BearOfaTime

BearOfaTime, 1 year ago

Tailscale just solves so many these types of problems.

With a virtual network, you mo longer need tools that work over the internet - just use the same tools as you would on a LAN.

I’ve used Hamachi this way on windows since about 2006. I’ve waited for an Androidi/iOS client, but it never appeared. Glad to see Wireguard/Tailscale step in to fill that gap, and it’s self-hostable!

BearOfaTime, 1 year ago (edited 4 months ago)

Not sure why you need a new router for PiHole. If your machines all point to the Pihole for DNS, it works. Router has almost nothing to do with what provides DNS, other than maybe having it’s DHCP config include the Pihole for DNS.

Even then, you can setup the Pihole to be both DHCP and DNS (which helps for local name resolution anyway), and then just turn off DHCP in your router.

As I understand it, Tailscale and Nginx fulfill the same requirements. I lean toward TS myself, I like how administration works, and how it’s a virtual network instead of an in-bound VPN. This means devices just see each other on this network, regardless of the physical network to which they’re connected. This makes it easy to use the same local-network tools you normally use. For example, you can use just one sync tool, rather than one inside the LAN, and one that can span the internet. You can map shares right across a virtual network as if it were a LAN. TS also enables you to access devices that can’t run TS, such as printers, routers, access points, etc, by enabling its Subnet Router.

Tailscale also has a couple features (Funnel and Share) which enable you to (respectively), provide internet access to specific resources for anyone, or enable foreign Tailscale networks to access specific resources.

I see Proxmox and TrueNAS as essentially the same kind of thing - they’re both Hypervisors (virtualizatiin hosts) with True adding NAS capability. So I can’t think of a use-case for running one on the other (TrueNAS has some docs around virtualizing it, I assume the use-case is for a test lab, I wouldn’t think running TN, or any NAS, virtualized is an optimal choice, but hey, what do I know? ).

While I haven’t explored both deeply, I lean toward TrueNAS, but that’s because I need a NAS solution and a hypervisor, and I’ve seen similar solutions spec’d many times for businesses - I’ve seen it work well. Plus TrueNAS as a company seems to know what they’re doing, they have a strong commercial arm with an array of hardware options. This tells me they are very invested in making True work well, and they do a lot of testing to ensure it works, at least on their hardware. Having multiple hardware products requires both an extensive test group and support organization.

Proxmox seems equivalent, except they do just the software part, as far as I’ve seen.

Two similar products for different, but similar/overlapping use-cases.

Best advice I have is to make a list of Functional Requirements, abstract/high-level needs, such as “need external access to network for management”. Don’t think about specific solutions, just make the list of requirements. Then map those Functional requirements to System requirements. This is often a one-to-many mapping, as it often takes multiple System requirements to address a single functional requirement.

For example, that “external access” requirement could map out to a VPN system requirement, but also to an access control requirement like SSO, and then also to user management definitions.

You don’t have to be that detailed, but it’s good to at least have the Functional-to-System mapping so you always know why you did something.

BearOfaTime, 1 year ago

Lol, sarcasm received, loud n clear!

Yea, they all suck that way. I still use my own router for wifi. It’s just routing, and your own router will know which way to the internet, unless there’s something I don’t understand about your internet connection. See my other comment below.

Yea, requirements mapping like this is standard stuff in the business world, usually handled by people like Technical Business/Systems Analysts. Typically they start with Business/Functional Requirements, hammered out in conversations with the organization that needs those functions. Those are mapped into System Requirements. This is the stage where you can start looking at solutions, vendor systems, etc, for systems that meet those requirements.

System Requirements get mapped into Technical Requirements - these are very specific: cpu, memory, networking, access control, monitor size, every nitpicky detail you can imagine, including every firewall rule, IP address, interface config. The System and Technical docs tend to be 100+/several hundred lines in excel respectively, as the Tech Requirements turn into your change management submissions. They’re the actual changes required to make a system functional.

