Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech

Mozilla says sight is insecure

:eyes: what? How?

1 Like

Shes coming together slowly. I prefer a more solarized look

(dont care if my IP is shown. it changes every 6 hrs)


for an engineer I can be big dumb sometimes. Sits for 30 minutes wondering why he cant set IPv6 prefixes in his dual stack

Oh

Now I can set OPT2 to its own damn thing and LAN and OPT1 to their respectives

1 Like

Parity is just if you’re running raidz, and the only tuning is if it’s 1 2 or 3 drive loss tolerances.

CoW is on or off.

Checksums, I don’t think you can turn off.

ZIL is definitely something you can tune, but you can also set up a SLOG device (separate log) for this, to improve your overall performance.

Same here. I hate facebook, but you can’t deny that their compression algorithm is the best out there. Arch compresses all their packages with zstd now.

datasets are like thin-provisioned filesystems.

Think of it as a folder, but it has tunable filesystem properties and ZFS can administer it. You should have a dataset for each distinct category of data. I can give you more details if you want.

Used to be 4TB, but it might be going up now. I’d check /r/datahoarder for best results.


It’s worth noting that BTRFS is a worthy contender if you use raid10 instead of parity. (their parity implementation is broken and the write hole still exists, IIRC)

BTRFS has the benefit of being flexible, but ZFS is working on flexibility soon, I think, with device removal or raidz resizing.

2 Likes

Thanks for the help ill go to reddit

Right now im reverse engineering the damn switch to figure out how to proof of concept my dumb ap with my previous router

Numbers 0-3 are Ports 4 to 1 as labeled on the unit, 5 is the internal connection to the router itself. Don’t be fooled: Port 1 on the unit is number 3 when configuring VLANs. vlan0 = eth0.0, vlan1 = eth0.1 and so on.

Port Switch port
CPU (eth0) 5
No port 4
LAN 1 3
LAN 2 2
LAN 3 1
LAN 4 0

Going to add /etc/config/network:

config switch
        option name 'switch0'
        option reset 1
        option enable_vlan 1

config switch_vlan
        option device 'switch0'
        option vlan 1
        option ports '0 1 2 3 5'

I need food first. Its not openwrts fault its the hardbaked settings of the God damn netgear blob

Because when I just use the lan ports I get the IP from the protectli but it wont route. I.e I cant get passed the dumb switch / ap

Once I get this I can transfer the edit to configs over and modify them slightly be off to the races on the r7800

1 Like

At the end of the day its math how do you store data in less bytes via manipulation of the binary data :wink: its hard stuff. Huffman coding is useful to index where the literal sections of the math start

I kind of wonder what Facebook did special to it

All the entropy coding :laughing:

2 Likes

OH MY GOD ITS GORGEOUS… I can manage every machine from one spot :scream:


image1920×945 89.7 KB

Now I just need to upgrade the machine, get the drives and fix my ZFS support LMAO

1 Like

Ohhh

Myyyy

GoooooD

Updates manageable from one place too

2 Likes

Gonna harden the pihole (DNSoTLS) tomorrow

2 Likes

In a true me fashion. Every device extends from the domain named after the Viking tree of life

Firewall=heimdallr.yggdrasil
GovLaptopVLAN=Loki.yggdrasil
Mylaptop(soon)=bragi.yggdrasil
Server=Odin.yggdrasil
RaspberryPi4 smarthome and DNS adblocker hub=baldr.yggdrasil
Switch+wireless=Himinbjörg.yggdrasil
5GHz net=Asgard.yggdrasil
2.4GHz net = Nidavellir.yggdrasil
The bridging protocol holding it altogether=bi_frost.yggdrasil
AuthenticationServer=Freya.yggdrasil

Got a few more things to setup and a few more things to acquire and ill have my own encrypted cloud going. Fuck google. Excuse my french

3 Likes

Wow impressive work, especially with the network setup and phone. From doing it myself I can tell you that running nextcloud will be well worth it, even if it can be a bit of a pain to get it to play with other services. Maybe this will be of interest to you, a security focused nextcloud install(on freenas though).
Two questions: Are you going to have it face to the web for remote access? And is there a landline in the picture? A lot of them seem to rely on the ISPs router.

3 Likes

Yes I bought my domain already. Dydns is my next step

Well I own the cable modem its a SB8200

But overall the rest of the way is controlled by the ISP. No way to avoid that. ISP will become starlink effective as soon as possible

1 Like

@SgtAwesomesauce et al Probably one of the more useful cases of what I am running (cockpit)… is the solution center on SELinux issues

[eric@odin ~]$ sudo ausearch -c 'rtkit-daemon' --raw | audit2allow -M my-rtkitdaemon # semodule -X 300 -i my-rtkitdaemon.pp
[sudo] password for eric: 
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i my-rtkitdaemon.pp

[eric@odin ~]$ sudo semodule -i my-rtkitdaemon.pp
[eric@odin ~]$ 

SELinux has never been easier and I love it

Security and Convenience? Why not both?


