HiddenLayer555

cross-posted from: https://lemmy.ml/post/40689539

I decided to switch to NixOS on my desktop and so far it's been great, I love being able to build out my config in the Nix file, but there is one thing I've not been able to figure out how to change. After a period of inactivity, the computer suspends (or hibernates?) and basically turns off (all the fans and lights turn off and it disconnects from the network, I don't know if it's saving the state in RAM of the drive). How do I get it to not do that and just lock the desktop and turn off the screen after inactivity? I'm using KDE Plasma and I've tried different kinds of configurations that build successfully but still don't prevent it from going offline.

After some consideration, I've decided to replace my consumer router at home with an OpnSense box I control, and use the consumer router as just an access point. The model I have doesn't seem to support OpenWrt but the default firmware supports access point mode complete with mesh functionality, otherwise I would have just installed OpenWrt on it. I still like the consumer router's mesh Wi-Fi capabilities, especially the wireless range extender, but don't trust it enough to let it be the actual root device separating my home network from the open internet. My reasoning is that by having it behind the OpnSense router, I can monitor and detect if it's exfiltrating any "analytics" data and block them. Worst case scenario I realize it's too noisy with the analytics and buy a proper business grade access point, or an M.2 Wi-Fi 6 card with some beefy antennas.

Now I'm trying to decide if I should use one of my old mini PCs or if I should get a brand new one with an up to date processor and microcode. The biggest reason I don't want the consumer router to be the root device anymore is because I don't know how well they patch their firmware against attackers constantly scanning the internet for vulnerable devices. I imagine an open source router OS with tons of eyes on it and used by actual professionals would inherently be more secure than whatever proprietary cost cut consumer firmware my current router has. I've already picked out a suitable mini PC I'm not using and the reason I even started down this rabbit hole is because I have it, but after thinking more about it, I'm worried that whatever security I gain might be undermined by the underlying hardware being old and outdated, especially since the processor is definitely pre Spectre/Meltdown and I doubt it's still getting microcode or firmware updates.

Again, the reason I ask is because the internet really wants me to think old disused computers are perfect for converting into routers, and I really don't want to buy a new computer if I don't have to. How important is the hardware for a router? Can I expect OpnSense to have sufficient security on pretty much any hardware or will a sufficiently old computer completely defeat the purpose of even switching away from the consumer router?

Alternatively, I also have another mini PC with a Ryzen 5 from 2020, and I can reposition it from its current job to router duty, though it would definitely be overkill and wasting the hardware capabilities. Would that be substantially more secure than an older Intel processor?

I also have a Raspberry Pi 4 I can put OpenWrt on, would that somehow be more secure than an x64 computer?

My VPN provider has a limit to how many concurrent connections I can have, and a workaround I've been using is to run the Wireguard client as a daemon (wg-quick@my-wg-config) and a Squid proxy on my home server, and point my local devices to the HTTP proxy port, which will route the traffic through the Wireguard connection. However, this has broken randomly multiple times in the past few months, where it will randomly decide to just not allow the server to connect to ANY internet address while the Wireguard connection is active, and no amount of network or routing table configuration changes fixes it. The Squid proxy works fine as far as I can tell, it's just the Wireguard connection that's failing, which doesn't even allow a ping to an internet address from the server's terminal (which doesn't go through the proxy). The only way I've been able to fix it is to completely reinstall the OS on the server and reconfigure everything from scratch, which is annoying and also only works until it randomly decides to break again. This makes me think I'm doing something wrong.

Is there a more "proper" or widely supported way of routing internet traffic on local devices through a single Wireguard connection? Everything I could read online says running Wireguard with an HTTP proxy server is the way to do it, but it clearly isn't very reliable or my computer is just defective in some weird intermittent way? The server is running Fedora Server 43. I've also checked for SELinux denials but there are none.

I'm aware of wireproxy but it uses a SOCKS5 proxy which is not as widely supported as an HTTP proxy and a lot of my devices (mainly phones) won't be able to access it. Also I'd like the server itself to also use the VPN, not just the devices on the proxy.

Does anyone have more experience with this and can give some advice?

