What a fantastic website not to visit

Mooltipass looks sick actually. I have my reservations regarding the ble part, but I would have to look into it more to understand it. Might get one to check around how well it works (once availability is there)

Curiously enough, I never heard of those. Do you happen to know good ones so I can further check?

Do you want to know the kicker? There are banks (yes, you heard me right) that straight up don’t allow more than 20 chars. 20!!! And they say you got to use the app for X things because it’s secure and shit (e.g.: use the app to 2FA credit card transactions). Meanwhile, does not allow you to add a yubikey for Fido authentication

I am not sure if by any chance they do the extra mile to check on that. However, as a rule of thumb you should try to keep private stuff away from work stuff, meaning, at work maybe is not the best idea to boast about your reddit profile where you happen to follow some nsfw stuff (or other stuff that can be considered offensive and/or can lead to controversy). I would imagine they try to check things such as accounts attached to an email or phone number (for instance). If a set of aliases were used for this (or different info) from your work email phone etc., you should be able to keep it separate.

Fantastic. Time to deliver opnsense and/or pfsense to the masses. Or better, recycle a router with openwrt or similar

I was making a quick check, and yes, the DoH situation is a bit more dicey. From how I see it, the best way to make this work is to, at the firewall level, either block as much as possible any requests that look like DoH (and hope whatever was using that falls back to regular DNS calls) or setup a local DoH server to resolve those queries (although I am not sure if it is possible to fully redirect those). In that sense, pihole can’t really do much against DoH on its own

EDIT: decided to look a bit further on the router level, and for pfsense at least this is one way to do this recipe for DNS block and redirect

Hm… I am not familiar with that device myself, and since I use opnsense for a while I forget most people do not use routers outside of the provided one.

But in a theoretical sense, this firewall rule should look something like this:

• origin of traffic is any IP that goes into port 53
• outgoing traffic has to go to pi hole on port 53

Forgot to mention the port but that’s it. Notorious devices like smart TVs and consoles like to use the hard coded DNS method

It does. Probably op meant something different

Pi hole is an amazing tool and gives a lot of insight on what is being queried and blocked against the block lists. Also, makes completely transparent on the entire network to have nasty things blocked. One thing I will mention to make the setup better: make sure on the firewall level you can have a rule that makes every request for a DNS to go through pi hole. Some devices will use a hard coded DNS instead of respecting the one on the network

I was reading about it and I actually like a lot this solution’s principle. It reminds me a lot of puppet which I have seen before (for other kind of tasks) to orchestrate several computers. Big shame it works on windows though, since I have a server with docker on ubuntu server at this point and was not really looking forward to change that. But thanks for the suggestion, is for sure very interesting

Nowadays I sort of do this with seafile. Select folders to sync, open the app every other time to resync stuff, carry on with your day. The only thing I wanted to take away if there is a better way to not have a massive hassle to reinstall everything in case something happens (and in case I forget to select a folder to sync also).

But your suggestion I think is very valid as well. At least for mint have a way to make a more automated installer or similar to get the stuff I use usually. Yet another rabbit hole to go into…

I checked a couple of times time shift, but it’s a shame not even ftp is allowed as a backup destination.

As for restic, will give a check later

EDIT: just read about restic, and I think this can be the solution I was looking for. Docker image is available and all, so for me that is a big plus. Once I have the chance I will test drive it and see where it goes. Thanks!

Had to search for a while what even pxe boot is, but I believe I came around the suggestion. I like fogproject main idea, sounds like a way to deploy thin clients or similar. Not exactly what I am looking for,but it’s good to know this exists. Thanks!