Best Of

I'm not sure what you are meaning about changing connections in regards to a VPN.

VPN stands for Virtual Private Network.

What it allows you to do is log into a network from your local network. You then access everything you need to access on another network via that VPN instead of your own egress point on your network.

They are used most often when a connection needs to be secured. Like, when you are on your home network with your laptop from work. You cannot access the work resources you normally would at the office because you are not authenticated on the work network and that means you don't have a gate pass to get through the network firewalls.

The VPN allows you to reach an access point that has a door in the firewall that you can get through. But, you need a VPN client on your system with the correct certificate pair that says you are who you say you are and that you know who the VPN is. So your VPN client hits that door and the bouncer asks for certs and creds. If you are on the list, you get in, if not, you get stared at blankly until you leave.

Once you are in, the VPN client on your system is then brokering a secure connection for you that lets you access the work resources securely so you can do your job. Your local system is not actually on the work network. It is on a virtual network that the VPN set up for you and everything you are doing is going through this virtual network on your behalf. It's like, instead of telling the chef at the restaurant what you want by walking directly in to the kitchen and telling them, the waiter is accessing your location and relaying your instructions to the chef in the kitchen. This keeps you out of the kitchen and the kitchen safe. It also means that unauthorized people can't walk in the kitchen behind you and start asking the chef stupid questions that break everything. The waiter is the VPN. In this ingress case, the only way you are going to be able to change connections is if work has multiple entry points for the VPN and even then, you still need a certificate for those entry points. There's no value for changing that connection aside from performance. Usually companies will have multiple ingress points across the country so that a guy in NYC isn't dealing with the latency on performance by having to log in to a VPN based in, I dunno, Palo Alto, CA.

The other way a VPN is typically used is when a private user on their home network wants to browse the internet at least privately if not privately and securely. It all works the same way but, instead of logging in to work or something, you are using the VPN as a security layer and treating the internet as a network you are logging in to which, in all honesty, is exactly that. The Internet is just one big network with a top level, all-encompassing domain structure that you log in to from your endpoint every day. It's like the universe where at each level, each entity is treated like a node on the universe network. So a galaxy is a node on the universe network but the galaxy has star systems embedded in it so it's a pile of small networks under the galaxy level domain and each star system has planets with moons so that's another level. So it'd be http://www.universe.com/galaxy/star/planet/moon is your location domain and you log in universe.com to be able to jump between galaxies and stars and planets. That's over simplified but you get the idea.

What happens here is you are on your home network, say, a Comcast router in your living room from your network "FBI Surveillance Van 038" 'cause you're unique and hilarious. You, however, want to troll an audio forum with baloney about electric vehicles just to be a nuisance because even bad attention is still attention. Anyway, you can't do this without incurring the wrath of the local admin who will quickly know who you are as your connection info is logged and traceable.

So, you gotta hide, right? How do we do that? Many ways but the easiest and most accessible is a VPN. Now, you can run your own VPN but, it's co-located with the source of the trolling and it's fairly simple to figure out who it is. If you sign up with a VPN service, like NordVPN or something, then you get the Nord Client. The Nord Client has a bunch of stuff in it including certificate pairs for a loooooong list of access points for the Nord VPN. Your Nord Client will test multiple AP (access points) for performance and chose the fastest one which may not necessarily be the closest one. Just the fastest one to respond. Your closest AP in your little EV Troll village might be swamped by your fellow trolls so you have to go to the next village over's VPN.

So you log in to Nord's VPN and Nord sets up a secure connection Nord to you for just you and only you. Then, you get to go out to the interwebtubesnet and just be a complete bastardo because, the Nord VPN has many, many egress points to the internet from it's network and you are now a needle in a Nord VPN haystack. Additionally, unless you committed a crime and Nord is served a warrant, your local connection and location are not accessible even if someone finds your VPN egress point and shuts you down. You just look like one of millions of connections with no face or name comingfrom the Nord domain.

The biggest benefits to this are that you can browse privately without having stuff traced back to you or tracker stuff being able to "spy" on you and it makes it harder for evil doers to do evil to you. But, most people who put up with the hassle of a personal VPN are trying to hide something or think they have something to hide. A small business might be able to leverage a VPN service like Nord but, the VPN would not be for egress, it would be for ingress so this second use case isn't applicable. Otherwise, I use a VPN when I want to spoof my location so I can do something like watch a video that is "blocked in my country" or if I want to go to a news site that has a different set of pages for a U.S. citizen than, say, a European Union country. I used it a bunch during COVID to find out what was really going on outside of the U.S.

Anyway, changing your connection frequently in the egress connection use case doesn't really get you anything either. Unless your VPN service is sharing your location data on a pass-through setup, no matter where you log in to, you're still going through your VPN service's connections. If one is compromised, they all are unless the problem is on your end but then, the bad actor likely wouldn't let you use any connection but the one they are redirecting you to anyway.

Now if you REALLY want to be sneaky, you can run your own VPN, put a virtual machine behind that and then use that VM to log into another VPN and then start hopping to different VPN services at different connection points around the globe. Usually after about 9 connections, you become incredibly hard to trace, especially if you are on a VPN somewhere in your string of connections that round robins connections on a timed basis. But at that point...what are you hiding, bro?

bcwsrt wrote: »

^^^ Build back better?

Tom

SeleniumFalcon wrote: »

Dave is an amazing artist and person, he built his house completely himself. Designed it and constructed it piece by piece.

Nice article on your friend Ken. It would be fun to shadow him in his shop/studio for a day and listen to his life experience stories. Reminds me of a Wendell Castle or Wharton Esherick type of artisan.

You can see what looks like the Greene and Greene influence on the front door.

Dave and Sarah operate a B&B where they live, very close to where the Appalachian Trail crosses South Mountain. Dave has created an outdoor sculpture path around the area where he lives and visitors can walk around it as it weaves over a stream and through the woods.

Work of art! You must use a skull just right to get it to break just right...

msg wrote: »

A friend recently visiting Chile told me this joke about Argentinians. I take it there's a rivalry there.

How do Argentinians kill themselves?
They climb up their egos, and jump off.

Waffles??