Blaster M

Realistically, the skip should be named “Desktop”

Whoever is using dialup in 2025… your tenacity is admirable.

Block new connections inbound on the router’s wan. Also block ping if you don’t want pings to find you. That’s the most basic setup for firewalling on the udm, ipv4 and 6. Every router in 2025 should be able to block new inbound on ipv6.

Let me one up this. IPv4 NAT is like the pizza guy has to deliver to you, but you live in a gated community with a strict no visitors policy, which does not allow you to even mention what unit you’re in, and none of the addresses in the community are registered with the post office or on Google Maps either. Instead, you tell the guardhouse you want to order, and they order the pizza for you. The pizza guy delivers to the guardhouse, and the guardhouse delivers the pizza to you.

IPv6 (with firewalling) is like a normal gated community, you order the pizza and include the unit number, and the delivery driver can deliver your pizza directly, as long as the guardhouse approves.

The difference is, with NAT, the guardhouse has to both guard (firewall) and route (keep track of all deliveries, and deliver) your packages, where with IPv6, the guardhouse (firewall) only has to guard (firewall) the packages.

Skill issue

IPv6 is easy to do.

2000::/3 is the internet range

fc00::/7 is the private network range (for non routing v6)

fe80::/64 is link local (like apipa but it never changes)

::1/128 is loopback

/64 is the smallest network allocation, and you still have 64 bits left for devices.

You don’t need NAT when you can just do firewalling - default drop new connections on inbound wan and allow established, related on outbound wan like any IPv4 firewall does.

Use DHCPv6 and Prefix Delegation (DHCPv6-PD) to get your subnets and addresses (ask for a /60 on the wan to get 16 subnets).

Hook up to your printer using ipv6 link local address - that address never changes on its own, and now you don’t have to play the static ip game to connect to it after changing your router or net config.

The real holdup is ISPs getting ultra cheap routers that use stupid network allocation systems (AT&T) that are incompat with the elegant simplicity of prefix delegation and dhcp.

GrapheneOS here we come

…and this is where sanitizing inputs becomes even more important…

Is there something you absolutely need root for? Or can you get away with not having root? It is always better to not have root capability, as that is a huge attack vector.

0/10 worst movie ever, no City Escape

Used DELL 5310. Intel 10th-gen, 60Whr battery (goes 8+ working hours on a charge) often 16GB RAM and at least a 256GB SSD at that price range. Upgradeable (DDR4, NVMe) too.

If you already know what you’re doing, AI generating code is redundant. If you don’t know what you’re doing, it might work for you, up to the point you’re spending all your time debugging hallucinatory code.

tesla.services is very high up there. Connected car be connected.

Privacy =/= Security. Windows XP might have good privacy (I would argue Windows 2000 is better for that, as it doesn’t have Product Activation), but security is nonexistant in 2025 in either case. For malware, it’s free real estate.

Graphene isn’t dead. They just have slowed down a bit. They’ve already released their first Alpha for 16

VoLTE isn’t yet supported in Linux because no one has yet completed writing an open source implementation. Unfortunately, phone manufacturers, chip manufacturers, and cell carriers all hold these cards very close to their chests, so drivers have to be written from scratch by reverse engineering the protocols, which are encrypted on top of being completely nebulous. Support is coming, eventually, but it takes an extraordinary amount of time and effort to do this, which nobody has time to do.

https://grapheneos.org/

Only for Google Pixel phones. The install process is right there. You just need a chromium-based browser (chrome, edge, vivaldi, opera, brave, etc.), an Unlocked Pixel, and the usb cable.

Also, back up your stuff. Flash Unlocking your phone to install a different OS erases everything on it (for security reasons).

Phone carriers don’t want people “churning” (leaving their network for another) so they enforce the phone’s locking, especially if you buy the phone from the cell carrier, as they often advertise free phone or cheap phone on a payment plan, and use that to enforce people staying on their network.

Depends. Do you want the possibility of an AI model being able to fork over some private details in your convos? The potential for someone that doesn’t like what you believe in to subpoena google for this data?

As for bricking, it won’t, and the whole process is on the website, using a chrome-based browser and usb cable (it detects which pixel you have and does all the hard stuff) but you do have to back up your stuff as it will erase when it gets graphened.

If you don’t want this stuff on your phone, lemme point you to:

GrapheneOS (Pixels only, has Most Security at Tinfoil Hat level while also providing compatibility for Google Play (optional, sandboxed) and SafetyNet)

CalyxOS (Pixels, Some Moto G 5G, Fairphone 5, 4, SHIFTphone 8, less Security than GrapheneOS but has Security)

LineageOS (Many older devices, runs unlocked boot so least Security but still can run sans google)

RIP Florida, I guess.