On 07/01/2022 21:48, SH wrote:
Over to you all for discussion!
I disallow trackers, but allow quite a few ads.
This is the funding of a lot of the web sites. If everyone blocks all
their ads they'll have no revenue and shut down.
Andy
Over to you all for discussion!
I've wondered about setting up a Web top server on say a Raspberry Pi 4
at home, but presumably I'd have to set up HTTPS as well for a secured connection as I can't use Wireguard on a remote PC.
On 07/01/2022 21:53, Vir Campestris wrote:
On 07/01/2022 21:48, SH wrote:
Over to you all for discussion!
I disallow trackers, but allow quite a few ads.
This is the funding of a lot of the web sites. If everyone blocks all
their ads they'll have no revenue and shut down.
Andy
I don't mind small and non-intrusive ads but when you have:
sky scraper ads on both sides of the webpage
ads between every single paragraph as you scroll down the page
and pop up ads that appear on top of the webpage
ads that remain at the top 1/4 of the browser window as you scroll down
is what I find very objectionable. :-)
I've wondered about setting up a Web top server on say a Raspberry Pi 4
at home, but presumably I'd have to set up HTTPS as well for a secured connection as I can't use Wireguard on a remote PC.
5. Assume I will not be allowed to or cannot download and install additional software to their computer.
On 7 Jan 2022 at 22:02:01 GMT, "SH" <i.love.spam@spam.com> wrote:
On 07/01/2022 21:53, Vir Campestris wrote:
On 07/01/2022 21:48, SH wrote:
Over to you all for discussion!
I disallow trackers, but allow quite a few ads.
This is the funding of a lot of the web sites. If everyone blocks all
their ads they'll have no revenue and shut down.
Andy
I don't mind small and non-intrusive ads but when you have:
sky scraper ads on both sides of the webpage
ads between every single paragraph as you scroll down the page
and pop up ads that appear on top of the webpage
ads that remain at the top 1/4 of the browser window as you scroll down
is what I find very objectionable. :-)
IME local newspapers are worst for this to the point of making them unreadable
online.
On 07/01/2022 21:48, SH wrote:
I've wondered about setting up a Web top server on say a Raspberry Pi
4 at home, but presumably I'd have to set up HTTPS as well for a
secured connection as I can't use Wireguard on a remote PC.
I've installed Apache Guacamole on a Linux box that sits on the internal
lan. This works well as an RDP gateway to other PCs on the that lan, and
is very useable for me through a VPN when accessed from outside.
https://guacamole.apache.org/
Some folks have installed this OK on a Pi.
5. Assume I will not be allowed to or cannot download and install
additional software to their computer.
It's a web server at the end of the day and will work without the VPN.
However you obfuscate the port forwarding solution you use, you are
going to have idiots attempting all sorts of nonsense to break in.
If you can install an SSL identity certificate on the users browser,
then that may be a way forward >
Hmmmm..... Just been reading the documentation.....
It looks like I'd have to either:
have 3 Raspberry Pi's on the WAN or DMZ side where one is the Linux
desktop, one is the Gaucamole server ane one is a clone of my original DNS.
or try and fit 3 docker images on one Raspberry Pi to do a desktop, a
DNS clone and the Gaucamole docker image?
I've not used Docker, and not certain that a single R Pi can do all this
but a 3 R Pi solution is more expensive.
On 08/01/2022 08:20, Adrian Caspersz wrote:
On 07/01/2022 21:48, SH wrote:
I've wondered about setting up a Web top server on say a Raspberry Pi
4 at home, but presumably I'd have to set up HTTPS as well for a
secured connection as I can't use Wireguard on a remote PC.
I've installed Apache Guacamole on a Linux box that sits on the
internal lan. This works well as an RDP gateway to other PCs on the
that lan, and is very useable for me through a VPN when accessed from
outside.
https://guacamole.apache.org/
Some folks have installed this OK on a Pi.
5. Assume I will not be allowed to or cannot download and install
additional software to their computer.
It's a web server at the end of the day and will work without the VPN.
However you obfuscate the port forwarding solution you use, you are
going to have idiots attempting all sorts of nonsense to break in.
If you can install an SSL identity certificate on the users browser,
then that may be a way forward >
 that sounds like an idea worth exploring, perhaps I could put Apache Guacomole on the DMZ of my LAN, so the idea is that I can set up
firewall rules so that the Apache box can access the DNS on the LAN side
and accept remote conenctions from the WAN?
In fact I could replicate the DNS server so that I have two, one on the
DMZ for the Apache and leave the original on the LAN side.
On 07/01/2022 21:48, SH wrote:
Right.....
I run a Pi Hole at home which is a DNS with a massive blacklist of
3,500,000 URLs which all relate to Malvertising, Adverts trackers,
referer URLs, news aggregators like taboola and outbrain, this is so
successful that over 60% of DNS requests are blocked and web pages
load so much faster and my privacy on the web is much improved.....
Can I go off at a tangent - please forgive me. I buy my internet
connection from Zen, which is quite a sophisticated ISP. If this is so
easy to implement, why don't Zen (or some other ISP) offer a DNS with a similar blacklist?
Is there a market niche here?
Right.....
I run a Pi Hole at home which is a DNS with a massive blacklist of
3,500,000 URLs which all relate to Malvertising, Adverts trackers,
referer URLs, news aggregators like taboola and outbrain, this is so successful that over 60% of DNS requests are blocked and web pages load
so much faster and my privacy on the web is much improved.....