BearOfaTime, 1 year ago

Lol, yea, it’s old, was built for performance, and hasn’t run right in a while.

I’m looking to setup a NAS and turn that thing off

BearOfaTime, 1 year ago (edited 4 months ago)

Nice!

Yea, I’ve been eyeing a box like that, looks like it could be useful.

Yep, it’s all tradeoffs, gotta know what you’re shooting for. My Pi cost $5, I’m using an old phone charger (I have many), and an old microsd. If anything fails, I just grab another from the junk box.

All I know with my current use-case is I can’t measure the power consumption with the tools I use. I imagine that means under 5w draw (not really sure what it’s capable of measuring).

BearOfaTime, 1 year ago

But only if both ends use the same app.

Which I always thought was a smart path forward, just getting people to switch apps, even for SMS, isike puling teeth.

BearOfaTime, 1 year ago

Nope.

They’re on the ropes.

Keep pummeling them. There’s no integrity behind this, and going along will just let them get away with their bad behaviour.

They played the “We’ll sue your ass off” card first. That means it’s already in the legal realm, they never even triedto work with the OSS community, they basically said “fuck you” until the community replied, very clearly.

Had the community not responded by replicating the repo 1000+ times, and making a story about it, they would’ve continued down the path of slapping the little guy around.

They now realize they can’t compete with potentially 1000 people working on this, against them. They also fear they’ve pissed off some technophile who has some serious skills or connections. Wonder if they saw a sudden increase in probes on their internet interfaces.

Make it hurt. Let them be the cautionary tale.

BearOfaTime, 1 year ago

Tailscale has a feature called Funnel that enables you to share a resource over Tailscale to users who don’t have Tailscale.

Wonder if Wireguard has something similar (Tailscale uses Wireguard)

BearOfaTime, 1 year ago

Also very good advice

BearOfaTime, 1 year ago (edited 11 months ago)

I don’t see it turning around otherwise at this point.

The last 20 years have made clear these people can’t can get away with literal murder, have it in the news, and nothing happens. From JFK, to Ruby Ridge, the “suicides” of Jeffrey Epstein, et al.

Blatant violation of law by those in office without repercussions.

I’m not saying it happening tomorrow, but we only have to look at things like the French Revolution to recognize a line has been crossed, and these criminals have no fear of the law, as it’s been captured right along with so many regulatory agencies.

BearOfaTime, 1 year ago

What VPN? What’s its’ endpoint?

Are you at home with this issue, or outside of your network?

The first thing that comes to kind is VPN usually doesn’t do split-tunnel by default, so it’ll consume all your traffic instead of allowing local traffic to go to the LAN with all the rest going VPN.

There may also be a filtering of services permitted through the VPN, so if it’s not split-tunneling, it’s trying to route everything, but blocking streaming.

I wouldn’t want all my traffic going out a VPN only to come back into my LAN via a VPN connection.

I’ve seen similar issues with apps like Tailscale or (a long time ago) Hamachi, where the system resolves to the Mesh network IP before the local IP, routing local traffic over the VPN/Mesh instead of the LAN.

Verify your VPN has a setting to permit local traffic/connect to local network.

BearOfaTime, 1 year ago

Sadly it’s only getting worse.

Google and hardware manufacturers aren’t motivated to make open devices. Quite the opposite, really.

They learned their lesson from the BIOS wars of the 80’s that resulted in standardized hardware interface, so any compliant OS could be installed. This is what gave MS the ability to beat IBM at their own game, and prevented strong DRM.

Phones don’t have a standardized BIOS like that, so each brand requires drivers built specifically for it (also a bit of a result of using Linux as the base, since it’s a monolithic OS). Without those drivers you can’t install an OS, and each device is different.

Google and friends like it this way, their long-term goal is fully locked down phones that you don’t control and can’t modify, so they can fully implement DRM.

