Now THAT sounds like a smart solution! I’ll look into it! :) I can ask my ISP to give me a static address for my home. But something needs to prompt the ssh command “at home” to connect to my second computer, right (actually Termux on my Android phone)?
And then there is user management and permissions that I could sprinkle on top that.
I’ll check it out.
True. Hadn’t thought of that. Maybe I could make the address extremely long and arbitrary? And “hide” it behind my e-mail alias service?
But I absolutely understand the security implications.
Hm… I’d run the script/service with root privileges and make the commands concise one-liners, maybe… I’m actually only looking at the shutdown command , presuming that it does sync and umount gracefully…
Maybe I could reduce security risks by creating a user that can only run shutdown. And make it so that only that user can access (download, print, execute) emails?
I quick search led me to: https://www.tencentcloud.com/techpedia/101586
However, in an ordinary consumer grade scenario, I don’t see how anybody other than the ISP could send ICMP messages to one’s router, which is why I don’t worry about it.
I agree! But to be honest, pre written, essay like, high paced presentations like this one are sometimes hard to follow for nonnatives like myself. Even if his witty expressions really are a nice touch when I do get them!
I just wish there was an open source alternative to my BIOS on my ASUS motherboard. Coreboot and Libreboot only work with laptops, if I’m not mistaken.
Also, some proprietary blobs are unfortunately still more performant than their open source counterparts, such as WiFi NIC drivers.
I guess one just has to decide whether to prioritize performance or to take a stance and a stand✊
That’s absolutely right. Haven’t used wireless debugging in a long time.
Totally agree! Samsung, which I use, allegedly intends to - or has maybe already - blocked bootloader unlocking in their latest OS update, One UI 8. To be on the safe side, I intend to stay on version 7. Still, it does “punish” me with a warning screen at ever boot, saying YOU’RE NOT USING THE OFFICIAL SOFTWARE BLABLABLA.
On another note, I remember the good old days when there were small businesses around the corner in my city that specifically did bootloader unlocking, gaming console modding and some other stuff that today is either unfeasible, finable or just straight illegal and punishable. Sad.
I also remember having successfully setup a raspberry pi for the first time ever in order to use it as a media hub. The first thing I did was to fire up Netflix - which I since have parted ways with - only to be greeted by a message that said that they don’t allow usage of their services on open platforms. Mmmm the rage that builds up inside of me as I’m typing this. Sorry, this last one didn’t have to do with bootloader unlocking and relocking.
100% worth it even without a custom OS.
I have been using my rooted S23 since it came out. Rooting it made it possible to edit the hosts file (to block malicious ads and domains), run a firewall (to block internet connectivity for certain system apps that I will not remove in order to retain certain functions) and use a VPN, all at the same time.
More specifically, I rooted my S23 following this guide: https://topjohnwu.github.io/Magisk/install.html
I created a custom hosts file using AdAway: https://github.com/AdAway/AdAway
I block internet connectivity for certain apps whose removal would break certain functionality with AFWall+ https://github.com/ukanth/afwall
These are the apps that I block: https://pastebin.com/SViEKXXd
I only unblock Google Play once every month to update system apps. The rest of my apps I install with Obtainium: https://github.com/ImranR98/Obtainium and I manage them with App Manager, with which I also disable internal trackers, dangerous operations and permissions: https://github.com/MuntashirAkon/AppManager
The above App Manager also has integrated UAD: https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/
Sorry for all the unsolicited advice. Finally, rooting your device/unlocking the boatloader introduces the technical risk of anybody with the skills being able to manipulate your device if they physically get their hands on it. Which is just fear mongering and doesn’t say much, since you hopefully wouldn’t trust your device even if the bootloader is locked if it has been in an unauthorized person’s hands.
EDIT: unlocking the bootloader on recent Samsung devices pops a physical fuse inside the device. Even though this doesn’t affect any functionality and you can relock the bootloader if you ever wanted to go back to stock Samsung One Ui, this makes it impossible to hide the fact that the device’s bootloader once was unlocked. What repercussions this entails - if any - you will have to decide for yourself.
EDIT2: am I remembering correctly that some Knox functions stop working after popping the fuse? Like secure folder, payments or whatever? This doesn’t affect me, but for OP’s sake.
Good luck! 🫡
Thanks for reminding me about firmware updates! I was two releases behind on my routers firmware. 😬
“Limit the blast radius” was so easy to understand. Thanks! I’ll make sure to segment and lock down each device.
Thanks! That was my thought too, but at the moment, I’m running a block all inbound, allow all outbound traffic configuration, which I know is less secure, but I haven’t quite figured out what rules (addresses and ports and states) I need to put into the output chain. Being a beginner, I know that I need ports 80, 442 for websites but that’s about it… Is it 53 for DNS? But what if I use my VPN provider’s DSN? Is it still 53? Well, as you can see, I have some studying to do. 😄
Thank you for the quick and detailed response! I learned a lot, not only about the two technologies but also about how to approach network security in general. 😊
Just read the whole FAQ section and it’s a really cool idea on how to circumvent censorship and attain some level of plausible deniability! I’m not quite ready to run a Hyphanet node though, since I’m not yet comfortable with the notion of storing other people’s data on my drives in this anonymous format. Which is a bit hypocritical since I already contribute with nodes on other networks/solutions that don’t require me to store others’ data, just let it pass through my equipment… Maybe I just need to sleep on it. 😅 Anyway, thanks for sharing! 😊
https://github.com/hyphanet/wiki/wiki/FAQ#can-i-get-trouble-if-i-run-a-node
Thankfully, it’s open source and anybody with the appropriate skills can take up the mantle. 😊
Aaand just like that my life has meaning again
Where have you been my whole life
Thanks! I’ll noodle it around a little. :)