On 08/01/2022 12:39, GB wrote:
On 07/01/2022 21:48, SH wrote:
Right.....
I run a Pi Hole at home which is a DNS with a massive blacklist of
3,500,000 URLs which all relate to Malvertising, Adverts trackers,
referer URLs, news aggregators like taboola and outbrain, this is so
successful that over 60% of DNS requests are blocked and web pages
load so much faster and my privacy on the web is much improved.....
Can I go off at a tangent - please forgive me. I buy my internet
connection from Zen, which is quite a sophisticated ISP. If this is so
easy to implement, why don't Zen (or some other ISP) offer a DNS with
a similar blacklist?
Is there a market niche here?
Thats an excellent question......
There are a range of free public DNS such as CloudFlare, Quad9, Google, OpenDNS, Comodo, Level3 and many more.
Now many ISP's run a proxy DNS sitting between you and the external
public DNS.
The ISP's router default settings typically points to the Proxy DNS.
There are many reasons for this:
The ISP's can implement blocklists to block access to filesharing sites, usually in response to a UK court order by some studio enforcing their content rights.
Also the IWF have a list of website URLs where they are known to host
illegal content and this is used by the Major ISP to prevent access.
The Proxy DNS can also log what sites their subscribers visit, so they
can sell on data to advertisers on which sites are the most visited on a
per user basis, which websites are the most used across all customers etc.
They can also do whats called DNS hijacking where if a public DNS
returns no such webpage, you then get the ISP's own search engine
offering you alternatives rather than a Error 404 page.
Some ISP's offer child cybersafety options that limit access to sites
dealign with drugs, alcohol, gambling, suicide etc, that is done at the
Proxy DNS level.
Very often, when you get the router, it has the DNS IP addresses set up
in it or is obtained from the ISP by the DHCP daemon in the router.
If you want to do your own DNS, you need to disable the DHCP in the
router and set up your own DHCP and either point to a public DNS or your
own DNS yourself.
PiHole can do this.
Now my own DNS holds a blacklist of 3,500,000 URLs but it does talk to
an upstream public DNS if I want to access a website for the first time
(my DNS caches my searches)
I currently use CloudFlare.
there are some other public DNS that do offer child safety such as AdGuardDNS.
SOme public DNS can offer protection against dodgy sites such as
https://www.csoonline.com/article/2876075/6-dns-services-protect-against-malware-and-other-unwanted-content.html
but again, to access these you need to change router settings....
Hope that helps?
S.
SH <i.love.spam@spam.com> wrote:
Hmmmm..... Just been reading the documentation.....
It looks like I'd have to either:
have 3 Raspberry Pi's on the WAN or DMZ side where one is the Linux
desktop, one is the Gaucamole server ane one is a clone of my original DNS. >>
or try and fit 3 docker images on one Raspberry Pi to do a desktop, a
DNS clone and the Gaucamole docker image?
I've not used Docker, and not certain that a single R Pi can do all this
but a 3 R Pi solution is more expensive.
I don't see why you need three machines. You need to run:
1. A VNC/RDP/etc server to provide the desktop you want to log in to
2. A Guacamole server to offer that on the web
3. A DNS server to do your filtering
but they can run on the same hardware. 'Server' doesn't mean 'piece of metal' it means 'program' (aka 'daemon' for a thing that sits in the background waiting to respond to requests).
I'm assuming you already have #3, so you can just point your new setup's DNS at that.
For #1 and #2, I'd just run Raspberry Pi OS which provides a desktop out of the box. Then install a VNC server on that, and then install Guacamole.
That does all the desktop stuff.
You could also run #3 on the same machine, to keep it all together.
I'm not familiar with how much CPU/RAM resource Guacamole would need, but I don't imagine it's vast - probably a Pi 3 or 4 would be sufficient to run everything (especially the versions with >1GB because browsers like their RAM), maybe not a Zero/1/2.
Doing this with Docker just makes things a bit easier to manage all these services talking together, and avoids you having to build Guacamole, but I wouldn't learn Docker just for the sake of this project - you can just install Guacamole natively: https://guacamole.apache.org/doc/gug/installing-guacamole.html
You could also use a Windows/Mac/Linux machine on your network to offer #1, if you prefer to offer that desktop experience, which would avoid Pi RAM limitations.
Theo
Right.....
I run a Pi Hole at home which is a DNS with a massive blacklist of
3,500,000 URLs which all relate to Malvertising, Adverts trackers,
referer URLs, news aggregators like taboola and outbrain, this is so successful that over 60% of DNS requests are blocked and web pages
load so much faster and my privacy on the web is much improved.....
See: https://ibb.co/d6mRZJg
So all my computers have the same internet experience at home via the
home DNS.
I also set up and installed a Wireguard VPN server at home and put
Wireguard on all my mobile phones. So all phones VPN back to my home
and use *my* DNS rather than a public DNS liek cloudflare or Quad9 9
or Google's own. It does not matter if this is over Public Wifi or
over the mobile phone network.
So whenever I surf the internet on my smart phones anywhere in the
world, I get the same experience as at home. This is really useful
when the mobile data speed is not very good as I am avoiding
downloading all the ads and trackers etc.
However there are occasions where I am not at home and a smart phone
just does not cut the mustard.
So I am forced sometimes to surf the internet on a friends or family
computer and I get force fed all these unwanted adverts and trackers.
Now what I'd like to do is be able to surf the internet on any one's
computer using my own home DNS.....
