Buy a pixel off marketplace then. You can brag about saving e-waste.

Google isn’t a bad company, just a product of poor regulation. They have amazing engineers and produce valuable hardware and that should be praised.

Its the business side of things which needs massive regulation and an ethics check.

You're probably not exposed to the big internet. But that's no excuse for poor security. I'd look up a hardening guide for your operating system.

You should also look up hardening guides for any applications you plan to run, and follow simple security measures like not logging in as root/admin, strong passwords, 2FA.

Not to say you're at risk, but its good practice to make secure your default. Doing this will help you understand the basics of system security and the risks that systems have.

Might be janky, but if you really wanted this for free you could get a speech to text program like futo, play the video and have it transcribe it and save it to a text file, then copy and paste in the subtitles

Ooookay… Took me a second to wrap my head around the layout… Originally I only looked at the picture, which only shows a single switch.

This is an odd topography. Typically when working with switches, you want them connecting directly to the router and not connected to another switch.

You are going to have bandwidth issues out the ass, along with having a troubleshooting nightmare when something goes wrong and you need to trace packets.

Right now you have a hub and a spoke inside a hub and spoke.

Since it looks like your Asus is just an AP in this scenario, you'd be better off:

• hooking both switches to the ISP router
• enabling DHCP on the ISP router for the 2.5g switch
• set your 1g switch to a different subnet, with default gateway to your ISP router
• enable dhcp for different subnet
• add Asus for WiFi ability on new subnet

You can then play around with VLANing on the managed switch. You won't be able to separate IoT and Personal WiFi signals with VLAN. Youd need to create a guest SSID for that functionality and change the channels to 6 and 11 so you get good bandwidth

Edit: this is assuming you have a layer 3 switch, if its a layer 2 I would use the Asus as a router/AP and hook it directly to the ISP router and hook the switch up to the Asus.

GraphineOS sandboxes google services. You can take it a step further and only install sandboxed google services on a work profile or user profile so you can have toggle-able google services, allowing bank access and whatnot.

Depends on your definition of safe.

If you do a public port forward and set up basic security and proper SSL its safe from the majority of people.

Looks like it'll work. You should look into flashing that router with openwrt or pfsense and VLANing off those smart devices… They can be a security issue.

Also adding a second AP that you place on a different channel for guest and untrusted devices would work and increase bandwidth, but adds some routing complexity.

You could host a wireshark instance, and maybe even host a SIEM like security onion.

Yea, I haven't played with it too much. You'll ever have to host your own SMTP server to send it or use gmail or protons SMTP service.

Doing it yourself might cause big companies to send your mail to spam or possibly just drop the packets cause you're not using a trusted IP, have the wrong DNS settings, etc. and your ISP may even block port 25

This can be circumvented by using a SMTP relay service but can still have some issues like mail sending limits.

I would have a failsafe, like use a major email provider for emails that you need to go through for like work order government stuff.

Hosting your own email is a great learning experience and is fun to do; but your emails will get marked as spam, you'll have to constantly perform maintenance, and have major reliability issues.

Most of the issues youll have are fine for personal use, but is dicey if you plan to migrate 100%

Edit: receiving email is less of an issue of sending. The forwarder should be reliable, however, its the sending from the forwarding address that would possibly be an issue.

I’m just saying that collaboration with or association with spooks or glowies isn’t in itself a red flag.

Many privacy and freedom granting software is made by these people.

Take Tor for example, made by the navy to hide information from the public and anonymously attack networks of adversaries… Yet now is the NSA’s biggest obstacle in mass surveillance.

And I’m sure you only use twofish because the NSA backdoored AES when they standardized it.

Since its for school you’ll want it to be reliable and to work 100% of the time. I’d just get a big brand and not connect it to the internet if you don’t want your data collected.

Other than that you can try to block the telemetry at the DNS level by VPN to your home with a pihole instance or using a private DNS.

If you really don’t wanna use apple or google OS, then best bet is to buy the tablet for the hardware and try to flash a different OS. But then you’ll risk it not working very well or having app compatibility issues.

I disagree. Firefox is fine, but saying chromium is spyware because its primarily maintained by google is like saying android is spyware.

Additionally chromium browsers are arguably more secure than Firefox, and has more advanced sand boxing. So much so that graphine OS used chromium instead of Firefox for their vanadium browser.

Only thing I agree with is not using brave… Cause well… They fishy.

Honestly servers don’t need to be speced out of oblivion. I use a 10 year old desktop and added a 1TB ssd and it does 99% of what I want it too.

Most important thing for a server is probably the CPU and making sure it has as many cores as possible and maybe hyper threading because you’ll be running a lot if simultaneous services and users.

No only the server, you can host an openssh server and have clients connect remotely.

Sorta like how you can host a webserver and a client doesn’t need 443 open. Except a reverse shell is possible with ssh, allowing a client to be controlled without their port 22 open.

You can tunnel RDP over SSH. Then you’d only open a port that requires authentication to access and is encrypted.

I’m a tinkering nerd, so I like to have a headless Linux box.

I did use self hosting operating systems in the beginning, and they’re nice. However, when I tried just a plain Ubuntu headless install, I felt way more accomplished after getting everything working.

https://techcommunity.microsoft.com/t5/windows-11/how-to-block-a-program-from-accessing-the-internet-windows-11/m-p/2772951

The reverse is easy, maybe consider hosting the apps as containers?

Personally I’d just spin up a wireguard container with a GUI, user friendly and you can add anyone to your VPN in like 2 minutes wherever you are.

Most advanced part would be forwarding port 51820