Hoxx VPN (free & paid version)
Hola (free version)
VPN Area (paid version)
(paid version)
SecureVPN (paid version)
DotVPN (free version)
Speedify (free version)
Betternet (free version)
Ivacy (free version)
Touch VPN (paid version)
Zenmate (free version)
Ace VPN (paid version)
AzireVPN (paid version)
BTGuard (paid version)
Ra4w VPN (paid version)
VPN Gate (free version)
Jose should check out a feature on his Wireless AP called "AP Isolation" in dd-wrt and tomato, and I've seen it called other things I think DLINK calls it "WLAN Partition." Basically it keeps the different clients on an AP from talking with one another. There is a brief article about it on howtogeek -> http://www.howtogeek.com/179089/lock-down-your-wi-fi-network-with-your-routers-wireless-isolation-option/
Edit: Here we go, fdroid linkage:
https://f-droid.org/repository/browse/?fdfilter=gapps&fdid=com.tobykurien.google_news
Also for those who want to still install APK's from Play store but don't want to install the actual app:
Wow that is a lot of unmaintained packages. Seriously no one to port Tinc to 2.3? Looks like the commercial investment has starved resources from the open source development.
Feels like Bareos/Bacula all over again.
Time to switch to OPNSense then.
I use Private Internet Access, I just took a look at the settings and there is an option to block IPV6 when using the vpn and it's ticked by default. My guess is that the better providers are more than aware of this issue and have measures in place to ensure their customers privacy.
Is this a perfect case for setting up an OpenVPN droplet on Digital Ocean? :
How To Set Up an OpenVPN Server on Ubuntu 14.04
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04
Quoting : > ... OpenVPN is a full-featured open source Secure Socket Layer (SSL) VPN solution that accommodates a wide range of configurations. In this tutorial, we'll set up an OpenVPN server on a Droplet and then configure access to it from Windows, OS X, iOS and Android. This tutorial will keep the installation and configuration steps as simple as possible for these setups. Note: OpenVPN can be installed automatically on your Droplet by adding this script to its User Data when launching it. Check out this tutorial to learn more about Droplet User Data. ...
There's an episode of the excellent Black Mirror that revolves around RATing. S03E03 - Shut Up and Dance. Be warned though, it'll seriously mess you up.
Black Mirror is an anthology series (now a Netflix Original), so you can just jump straight in and watch it without having seen any other episodes (after watching S03E03 stick around for S03E04 to help you recover. E04 is my favourite).
Did you added xxx.duckdns.org as virtual host in nginx config ? See "step four" from here
I wrote an article for easily dealing with WordPress that was published by DO. Unfortunately they heavily edited my post and removed the Nginx calls, other Linux calls, subdirectory installs, and more. Still there is a lot of useful information in it. :-)
Don't I feel like a mook, I just posted this exact link to /r/techsnap a little bit ago. ಠ_ಠ
There's plenty of reasons to not like GoDaddy (terrible interface, offensive, low-brow advertising, their CEO being a prick, etc.) but this one is definitely now the top of my list. I'm so glad I moved all my domains away from them.
Tor isn't something that can effectively be banned. That's the entire point.
Currently in the US, exit node operators are legally protected from any illegal traffic that comes through their connection. In the future it might be made legally difficult to run an exit node, but SOPA in particular does not do this. Even if it is made difficult in the US, there are enough other countries in which exit nodes will continue to be legal that it won't make much of a difference except perhaps to add a bit of latency.
Even if the software itself is made explicitly illegal, you will still be able to use Tor, because it's designed to be used in exactly that kind of situation. Even if all public entrance nodes are blocked, you can use a tor bridge to connect anyway.
give privacy badger a run; it's surprisingly good. It'll block anything that's tracking you, but not ads if they aren't tracking you. Obviously there are still some things it misses (it's in alpha after all) but it's from the EFF and it's pretty good already.
