Album

Wrt lan deny all for the fam, it’s mostly hard on gamers cuz games tend to use wide port ranges and outbound IPs are potentially home isp networks not the game servers. But yeah it takes some time and research to really lock it down.

Most stuff is running through web protocols though. So right off the bat you create allow rules for any LAN device to hit ports: 80, 8080, 443, 8443 which are your common http and https ports. That’s gonna get most ppl what they need.

I do ASN based allows for certain applications like Google, Facebook, etc.

For consoles they’re pretty locked down so just give them full allow to the Internet. I don’t do that actually but it’s probably the better way.

IOT devices get only the ports they need to the IPs they need.

when you said you are using unbound instead of using DoT forwarding, you mean instead of allowing clients to DoT forward, right?

No I mean my unbound determines DNS for something like microsoft.com all by itself. It calls up the root name servers, finds the com nameservers, then asks the com nameservers for Microsoft. And for any subdomains it asks the MS name servers. This is instead of relying on external forwarding services like 8.8.8.8 or 1.1.1.1 or quad 9 or whatever. At least the former two are sure to be aggregating this data.

Additionally I do not allow devices on my network to reach out to external port 53, or 853 to circumvent lookups on my unbound by reaching out directly, which would then bypass the DNSBL. Anything for port 53 gets NAT’d to the unbound server. You can’t redirect TLS attempts so those get hard blocked.

Curious to your IDS solution

Securicata is what opnsense uses. Pretty easy to set up.

I have an n100 box that I put opnsense on for routing, firewall, DHCP, DNS and IDS. It uses unbound for DNS and so I’m leveraging the blocklist functionality in unbound. And then I use unbound to resolve instead of using DoT forwarding.

Dnsbl is only a small component of effective network security. Arguably the firewall is most important and so I have a default deny all for any device on my LAN trying to reach the Internet.

All applications need specific allows. Thus internally no device can use dns over tls because 853 is blocked by default. Then I use a DNSBL to catch known DoH by domain since the cert is provided by domain name.

It’ll also be wrong in every application you run in your browser. Even local sites.

I get this every week on a SharePoint connection. Just powerbi things.

This email is talking to you as a user of other libraries not yours, not as a server owner.

“Alternatively, server owners can purchase a Plex Pass, which will grant you continued remote streaming of libraries that you have been given access to.”

As communicated previously, Plex pass users also get the benefit of the “Remote watch pass.”

Yet another excuse to keep checking our phones.

What? You think Google cares to wait 3 days to make you check your phone? No if that was their objective you’d be checking earlier.

The point here is to keep encryption keys out of memory on a device you haven’t used so that someone with physical access to your phone can’t pull the keys.

ppl are silly

i know i use IF.

I’ve been using LW & Mull/IF before the outrage-TOU update and while they’re great for me I wouldn’t recommend them to everyone. I still keep FF as a backup and many ppl should continue to use FF for the time being as it was JUST A TOU update…for now.

Imo it’s hotspot temp. At least on my 2080ti if my hotspot reaches 104C (from thermal paste pump out) then the blower fan will go 100% which is insanely loud like a hair dryer.

A repaste will fix it till it pumps out again so next time I’m using a phase change material.

Do you understand what an analogy is?

Yes, hence it being a shit one.

Anyways, Firefox is the project. All of those other “projects” are mostly configuration changes of the upstream project- not even code changes.

No, for example fennec for fdroid which is the base for mull or ironfox has multiple code deletes to remove unsolicited data sent to Google.

When Firefox decides to become hostile to those “other” browsers you use- they’ll be able to do fuck all about it.

That’s not how open Source works…

As someone who has never used Firefox only librewolf/mull/ironfox this analogy is asinine. Switching browsers is trivial and not at all like dealing with the threat of violence. It’s exactly bullshit like this that is tiring. No one is really thinking just making unintelligent quips and reactions or parroting the bullshit of others.

Ddg obviously hasnt updated it’s cache. Safetnet is new. Had a high rating at 4k reviews and the obviously social media misrepresents it and ppl flock to the store to drop 56k+ reviews on something they now misunderstand. So in just a few weeks the rating has changed dramatically and now ddg needs to update the cached review score.

Not that reviews matter for this app.

Yes like most things this is misunderstood, bandwagoned and thus overblown.

Getting tired of social media. Even Lemmy.

The other one is the Firefox tou update… Not saying it won’t eventually be a problem but as of today it’s not sending your data to Mozilla. You have time to see how this pans out.

Mull was built off of fennec for fdroid. Iron Fox is a fork of mull though I don’t know if it’s still using fennec as a base since forked.

:( don’t remind me

God I wish EA had never bought Westwood. They used to make bangers. That was the start of enshittification. We knew it was shitty back then and it never really stopped being shit. 30 years later EA pretends to be good by releasing source. Kind of meaningless.

Thankfully in my youth I was given the space to be my true self, so now that I have a job/wife/kids with a ton of responsibility and have to “pause” some of my self, I don’t mind it was I was really quite self centered and self absorbed for the first 30 years of my life. I balanced school with going out or doing my hobbies.

My true self now is a passion for my family and my job, and I know that long term my kid will become distant and I wont always work so for the moment I am happy to be “paused” and still carve out some time for myself 3-4 hours a week to enjoy my hobbies by myself. But the real trick is integration, my son knows that the real me is someone who wants to do a lot of activities with him all the time, and so I take the time to participate in his hobbies, and naturally he is very interested in learning mine or watching me do mine.

The dev that supported Mull also made significant contribution to fennec, though it still has it’s maintainer, So I’m nervous about fennec’s long term suitability.

https://www.reddit.com/r/fossdroid/comments/1hlg8zx/seeking_collaborators_for_mull_browser_fork/m3tsp0p/?context=3

wow i havent thought of bleem! in 20 years