Now the question is how to do this?
Please assume the following:
1. I have a static IP at home.
2. I have fibre to the home which gives me 500 Mbit UP and 500 Mbit DOWN.
3. I currently only have one port open on my fibre router for incoming connections to my Wireguard Server. This Wireguard server holds the
DNS IP settings. There is just one port forwarding rule which forwards
from the outside world to the Wireguard VPN server. Obviously, all connections are encrypted as the remote devices are running Wireguard
VPN.
4. My friends or family will typically have Chrome or Edge or Firefox browsers on their computers
5. Assume I will not be allowed to or cannot download and install
additional software to their computer.
I have looked into having a virtual PC, such as Shadow as I could
install Wireguard on that to connect back to home and a simple web
browser can be used to access Shadow. However, I would have to pay
from £30 a month. See https://shadow.tech/en-gb/
I've wondered about setting up a Web top server on say a Raspberry Pi
4 at home, but presumably I'd have to set up HTTPS as well for a
secured connection as I can't use Wireguard on a remote PC.
I would also have to set up a port forwarding rule for the Raspberry
Pi 4. As I understand it a Web Top presents a windows or linux desktop
over a internet browser session. This would obviously be configured to
use my Home DNS.
I've heard of LogMeIn and GoToMyPC but that obviously requires a PC
powered up at home to accept remote connections? Is this secure and
could this be done on a Raspberry Pi running Linux? This would
obviously be configured to use my Home DNS.
Over to you all for discussion!
On 07/01/2022 21:48, SH wrote:
Right.....
I run a Pi Hole at home which is a DNS with a massive blacklist of
3,500,000 URLs which all relate to Malvertising, Adverts trackers,
referer URLs, news aggregators like taboola and outbrain, this is so
successful that over 60% of DNS requests are blocked and web pages
load so much faster and my privacy on the web is much improved.....
See: https://ibb.co/d6mRZJg
So all my computers have the same internet experience at home via the
home DNS.
I also set up and installed a Wireguard VPN server at home and put
Wireguard on all my mobile phones. So all phones VPN back to my home
and use *my* DNS rather than a public DNS liek cloudflare or Quad9 9
or Google's own. It does not matter if this is over Public Wifi or
over the mobile phone network.
So whenever I surf the internet on my smart phones anywhere in the
world, I get the same experience as at home. This is really useful
when the mobile data speed is not very good as I am avoiding
downloading all the ads and trackers etc.
However there are occasions where I am not at home and a smart phone
just does not cut the mustard.
So I am forced sometimes to surf the internet on a friends or family
computer and I get force fed all these unwanted adverts and trackers.
Now what I'd like to do is be able to surf the internet on any one's
computer using my own home DNS.....
Now the question is how to do this?
Please assume the following:
1. I have a static IP at home.
2. I have fibre to the home which gives me 500 Mbit UP and 500 Mbit DOWN.
3. I currently only have one port open on my fibre router for incoming
connections to my Wireguard Server. This Wireguard server holds the
DNS IP settings. There is just one port forwarding rule which forwards
from the outside world to the Wireguard VPN server. Obviously, all
connections are encrypted as the remote devices are running Wireguard
VPN.
4. My friends or family will typically have Chrome or Edge or Firefox
browsers on their computers
5. Assume I will not be allowed to or cannot download and install
additional software to their computer.
I have looked into having a virtual PC, such as Shadow as I could
install Wireguard on that to connect back to home and a simple web
browser can be used to access Shadow. However, I would have to pay
from £30 a month. See https://shadow.tech/en-gb/
I've wondered about setting up a Web top server on say a Raspberry Pi
4 at home, but presumably I'd have to set up HTTPS as well for a
secured connection as I can't use Wireguard on a remote PC.
I would also have to set up a port forwarding rule for the Raspberry
Pi 4. As I understand it a Web Top presents a windows or linux desktop
over a internet browser session. This would obviously be configured to
use my Home DNS.
I've heard of LogMeIn and GoToMyPC but that obviously requires a PC
powered up at home to accept remote connections? Is this secure and
could this be done on a Raspberry Pi running Linux? This would
obviously be configured to use my Home DNS.
Over to you all for discussion!
Simple solution will be buy a cheap laptop set it up as you like and
take it with you and use it instead.
On 10/01/2022 08:57, Raj Kundra wrote:
On 07/01/2022 21:48, SH wrote:
Right.....
I run a Pi Hole at home which is a DNS with a massive blacklist of
3,500,000 URLs which all relate to Malvertising, Adverts trackers,
referer URLs, news aggregators like taboola and outbrain, this is so
successful that over 60% of DNS requests are blocked and web pages
load so much faster and my privacy on the web is much improved.....
See: https://ibb.co/d6mRZJg
So all my computers have the same internet experience at home via the
home DNS.
I also set up and installed a Wireguard VPN server at home and put
Wireguard on all my mobile phones. So all phones VPN back to my home
and use *my* DNS rather than a public DNS liek cloudflare or Quad9 9
or Google's own. It does not matter if this is over Public Wifi or
over the mobile phone network.
So whenever I surf the internet on my smart phones anywhere in the
world, I get the same experience as at home. This is really useful
when the mobile data speed is not very good as I am avoiding
downloading all the ads and trackers etc.
However there are occasions where I am not at home and a smart phone
just does not cut the mustard.
So I am forced sometimes to surf the internet on a friends or family
computer and I get force fed all these unwanted adverts and trackers.
