Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech

Based!

1 Like

I still use sandboxed gsf for apps I like lol so might want to rethink the based part.

I’m just doing it to see how the project progressed mainly

2 Likes

@Biky et al et al et al

everyone essentially watching this blog.

Made an update to my posts. So I went ahead and did this on all my forum posts. All those infrastructure posts now have a table of contents. I will be fine tweaking that
Additionally I added crypto donation links if someone wants to say thank you.
Its mainly to showcase and test open alias which I think is a cool technology. I think I will do a guide on getting wallets setup and getting them aliased to a TLD. https://openalias.org/ Which is really cool
Full list:
Phaselockedloopable- PLL's continued exploration of networking, self-hosting and decoupling from big tech
Infrastructure Series -- Native Dual Stack IP4+IP6
Infrastructure Series -- Wireguard Site to Site Tunnel
Infrastructure Series -- Recursive DNS and Adblocking DNS over TLS w/NGINX
Infrastructure Series -- NGINX Reverse Proxy and Hardening SSL
Infrastructure Series -- Taking DNS One Step Further - Full DNS Server infrastructure
Infrastructure Series -- HTTP(S) Security Headers! You should use them! [NGINX]
Infrastructure Series -- Use NGINX to inject CSS themes
One Key to Rule It All [YubiKey+GPG-SSH+FIDO2+MFA-ZeroTrust]

3 Likes

Interesting. I don’t know how I would tackle my mobile programs problem. I currently have 2 profiles on my non-degoogled android phone. One for the programs I use a lot and like (only from F-Droid) and another one with junk (downloaded from Aurora). Still not really sandboxed. I don’t think the programs from one profile can view the data on the other, except for maybe google services, which is basically a root kit (I could be wrong about that though - but even then, I still have those running on my normal profile, so it’s not like they don’t see my data). But at least my documents, messages and contacts are safe on the other profile, so even if programs wanted to read them, they can’t.

Personally, I’d like to tackle it through separating devices altogether. Like for example, run Lineage on a RPi with microG, install all junk there, then on my phone (which I hope would either be a Linux phone or a Graphene without any kind of G) VPN home and VNC or web remote or KDE Connect into the Pi.

2 Likes

I cannot say this one was easy

Series 9: Infrastructure Series: BIND9 Authoritative DNS Guide “Please See Me Edition”

Infrastructure Series: BIND9 Authoritative DNS Guide “Please See Me Edition”

3 Likes

I just bought some of these from ebay. The first one arrived broken because it was in the box without any padding. The two antennas on the back were snapped off or broken where they connect to the board. I was able to buy a broken router for $25 to use for donor parts. i desoldered the antenna lugs(?) and soldered them back on to the working board. I did enlarge the holes ever so slightly so make up for my poor desoldering skills.

Do you think there are any issues with gain/signal quality from swapping the antenna connectors? I don’t need a lot of signal strength- I actually turn it down so that the hands off nicely with the other wifi AP at the other end of the house. I know I should probably look into mesh wifi.

I haven’t really used it much yet, other than testing function and flashing openwrt. My plan is to install debian on it and see what happens. I know it’s not much of a plan…

1 Like

theres going to be some … and a good bit of noise introduces at 5 GHz but I wouldnt worry about it. Worst case your VSWR went up. it will work fine. Its a router

2 Likes

I just wanted to share that this company has been really amazing with support. I moved and now the power adapter fits loose in the socket on the unit and if it gets bumped even a little it can lose power. If I hold pressure on it it works fine. I dont think it’s the products fault but mine. Its a really solid unit.

I emailed them and opened a ticket yesterday with a copy of my receipt and got a email response today. They are offering to replace it free of charge. I sent them my address and asked for a expected ETA. They called me within 10 min of my email to confirm. They said they would be sending out the new unit today and it should be here in two days along with a return label. I didn’t have to send mine first which was nice. They also offered to install “coreboot”, which can be tricky, and also OPNsense as well so it’s ready to go. I’ve been very impressed by their service and support. I just thought I should share for others considering this unit.

5 Likes

@SgtAwesomesauce guess we know they care about their support

2 Likes

Although I kinda want to get away from x86 on most of the things I have, this kinda makes me want to support ProtectLi. I’ll have to check their website if they have ARM products that can run OpenBSD.

2 Likes

nothing wrong with x86 tbh, especially if you can coreboot it.

2 Likes

Nothing wrong, except for power consumption. But given, this little puppy can and does run as low a power draw from the wall as some SBCs.

2 Likes

need some great feedback. Nows the time … I want to keep going but IDK what people want?

My old thread

Im necromancing you

And finito

Now all my Authorization request for the U.S.C.A.P (Utangard Secure Compartmentalized Access Proxy)

IS IN HOUSE BABY

is protected by (updated main theme)

Code:

# Utangard Secure Compartmentalized Access Proxy (U.S.C.A.P)
# Vouch Configuration
# Date 17-05-2022
vouch:
  logLevel: info
  listen: 0.0.0.0  # VOUCH_LISTEN
  port: 9090       # VOUCH_PORT
  domains:
  - utangard.net
  whiteList:
  - <REDACTED>
  - <REDACTED>
  - <REDACTED>
  - <REDACTED>
  - <REDACTED>
  - <REDACTED>
  tls:
    profile: modern                           # VOUCH_TLS_PROFILE
  jwt:
    secret: <REDACTED>
    maxAge: 240
    compress: true
  cookie:
    name: VouchCookie
    secure: true
    maxAge: 14400
    sameSite: lax
  session:
    name: USCAPSession
  headers:
    jwt: X-Vouch-Token                # VOUCH_HEADERS_JWT
    querystring: access_token         # VOUCH_HEADERS_QUERYSTRING
    redirect: X-Vouch-Requested-URI   # VOUCH_HEADERS_REDIRECT
    claims:
      - groups
      - given_name
  post_logout_redirect_uris:
    # your apps login page
    - https://utanguard.net
# OAuth
oauth:
  # Utangit Gitea Integration
  provider: oidc
  client_id: <REDACTED>
  client_secret: <REDACTED>
  auth_url: https://git.utangard.net/login/oauth/authorize
  token_url: https://git.utangard.net/login/oauth/access_token
  user_info_url: https://git.utangard.net/api/v1/user?token=
  scopes:
    - openid
    - email
    - profile
  callback_url: https://vouch.utangard.net/auth

Now I can go to sleep… Im officially off big tech fully. No more github as the auth proxy

3 Likes

FINALLY off microsft/github

Nice trekkie theme you got there for the pihole

Oh yeah LCARS… Fun

1 Like

Dang, CAT8 for free?

Hey, it’s me, your brother, do you have any extras?

Just kidding, haha.

1 Like

I have really been struggling with what to run on my phone, and by extension, what phone to get. Root breaking the Android security model is frustrating, because I feel that it is sometimes the only way to get full control of my device. I have a phone I flashed to lineage, but it is frustrating because I didn’t flash gapps and so I can’t actually do some of the things I need to do with the phone for work (for example, I need my calendar to sync and remind me of meetings, without that functionality I kind of don’t even need a smartphone).

I might just buy another iphone, as much as it pains me to say that. I think my only reasonable alternative at this point is a pixel with grapheneOS.

Full control of any android is a meme. You cant evaluate the firmware completely? Even on lineage OS and root!=full controll

the only way IMHO with android

Most secure phone if you can turn off voluntarily a lot of the stuff apple wants you to use. To their credit they let you do this