I think its better to keep your gateway basic, and run extra services on a separate raspi or similar. Let your router/gateway focus on routing packets.
I think its better to keep your gateway basic, and run extra services on a separate raspi or similar. Let your router/gateway focus on routing packets.
Openwrt can run Adguard, and as long as your gateway can run docker, you can probably get pihole working.
I’m not sure there is a “mentality of ephemeral code” in open source projects. The source is literally available on github or similar, and anyone can mirror it as they like.
If it is popular enough, then the project is probably backed up in the github artic vault as well.
If its an open source project, the answer is to rebuild from the tagged source.
Eg: https://github.com/fastapi/fastapi/tree/0.112.4
With the right repo setup, you can pip install git+https://github.com/fastapi/fastapi.git@0.112.4
(example only, not sure it works), so pypi doesn’t need to keep all previous wheels, its just easier for it to do so.
Any idiot and chatgpt could knock up an overt always listening app in an afternoon. I have no doubt shady apps already can do this. Its not hard or expensive. (Backend storage and audio processing costs are a different kettle of fish, and I think those make this fairly prohibitive as well, but that’s a funding problem, not a technical problem.)
But as soon as they make the claim that it doesn’t trigger the microphone LED on iOS and Android, across all devices, then that’s a “technically hard” problem. That’s multiple zero days across multiple devices. Its just not feasable for an ad tech firm. They would never be able to recoup that investment.
I’m happy to be proven wrong, but so far all the researchers in the world have found nothing.
So I’m attributing near 0% chance that anyone outside of nation states have the later tech (device agnostic covert audio recording).
The capabilities TLAs have costs hundreds of millions of dollars to develop, and once caught, are worthless. TLAs are extremely careful with their toys to avoid them being caught.
This Adtech company is claiming to have something at that level, which they are deploying everywhere. If it existed, it would have been found the day after they announced it, the security researcher industry would be all over it. They are very intelligent people who do understand those devices inside and out, if it existed they would find it. Remember, these are the same researchers who frequently out actual TLA tools.
You can’t prove a negative, so it definitely is a probability thing, but I put the probability at basically 0 that they have what they claim.
The capability they were claiming to have would make a three letter agency very excited. If they truely had the ability to listen to your microphone, transparently without notifying the user, they could sell that tech to every regime that wants to snoop on people, for millions of dollars.
Instead they claim to be using it for Ad-tech, where if it existed, would make it trivial to discover and flag as malware.
Apple and Google would also be very keen to find and squash whatever loophole let’s them record without showing the notification.
Its just an extraordinary claim, which if true would have been exposed/validated by security researchers long ago.
Not disputing the three letter agencies, but there is zero evidence that that ad company ever had the tech or ability. They were/are just full of shit.
This was pretty clear when observing the output of tldrbot. It would just randomly select paragraphs, ignoring surrounding context, and call it a summary.
For openwrt+wireguard, see: https://cameroncros.github.io/wifi-condom.html
Looks like tailscale should work in openwrt: https://openwrt.org/docs/guide-user/services/vpn/tailscale/start
For the wireguard server, I am using firezone, but they have pivoted to being a tailscale clone, so I am on the legacy version, which is unsupported: https://www.firezone.dev/docs/deploy/docker
Edit: fixed link
That is likely a speed test server within the same data center as your vps, or they have special traffic shaping rules for it.
Try using iperf from your local box to the VPS and see what speeds you get
Never heard that term, but its a very obscure concept, so wouldn’t surprise me if it had multiple names. Probably vender specific names?
Seems quite a few people havent heard of it, hence a lot of the split DNS answers :/
I can’t remember exactly what its called, but something like router NAT loopback is what you want. I’ll have a look around. But if you set it right, things should work properly. It might be a router setting.
Found it: https://community.tp-link.com/en/home/stories/detail/1726
4 cores is a bit limiting, but definitely depends on the usage. I only have 1 VM on my NUC, everything else is docker.
I thought all the core processors had VT* extensions, I was using virtualization on my first gen i7. They are very old an inefficient now though.
I5 3470 is old, but its not that bad. Lots of people are homelabing on NUCs which are only very slightly faster. Performance per Watt will be terrible though. (I am on an i7-10710u, and I’ve yet to run out of steam so far - https://cpu.userbenchmark.com/Compare/Intel-Core-i7-10710U-vs-Intel-Core-i5-3470/m900004vs2771 )
It has VTx/VTd, so should be okay for proxmox, what makes you think it won’t work well?
At 8tb, I can’t find any, but here is a 5tb disk:
https://www.amazon.com.au/Seagate-Barracuda-Internal-Drive-Factor/dp/B01LXO31IZ/ref=mp_s_a_1_13
Check the thickness though, your device may not accept 15mm disks.
The OPs device can take a nvme SSD and an internal HDD. Unclear if the current SSD is nvme or not though, but I assumed it was nvme.
The USB connection will likely be quite slow, and some external harddisks will power save aggressively.
You could get a largish 2.5" HDD and hook it up internally, might be a middle ground cost-wise?
Its likely to be a slow rollout thing. I havent either for what its worth.
I did have a couple of videos fail to play, but they worked on refresh so I assume that was unrelated.
That’s just what CMG claimed to have.
But to be useful for an advertising network, it kinda needs to be installable on everything. And if it failed to suppress the mic LED on a single device, it would be very easily noticed?