Now what I'd like to do is be able to surf the internet on any one's
computer using my own home DNS.....
Now the question is how to do this?
Please assume the following:
1. I have a static IP at home.
2. I have fibre to the home which gives me 500 Mbit UP and 500 Mbit
DOWN.
3. I currently only have one port open on my fibre router for
incoming connections to my Wireguard Server. This Wireguard server
holds the DNS IP settings. There is just one port forwarding rule
which forwards from the outside world to the Wireguard VPN server.
Obviously, all connections are encrypted as the remote devices are
running Wireguard VPN.
4. My friends or family will typically have Chrome or Edge or Firefox
browsers on their computers
5. Assume I will not be allowed to or cannot download and install
additional software to their computer.
I have looked into having a virtual PC, such as Shadow as I could
install Wireguard on that to connect back to home and a simple web
browser can be used to access Shadow. However, I would have to pay
from £30 a month. See https://shadow.tech/en-gb/
I've wondered about setting up a Web top server on say a Raspberry Pi
4 at home, but presumably I'd have to set up HTTPS as well for a
secured connection as I can't use Wireguard on a remote PC.
I would also have to set up a port forwarding rule for the Raspberry
Pi 4. As I understand it a Web Top presents a windows or linux
desktop over a internet browser session. This would obviously be
configured to use my Home DNS.
I've heard of LogMeIn and GoToMyPC but that obviously requires a PC
powered up at home to accept remote connections? Is this secure and
could this be done on a Raspberry Pi running Linux? This would
obviously be configured to use my Home DNS.
Over to you all for discussion!
Simple solution will be buy a cheap laptop set it up as you like and
take it with you and use it instead.
Agreed...... but not everyone likes disclosing their WiFi password. :-)
However, I could perhaps consider a Pi 4 with Linux, Wireguard, RDP/VNC
and Gaucamole.
Plug that via ethernet into friends/family router and plug into wall
socket via USB-C, then go to their PC and access that Pi via a browser
and then I would have a VPN back to home and hence access to my DNS.
Pi 4's are in short supply so I have a question, can Linux be put onto a Intel NUC?
On 10/01/2022 09:31, SH wrote:
Pi 4's are in short supply so I have a question, can Linux be put onto a Intel NUC?
P.S. that prompts a question, how to determine the IP address of the
device I plug into a friends/familys router assuming I am not allowed to access teh router pages or download and install Angry IP scanner?
Is there a commnd line command I can use to show a list of attached
network devices and their device IPs?
On 10/01/2022 08:57, Raj Kundra wrote:
Simple solution will be buy a cheap laptop set it up as you like and
take it with you and use it instead.
Agreed...... but not everyone likes disclosing their WiFi password. :-)
However, I could perhaps consider a Pi 4 with Linux, Wireguard,
RDP/VNC and Gaucamole.
Plug that via ethernet into friends/family router and plug into wall
socket via USB-C, then go to their PC and access that Pi via a browser
and then I would have a VPN back to home and hence access to my DNS.
Pi 4's are in short supply so I have a question, can Linux be put onto
a Intel NUC?
SH <i.love.spam@spam.com> writes:
On 10/01/2022 08:57, Raj Kundra wrote:
Simple solution will be buy a cheap laptop set it up as you like and
take it with you and use it instead.
Agreed...... but not everyone likes disclosing their WiFi password. :-)
If they’re letting you have access to the computer you already have
access to their network (and probably more).
However, I could perhaps consider a Pi 4 with Linux, Wireguard,
RDP/VNC and Gaucamole.
Plug that via ethernet into friends/family router and plug into wall
socket via USB-C, then go to their PC and access that Pi via a browser
and then I would have a VPN back to home and hence access to my DNS.
Pi 4's are in short supply so I have a question, can Linux be put onto
a Intel NUC?
I have a NUC running Linux, it works fine.
However, the normal solution to your requirements is a laptop.
Agreed...... but not everyone likes disclosing their WiFi password
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password
Then they are not friends are family worth bothering with.
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive. Linux
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password
Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being able to
use my own DNS rather than the one(s) that the friend/family's ISP is using....
WHich bring me back to my OP. :-)
On 1/10/2022 4:21 PM, SH wrote:
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive. Linux
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password
Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being able to
use my own DNS rather than the one(s) that the friend/family's ISP is
using....
WHich bring me back to my OP. :-)
and possibly a version of Windows could be setup that way. Boot the
local PC and tell it to use the flash rather than internal hard drive.
You would preset the portable OS drive to use your VPN tunnel the same
as your cell phones. When done, remove the flash drive and reboot the
hosts PC and all would be back to "normal".
Many flash drives are now physically small enough to be placed onto a
key ring.
On 11/01/2022 04:35, GlowingBlueMist wrote:
On 1/10/2022 4:21 PM, SH wrote:
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive. Linux
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password
Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being able
to use my own DNS rather than the one(s) that the friend/family's ISP
is using....
WHich bring me back to my OP. :-)
and possibly a version of Windows could be setup that way. Boot the
local PC and tell it to use the flash rather than internal hard drive.
You would preset the portable OS drive to use your VPN tunnel the same
as your cell phones. When done, remove the flash drive and reboot the
hosts PC and all would be back to "normal".
Many flash drives are now physically small enough to be placed onto a
key ring.
Thats not a bad idea actually.... (*)With UEFI and BIOS using differing boot formats you might need two
now to find a very lightweight Linux distro that boots qucikly and
allows persistence back to the USB stick.....