I run most of my websites on separate users with PHP, admittedly mostly for convenience, but the security benefit is also there I suppose. I use PHP-FPM and will attempt to briefly show what I did below:
in php-fpm.conf:
Find the line like: include=etc/fpm.d/*.conf (varies depending on your OS) and uncomment it. In whatever folder it specifies, create .conf files for each user you want to have PHP for, and the contents should be like this:
http://slexy.org/view/s2NuVF30lr
That's the minimum number of settings you can have in the file, although obviously everything there can be tuned to your tastes.
Lastly, in your webserver, just point fastcgi calls at the correct port for each website.
The article mentioned Check Point's app a dozen times but didn't bother to link it. So here its is Check Point - Certifi-gate Scanner
I also had Team Viewer installed on my Moto X (2013, Verizon) but I uninstalled it and then ran the app. My device is not vulnerable
These exploits and security lapses are becoming more frequent and widespread. I hope Google makes the demand that Android devices need to support rolling updates to allow Google to quickly patch these security vulnerabilities. Carriers need to get on board otherwise I think you might see an industry shift away from Android, at least amongst Corporate and enthusiast users.
Thank you for trying to answer my question on the show and for this article you've link. There is indeed a parallel between staying connected while falling of the sky and while on a small sailing boat. The article Ikehaiku shared below is interesting and they point out a serious problem you have on a boat: you're constantly moving. And the smaller the boat the more it sway. So you can imagine if this is a problem for those super-yatch it can be quite the show stopper for a 30' sloop.
LightSquared was working on something promising before the government stopped them but, I guess you would have the same problem you have with regular satellite connection.
May be it would more efficient to build a wifi network and build those kind of antenna... 125 miles range is not so bad, you can be in blue water and stay connected. (and on the see you don't have trees or hills to block your signal). Of course, you'll still have the problem of the rocking of the boat and, even I you can get the signal their signal, can they get yours?
Anyway, I'm gonna keep looking for better solution to this problem.
I think you're missing the point. It 'masquerades' as Ransomware.
Then you make the ransom payment and subsequently find that you aren't getting your files back even though you paid the "ransom".
That's what makes this particular strain so insidious.
I guess I dont know much about SSH, and did not know about SSH CA's or that you could sign for a host, so this is very cool. Trying to wrap my head around this: https://www.digitalocean.com/community/tutorials/how-to-create-an-ssh-ca-to-validate-hosts-and-clients-with-ubuntu
But it does not solve the problem of how to manage which keys go to each server. I presumed this is something that LDAP would provide with its directory structure?
And I suppose I could role my own way of putting user keys on servers, but then you do you have to keep on top of pushing out updates and that point that is basically how we are already using salt (even though there is no CA). We propogate the states out from the master whenever we need to update which includes everyone's keys.
I would rather ask the authorization server if I can use the application, then tell every server ahead of time which users can use it.
Also, we dont use AWS. I'm a fan of lambdas, but we host our own stuff.
Hrmmm did you follow the directions at https://www.digitalocean.com/community/tutorials/how-to-use-the-owncloud-one-click-install-application ?
Following those steps it seems to work. Perhaps just revisit the 3-4 ssl steps and verify its all correct?
I guess if by "better" you mean cheap, right? I have a NUC with an i5 and hd5000 graphics and while I don't know how valid a comparison this is, just to get an idea of how my NUC would compare to this device I went to: http://www.cpubenchmark.net/compare.php?cmp%5B%5D=1944&cmp%5B%5D=2413 and "better" sure doesn't seem to mean "faster".
Note, I already had an mSata drive (although the NUC takes regular 2.5 as well) so I just had to buy RAM in addition to this: http://www.newegg.com/Product/Product.aspx?Item=N82E16856102055&cm_re=NUC-_-56-102-055-_-Product so yeah, if the Fitlet is really going to be $130 thats significantly cheaper.
I'd be worried about heat in that little thing though. The NUC I have has some more head room and even when gaming doesn't get hot to the touch at all. I cannot say the same for my previous NUC which cooked.
wrt Goran's note about proxmox, ZFS, Debian: if the Debian packages for ZFS are as simple as the Ubuntu packages, very often I have little to no problem except across the occasional kernel updates. OpenZFS has caught up quite a bit well into the 4.2.x kernel series iirc, and I rarely see a DKMS compile "skip" during update anymore.
