Return to Level1Techs.com

Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech

no worries

this was cool

2 Likes

Why DoT and DoH are bad

2 Likes

I was looking at your updated network Diagram and curious what you do for Backups?
Currently I’m trying to work out my ZFS on Linux / Cockpit / Podman setup, trying not to use Truenas Scale as it has built-in telemetry and makes me dependent on iX Systems.

Also, did you consider setting up your Linodes as an Outbound Proxy to get around Packet Snooping and censorship, considering you already have a lot of the knowledge and code to set that up with load-balancing as well?
It’s been on my todo-list to get to full dual stack without the privacy concerns and I’ve come up with the plan to use an outbound proxy and my own DNS, for now on Linode and later maybe even on my own server if I can find affordable colocation.

1 Like

A layman’s look at Diffie Hellman

3 Likes

As a person experienced in cryptography. I approve of this laymans look.

Its quite accurate even though its reduced

I use an Elliptic curve Diffie-Hellman and its equivalent to 16384 not 4096 so there will be no need to change my DHE exchange key like literally ever lol

3 Likes

Not to divert from the primary content of your post(s) / fantastic thread, however I am curious – are you still running this great device? I am currently on:

  • Android version: 12
  • Android security update: October 5, 2021

Unfortunately, there will be no further security updates for November or beyond… one final update coming next year (Q1 2022). I’ve only glanced at LineageOS, haven’t tried it on any of my old devices, but we tend to rely on a number of Google services. As a former Google-fanboi (now recovering), this pains me to have to admit, but it’s been near impossible for me to replicate the convenience factor that comes from this marriage. Just curious where your head is at these days. I will continue using it for the foreseeable future, not sure I could convert to the in-screen fingerprint reader if it’s slow. That’s a deal breaker… same with the 4 XL, face unlock ONLY was another deal breaker. P5 was nice, but it’s hard to give up 1440p once you’re committed. Thanks for this great content, LOTS of wonderful stuff to go through.

1 Like

Yes I am. Though I dont run Lineage OS.

It inherently breaks the security model.

Graphene OS is on extended support for back patches stuff that needs to be done. I dont run GAPPS (Google APPlications Services Framework)

My upgrade path is to the Google 6 Pro upon anouncement and release of the 7. Staying a year behind google grants you a lot of convenience and also price discounts.

The author of graphene isnt a meme. I might call it meme OS to @SgtAwesomesauce but realistically its not. Numerous and I mean a LOT of security patches to android have come out of the graphene OS project. I suspect that is how he sustains the development because he grabs google bounties on occasion (small ones)

It is a testament to device support though. Google supported a 2017 phone to 2022. Nobody can argue with a 5 year support life cycle in the phone market.

3 Likes

Based!

1 Like

I still use sandboxed gsf for apps I like lol so might want to rethink the based part.

I’m just doing it to see how the project progressed mainly

2 Likes

@Biky et al et al et al

everyone essentially watching this blog.

Made an update to my posts. So I went ahead and did this on all my forum posts. All those infrastructure posts now have a table of contents. I will be fine tweaking that
Additionally I added crypto donation links if someone wants to say thank you.
Its mainly to showcase and test open alias which I think is a cool technology. I think I will do a guide on getting wallets setup and getting them aliased to a TLD. https://openalias.org/ Which is really cool
Full list:
Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech
Infrastructure Series -- Native Dual Stack IP4+IP6
Infrastructure Series -- Wireguard Site to Site Tunnel
Infrastructure Series -- Recursive DNS and Adblocking DNS over TLS w/NGINX
Infrastructure Series -- NGINX Reverse Proxy and Hardening SSL
Infrastructure Series -- Taking DNS One Step Further - Full DNS Server infrastructure
Infrastructure Series -- HTTP(S) Security Headers! You should use them! [NGINX]
Infrastructure Series -- Use NGINX to inject CSS themes
One Key to Rule It All [YubiKey+GPG-SSH+FIDO2+MFA-ZeroTrust]

3 Likes

Interesting. I don’t know how I would tackle my mobile programs problem. I currently have 2 profiles on my non-degoogled android phone. One for the programs I use a lot and like (only from F-Droid) and another one with junk (downloaded from Aurora). Still not really sandboxed. I don’t think the programs from one profile can view the data on the other, except for maybe google services, which is basically a root kit (I could be wrong about that though - but even then, I still have those running on my normal profile, so it’s not like they don’t see my data). But at least my documents, messages and contacts are safe on the other profile, so even if programs wanted to read them, they can’t.

Personally, I’d like to tackle it through separating devices altogether. Like for example, run Lineage on a RPi with microG, install all junk there, then on my phone (which I hope would either be a Linux phone or a Graphene without any kind of G) VPN home and VNC or web remote or KDE Connect into the Pi.

2 Likes

I cannot say this one was easy

Series 9: Infrastructure Series: BIND9 Authoritative DNS Guide “Please See Me Edition”

Infrastructure Series: BIND9 Authoritative DNS Guide “Please See Me Edition”

3 Likes

I just bought some of these from ebay. The first one arrived broken because it was in the box without any padding. The two antennas on the back were snapped off or broken where they connect to the board. I was able to buy a broken router for $25 to use for donor parts. i desoldered the antenna lugs(?) and soldered them back on to the working board. I did enlarge the holes ever so slightly so make up for my poor desoldering skills.

Do you think there are any issues with gain/signal quality from swapping the antenna connectors? I don’t need a lot of signal strength- I actually turn it down so that the hands off nicely with the other wifi AP at the other end of the house. I know I should probably look into mesh wifi.

I haven’t really used it much yet, other than testing function and flashing openwrt. My plan is to install debian on it and see what happens. I know it’s not much of a plan…

1 Like

theres going to be some … and a good bit of noise introduces at 5 GHz but I wouldnt worry about it. Worst case your VSWR went up. it will work fine. Its a router

2 Likes

I just wanted to share that this company has been really amazing with support. I moved and now the power adapter fits loose in the socket on the unit and if it gets bumped even a little it can lose power. If I hold pressure on it it works fine. I dont think it’s the products fault but mine. Its a really solid unit.

I emailed them and opened a ticket yesterday with a copy of my receipt and got a email response today. They are offering to replace it free of charge. I sent them my address and asked for a expected ETA. They called me within 10 min of my email to confirm. They said they would be sending out the new unit today and it should be here in two days along with a return label. I didn’t have to send mine first which was nice. They also offered to install “coreboot”, which can be tricky, and also OPNsense as well so it’s ready to go. I’ve been very impressed by their service and support. I just thought I should share for others considering this unit.

5 Likes

@SgtAwesomesauce guess we know they care about their support

2 Likes

Although I kinda want to get away from x86 on most of the things I have, this kinda makes me want to support ProtectLi. I’ll have to check their website if they have ARM products that can run OpenBSD.

2 Likes

nothing wrong with x86 tbh, especially if you can coreboot it.

2 Likes

Nothing wrong, except for power consumption. But given, this little puppy can and does run as low a power draw from the wall as some SBCs.

2 Likes