(*) assuming that the Bios has got USB set as a boot drive before the
HDD, if not, that the bios is not PWD protected or the owner might ask questions as to why I need to go into the bios!
On 1/11/2022 2:03 AM, SH wrote:
On 11/01/2022 04:35, GlowingBlueMist wrote:With UEFI and BIOS using differing boot formats you might need two
On 1/10/2022 4:21 PM, SH wrote:
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive. Linux
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password
Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being able
to use my own DNS rather than the one(s) that the friend/family's
ISP is using....
WHich bring me back to my OP. :-)
and possibly a version of Windows could be setup that way. Boot the
local PC and tell it to use the flash rather than internal hard drive.
You would preset the portable OS drive to use your VPN tunnel the
same as your cell phones. When done, remove the flash drive and
reboot the hosts PC and all would be back to "normal".
Many flash drives are now physically small enough to be placed onto a
key ring.
Thats not a bad idea actually.... (*)
now to find a very lightweight Linux distro that boots qucikly and
allows persistence back to the USB stick.....
(*) assuming that the Bios has got USB set as a boot drive before the
HDD, if not, that the bios is not PWD protected or the owner might ask
questions as to why I need to go into the bios!
drives, one for each type. Like you said with luck the borrowed machine will boot to the flash drive with out any physical assistance.
On 11/01/2022 22:58, GlowingBlueMist wrote:
On 1/11/2022 2:03 AM, SH wrote:
On 11/01/2022 04:35, GlowingBlueMist wrote:With UEFI and BIOS using differing boot formats you might need two
On 1/10/2022 4:21 PM, SH wrote:
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive.
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password >>>>>>Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being able
to use my own DNS rather than the one(s) that the friend/family's
ISP is using....
WHich bring me back to my OP. :-)
Linux and possibly a version of Windows could be setup that way.
Boot the local PC and tell it to use the flash rather than internal
hard drive.
You would preset the portable OS drive to use your VPN tunnel the
same as your cell phones. When done, remove the flash drive and
reboot the hosts PC and all would be back to "normal".
Many flash drives are now physically small enough to be placed onto
a key ring.
Thats not a bad idea actually.... (*)
now to find a very lightweight Linux distro that boots qucikly and
allows persistence back to the USB stick.....
(*) assuming that the Bios has got USB set as a boot drive before the
HDD, if not, that the bios is not PWD protected or the owner might
ask questions as to why I need to go into the bios!
drives, one for each type. Like you said with luck the borrowed
machine will boot to the flash drive with out any physical assistance.
actually two more thoughts occur to me:
1. Is it possible to have a self-executable self contained Virtual
machine file on the USB stick that does not require the host machine to
have hyper-v or Virtual box or citrix or Zen/Xen? almost like where you
can try out a Linux from a Live CD in Windows before making the decision
to install?
I could then set up the VM with wireguard and a browser.
2. is there a self executable self contained web browser that has
Wireguard embedded and allows me to specificy the IP of my home network
and the IP of my home DNS?
On 1/12/2022 2:40 AM, SH wrote:
On 11/01/2022 22:58, GlowingBlueMist wrote:Might be nice to have but I have no idea on the feasibility of either of
On 1/11/2022 2:03 AM, SH wrote:
On 11/01/2022 04:35, GlowingBlueMist wrote:With UEFI and BIOS using differing boot formats you might need two
On 1/10/2022 4:21 PM, SH wrote:
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive.
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password >>>>>>>Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being
able to use my own DNS rather than the one(s) that the
friend/family's ISP is using....
WHich bring me back to my OP. :-)
Linux and possibly a version of Windows could be setup that way.
Boot the local PC and tell it to use the flash rather than internal
hard drive.
You would preset the portable OS drive to use your VPN tunnel the
same as your cell phones. When done, remove the flash drive and
reboot the hosts PC and all would be back to "normal".
Many flash drives are now physically small enough to be placed onto
a key ring.
Thats not a bad idea actually.... (*)
now to find a very lightweight Linux distro that boots qucikly and
allows persistence back to the USB stick.....
(*) assuming that the Bios has got USB set as a boot drive before
the HDD, if not, that the bios is not PWD protected or the owner
might ask questions as to why I need to go into the bios!
drives, one for each type. Like you said with luck the borrowed
machine will boot to the flash drive with out any physical assistance.
actually two more thoughts occur to me:
1. Is it possible to have a self-executable self contained Virtual
machine file on the USB stick that does not require the host machine
to have hyper-v or Virtual box or citrix or Zen/Xen? almost like where
you can try out a Linux from a Live CD in Windows before making the
decision to install?
I could then set up the VM with wireguard and a browser.
2. is there a self executable self contained web browser that has
Wireguard embedded and allows me to specify the IP of my home
network and the IP of my home DNS?
your two questions.
Doing this with Docker just makes things a bit easier to manage all these services talking together, and avoids you having to build Guacamole, but I wouldn't learn Docker just for the sake of this project - you can just install Guacamole natively: https://guacamole.apache.org/doc/gug/installing-guacamole.htm
You could also use a Windows/Mac/Linux machine on your network to offer #1, if you prefer to offer that desktop experience, which would avoid Pi RAM limitations.