However, if that does happen, sometimes you need to use a dkms install command similar to: sudo dkms install zfs/0.6.4.2 && update-grub2 && shutdown -r now
As for stability? Not an issue. As for memory consumption? You could be in for some memory contention if you combine zfs and vms, you might limit your arc max sysctl knob: http://serverfault.com/questions/581669/why-isnt-the-arc-max-setting-honoured-on-zfs-on-linux
A few days ago I was messing with ruby at work and wanted to see the definition of the map
function in ruby. So I went to ddg:
https://duckduckgo.com/?q=ruby+map
The result wasn't exactly what I was expecting.
+1 for this. I set it up on a $5 DO droplet last month and it has been absolutely fantastic so far. I'm still testing it out, so for now it gets very little traffic, so it runs just fine on the $5 droplet. You have to go in an break the RAM checking part of the initialization script and set up a 1-2GB swap file, but both of those are very easy to do.
I've found the documentation to be really good as well. I really liked their diagram showing how all the services worked together. (https://mailinabox.email/static/architecture.svg) Plus, since it's just using the regular packages provided by distro, you can go in after install and tweak it or add stuff or like change out the spam blocker and whatnot.
Clearly, Microsoft needs to better communicate upgrade requirements. This is critical for IT-centric businesses.
It doesn't say anything about uninstalling Office 10 in the requirements and specifications say nothing about Office 2010, but an office page says that version 14 of Office 2010 is compatible.
It's sad to see that the only effective consumer rights organization is based in UK and is largely ineffective except at improving consumer awareness. Remember when Consumer Reports wasn't completely useless?
I know there's an app that does this over a LAN, I think it's called pttdroid
The only ad-hoc app I can think up off the top of my head is serval mesh which is sort of like what you want, but I've never tried it.
The link above, http://www.makeuseof.com/tag/dlna-still-used/
The right side is an empty white panel, but as you scroll down, boxes slide in from the right. It'll take me too long to build a demo GIF. I have adblock+privacy badger. If you're not seeing it, maybe you have additional extensions?
Thank you for mentioning my public iperf server! ( http://iperf.scottlinux.com/ )
The network available is indeed 40Gbit in (the direction which iperf uses to test). It also has native IPv6 as well as offering iperf3.
Google fiber is 1 Gbit up/down. Rock on,
Well, my budget allows for a decent freeNAS and maybe a little bit more, but I can't say I have money to burn. I'm a still a student after all. So finally I might have to go for a routerboard if that virtualisation/jail thing does not work out.
Why is pfsense that more demanding by the way? The gigabit router I linked earlier misses the hardware recommendations for pfsense by more than an order of magnitude (at least CPU-wise)! Are the performance test results provided at the bottom of the routerboard page a little bit "optimistic"?
Probably PhotoRec which looks for things that look like files in a volume. It can find files that have been "deleted". Basically in a typical filesystem when you "delete" a file it just marks the sectors holding the file as free, so they can eventually be overwritten, but the data is still there. This is probably more a case of the drive being used as a cache and then the files are deleted but not overwritten. Really it's more of an oversight than anything else, but it's still a serious issue.
the segment on freeNAS 2way sync got me thinking.
check out IPFS; https://ipfs.io/ and https://github.com/ipfs/ipfs i was impressed with the demo video - especially when they mounted it as a fuse volume and would love to see this concept put to files over multiple NAS units.
IPFS does advertise itself as a filesystem, but likely not the full solution to the 2way version control.
but if 2way sync isnt being used for backing up, then to solve multiple site/user access maybe a 2way sync isnt the way to go either.
ipfs seems to have version control, deduplication, decentralized and MIT lisence worth a look.
other thoughts; trying to poll large files will create long delays which complicates things, file locks over all nodes would help prevent collisions, but will need resolution if a node(s) is offline.
a perfect solution to this issue is likely going to include;
I'm running syncplicity with a bunch of VMs under Virtual Box on Mint 13, purely because I don't really need it to be hugely efficient and I'm lazy enough to to still like having an easy to understand system.
It really does all depend on how much time you want to put into learning a server OS.
