, two is one, and one is none. That includes you personally, in the event you get hit by a bus lottery.

I would recommend an actual Dell tower server with idrac for remote management, and with prosupport for when something blows up (sometimes literally, I had one PSU go bang on a server under my desk at one point). Fill it with enough disks for redundancy and data growth for the next few years, but leaving room for expansion. Put your favorite hypervisor on it, set up some vms or containers to run those services, test backups, and document everything so that a semi-trained monkey can follow it.

But don’t host your own email. Getting each individual email server to not consider you spam is a Sisyphean task.

For business? What’s the value to the business over services like Office 365?

Personally, unless there’s a very good reason for it, I strongly recommend against this. I used to work for a company that did business IT, and there were far too many times we got called in to take over for a guy that did it himself and got in over his head, left the company, or just plain died, and it ended up costing the company much more in the long run.