Theo
On 13/01/2022 07:26, GlowingBlueMist wrote:
On 1/12/2022 2:40 AM, SH wrote:
On 11/01/2022 22:58, GlowingBlueMist wrote:Might be nice to have but I have no idea on the feasibility of either
On 1/11/2022 2:03 AM, SH wrote:
On 11/01/2022 04:35, GlowingBlueMist wrote:With UEFI and BIOS using differing boot formats you might need two
On 1/10/2022 4:21 PM, SH wrote:
On 10/01/2022 21:48, Raj Kundra wrote:You could walk around with one of those PC's on a flash drive.
On 10/01/2022 09:31, SH wrote:
Agreed...... but not everyone likes disclosing their WiFi password >>>>>>>>Then they are not friends are family worth bothering with.
that may be so, but it still leaves me with a problem of being
able to use my own DNS rather than the one(s) that the
friend/family's ISP is using....
WHich bring me back to my OP. :-)
Linux and possibly a version of Windows could be setup that way.
Boot the local PC and tell it to use the flash rather than
internal hard drive.
You would preset the portable OS drive to use your VPN tunnel the
same as your cell phones. When done, remove the flash drive and
reboot the hosts PC and all would be back to "normal".
Many flash drives are now physically small enough to be placed
onto a key ring.
Thats not a bad idea actually.... (*)
now to find a very lightweight Linux distro that boots qucikly and
allows persistence back to the USB stick.....
(*) assuming that the Bios has got USB set as a boot drive before
the HDD, if not, that the bios is not PWD protected or the owner
might ask questions as to why I need to go into the bios!
drives, one for each type. Like you said with luck the borrowed
machine will boot to the flash drive with out any physical assistance.
actually two more thoughts occur to me:
1. Is it possible to have a self-executable self contained Virtual
machine file on the USB stick that does not require the host machine
to have hyper-v or Virtual box or citrix or Zen/Xen? almost like
where you can try out a Linux from a Live CD in Windows before making
the decision to install?
I could then set up the VM with wireguard and a browser.
2. is there a self executable self contained web browser that has
Wireguard embedded and allows me to specify the IP of my home network
and the IP of my home DNS?
of your two questions.
I did a bit of digging around on the internet.
I came across LinuxLive USB creator:
https://www.linuxliveusb.com/
unfortunately, this has not been maintained since 2015
https://www.linuxliveusb.com/en/blog
I could not get this to work as the 2GB memory stick is probably too
small even after downloading a smaller distro like Knoppix CD.
(see comment below)
I also came across Portable Virtualbox atYou might want to take a look at the programs UNetbootin and Rufus to
https://www.vbox.me/Â Â and that is currently using Virtual box v5.1.22.
I tried this, it did appear to install on to USB but Win 10 will not let
it run due to "security issues" and advises me to check for updated
software.
I saw that you can point the installer to a downloaded file so I then downloaded the latest version of Virtual box which is 6.1Â and pointed
the Portable Virtual box installer to that.
It starts to install but aborts abruptly with no message and its clear
that the installation did not complete on the USB stick and there was
still over 1GB spare space.
I do have a 32GB sandisk USB stick floating around somewhere so I was restriced to a 2GB stick which is probably not enough for doing this
sort of thing.
In any case, you'd probably be best with a very fast USB3 flash memory
stick to make this a viable approach.
So it looks like there was some serious community effort in doing this
but it seems to have stalled.... :-(
I will try this again once I find my 32GB USB3 stick..... :-)
That got me thinking, a USB ethernet adapter and replace OpenVPN with Wireguard, sort out some DHCP etc and then use this and a ethernet patch
lead to insert on the ethernet lead between friend/family computer and
their router?
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet adapter and replace OpenVPN with
Wireguard, sort out some DHCP etc and then use this and a ethernet patch
lead to insert on the ethernet lead between friend/family computer and
their router?
If your friend has ethernet, why not just plug in a laptop of your own?
You may well find that folks are using wifi from their desktop to their router anyway. But you might just plug yourself into their router directly, with a long cable if needs be.
Though not much help if they have put it somewhere inaccessible like in the loft.
Theo
The worst was teh Taboola and Outbrain stuff cunningly labelled as
"Around the Web" but you get taken to sites where the article is
across multiple pages and loads of adverts and lots of multiple
"Next" buttons but only one of them actually takes you to the nexty
page, the others take you to other websites....
On Sat, 8 Jan 2022 10:42:42 +0000
SH <i.love.spam@spam.com> wrote:
The worst was teh Taboola and Outbrain stuff cunningly labelled asI know better than to click those links, yet I still occasionally find
"Around the Web" but you get taken to sites where the article is
across multiple pages and loads of adverts and lots of multiple
"Next" buttons but only one of them actually takes you to the nexty
page, the others take you to other websites....
myself falling down the rabbit hole. I wonder how much revenue it
generates, versus how much it devalues clicks.
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet adapter and replace OpenVPN with
Wireguard, sort out some DHCP etc and then use this and a ethernet
patch
lead to insert on the ethernet lead between friend/family computer and
their router?
If your friend has ethernet, why not just plug in a laptop of your own?
You may well find that folks are using wifi from their desktop to their
router anyway. But you might just plug yourself into their router
directly,
with a long cable if needs be.
Though not much help if they have put it somewhere inaccessible like
in the
loft.
Theo
Even if Wifi is used, I could also plug in a Wifi USB and teh pi box
would use wi fi to wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier to carry around than a
laptop, plus I can't get on with laptop mice so if I can use a
friend's desktop all the better.