I personally never really considered "Chinese knockoff" a negative term because those products still fill a niche that is beneficial to the consumer, usually very low cost entry level offerings the "brand name" companies don't bother making. Now that the "brand names" have straight up said they don't intend on making entire categories of consumer products anymore, this could be a great opportunity for Chinese companies.

There's a stereotype of Chinese brands being "low quality" which obviously isn't always true to begin with, but even if we assume it is, given the choice between a maybe lower quality product you still get to own and none at all, I think the decision is pretty clear, at least for me.

With shortages of things like GPUs, third party Chinese manufacturers can't easily jump in to fill the gap because those chips are complex and proprietary both in the silicon design and the interfaces/APIs they need to work with, so the barrier to entry is quite high. Even if they straight up reverse engineered and "stole" Nividia's designs (which I personally don't even consider unethical), they'll have a hard time legally selling them in Western markets because Nividia will sue them. And even then China is making incredible strides at developing their own GPUs from the ground up. Meanwhile, DRAM and SSDs are much simpler than a GPU and there are already Chinese offerings of both on places like Aliexpress and even Amazon (not just using brand name chips on their own board, though that's still more common, I'm certain there are also in-house Chinese DRAM and flash chips from small firms), I don't see a reason they can't just ramp up production and cash in on the shortage in the West. Though there could still be details I'm not aware of, the way I see is that all they have to do is offer something reasonably reliable and less expensive than the ridiculous prices "brand name" parts are going for nowadays (not to mention when the existing stock sells out and are no longer restocked) and I can't imagine them not getting customers looking to build custom PCs for cheap.

Again, I personally don't give a shit if they "stole" designs from the brand names or not, because I consider stealing intellectual property from billion dollar corporations to be morally neutral.

So, people more knowledgeable on how electronics manufacturing and supply chains work, do you think we'll see Chinese brands becoming more prominent in the Western consumer computer parts market now that the likes of Samsung, SKHynix, and Micron straight up don't even want to sell to consumers anymore? Or is the paradigm of buying parts to build your own computer just cooked?

I am once again dumping my raw thoughts on Lemmy and asking your opinion on them.

My first dog (and pet in general) is nowhere near the age of me needing to think about putting her down, but having a dog has introduced me to the world of opinions on whether they should be put down when they get too old.

I've read a lot of very strong pro-euthanasia pet owner opinions, even going as far as accusing people refusing to put down their pets as "cruel" or actively wanting their pets to suffer. It really seems like a majority of pet owners, at least in the English speaking world, think putting their pets down is something you should always do when their bodies deteriorate past a certain point, and every time this is brought up you get a lot of emotional comments shaming anyone who doesn't subscribe to that philosophy.

The core argument being made seems to be that when their health conditions pile up past a point, it's not "worth" letting the pet live anymore, supposedly for their sake. But when I think about it further, I ask how can you be sure? All animals want to keep living, that's literally why animals evolved brains in the first place, to keep their bodies alive for as long as possible. How can you, who is not the pet, say for sure they would prefer to die than keep living? You can't ask them, and you can't get in their mind to determine how much they still appreciate being alive. Even the oldest, sickest pet will still make an effort to keep themselves alive however they can: eating, drinking water, moving out of the way of danger, etc. As far as I know, no animal (at least the animals we keep as pets) have an instinct to just give up and stop going through the motions of life past a certain age. Doesn't that imply they always want to live?

I consider the decision to no longer live past a certain age and certain number of health problems to be a uniquely human thing, and it doesn't feel right to impose that on a pet who probably doesn't have those thoughts. Even with humans, we refrain from making that decision for them. Someone who's in a coma isn't eligible for euthanasia just because they haven't expressed a desire to live, and the most their family can legally do is to stop actively keeping them alive with technology and let them die naturally. But if they don't die right after taking them off life support, you can't just straight up kill them, they need to die by themselves. Why isn't this philosophy applied to pets, who can never consent to euthanasia? You don't have to keep subjecting your pet to more and more invasive treatments just to extend their lives by a small amount, but at the same time, what gives you the moral right to unilaterally decide when they're done with living? Why is letting your pet die naturally in the comfort of their own home seen as cruel, while choosing for them when they should die is considered humane?

