From e7689cd5fdedbace986addb893d9510f623d08cb Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sun, 30 May 2021 09:45:21 +0200 Subject: add GET and TODO --- GET.md | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ TODO.md | 4 ++++ 2 files changed, 59 insertions(+) create mode 100644 GET.md create mode 100644 TODO.md diff --git a/GET.md b/GET.md new file mode 100644 index 0000000..7207ad9 --- /dev/null +++ b/GET.md @@ -0,0 +1,55 @@ +# Shopping advices + +Security for the sake of others +: NSA and processor-based randomness + +Lack of security +: phones where modem can read system memory + +Weak design +: bluetooth keyboard +: Speculation in recent CPUs + +## Easy + +Concrete options with the least hassle. + +Router +: Weak: GL.iNet [GL-AR150][] w/ vendor-provided OpenWRT-based system +: Strong: Turris [Omnia] w/ vendor-provided OpenWRT-based system + + +## Better + +Concrete options with better qualities, +which requires technical help or patience. + +Router +: Weak [tricky start]: GL.iNet [GL-AR150][] w/ OpenWRT +: Medium [tricky start]: TP-link TL-WR1043ND w/ LibreCMC +: Medium [tricky]: [Olimex LIME2][lime2] w/ Debian (f.eks. FreedomBox) +: Strong [tricky]: Turris [Omnia] w/ Debian (f.eks. FreedomBox) + + +# Trust paths + + * Debian secured by PGP Web-of-Trust + * Debian operates transparently - "Security through mockery" + * Free software - "Given enough eyeballs, all bugs are shallow" + * [Open Source Hardware][oshw] helps ensure [longevity][ifixit] + + +[GL-AR150]: https://www.gl-inet.com/ar150/ + "GL-AR150 Mini Smart Router, by GL.iNet" + +[lime2]: https://en.wikipedia.org/wiki/OLinuXino#A20-OLinuXino-LIME2 + "OLinuXino LIME2, by Olimex" + +[Omnia]: https://www.turris.cz/en/omnia/ + "Omnia router, by Turris" + +[oshw]: https://www.oshwa.org/definition/ + "Open Source Hardware definition by OSHWA (Open Source Hardware Alliance)" + +[ifixit]: https://www.ifixit.com/ + "IFIXIT - The free repair guide for everything, written by everyone" diff --git a/TODO.md b/TODO.md new file mode 100644 index 0000000..4b3279e --- /dev/null +++ b/TODO.md @@ -0,0 +1,4 @@ + * document recommendation for BQL-supported network devices + * document how to check if BQL is supported: + grep -vx 0 /sys/class/net/*/queues/tx-*/byte_queue_limits/limit + * maybe enable CoDel only for BQL-supported network devices -- cgit v1.2.3