I don't actually need access to the router as I can jsut unplug the
ethernet from back of PC and plug my pi in. :-)
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet adapter and replace OpenVPN with
Wireguard, sort out some DHCP etc and then use this and a ethernet
patch
lead to insert on the ethernet lead between friend/family computer and >>>> their router?
If your friend has ethernet, why not just plug in a laptop of your own?
You may well find that folks are using wifi from their desktop to their
router anyway. But you might just plug yourself into their router
directly,
with a long cable if needs be.
Though not much help if they have put it somewhere inaccessible like
in the
loft.
Theo
Even if Wifi is used, I could also plug in a Wifi USB and teh pi box
would use wi fi to wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier to carry around than a
laptop, plus I can't get on with laptop mice so if I can use a
friend's desktop all the better.
I don't actually need access to the router as I can jsut unplug the
ethernet from back of PC and plug my pi in. :-)
Or even better "Do not use Internet"
On 01/02/2022 17:27, Raj Kundra wrote:
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet
adapter and replace OpenVPN with
Wireguard, sort out some DHCP etc and then
use this and a ethernet patch
lead to insert on the ethernet lead
between friend/family computer and
their router?
If your friend has ethernet, why not just
plug in a laptop of your own?
You may well find that folks are using wifi
from their desktop to their
router anyway. But you might just plug
yourself into their router directly,
with a long cable if needs be.
Though not much help if they have put it
somewhere inaccessible like in the
loft.
Theo
Even if Wifi is used, I could also plug in a
Wifi USB and teh pi box would use wi fi to
wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier to
carry around than a laptop, plus I can't get
on with laptop mice so if I can use a
friend's desktop all the better.
I don't actually need access to the router
as I can jsut unplug the ethernet from back
of PC and plug my pi in. :-)
Or even better "Do not use Internet"
that is hard to do now when so much is
dependent on it
Tesco dot com for weekly grocery shop
electricity/water/gas bills meter reading
submissions
Online banking
Need I go on?
SH used his keyboard to write :
On 01/02/2022 17:27, Raj Kundra wrote:
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet adapter and replace OpenVPN with >>>>>> Wireguard, sort out some DHCP etc and then use this and a ethernet >>>>>> patch
lead to insert on the ethernet lead between friend/family computer >>>>>> and
their router?
If your friend has ethernet, why not just plug in a laptop of your
own?
You may well find that folks are using wifi from their desktop to
their
router anyway. But you might just plug yourself into their router
directly,
with a long cable if needs be.
Though not much help if they have put it somewhere inaccessible
like in the
loft.
Theo
Even if Wifi is used, I could also plug in a Wifi USB and teh pi box
would use wi fi to wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier to carry around than a
laptop, plus I can't get on with laptop mice so if I can use a
friend's desktop all the better.
I don't actually need access to the router as I can jsut unplug the
ethernet from back of PC and plug my pi in. :-)
Or even better "Do not use Internet"
that is hard to do now when so much is dependent on it
Tesco dot com for weekly grocery shop
electricity/water/gas bills meter reading submissions
Online banking
Need I go on?
But why so much effort?
On 01/02/2022 18:35, Steve Hough wrote:
SH used his keyboard to write :
On 01/02/2022 17:27, Raj Kundra wrote:
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet
adapter and replace OpenVPN with
Wireguard, sort out some DHCP etc and
then use this and a ethernet patch
lead to insert on the ethernet lead
between friend/family computer and
their router?
If your friend has ethernet, why not just
plug in a laptop of your own?
You may well find that folks are using
wifi from their desktop to their
router anyway. But you might just plug
yourself into their router directly,
with a long cable if needs be.
Though not much help if they have put it
somewhere inaccessible like in the
loft.
Theo
Even if Wifi is used, I could also plug in
a Wifi USB and teh pi box would use wi fi
to wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier
to carry around than a laptop, plus I
can't get on with laptop mice so if I can
use a friend's desktop all the better.
I don't actually need access to the router
as I can jsut unplug the ethernet from
back of PC and plug my pi in. :-)
Or even better "Do not use Internet"
that is hard to do now when so much is
dependent on it
Tesco dot com for weekly grocery shop
electricity/water/gas bills meter reading
submissions
Online banking
Need I go on?
But why so much effort?
because I want to avoid the trackers and
adverts and reduce my attack surface for
malvertising
SH laid this down on his screen :
On 01/02/2022 18:35, Steve Hough wrote:
SH used his keyboard to write :
On 01/02/2022 17:27, Raj Kundra wrote:
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet adapter and replace OpenVPN >>>>>>>> with
Wireguard, sort out some DHCP etc and then use this and a
ethernet patch
lead to insert on the ethernet lead between friend/family
computer and
their router?
If your friend has ethernet, why not just plug in a laptop of
your own?
You may well find that folks are using wifi from their desktop to >>>>>>> their
router anyway. But you might just plug yourself into their
router directly,
with a long cable if needs be.
Though not much help if they have put it somewhere inaccessible
like in the
loft.
Theo
Even if Wifi is used, I could also plug in a Wifi USB and teh pi
box would use wi fi to wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier to carry around than a
laptop, plus I can't get on with laptop mice so if I can use a
friend's desktop all the better.
I don't actually need access to the router as I can jsut unplug
the ethernet from back of PC and plug my pi in. :-)
Or even better "Do not use Internet"
that is hard to do now when so much is dependent on it
Tesco dot com for weekly grocery shop
electricity/water/gas bills meter reading submissions
Online banking
Need I go on?
