Posts by asdf

Re: Don't hold your breath

Have tomato on an Asus RT-N53 (was low on money and needed 5ghz bridge several years back) and Gargoyle on old WNDR3700v2 I used as primary in the past but is yet a 3rd wireless bridge now. The only thing I have ever found stock firmware better for is in some cases you can get better sustained wireless throughput but that is rarely important to me and definitely not worth the garbage security that comes with stock firmware.

Re: Don't hold your breath

>You are much better off with TP Link or Buffalo.

Yeah personally not a big fan of Linksys but last I looked they are fairly open source friendly on their higher end consumer routers which they shameless tried to make look like the old WRT54 but failed and are charging a lot more for than the original. See a lot of complaints about wireless problems with TP Link. Have a Buffalo with DDWRT on it I gave to one of the kids to use as a wireless bridge and its the most powerful 2.4ghz in the house lol. Still very hard to beat Cerowrt on venerable old WNDR3800 for gaming performance as long as you can get by with 80211n and have say something like LEDE on your dsl modem so you don't have to expose 3 year old firmware code directly to the internet.

Re: Don't hold your breath

>From previous experience, Linksys' pace of firmware releases are slower than glacial and are as frequent as hen's teeth.

You did check to make sure one of LEDE, OpenWRT, Gargoyle, DD-WRT, Tomato, etc. firmware supported the model you bought if for no other reason as a backup plan first before purchasing right? If not and you are IT person like most on this site no sympathy. Yes I understand the manufacturer should be providing something fit for purpose but then the political winds aren't exactly blowing that way these days. Custom roms/firmware are often your only chance of getting security updates much too soon after purchase.

Re: Not Worried Now

Took a downvote because I guess someone didn't get memo Openwrt is now basically dead and almost all the Openwrt devs moved over to LEDE (sounds almost like a cyanogenmod to LineageOS situation). Heard something about they perhaps merging again but currently all the development action is over at LEDE (4.4 kernel vs 3.18 for Openwrt, Openwrt last submitted patch was early February, etc).

Re: Openvpn and Bind

>only Internet-facing udp consumers

Dnsmasq for dhcp from ISP? NTP?

Re: DD-WRT?

Have to go here (link below) to get the latest greatest DD-WRT (still on ancient kernel if I remember right). Since I don't use DD-WRT for anything internet facing probably won't bother to find out if this CVE is patched or even applicable and then update to one of these "bleeding" edge images.

https://dd-wrt.com/site/support/other-downloads?path=betas%2F2017%2F

Re: Not Worried Now

>My openwrt router on the other hand is 4.4. Great.

According to link below the stable LEDE image (reboot or whatever) has already been patched (since mid December last year). Not sure about OpenWRT 15.05 though. All the more reason to migrate over at least your internet facing router I suppose. Not to mention very nice to see how often opkg update; opkg list-upgradable | awk -F ' - ' '{print $1}' | xargs opkg upgrade actually gets security fixes for LEDE.

https://forum.openwrt.org/viewtopic.php?id=70583

Re: Reboot

>Other distros don't do this.

Neither do proper real UNIX OSes like HP-UX. You apply patches maybe once a year for a single reboot and even that is usually not necessary. Not to mention I have never seen an HP-UX kernel panic. Linux is the Windows of the POSIX world.

Re: so this was the real reason

>I gave up on Ubuntu with 12.04 and went to CentOS. I find that it is a lot more stable.

Getting a lot of development stuff and 3rd party uncommon libraries is a real PITA in RHEL land. PPAs are why LTS Lubuntu is still my POSIX development VM of choice. For LAMP out of the box or other common server configs I could see the use case for RHEL/CentOS obviously.

Re: At least...

The other glaring example was Apple foisting the steaming pile of shit that was EFI32 onto 64 bit processors and chipsets and then refusing to support them past Mac OS X 10.7. Hell Linux and even Microsoft still support that hardware with security updates today more than 5 years after Apple stopped.

>So with a Pixel you are going to get the most secure smartphone.

Edit: Was going to say not even most secure Android because can't put CopperheadOS but looks like you can. Most secure smartphone um sure keep believing that.

Re: At least...

>Apple is still supporting the nearly 6-year old iPhone 4S.

Almost makes up for supporting the first iPad for barely two years I suppose. Apple has a mixed record in this regard as well.

If you are going for the hipster vibe NeXTSTEP would give you more cred.

Re: "Let's Encrypt" abused. What a surprise...

>maybe some more checks have been implemented. Hope Let's Encrypt will become more careful as well.

There will always be another race to the bottom company willing to join the lucrative x.509 circle jerk to take its place.

Yep

opkg install unbound

Its just too bad it seems like most of the tor DNS aren't running DNSSEC if I remember right. But that is more for the vast majority of traffic that isn't banking I suppose. The other problem with DNSSEC for non techies is grandma will sh1t her Sears panties when she gets a 404 error. Probably better than the alternative but the public doesn't much want to troubleshoot DNS problems.

Re: We'll follow as usual

>street burnt to the ground.

Well way things are going Seoul may be the first thing burned to the ground.

Re: We'll follow as usual

>of your choice for VPNs/Tor and so on.

Its better than nothing but neither are ideal. VPNs and Tor both can cause problems with internet TV like Netflix (due to performance and or Geolocation rules). Tor's performance is damn spotty and with the VPNs you are just moving who has your data to another company. I guess you can at least sign a contract to enforce your rights but again a VPN can very quickly make the Cloudflare list as well.

Re: Devils advocate (from the right side of the pond)

>Do you think the public owns this private infrastructure?

No but when governments grant a regional monopoly to cable companies for them and only them to build that infrastructure then the cable companies have an obligation to provide common carrier like has be the law for generations and was the case for the Telecoms. Big Cable took advantage of the US moving hard to crony capitalism towards the end of the last century and skirted this responsibility and it has been very lucrative for them.

excpt

Yeah I mean its not like they have more than most country's GDP still in the bank (whether EU takes its cut or not). I do agree I could see possibly a serious decline in their revenue in the future but considering how many years they have been virtually printing money I don't see a few years them being near administration. Probably have enough for a few decades. Hell Blackberry is still around.

Re: It'll all end in tears

Yep GTAT all over again. Execs in little companies get $$$ in their eyes and fail to realize many of the biggest companies in the world are so big by feasting on little companies usually without any leverage and often brains. Actually one of the big criteria I looked for in my current company is making sure no one customer accounted for more than 10% (actually less than 5 for us) of sales.

Re: You are explicitly told....

>What about a secret iframe?

Can be blocked easy enough with NoScript.