Mikelius

Why not just self host? What happens when/if their service goes down without any warning? You lose everything?

Got my things all on a server with RAID for redundancy and backup weekly to an external (encrypted) device, monthly to another that doesn’t stay at home. Also means I don’t have to rely on the Internet to use all my services if the ISP goes down, the firewall explodes, etc. Self hosting is the way to go!

Edit: autocorrect being annoying

Again, no Ubuntu expert here, so do this at your own risk (someone jump in and say this is a bad idea if it is). Not irreversible as you can just revert what I’m telling you via live CD, but just wanted to leave the warning.

If uname -r shows the old kernel *-24, and grub update is choosing that instead of *-25, perhaps Ubuntu relies on the last change/created date or something weird. What you can check is if *-24 AND *-25 show up in /usr/src. If both are there, do (as root/sudo): mv /usr/src/*6.2.0-24* /root. Now run grub-update again. I think it should tell you which version it chose for the boot menu.

Next try: grep 6.2.0 /boot/grub/grub.cfg to verify you see the new version.

• If you see it, reboot and see if it starts with it. If you can’t boot, go through the liveCD and move that directories back to /usr/src, chroot to the drive (see https://www.turnkeylinux.org/docs/chroot-to-repair-system for how to do this properly), and after chrooting, run grub-update again.
• If you don’t see it or get nothing back from grep, move the directory back and re-run grub-update to avoid not being able to boot back in. This wasn’t the fix we were hoping for.

^ this is all assuming Ubuntu puts its kernels in /usr/src and uses that location as reference to what’s available/installed. If you see nothing there, then something else will need to be attempted

Edit 2: another thing to check is if the compiled kernels are in /boot. Basically follow the same instructions above but use /boot/*-24 instead. This might actually be what needs to be done now that I think about it, not necessarily /usr/src.

I don’t, but that’s because of how I have things setup around the network. While most people here say it’s because they don’t need it, I am in a position that I need SOMETHING simply because others in the household could bring in malware and rather than trust them to make smart decisions, I proactively monitor all network activity for anything unusual. That being said, I have clamAv installed and run a weekly scan, but my real “antivirus solutions” are as follows: A syslog server that’s connected to grafana/MySQL and alerts me based on very specific criteria. Along this, I’ve got my network firewall configured to block all “untrustworthy countries” in and out 100%, as well as use an IDS/IPS (also connected to syslog for alerts). Lastly, an internal DNS which grabs from like 20 sources that include some reliable lists with malware domains and such, and a custom list of my own that I add to as useful security news feeds hit my RSS feed with urls in their blog posts.

Actually got a list of other things going on in the network to make it even more secure, but just wanted to list the main things that’ll give you a step up in the anti-malware front.

None of this is buletproof without proper care for how you use the Internet, though.

• Check for router/modem/firewall updates weekly if they can’t be auto updated
• never click any links in an email even if you feel you know you trust it (exception to this would be something you KNOW is coming into your inbox, such as an account registration verification)
• avoid tiny urls or suspicious looking urls when possible
• don’t open ports unless you really really really know what you’re doing. If you absolutely need to open a port, then for the love of god define the source IP address/CIDR. Opening ports to the world includes opening them to cyber criminals
• turn off upnp, I don’t care what that game or service you use says, it doesn’t need it

You get the idea. My message got way too long and turned into a rant lol.

Have you tried a normal “grub-update” command to make sure it gets the right kernel to boot up for you? Not 100% familiar with Ubuntu, but perhaps that’s all you’d need to run to get it booting to the right version.

Thanks! Came back to actually add an edit or reply to mention that I found an issue on darkreader issues with a resolution for putting in a custom filter to unlock origin! Worked perfectly.

https://github.com/darkreader/darkreader/issues/11325

Question in the issues that did come up is… Why are they doing this? Only reason as some others mentioned sounds like it would be for tracking purposes which contradicts what their model is about. Seems like there’s no winning search engine for privacy, just the least of all evils? Lol. Glad to at least be back to using it for now.

