Peter wrote:
Can everyone in Sweden get fibre all the way to their property, or are they using 4G and get a huge 4G allowance (tens of GB/month)? If the latter, does Sweden have near-100% 4G coverage over its land area?
Sweden does have near 100% 4G coverage. It is of course still a problem for people living in an area with poor coverage but of course the carriers don’t care much about that. By law you are entitled to have one working phone connection in your house for a standard fee. If you live in the countryside the carriers may be forced to set up a dedicated radio link to your house.
alioth wrote:
I’m looking forward to my fibre landline. I’ll never give up the landline, it may not be copper any more, but no mobile connection is ever going to be good enough to replace the wired or fibre internet connection to the premesis.
Ok. by “landline” I meant phone landlines, i.e. copper.
It’s not a joke everywhere. In Sweden, landlines are being decommissioned rapidly. Few people get new landlines.
Can everyone in Sweden get fibre all the way to their property, or are they using 4G and get a huge 4G allowance (tens of GB/month)? If the latter, does Sweden have near-100% 4G coverage over its land area?
That’s why you don’t just have one LAN, you have two – the DMZ and the green zone
There is no physical separation though. You are relying 100% on the firmware in the router working as it should be to implement the DMZ etc.
I dare say you don’t have a firewall between your consumer grade router and your LAN right now.
I don’t have a consumer grade router 
Also everything on the LAN needs authentication, so that’s another step.
I think the basic issue is that the ADSL modem has only one ethernet socket on it, so any physical separation of different networks running off that one IP is illusory and only as good as the firmware in the other boxes. This area is the cornerstone of the best hacks…
If you want to have a “secure” hosting facility it is best to run it on a separate ADSL line and then it all becomes much simpler. And this is not hard. For example with Vodafone ADSL you can have 2 lines for £42/month and you get a separate ADSL service on each. You can bond them with two ADSL modems and a modern router, you can load balance, etc.
I’ll never give up the landline, it may not be copper any more, but no mobile connection is ever going to be good enough to replace the wired or fibre internet connection to the premesis
There is also the service level. Voice connections get fixed fast, internet connections can be dead for days or weeks – unless you pay £££ for a commercial service contract. This is going to explode if BT carry out their threat to kill ISDN in 2022
On the original topic, what I was getting at is that if you can get fibre all the way, get something like 30mbits/sec UP, get a fixed IP, then you can do DIY video hosting reasonably well. That might incidentally kill off services such as youtube… I don’t have the numbers for YT but Vimeo downsamples HD to 5mbps (4K to 22mbps) and YT is a lot worse in quality than Vimeo. So you could run maybe 10 concurrent clients, which is plenty for anything that hasn’t gone absolutely viral.
Same for picture hosting. Photobucket is already virtually dead (I think they commited suicide with some greedy advert placement and other stunts), I am told “nobody” uses Flickr anymore… Facebook is also in a decline in the prosperous West and its media facilities (actually all facilities) are awful; it’s an “instant fun” tool like Snapchat which is now widely used for images (not just the dodgy ones which were its raison d’être ). The average online photo is under 100k so you could run a huge photo library using DIY hosting.
What you won’t get is SEO but (a) that works only if you bother to tag your pics and (b) almost nobody makes money out of multimedia anyway e.g. with YT you need 1k followers before you can start getting paid.
Airborne_Again wrote:
It’s not a joke everywhere. In Sweden, landlines are being decommissioned rapidly. Few people get new landlines.
I’m looking forward to my fibre landline. I’ll never give up the landline, it may not be copper any more, but no mobile connection is ever going to be good enough to replace the wired or fibre internet connection to the premesis. Now most people are probably perfectly happy with carrier grade NAT and mobile connections for browsing/social media etc. but I want to do more than that with my internet connection.
They’ve got a strategy here now that 98% of premesis should be able to get fibre within the next 2 or 3 years, we’ll see if this is true (currently we have the slowest internet in Europe)
Peter wrote:
There is still the ultimate weakness: all the packets end up on the internal LAN and if there is a device on that LAN which can be exploited
That’s why you don’t just have one LAN, you have two – the DMZ and the green zone. The typical topology would be: internet → router → OpenBSD firewall → two ethernet switches (one switch on the green zone, one switch in the DMZ). The firewall has 3 physical interfaces. Any device in the DMZ that can be exploited can’t get into your green zone if you’ve taken the precaution of using a default deny policy on the DMZ and egress filtering. This would be more secure than your current setup probably is, because I dare say you don’t have a firewall between your consumer grade router and your LAN right now.
Coda wrote:
Yes sorry I was.
It’s not a joke everywhere. In Sweden, landlines are being decommissioned rapidly. Few people get new landlines.
Peter wrote:
Not sure if you are joking
Yes sorry I was. I was just thinking about all the people I see in England standing around with their face in their phones… it’s like everyone is a data zombie… it’s a shock after moving out of Central Europe. BTW – I was living in the centre of a large city and I still had to have a landline for VDSL as no cable companies serviced the area. Only managed to get 85mbps for about 20 quid.
alioth wrote:
Use something like OpenBSD for your firewall…
Seconded. Peter wrote:
There is still the ultimate weakness:
The ultimate weakness is the flesh bag who looks after it :)
There is still the ultimate weakness: all the packets end up on the internal LAN and if there is a device on that LAN which can be exploited (with malformed packets, etc) there’s a nice attack vector.
Peter wrote:
One can just never be sure that it doesn’t open a way to hacking the internal network.
You can be sure enough. Use something like OpenBSD for your firewall – you can use an inexpensive machine for this with two network interfaces (don’t rely on what’s in your consumer grade router), implement a DMZ with strict filtering on both egress and ingress and put your webserver there, and have your internal network on a different ‘green zone’ segment to which your webserver has absolutely no access. If someone breaks into your webserver they can’t go anywhere. You could also use a reverse proxy to limit what the webserver can serve and what requests can be sent to the webserver.
Peter wrote:
The better ones are ~40GB for £25. And no fixed IP.
It’s worse than that – I’ve not found a mobile network which does not use carrier grade NAT which is awful. You can only consume on a mobile connection, and CG NAT breaks a lot of things (e.g. multiplayer games which need peer to peer connections at some point).