BearOfaTime, 1 year ago

They can do so with a smartphone too, they both use the same cellular network, so same voice calls, same plain-text text messages (SMS is a feature of the cellular network management, messages are injected into the cell management frames).

Even worse, smartphones use AGPS, so download from AGPS servers (providing another point of location data) and using that ephemeris data to improve location update times.

BearOfaTime, 1 year ago

Lol, having separate devices is more convenient?

The smallest camera I can pocket weighs 5x my phone, is about 10x thicker.

GPS, same.

Mp3 player, about the same as my phone.

Computer/web browser? Well, nothing is as small as a phone.

I get all that in a single device with a phone weighing 8oz, measuring 6"x3"x3/8".

Separate devices is better if your use-cases for them have strong independence (e.g. Only use GPS in the car/on motorcycle, only use a camera when doing dedicated photo shoots, etc). If anything I’d say multiple devices is less convenient even then, it’s just that those devices work better for those use-cases, making the tradeoff of less convenient worthwhile. I’d much rather use a dedicated camera sometimes (and do), when I’m taking lots of pics and want to go faster.

But for most people, these activities are strongly related, and occur throughout their day. It would be far less convenient to carry multiple devices and have to pull them out and handle for these activities.

BearOfaTime, 1 year ago

You can setup Android without a user account. I’m not sure about iPhone, I don’t believe that’s an option in the setup process (but it’s been a while, since I set mine up).

BearOfaTime, 1 year ago

Why should I?

BearOfaTime, 1 year ago

Lol, wow. What kind of BS is that?

May have been useful, say 15 years ago. Even then machines were plenty powerful.

BearOfaTime, 1 year ago

Sounds like something I need to get… Off to github I go! (I assume)

BearOfaTime, 1 year ago (edited 1 year ago)

IPhone users have a weird obsession with Blue bubbles. The rest of us find it childish and annoying. They refuse to use any messenger other than iMessage.

I have a friend, not currently on iPhone, who was having trouble with SMS (note that SMS has a known message failure rate of about 10%+). He refused to switch to another messaging app, doesn’t want to have multiple places to message from. 🤦‍♂️

This is the mindset of iMessage obsessors. Frankly I see it as pretty juvenile. They don’t want to put effort into solving a problem.

This same person always has dozens of notifications sitting in the notification shade. Stuff you just don’t need to see, that Android lets you silence. Or just app notifications. Well no wonder he doesn’t want another messenger, with that much garbage he wouldn’t know he got a new message.

BearOfaTime, 1 year ago

Really, it’s a lie that I’ve heard from people I know?

We have people of all ages in our family, and we hear the bubble issue, especially from younger folks.

Please tell me again how it’s a lie.

BearOfaTime, 1 year ago (edited 1 year ago)

Sounds like it transfers the ID Out-of-band, so that’s good, does the desktop get the chat history then? (It’s possible it pulls chat history from the phone).

Oh, I agree with the closed source issue. That makes it a no-sale for me.

BearOfaTime, 1 year ago (edited 1 year ago)

I carry an iPhone for work, corp IT manages it, I use little more than comm stuff there, so theres no advantage to having an Android. (Before that my work phone was a blackberry, because I need work calls, email, messaging, etc to just work, and you couldn’t beat the battery life).

My personal is Android, because I want the tools I can use there.

Two very different use-cases.

And I really dislike iOS UI/UX, the limitations are very constricting. But for the basics it “just works”, but it isn’t something to recommend for privacy.

BearOfaTime, 1 year ago

Flash a third party OS like Graphene/Lineage/DivestOS. No more bloat.

A Pixel is rootable, which would enable you to remove whatever you want. Though I prefer starting clean.

BearOfaTime, 1 year ago

Just avoid carrier-branded phones. Those are often boot locked.

BearOfaTime, 1 year ago

Simplex has been out for a year or so.

It’s tough getting people used to systems that respect privacy, since Out-of-band ID sharing is part of that.