• 1 Post
  • 34 Comments
Joined 2 years ago
cake
Cake day: June 15th, 2023

help-circle

  • I self-host various applications and have been really happy with Wireguard. After watching just how hard my firewall gets hammered when I have any detectable open ports I finally shut down everything else. The WG protocol is designed to be as silent as possible and doesn’t respond to remote traffic unless it receives the correct key, and the open WG port is difficult to detect when the firewall is configured correctly.

    Everything - SSH, HTTP, VNC and any other protocol it must first go through my WG tunnel and running it on an OpenWRT router instead of a server means if the router is working, WG is working. Using Tasker on Android automatically brings the tunnel up whenever I leave my house and makes everything in my home instantly accessible no matter what I’m doing.

    Another thing to consider is there’s no corporation involved with WG use. So many companies have suddenly decided to start charging for “free for personal use” products and services, IMO it has made anything requiring an account worth avoiding.


  • Besides the miserable experience unchecked advertisements cause, it is simply not safe to allow those advertisements to load.

    A few years ago (before SSDs were common) I noticed unusual hard disk activity when loading a popular link aggregation site. A bit of investigation turned up a Trojan on my system. After removing it and reloading that site, my PC was immediately reinfected. The site owner denied any responsibility and said it was the advertising company’s fault.

    The way the Internet operates now means no one is responsible for the content their site provides or the damage they cause. Imagine if restaurant owners were able to deny responsibility for the atmosphere in their restaurants or food poisonings they caused? IMO it’s the same thing.

    Advertisers and websites have created the “dark traffic” mentioned here by repeatedly poisoning the public and they deserve the massive loss of revenue their behavior has caused.


  • 2nd this configuration. My firewall rules block all external camera traffic and Frigate (once configured) is superb at detecting people without false alerts. All recordings are stored locally. It is disturbing just how much traffic smart devices try to send to China and Amazon, even when not subscribed to cloud services.

    Home Assistant makes everything ridiculously flexible and is configured to turn on camera sirens if someone is detected at night or while my alarm system is armed, and disable sirens and alerts when doors have been opened or the alarm has just been turned off. The open Wireguard ports appear closed to scanners so I’m also reasonably comfortable with network security.





  • It’s not a cake walk, but I’ve something similar for a friend who can barely turn on his PC.

    The OpenWRT router was fully configured before shipping it to him and the existing router’s needed Wireguard port was opened by me using the Comcast Android app. All he had to do was connect his TV to a new wifi network. That wasn’t easy, but he ultimately succeeded.






  • It is surprising how difficult most camera companies have made it to avoid their subscription services.

    Multiple companies that used to offer local rstp streaming have summarily removed support in firmware upgrades without notifying their customers. Even companies that support it (like Foscam) demand developer agreements be signed to get basic camera command information. Tp-link supports rstp but requires an phone app and Internet connection to configure their cameras.

    Like you, I will never connect my cameras to the Internet, but we are slowly approaching a time when that by itself will be a cause for police investigation.



  • But many of the signs target Elon Musk specifically, and his most famous brand, Tesla, calling the vehicles “Swasticars” and comparing Musk to a Nazi.

    Musk; “How many legacy media publications, talk shows, whatever, try to claim that I was a Nazi because of some random hand gesture gesture at a rally where all I said was that my heart goes out to you,”

    “The party told you to reject the evidence of your eyes and ears. It was their final, most essential command.” - George Orwell 1984


  • Impaired driving is also solvable. On-demand breathalyzers, smartphone saliva tests, and eye-tracking sensors are all tools that already exist to stop drunk and high drivers before they even start the ignition. Uber is already testing real-time driver sobriety verification. Why aren’t carmakers racing to put similar tech in every new vehicle?

    There’s no fucking way people will buy those cars is why. I rarely drink and will never buy a car that required a saliva test or blowing into a tube before starting. Like it or not, any car that includes that equipment would be DOA and a financial disaster for the car manufacturer.



  • Power loss protection on SSDs is an interesting addition I hadn’t come across before.

    We live in a very windy area and power blinks are common. A high endurance MicroSD was in use the first time the Pi wouldn’t boot, but I was in town and it was just annoying. It was a big issue when the Pi wouldn’t boot from the SSD while I was out of the country.

    We don’t have high bandwidth demands so any decent OpenWRT router works fine and supports both Adguard Home and Wireguard. What I really like about putting WG in particular on the router is that if the router is up, WG is working, and the routers come back up without fail after every power outage. A 2nd Wireguard instance still runs on my Pi but since switching to WG on the router a year ago there hasn’t been a reason to even connect to it.

    My problems with the Pi had me looking for other solutions and I ended up with a mini Dell laptop running Debian. (Can’t easily run WG on it due to some software conflicts.) It alleviates the need for a UPS and runs for 6+ hours if the power goes out, rather the minutes provided by my small UPS.

    One of these days I’ll find a bogus reason to talk myself into upgrading the router with more powerful hardware. Mikrotik looks like a great option and I’ll take a look at RouterOS. Thanks for the info.


  • Besides adding a UPS, how do you deal with power failures? Are you somewhere where they’re not much of a problem?

    In my experience mini computers don’t handle power failures nearly as well as purpose-built hardware.

    After several power failures the SSD on my Raspberry Pi became so corrupted it wouldn’t boot, and I was 250 miles away at the time and lost access to my home network for weeks. Overlay file systems work but are a PITA to maintain. By contrast my routers have never had a problem even with repeated power failures, so instead of relying on the Pi I’ve moved my DNS and Wireguard servers to my router.