Love it except I can’t use it because I don’t save cookies to keep the “dark setting” enabled and dark reader doesn’t automatically invert it, likely due to them breaking some sort of common html/css standards if I had to guess. Wish they would fix it for accessibility. :(

Meanwhile I just ignore sms messages for a week, then respond, then ignore again with an occasional reminder I don’t use sms and signal or something else is better to reach me with. Only a couple people left to convince… The most stubborn of the bunch.

But yeah as others said, lying like that ain’t going to be good down the road, especially when they’re close people to you. Hope this doesn’t come back to bite you.

Dunno if anyone mentioned it, but if I had to guess, you have a DNS leak. Basically your DNS requests are going through your ISP instead of the VPN, resulting in them knowing where you’re going online anyway. Be sure to check for those DNS leaks and setup a custom one if your VPN doesn’t offer one. Don’t forget, DNS traffic over port 53 is also unencrypted, so unless you force those through the VPN, they could still know where you’re going.

Unless referring to encryption, can you expand on why NC with Dav isn’t private? I’ve got both selfhosted (in home) and haven’t picked up on any traffic sharing my calendar to third parties through my logs and alerts, so would like to know more of what you’ve seen to see if I have a gap in my automated alerts.

Edit: unless your answer was just in response to the OP wanting an already hosted system, then yeah I can understand what you mean there.

If in the US, check out privacy.com. It’s a bank so expect the signup process to be as invasive as any other bank, but they allow you to create masked cards and you can fill in any name and address you want into the billing info to keep your real info away from websites. Paid version also hides transactions you make from your actual bank.

Jerboa errored on sending this, hopefully not a double post:

I’m not sure when the last time you tested it out is, but I’m seeing a few things online about kernel 5.14+ bringing in a lot more support for eGPU, albeit AMD and not Nvidia. I could definitely see how that’d be a deal breaker, but it looks like if it’s not working with the newest kernels yet, maybe someone’s working on it as we speak? Fingers crossed!

Join the Linux club. You’ll never go back once you get the hang of it! Nothing in my house has Windows. Left it years ago and have had zero regrets.

I would argue a VPS is less secure than a trusted provider. Of course, the definition of what’s trustworthy is up to each person. The reason I say it’s less secure is for 2 reasons:

1. As you stated, the VPS provider sees everything. They also have direct access to the box themselves. Trusting them is just the same as asking to trust a VPN provider, the only difference being that a VPS provider will ask for personal information where a good VPN provider won’t (i.e. Mullvad)
2. You’re a part of the security of the device. If you’re not 100% familiar with exactly what you’re doing to secure the VPS, you’re likely exposing yourself in some way to bad actors. I also say you’re “part” of it because you also have the dependency of the VPS provider being secure so someone can’t compromise your machine.

The belief that a VPN provider doesn’t help privacy is a myth. But it’s true that you can’t depend on the VPN being your only solution to privacy. There are more steps you must take beyond just a VPN, but it’s definitely a required step if you want to be truly private. As an analogy: if people said “drinking water won’t make you healthy” that’s not true… But it’s also only a part of what you need to be healthy and the statement’s only true if you ignore the other things you need.

Further on the privacy front for my personal opinion: I don’t think there’s a such thing as a trustworthy ISP with personal data since they definitely track everything you access and probably sell that data, but there are a few trustworthy VPNs who likely don’t do this. I’d rather take the risk in a VPN provider that is probably not doing what ISPs do, also allowing me to further enhance my anonymity online.

For me, I’ve been using Mullvad for about maybe 5 years now, along with a ton of other things I’ve setup for privacy. Haven’t seen a targeted ad in nearly that amount of time, websites always think I’m located somewhere else, and any data breaches I’ve been a part of where IP addresses are in the data are of no concern to me.

Be sure to also look into geo tracking. If the device you’re using is wireless, chances are Google and such can get your exact location if you’re exposing your browser or software to geo tracking on the web, or if you don’t spoof your Mac addresses. How they do this: the Google maps vehicle that drives around collects the locations of wireless devices and their Mac addresses, so that when you have geo enabled, they can pinpoint you down to a very close lat/long coordinate.