Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - almodovaris

#1
Some cheap Android phones and cheap Android media players come preloaded with malware.
#2
I use cheap miniPCs as firewalls. They can do 1 Gbps Zenarmor without problems. So, for me multicore Zenarmor is not needed.
#3
There is not any solution which blocks 100% of porn.

E.g., OpenDNS does not flag Usenet as porn, while 95% of Usenet servers teem with porn.

Or websites for big files transfers: you could be downloading gigabytes of porn and most firewalls would not even notice it.
#4
General Discussion / Google Drive
March 14, 2025, 03:24:00 PM
The announcement for 25.1.3 says Google Drive will be phased out. Could you provide a source for it?
#5
Yup, don't use mongodb, use SQL.
#6
Zenarmor (Sensei) / Re: Unsatisfactory TLS inspection.
November 05, 2024, 08:45:37 PM
I think that is due to blocking QUIC. Chromium-based  browsers seem not to like that.
#7
Yup, I had that once due to the security settings of my credit card. I had to explicitly allow payments for Zenarmor.
#8
The filters are not all-knowing, they're work in progress.
#9
Zenarmor (Sensei) / Re: zenarmor devices
September 12, 2024, 11:04:27 PM
Try to ping them.
#10
Disabling clients from using their own DoT, DoH, or DoQ is a complicated matter. Against DoT you have Zenarmor. Against DoQ you can block QUIC in Zenarmor. But DoH blocking is a lot more complicated, unless you have an exhaustive list of all DoH servers. The problem is that anyone may start a DoH server, so such list is never foolproof.

Correction: Zenarmor blocks DoH, not DoT. But the problem that anyone may create their own DoH server persists. DoH is indistinguishable from regular HTTPS traffic. Technically, Zenarmor can inspect HTTPS connections, but that breaks much of the internet and smartphone apps.
#11
In the end, I think this is an OPNsense-only problem. I have Zenarmor running of Debian 12, and it does not have such issue.
#12
About pinging hostnames: that was once a problem in Zenarmor, perhaps you are using a similar app.
#13
And, yup, if the bectl with 24.1 cannot see the crash from another bectl, I have no idea why it prompted me to send the crash reports.
#14
Reported by icnl at home dot nl.

The bectl with 24.7 crashed twice. The bectl with 24.1 filled the crash reports. AFAIK 24.1 did not crash, ever. It's a fairly new installation (two days old).

But, okay, it can have misleading data about the installed software.
#15
Quote from: franco on July 18, 2024, 07:22:08 PM
Yes, just keep sending if you see one and I'll recheck later. The latest test kernel is
If 24.1 can see the crash from 24.7, then both crashes are from 24.7. But, again, I don't know if it can report the crashes from another bectl.