But why so much effort?
because I want to avoid the trackers and adverts and reduce my attack
surface for malvertising
Don't mind me saying, but it does smack a bit of paranoia. I just run Adblock, works fine for me.
On 02/02/2022 10:27, Steve Hough wrote:
SH laid this down on his screen :
On 01/02/2022 18:35, Steve Hough wrote:
SH used his keyboard to write :
On 01/02/2022 17:27, Raj Kundra wrote:
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet adapter and replace
OpenVPN with
Wireguard, sort out some DHCP etc and then use this and a
ethernet patch
lead to insert on the ethernet lead between friend/family
computer and
their router?
If your friend has ethernet, why not just plug in a laptop of
your own?
You may well find that folks are using wifi from their desktop >>>>>>>> to their
router anyway. But you might just plug yourself into their
router directly,
with a long cable if needs be.
Though not much help if they have put it somewhere inaccessible >>>>>>>> like in the
loft.
Theo
Even if Wifi is used, I could also plug in a Wifi USB and teh pi >>>>>>> box would use wi fi to wi fi as per the Youtube tutorial.
A little pi in a box is infinitely easier to carry around than a >>>>>>> laptop, plus I can't get on with laptop mice so if I can use a
friend's desktop all the better.
I don't actually need access to the router as I can jsut unplug
the ethernet from back of PC and plug my pi in. :-)
Or even better "Do not use Internet"
that is hard to do now when so much is dependent on it
Tesco dot com for weekly grocery shop
electricity/water/gas bills meter reading submissions
Online banking
Need I go on?
But why so much effort?
because I want to avoid the trackers and adverts and reduce my
attack surface for malvertising
Don't mind me saying, but it does smack a bit of paranoia. I just run
Adblock, works fine for me.
Ah, you're running adblock at device level.
My DNS, Pi Hole and Wireguard is running at network level so all
mobile phones, tablets and media players like Roku are protected
It means less maintance as I only have to work at one machine rather
than on every device. Some devices resist installation of adguard or
similar.
On 02/02/2022 11:49, SH wrote:
On 02/02/2022 10:27, Steve Hough wrote:Next step is to get a bunker, add your own
SH laid this down on his screen :
On 01/02/2022 18:35, Steve Hough wrote:
SH used his keyboard to write :
On 01/02/2022 17:27, Raj Kundra wrote:
On 14/01/2022 12:46, SH wrote:
On 14/01/2022 12:41, Theo wrote:
SH <i.love.spam@spam.com> wrote:
That got me thinking, a USB ethernet
adapter and replace OpenVPN with
Wireguard, sort out some DHCP etc and
then use this and a ethernet patch
lead to insert on the ethernet lead
between friend/family computer and
their router?
If your friend has ethernet, why not
just plug in a laptop of your own?
You may well find that folks are using
wifi from their desktop to their
router anyway. But you might just
plug yourself into their router
directly,
with a long cable if needs be.
Though not much help if they have put
it somewhere inaccessible like in the
loft.
Theo
Even if Wifi is used, I could also plug
in a Wifi USB and teh pi box would use
wi fi to wi fi as per the Youtube
tutorial.
A little pi in a box is infinitely
easier to carry around than a laptop,
plus I can't get on with laptop mice so
if I can use a friend's desktop all the
better.
I don't actually need access to the
router as I can jsut unplug the
ethernet from back of PC and plug my pi
in. :-)
Or even better "Do not use Internet"
that is hard to do now when so much is
dependent on it
Tesco dot com for weekly grocery shop
electricity/water/gas bills meter reading
submissions
Online banking
Need I go on?
But why so much effort?
because I want to avoid the trackers and
adverts and reduce my attack surface for
malvertising
Don't mind me saying, but it does smack a
bit of paranoia. I just run Adblock, works
fine for me.
Ah, you're running adblock at device level.
My DNS, Pi Hole and Wireguard is running at
network level so all mobile phones, tablets
and media players like Roku are protected
It means less maintance as I only have to
work at one machine rather than on every
device. Some devices resist installation of
adguard or similar.
Oxygen supply and recycle your own waste the
list will keep getting longer and longer.
Unless you announce to world that you are a
XXXXX, no one is going out to get you.
Scammers are taking random chance and can be
easily avoided by not clicking on every link in
E mail.
Ah, you're running adblock at device level.
My DNS, Pi Hole and Wireguard is running at network level so all mobile phones, tablets and media players like Roku are protected
It means less maintance as I only have to work at one machine rather
than on every device. Some devices resist installation of adguard or
similar.
SH <i.love.spam@spam.com> wrote:
Ah, you're running adblock at device level.For your travelling situation, how about a laptop of your own, an LTE card (no reliance on others' network), and running Pi-Hole in Docker on the laptop. That does everything in a one-box solution, with no external dependencies.
My DNS, Pi Hole and Wireguard is running at network level so all mobile
phones, tablets and media players like Roku are protected
It means less maintance as I only have to work at one machine rather
than on every device. Some devices resist installation of adguard or
similar.
You can plugin external display/keyboard/mouse if you want a 'desktop' experience, and use wifi at home/in a coffee shop/when staying somewhere you can find out the password.
A lot of business laptops have a WWAN slot for an internal LTE card, you'd just need a SIM card for data.
Theo
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 296 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 82:18:12 |
| Calls: | 6,658 |
| Calls today: | 4 |
| Files: | 12,203 |
| Messages: | 5,333,425 |
| Posted today: | 1 |