For those unfamiliar

What is SELinux:

Perhaps the most useful description is thinking of it as a framework for managing access control to files and other resources in the Linux system that go far beyond standard file permissions or aces control lists. As if chown and chmod werent already a headache :wink:

Is there a Presentation I can watch?

Yes, RHEL has one. The video goes into its difficulties but also why its good.

Whats my issue?

My issue before was inconvenience. I never had a testing and production system. You want an air gapped testing system so that you dont have to remove protections from your production machine to fix the issue. Cockpit mostly solves that including for stuff that doesnt like SELinux (like PiHole)

1 Like

Its here. Time to load openwrt

Something ive always applauded netgear for as an rf engineer is protecting the rpsma connectors with rubber covers… they never skimp

2 Likes

Connectivity pictures for those who care

2 Likes

Interesting 2 antenna 1s a 2 and a 3. This may shed light on how the code the mu-mimo and how the array transmits and recieves. Ill dig into that later after a before and after testing of stock vs professional antennas

1 Like

Thanks Novasty testing whiskey on me is fun :yay:

Coolio she’s set to go

------------------------------------
[eric@odin ~]$ ssh [email protected]
[email protected]'s password: 


BusyBox v1.30.1 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 19.07.4, r11208-ce6496d796
 -----------------------------------------------------
eric@himinbjorg:~# cat /etc/config/wireless  

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'
	option channel '157'
	option legacy_rates '0'
	option country 'US'
	option txpower '30'
	option beacon_int '1000'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option dtim_period '1'
	option ssid 'asgard.yggdrasil'
	option encryption 'psk2+ccmp'
	option wpa_disable_eapol_key_retries '1'
	option ieee80211w '2'
	option key '*******************************'
	option disassoc_low_ack '0'
	option ieee80211w_max_timeout '500'
	option ieee80211w_retry_timeout '100'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
	option txpower '30'
	option channel '1'
	option beacon_int '1000'
	option legacy_rates '0'
	option htmode 'HT40'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option dtim_period '1'
	option ssid 'nidavellir.yggdrasil'
	option encryption 'psk2+ccmp'
	option wpa_disable_eapol_key_retries '1'
	option ieee80211w '2'
	option key '*********'
	option disassoc_low_ack '0'
	option ieee80211w_max_timeout '500'
	option ieee80211w_retry_timeout '100'

eric@himinbjorg:~# 

Alright guys heres the AP setup for signal strength testing. You will notice I am going to keep the power the same and keep DTIM and beacon interval the same so to not skew the tests as well as disabled disassociate on low ACK… When I run my tests you will see the difference between true professional antennas and the basic stocks.

Might even do an antenna tear down!

Notable Configuration Mentions:

Please note I will change the TX power to accurate reflect EIRP to be within legal bounds later. Im sure a test or two wont upset HAM folk

Reason for testing is for science

Notes about high gain antennas; If you change the following parameters via antennas you can no longer guarantee you are operating within FCC Spec and proper EIRP:

  • Gain
  • Output S parameters (output VSWR etc)
  • Q factor
  • Impedance
  • Beamwidth

Its important to realize if you do get higher gain antennas the polite thing to do is to turn down the power and try to stay in spec. Its not nice to operators or your neighbors. Most consumer and even prosumer radios do not have the abilit yot check the matching and all the parameters above, only high end Amatuer radios. They are programmed with whatever they got from the factory!

2 Likes

Documents ill use in initial conjecture and testing theories of why something might have behaved the way it did

https://fccid.io/PY315100319/Test-Report/Test-Report-DTS-rev-pdf-2801861.pdf

1 Like

hell yes… got matching IPv4 and IPv6 tails
image

[eric@odin ~]$ ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.31.82.4  netmask 255.255.255.0  broadcast 10.31.82.255
        inet6 fe80::fec0:28fa:803b:a8c9  prefixlen 64  scopeid 0x20<link>
        inet6 2601:680:ca80:7302::4  prefixlen 128  scopeid 0x0<global>
        ether 10:7b:44:18:0e:6d  txqueuelen 1000  (Ethernet)
        RX packets 6223412  bytes 7667332272 (7.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2519467  bytes 598562042 (570.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xf6500000-f651ffff 

Now that I completely understand the stack. IPv6 aint hard

image

1 Like

Relevent to your interests: https://labzilla.io/blog/force-dns-pihole

If you’re using PiHole on your network to block ads and prevent your various smart devices from sending tracking information to their manufacturers, you might be surprised to find out that some of these devices are using a sneaky tactic to bypass your PiHole entirely.

Smart devices manufacturers often “hard-code” in a public DNS server, like Google’s 8.8.8.8, and their devices ignore whatever DNS server is assigned by your router - such as your PiHole.

Nearly 70% of smart TVs and 46% of game consoles were found to contain hardcoded DNS settings - allowing them to simply ignore your local network’s DNS server entirely. On average, Smart TVs generate an average of 60 megabytes of outgoing Internet traffic per day , all the while bypassing tools like PiHole.

Fortunately, with a few simple firewall rules, you can intercept these hardcoded DNS queries and redirect them to your PiHole. These instructions are for pfSense, however you should be able to adapt them for Sophos XG, Ubiquiti EdgeRouter, etc.

7 Likes