• 4 Posts
  • 66 Comments
Joined 1 year ago
cake
Cake day: September 28th, 2023

help-circle



  • You’re probably not exposed to the big internet. But that’s no excuse for poor security. I’d look up a hardening guide for your operating system.

    You should also look up hardening guides for any applications you plan to run, and follow simple security measures like not logging in as root/admin, strong passwords, 2FA.

    Not to say you’re at risk, but its good practice to make secure your default. Doing this will help you understand the basics of system security and the risks that systems have.






  • Boring@lemmy.mltoSelfhosted@lemmy.worldNetwork upgrades checkin
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Ooookay… Took me a second to wrap my head around the layout… Originally I only looked at the picture, which only shows a single switch.

    This is an odd topography. Typically when working with switches, you want them connecting directly to the router and not connected to another switch.

    You are going to have bandwidth issues out the ass, along with having a troubleshooting nightmare when something goes wrong and you need to trace packets.

    Right now you have a hub and a spoke inside a hub and spoke.

    Since it looks like your Asus is just an AP in this scenario, you’d be better off:

    • hooking both switches to the ISP router
    • enabling DHCP on the ISP router for the 2.5g switch
    • set your 1g switch to a different subnet, with default gateway to your ISP router
    • enable dhcp for different subnet
    • add Asus for WiFi ability on new subnet

    You can then play around with VLANing on the managed switch. You won’t be able to separate IoT and Personal WiFi signals with VLAN. Youd need to create a guest SSID for that functionality and change the channels to 6 and 11 so you get good bandwidth

    Edit: this is assuming you have a layer 3 switch, if its a layer 2 I would use the Asus as a router/AP and hook it directly to the ISP router and hook the switch up to the Asus.




  • Fair point. But GPS signal from a submarine is almost impossible considering GPS needs LOS.

    LTE has a range about 10miles and 5G is also LOS. So its brings it down to unlikely that an Apple watch could connect to cellular.

    Considering this is underwater and radio waves attenuate very quickly in the water, this is very unlikely to produce any valuable tracking as a majority of the packets would get dropped if any make it to the cellular tower at all.

    Only real way someone could track this submarine via cellular would be if they used a cell site simulator and downgraded the signal to 2g, which would be possible with Chinese cellular providers… But this would require already knowing where the submarine is and/or having stingrays all over the ocean.



  • Boring@lemmy.mltoSelfhosted@lemmy.worldNetwork upgrades checkin
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Looks like it’ll work. You should look into flashing that router with openwrt or pfsense and VLANing off those smart devices… They can be a security issue.

    Also adding a second AP that you place on a different channel for guest and untrusted devices would work and increase bandwidth, but adds some routing complexity.





  • Tails isn’t really designed for daily driving. I’d go for a user friendly distro like Ubuntu if you an on switching from windows.

    It is possible to make windows a little more private if you didn’t want to switch. Here’s a pretty good guide in modifying the the iso before installing: https://www.tomshardware.com/how-to/create-custom-windows-11-install-disk

    Modifying window does help users gain more control and privacy, but windows is proprietary so a person can only do so much. Be careful on what you remove if you GI this route, windows relies on weird apps to function.

    Another note, I wouldn’t be afraid of torrenting. The inky person that would care that your getting free movies and such is your ISP, and you can just flip on a VPN to clear their radar.


  • Yea, I haven’t played with it too much. You’ll ever have to host your own SMTP server to send it or use gmail or protons SMTP service.

    Doing it yourself might cause big companies to send your mail to spam or possibly just drop the packets cause you’re not using a trusted IP, have the wrong DNS settings, etc. and your ISP may even block port 25

    This can be circumvented by using a SMTP relay service but can still have some issues like mail sending limits.


  • I would have a failsafe, like use a major email provider for emails that you need to go through for like work order government stuff.

    Hosting your own email is a great learning experience and is fun to do; but your emails will get marked as spam, you’ll have to constantly perform maintenance, and have major reliability issues.

    Most of the issues youll have are fine for personal use, but is dicey if you plan to migrate 100%

    Edit: receiving email is less of an issue of sending. The forwarder should be reliable, however, its the sending from the forwarding address that would possibly be an issue.


  • I’m just saying that collaboration with or association with spooks or glowies isn’t in itself a red flag.

    Many privacy and freedom granting software is made by these people.

    Take Tor for example, made by the navy to hide information from the public and anonymously attack networks of adversaries… Yet now is the NSA’s biggest obstacle in mass surveillance.