I'm watching this project for almost 2 years, just waiting for the right time to make the move... from the "outside" I've heard complaints about file synchronization issues using the native clients on desktop machine (during OwnCloud time) Nowdays... this drama....
After following the "news & podcast" Nextcloud team want to be "more transparent" I personally would give it more time (just to see what happen) and most likely will go for NextCloud, as it appears to be more promising at the moment.
If you or your client are in a hurry and cannot wait, I would contact both companies and evaluate their response time, friendliness, support price and flexibility to adapt to you or your client needs. I would also browse into their public source code repository and check, when was the last commit, what are the most recent reported issues in the last year.
I would also check how maintainable is Own/NextCloud in the long run. Some time ago Owncloud announced that they will not support Windows installation anymore and also I've heard complaints about how "outdated" OwnCloud is in certain Linux distribution (not applying bug fixes).
The last time I've asked similar question, someone told me that OwnCloud is so mature that CERN is using it. However I'm skeptical about it, you cannot compare the use that a sales/marketing employee would do to OwnCloud vs some random employee at CERN using the same solution I think the workflow and skill set could be very different, I think...
In response to "John from Canada"'s question it's absolutely possible to run all those things on the FreeNAS.
A lot of the services have FreeNAS plugins and FreeNAS has the ability to create FreeBSD jails too (which is how i prefer to run things).
I currently have 9 jails on my FreeNAS box:
The only real problem i've experienced with this setup (5x 2TB RAIDZ, 32GiB RAM, i3-3225) was browsing the web interface of Emby. Whenever a library scan was initiated the whole interface would become unresponsive, no doubt due to low IO on the HDDs.
Fortunately i had a spare SATA port and had recently upgraded the SSD on my laptop, so i stuck the old 120GB one in the server and recreated my jails on that. No redundancy on a single disk zpool, but it sure does fly now (browsing the Emby web interface takes less than a second to populate the page with 100 film/show posters and, being on separate zpools, library scans no longer block the UI).
Looking at your specs you've got a SATA DOM on your list. This is a waste of a good SATA port. FreeNAS runs from RAM so, unless you need the absolute fastest boot time, you're better off using that port for a storage drive and just booting FreeNAS from USB. The only time the OS drive is used is when booting or installing an update.
> If you think doing curl|bash is ok, you shouldn’t have root
Tell that to GitLab developers!!! Holy smokes I'll confess that I did that at some point because I was in a "hurry"
https://about.gitlab.com/downloads/#centos7
> 2. Add the GitLab package server and install the package
curl -sS https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.rpm.sh | sudo bash
> If you are not comfortable installing the repository through a piped script, you can find the entire script here and select and download the package manually and install using
Private Internet Access, a VPN provider, takes out a full page ad in the @nytimes calling out 50 REPUBLICAN senators (including Rand Paul) #Broadbandprivacy:
mini itx boards with dual nics are great for pfsense.
http://www.amazon.com/Jetway-NC9NDL-2550-D2550-Mini-ITX-DC-DC/dp/B00A4NQRYG/
http://www.amazon.com/Intel-D2500CCE-Mini-ITX-Motherboard-BLKD2500CCE/dp/B006ICQ3FK/
I'd suspect a Jetway-style embedded-style system might do the trick. http://www.amazon.com/Jetway-HBJC375F3AW-2930-B-Baytrail-Industrial-Embedded/dp/B00LU69OZA/ref=sr_1_4?s=pc&ie=UTF8&qid=1455035751&sr=1-4&keywords=jetway+fanless
While initially Google doesn't have access this is true. My thought though is that if you use the Google Device Manager, then Google can unlock it upon request.
The Device Manager/Tracker/Unlocker/Ringer/Wiper is a 100% Google product tied to your account. If the DOD/NSA/DOJ/CDC, or what ever, had a court order then they could use Device Manager to do it.
https://play.google.com/store/apps/details?id=keepass2android.keepass2android
It actually acts as a keyboard provider. You tap a button and it types in the username, tap another one and it types in the password (or you can copy to the clipboard if you're not concerned about it).
This coupled with SyncThing has been my password solution for the better part of a year now. Love it.