How do you secure a Windows PC from hackers?

Turn it off and unplug the power.

But, then you can’t use it.

Precisely.

But …

It’s the only way to secure it.

I apologise, I saw S3, never even noticed the “OVH”, nor had I ever heard of it.

I’ll leave my original reply as is with an added disclaimer for anyone who follows down the same path.

Have a look at your AWS billing console, since data egress is charged and downloading to verify is considered egress.

AWS S3 supports data checksums where a checksum is calculated at AWS, which you can compare against a checksum that you calculate locally.

This is an article that goes into how it works, but I’ve not (yet) tested it, but I’ll be following in your footsteps pretty soon.

https://medium.com/@maureenosaghae86/check-the-integrity-of-data-in-amazon-s3-with-additional-checksums-3e51fe45f530

As an aside, make sure that versioning is OFF on your backup bucket unless you specifically require and understand it, because even when you delete objects, they persist as a previous, all but invisible, and charged(!), version.

My former backup software “helpfully” enabled versioning and I was left with a $600 monthly bill for six months while there was no actual backup being done due to a local hardware failure, until I figured out what was happening. I used that software for years and shudder to think just how much extra it actually cost.

I will note that while I had a catastrophic hardware failure, I didn’t lose any data.

Finally, if you’re storing data in Glacier, retrieval is charged at different rates, depending on timelines of access, so it might be that your backup software is using the slow tier to “save” you money.

Edit: OP advises that they’re not using AWS, instead they’re using OVH. The object storage solutions appear to be mostly compatible, but I was unable to discover if the OVH implementation supports checksums.

I faced pretty much the exact same choice, except I was given four of them, each with 8 GB of RAM.

Unfortunately they were two different hardware revisions, so the most I could achieve was two servers with 16 GB each.

They sound like a Jet taking off when powered up and the BIOS doesn’t support lower fan speeds.

Instead after months of deliberation I decided to go with a SFF Lenovo, 32 GB, 2 x 1 TB NVME, Ryzen 7, and bought this:

https://www.officeworks.com.au/shop/officeworks/p/lenovo-ideacentre-ryzen-7-32gb-2tb-desktop-lenic00aau

It’s whisper quiet and running Proxmox.

To get VM video passthrough to work I installed an extra video card, though, you could install a desktop on the host OS instead if you prefer.

The video card I used to fit inside is this:

https://www.msy.com.au/product/msi-geforce-gt-1030-4gd4-low-profile-oc-graphics-card-geforce-gt-1030-4gd4-lp-oc-73092

CVE-2026-26956 - vm2: WASM Sandbox Escape (Node 25 only)

vm2 is an open source vm/sandbox for Node.js. In version 3.10.4, vm2 is vulnerable to full sandbox escape with arbitrary code execution. Attacker code inside VM.run() obtains host process object and runs host commands with zero host cooperation. This issue has been patched in version 3.10.5.

https://app.opencve.io/cve/CVE-2026-26956

If you’re not going to show the source code, there’s absolutely no point in using GitHub.

As for getting paid, I hadn’t seen gumroad before, nice, but failing the access to the source, it’s unlikely I’d buy/pay for unknown software and install it sight unseen on anything I care about.

From a security perspective, in my opinion this is a disaster waiting to happen.

Pandoc will convert markdown to a PDF in portrait or landscape and there’s even “beamer” support, aka data projector or presentation support.

Why run Docker Desktop when it’s installable as a cli service?

What are you actually trying to achieve?

Tah. I’ll have a look see.

Not sure how, or if, I’d want to install an Arch package under Debian, but it’s my understanding that the package I’ve raised a bug for under Debian implements, or is supposed to at least, the functionality you’re describing.

What I haven’t found is a recipe that documents exactly how it’s supposed to work (not to mention, in a Debian way).

I’d love to discover something that doesn’t start with instructions to remove all pipewire packages and install from source, since that completely defeats the purpose of running Debian Stable as the host.

In my adventures I did look at this, but it appears to require that you install support for this inside the guest, which is possible for modern guests, but not for ancient ones like say Debian Wheezy or Win98se.

Just added the link.

I’m not sure if we’re talking about the same thing. One of the recent leaks had code that pretended to be a developer, so you could pick if it submitted a PR as Assumed Intelligence, or as a person.

I’ll see if I can find a reference.

Edit: Undercover Mode in Claude Code:

https://alex000kim.com/posts/2026-03-31-claude-code-source-leak/#undercover-mode-ai-that-hides-its-ai

Hold on, wasn’t one of the “features” of the “leaked” Assumed Intelligence source code the “human”-like version?

While this doesn’t answer your question, I use Docker for this exact purpose, since you can throw away everything if it fails, whilst keeping a recipe for success documented in a Dockerfile.

Given that you’re having issues with the DNS, I’d look at this.

Specifically, are you using the ISP DNS as an upstream lookup, or have you configured another DNS as the upstream?

Is the ISP DNS locking you out because you’re hammering it?

Does the ISP block traffic on Port 53?

When you’re having issues, can you look up addresses using a different DNS?

How is your DNS configured / implemented?

You do understand that California is not the centre of the universe, that states within the United States of America don’t agree on how to conduct voting, let alone agree on laws and finally, that there are 8.3 billion people on this planet, 96% of whom don’t live in, or are subject to laws made in the USA.

I’m sorry, but no.

Age validation is surveillance under the guise of “protecting the children”, which it spectacularly fails at for more reasons than I can count.

1. Everyone has to validate their age, which creates a whole infrastructure that require documents that “prove” your age.
2. A verified “under age” user will be added to a database by unscrupulous players, creating a honeypot for predators.
3. Age verification isn’t universal, isn’t uniform and regardless of the jurisdiction in which it’s implemented, won’t actually prevent content from being procured from sources outside that jurisdiction.
4. One source of objectionable content is another’s entertainment, legally so, given that laws are made in isolation from each other across borders.
5. The result of such legislation is the effective censorship of content that some lawmaker finds objectionable, which will cause more harm than good.
6. Operating System level age verification on open source platforms will spectacularly fail since they’re published outside the jurisdiction.

So … no.

I understand your point and agree that this is the thin end of the wedge.

What we’re doing here is discussing the phenomenon and I’m highlighting some concerns.

I believe that this is how you get a dialogue happening which will effect change, which is what we’re both advocating.

I think that age verification is about surveillance rather than protecting children and I think it should be fought at every level.

This is me contributing to that fight.