What do you think? I genuinely don't know how I feel about this but want to understand the problem and where I stand on it before my dog gets old enough for these things to apply.

I have a store bought consumer router connected to my ISP's router which is in bridge mode, and it's one of the few remaining proprietary mystery boxes in my network that I don't know how to audit. I recently made a post about whether I should switch to PFsense, and this was one of my motivations (though I forgot to mention it in that post).

Is there an effective way to check whether my router is part of a Mirai botnet or some other malware that scanned the internet and found some vulnerability in my router? As far as I know, once infected, things like updating the firmware or pressing the reset button aren't guaranteed to remove it because it can just take control of those processes and persist. In my specific configuration, can malware from the internet even see my main router or just the ISP router it's connected to?

In my threat model, I'm most concerned about my local traffic to and from my server being exfiltrated by some cybercrime group as a lot of it is HTTP or HTTP proxy data. Not so much general internet bound traffic which is usually HTTPS or VPN. Obviously I don't want to be "participating" in botnet attacks or other cybercrime infrastructure either.

I use Linux on all my personal computers and privacy respecting ROMs on phones, and Pi-Hole, but a part I haven't really taken a look at is my network at home.

I currently have my ISP's smart router in bridge mode connected to a brand name Wi-Fi 6 router with a wireless "mesh" range extender. I really like the range extender because it has an Ethernet port so it's basically a "free" Ethernet plug for that room connected to a high power Wi-Fi transceiver that's faster than a lot of on board Wi-Fi antennas.

But I feel like it's probably not the best thing privacy and security wise? I already don't use the app and luckily it still has a web interface for management, but I don't know how secure the firmware is or if it has any corporate "analytics" or not. I'm thinking a PFsense or similar router software on Linux box to connect to the bridge port of my ISP's router since I was told the "Ethernet" cable connecting from it to the fiber modem won't work with a store bought router, I assume it has some kind of DRM?

I already have an old PC in mind to convert to a router. I assume I could just use the onboard Ethernet port to talk to the router and add my own USB NIC to connect to the main switch?

I don't know what to do for Wi-Fi though, could I buy two dedicated access points and put them on different floors, and have them both connected to the wired network? How hard would it be to have those be the same Wi-Fi network and have devices actually switch between them depending on location?

Also, most of my NICs and switches are from the thrift store or eBay for higher end used server parts. Is that bad? As in how worried should I be about the firmware running in those being tampered with by whoever owned it last?

I'm running a NAS on Fedora Server with LUKS encrypted Btrfs hard drives in a USB-C multi-bay enclosure. I noticed that one or both of the hard drives keep making the same sound as when I'm lightly reading or writing files from it (the closest it sounds like to my ear is something like copying to a Wi-Fi connected device where there is a bottleneck somewhere other than the hard drive, so it has bursts of activity a few times a second between idle time). Using iostat -x on my two main hard drives, I do see periodic activity every 10 or so seconds but I'm definitely not accessing anything in them, and the activity indicators on the USB enclosure are still and not blinking to indicate activity.

Should I be worried about this? To my paranoid mind it feels like something is slowly reading my files with some exploit to bypass the indicator light to fly under the radar. But I just did a clean install of Fedora Server 43 (over the previous installation which was 42) and I never installed anything outside of the official package manager and Docker registry. I've also never had this issue on Fedora Server 42 as far as I know, and the NAS is on my desk so I feel like I would have heard it ages ago if it was something frequent. There's also no unexpected network activity on the Cockpit dashboard that would indicate that files are being uploaded, though I feel like if some malware can suppress the indicator light on a USB enclosure it can probably also hide its network traffic.

Is there something standard it's doing that could explain this? Like does Fedora 43 more frequently tell the drive's controller itself to do things like defragmentation or bit rot prevention when it's idle? That's the only explanation I can think of where the drive is clicking but no data is actually being transferred that would trigger the indicator light, since the operation would be entirely within the drive itself.