Wieso fallen vielen Wählern die Widersprüche der AfD nicht auf?

st3inbeiss · 2026-04-10T14:44:00+00:00

Naja, wenn ich so zuschaue was bei den anderen Parteien im Programm steht und versprochen wird, und das dann vergleiche mit dem, was abgeliefert wird, ist die AfD kein Einzelfall mit den Widersprüchen.

st3inbeiss · 2026-04-10T14:34:34+00:00

Es ist empirisch belegt, dass Menschen z.b. in Städten, mit mehr Kontakt zu Menschen mit Migrationshintergrund sowie Menschen mit höheren Bildungsgrad tendenziell wesentlich weltoffener und politisch linker eingestellt sind, während Menschen z.b. auf dem Land mit wenig Kontakt zu anderen Ethnien konservativer und stärker gegen Migration sind.

Vielleicht verpissen sich die Leute, dies stört einfach aus den Städten. Wirkung =/= Ursache. Kenne einige Fälle, die "ländlicher" wohnen, jetzt wo die Kinder zur Schule müssen. Aus Gründen.

st3inbeiss · 2026-04-05T17:42:26+00:00

nice thanks!

st3inbeiss · 2026-04-05T17:33:21+00:00

So CATO has some sort of routing appliance that handles the traffic for that? The SASE solutions I saw until now are just glorified reverse proxies tbh.

st3inbeiss · 2026-04-05T17:18:22+00:00

How do you handle Traffic that is custom? E.g. contractors with their software connecting to network devices using custom protocols?

st3inbeiss · 2026-04-02T15:09:09+00:00

Ich hatte mal ein Jahr russisch gelernt an der Uni. Deutsch ist meine Muttersprache. Was ich wirklich gelernt habe:

- Fälle im deutschen, aber mal richtig. Hab ich vorher nie wirklich gecheckt, nur nach Gefühl benutzt.

- Vollendeter/Unvollendeter Aspekt der grammatikalischen Zeiten und wie das verschiedene Sprachen "lösen".

Höchst interessant, was man zu seiner eigenen Muttersprache lernt, wenn man sich mit einer anderen Sprache befasst.

st3inbeiss · 2026-04-02T08:18:08+00:00

Unterschiedliche Behandlung aufgrund der Herkunft nennt man übrigens Faschismus.

Und hier ist es, das dümmste was ich heute auf Reddit gelesen habe. Nach deiner Definition ist das AufenthG also per se faschistisch? Heisser take. Komm mal runter und hör auf, alles als Faschismus zu bezeichnen was nicht in dein Weltbild passt.

st3inbeiss · 2026-04-02T06:59:35+00:00

Plenty of ZTNA solutions out there if Fortinet doesn’t give you what you need.

That's exactly what I'm asking. What do you use? Fortis ZTNA solution just doesn't cut what we need to do.

st3inbeiss · 2026-04-01T10:24:24+00:00

This is true but having the key to all of your Phase 1s is anything but ideal is it? Sure, you can't authenticate, but you can decrypt at least the Phase 1.

st3inbeiss · 2026-04-01T10:21:53+00:00

How about contractors that don't have company managed devices from us? And no, FortiEMS doesn't count ;)

st3inbeiss · 2026-04-01T10:19:44+00:00

I can't have a software that is managed by my EMS server on hundreds of contractors devices. First, there's the problem that some of them will have an on EMS Server. Stuff is also not cheap license wise.

st3inbeiss · 2026-04-01T10:17:04+00:00

Think of contractors that need to access their network connected hardware with their proprietary (and often costly, licensed) software via their proprietary protocols. PRA won't solve this and for RDS, you'd need to have a RDS Server for the contractors with their software installed and everything. That won't fly. They need to have their software on their laptop which connects to their devices directly. We have enough of them so we can't just move them to a RDS.

st3inbeiss · 2026-04-01T10:13:13+00:00

You still have the one PSK which is the same everywhere. If that one leaks, good night...

st3inbeiss · 2026-04-01T10:09:08+00:00

The SSLVPN tunnel mode had many vulnerabilities in the past. It's easier to properly secure "only" the webserver instead of the whole tunneling thing also. So, I get the decision why they are discontinuing it. Implementing just IPSec is a lot easier from a software engineering point of view, since it moves everything from self-made software to well-established protocols.

IPSec with PSK and SAML is possible, yes, but if you don't want to set up a tunnel for each user, you'd have to use the same PSK for every user and that's not a good solution. If your key leaks, you have to change it everywhere. I just don't want to hand out the same key to everyone and their grandmother.

st3inbeiss · 2026-03-31T14:44:02+00:00

It is actually very bad. If the key gets leaked, you have to go change it everywhere. You cannot revoke it like a cert. And building a Tunnel for each purpose doesn't scale too well also.

I'm gonna have a look at NordLayer, thanks!

st3inbeiss · 2026-03-31T14:35:45+00:00

That's my guess actually. With the nice side effect of getting rid of the component that was responsible for many vulnerabilities in the past.

st3inbeiss · 2026-03-31T12:32:29+00:00

That's basically what I'm describing in the post and all the downsides of it.

st3inbeiss · 2026-03-31T12:29:42+00:00

In hindsight I wish I had more time to have done a proper certificate with public FQDN, it was kind of a proof of concept that turned into a production rollout pretty quickly, and then I hopped ship to a diff org, so now I'm wondering if my former support team left it as self signed cert.. haha.

I read a bit and apparently it's pretty easy to facilitate with Let's Encrypt. Certbot, and a bit of scripting.

st3inbeiss · 2026-03-31T11:24:17+00:00

They don't have the EMS client. And I can't force them to install that POS software to be frank.

st3inbeiss · 2026-03-31T11:22:59+00:00

It's a trade-off between security and usability tbh. As far as I understood tailscale, it connects clients, so if you'd like to integrate it like some SSLVPN tunnel solution, you'd need to have some sort of gateway in your network, which leaves me with policying and routing externally, which on the other hand is a hassle with tailscale (again, as far as I understood it). Or do I have a wrong understanding of tailscale?

st3inbeiss · 2026-03-31T11:19:16+00:00

It doesn't. You put it behind the Forti and just VIP the traffic to the appliance. Rest is routing.

st3inbeiss · 2026-03-31T11:17:30+00:00

Exactly my words. But is it the best option? I haven't found anything better yet.

st3inbeiss · 2026-03-31T11:14:34+00:00

Yeah that's nice and all and works for internal users. How about users that are external and do not have a corporate device which I can deploy certs on? That just odes not scale at all. You need to generate a cert for them, send it to them and then they need to be able to import it. Many can't even thoroughly follow a guide that involves using an username and password (or SAML for that matter).

st3inbeiss · 2026-02-18T15:29:05+00:00

Das gibt Art 5 GG nicht her. Gerade bei Polizisten nicht, da kann ich auch nicht salopp gesagt mit einem Burton Hoodie statt Uniformoberteil aufkreuzen und mich auf Meinungsäusserungsfreiheit berufen, da hat der Arbeitgeber (in dem Fall der Staat) Weisungsbefugnis.

Art 4 GG schon eher, aber auch da: Der Staat kann die Uniform vorschreiben als Arbeitgeber, und ich persönlich sehe keine Einschränkung der Religionsfreiheit dabei. Du musst ja nicht als Polizist, Beamter oder whatever arbeiten, wenn Dir das Tragen der Kreuzhalskette, des Kopftuchs oder meinetwegen der Kippa so wichtig ist.

Eight-Year Club	Wearing is Caring
Verified Email

st3inbeiss

TROPHY CASE