Mikelius

This is what I use. The project is dead and had some bugs that kept it running on my system right away, but as it’s open source, I was able to fix the code a little bit to success. Just wish it was a little friendlier on cpu or could be selective on which apps to run instead of recording nonstop regardless. I have it start up with Steam for now though.

Been using Gentoo on my server for over a decade now and probably won’t ever leave the compiling front, especially with a 12-core/24-thread CPU making it go as quick as regular binary updates on my mint laptop… But that being said, in happy to see them considering to do this. It’ll bring in some folks who are afraid of (or just dislike) compiling everything from source. I think the biggest packages that’d benefit from this are definitely the browsers and desktop environments.

My comment on arch is just related to the use of black arch for a regular desktop or laptop machine, not my server (no desktop environment for the server). Was mostly trying it to compare it with Kali, actually.

Black arch does come with xfce by default indeed, but resizing windows isn’t available right away. At least it wasn’t when I tried it a couple of years ago. It required changing a bunch of configurations manually for whatever reason.

Never tried regular Arch after trying Black Arch, so not sure if they’re the same feel, but after realizing the work it would take just to be given the capability to resize windows in the UI instead of just coming with drag and resize out of the box, Black Arch was a huge no go for me… Which kept me from wanting to touch regular Arch, lol. That being said, I go nope to Ubuntu the most. Gentoo is my favorite and is what my server has been running for the past decade without any kind of issue, but for laptop and daily use, I use Mint. Been on that one for about a decade now too… Used to use Peppermint (that still a thing?) and Suse the most before those.

Is wireguard hosted on opnsense, or an internal device that the port is being forwarded to?

If it’s on opnsense, be sure you route outgoing traffic on that port over the correct gateway, possibly even an extra rule to be sure the proper reply-to is set. Opnsense used to do the gateway routing configuration automatically, but once wg got added to the kernel, you’re now required to manually specify the gateway in your rules for it to work properly.

Also, if you see zero packets, then as others mentioned, try a different mtu. Some service providers (mobile, and even hotels) try to block all VPN traffic altogether and they do this by measuring the mtu of the packets. A little tweaking might get it to work, although I’d expect this to have held true for the VPS too, honestly.

I don’t use those two flags, but have several pis running docker with no issues. They’ve been running (almost) 24/7/365 going on maybe 2 years now with the same sd cards.

Even if it’s removed from fdroid because they want to close source it, I assume my current installations of their apps would be unaffected - just become stale and obsolete over time since they won’t get updates… But as they’re offline anyway, not too concerned in the short term. Hopefully the company respects the privacy amd care of the open source community and won’t take that away from us, though. One way to find out.

Use -F so you can keep getting those live reports even after the forest you’re watching vanishes

I wish there were some descriptions per provider with the ratings. Mullvad gets constant tests by third party against their network and has proven many times they have a no log policy that’s working, yet they got a 4 out of 5…

With only numbers and generic descriptions that don’t quite match the truth, feels like this sheet is a little misleading. Also, I find it ironic that it’s on Google sheets.

I tried Jellyfin so that I could move away from Emby, but the deal breakers for me were:

• No way to view my music library in folders (I organize all my music by genres)
• Terrible performance on Samsung Tizen (my primary tv)
• Can’t stream custom music radio stations by their m3u files

Other things that I didn’t like:

• Doesn’t save the filters I selected when viewing the library previously
• Doesn’t have as much working plugins on home assistant (this may have changed by now?)

I truly do want to go to Jellyfin, but the biggest deal breaker of them all is the lack of support getting it to work on the Samsung TVs efficiently. Perhaps someday it’ll change, but at the moment, I’ll probably stick to Emby but keep an eye out on updates :)

This ^ I start by blocking any new device to the network, even if it needs internet access (e.g. a new mini PC or something) and monitor for odd activity. If the device needs internet activity and has shown no signs of trying to phone going to something suspicious, I grant it from there (note my devices are under constant monitoring though). If it doesn’t need access (tv, home automation, printer, vacuum, etc) it stays where it’s at.

But yeah agreed completely. I avoid all IoT that won’t work without a third party cloud or internet access. Using Nextcloud (which does my rss feeds too), HA, pihole, and Emby (also blocked from internet access via firewall rules) for me. Also a few apps I created for myself for things where there weren’t any useful or good FOSS alternatives for.

Got mine connected to the network so I can take advantage of a local install of Emby, but blocked from Internet access, and every time it makes a DNS request (still blocked, but logged), it’s added to a personal hosts file for the entire network just in case the kill switch doesn’t work for some anomalous reason

Agreed! I tend to see what he can offer on regards to privacy for real life stuff like home address, data broker scrubbing (his extensive lists I mean), etc. But when it comes to the technology portion of it, I go with what I prefer, albiet I still hear what he has to say in case he introduces me to something I didn’t know about before.

Oh gotcha, I misunderstood this post as talking about a self hosted VPN, not external provider. That explains it! :D

Out of curiosity, why not just leave ssh access to the local network so you can only reach it by VPN in the first place? Note I might be misunderstanding what the goal of this was, so feel free to lmk if I’m off the field with my question lol

Ah got it. Looked at the open core link on there and like like all the features I use or care about are what’s open source, so there are likely some other things out of scope for myself that aren’t, and that’s why I didn’t notice. Thanks! 👍

Ahh okay, so not necessarily the entire software was a whole, but just a few things that would probably be targeted more towards the Enterprise folks? Assuming you don’t mean the issue boards for codebases, but rather the support requests. Probably why I hadn’t noticed, thanks!

Just curious, what part isn’t open source? I’m running a dockerized instance of it on my local server and have made my own modifications to the rails code in several places to meet my needs closer. Haven’t seen anything that would indicate it wasn’t open source, so just wondering where I should be looking. Unless these comments are related to the .com website and not personal instances

I’ve heard and seen folks say rooting Android is a huge security risk and adds an attack surface, but haven’t seen anything to support the claims, really. Yes it’s less secure for the average person, who doesn’t know anything about security, to root an Android, but to say it’s completely insecure without any supporting explanation (not you in particular, just in general when this is said) doesn’t help. I like to imagine it like installing Linux and being told to trust the distribution you installed, but they disabled root and removed sudo because it’s insecure.

The reason I root is actually for both security and privacy. Without it, I can’t use custom firewall rules to restrict apps and system processes from reaching out to the internet or local network devices (AFWall+), have a local hosts setup (Adaway), run a VPN to my home network (Wireguard), and monitor all app network process calls (PCAPdroid) at the exact same time. It also prevents me from being able to create custom cron jobs and custom system changes I need that have only root access.

Being that I am also home 95% of the time with my phone on my person at all times, physical attack surface is less concerning for me, too.

With that all being said, the (assumed) excuse that “malware” is the security risk with root makes no sense to me because whether or not I have root access, phone malware probably doesn’t need it in most cases since they’re exploiting non-root things so that they can target the majority, not minority. Not to mention I rarely ever even install apps on the phone and most of my web surfing is done on my laptop, not my phone.

Only 2 problems I have with Graphene personally is the need to give Google money, which the irony is just too much, and no option for rooting. Otherwise it seems like a pretty good OS overall. In the meantime, while I wait for those options to be more flexible so I can have full control, I just use a rooted lineage os with all the extra Google stuff (ntp, DNS, etc) stripped and replaced with my own self hosted systems.