In regards to the DNS advice should I use that for both my PC and android ? And when would I use a vpn?

You should setup your preferred DNS server everything really. On your phone, on your computer and on your router if you can. DNS is the absolute easiest way to track and block/hijack browsing habits, so hardcoding your devices to use a standard one like NextDNS, Quad9 or Cloud flare will put you very far ahead

Regarding VPNs, commercial VPNs are really overhyped, and thats because they’re a cash cow for operators. See Tom Scott’s video on the subject if you prefer this britishplained to you. All a VPN is is a tunnel from your device to the VPN server wherever that is, so you’ll look like your traffic is originating from that VPN server, plus all of your traffic is going to that VPN server so you have to trust that that server isn’t compromised nor slurping up all of the data to sell/provide security agencies. Clear text browsing traffic will also be secured between your device and the VPN server, but that’s super uncommon nowadays. Realistically a commercial VPN is best for if you’re doing illegal activities such as piracy because it will add layers of abstraction should a private company or public agency wish to investigate your activities and try to identify you. I do use Tailscale with an exit node on my home network when connecting to public wifi just in case the network is misconfigured, but it’s really just another layer of Swiss cheese security.

I tried Graphene OS but my banking failed so back to stock Android

Any features in the mobile app that don’t exist on the website? I’ve had good luck checking my bank balance and all sorts of other things through Firefox on Android - pre-edit: I missed that it was app only. That sucks.

For browsing on Android I use Mull and on my android Proton VPN is always on. I visit twitter and twitter ocasionly but always through mull browser.

The VPN really doesn’t do much at all for privacy. It just moves the point of trust from the service provider for the current network to the VPN provider, plus now you have extra hurdles as you’ll show up as a VPN IP rather than a “normal” residential or cellular IP. Realistically set your DNS to be something like Quad9 or Cloudflare and you’ll already be several steps ahead on browsing privacy

For spending habniys I try to use Google pay as little as possible and use my master card.

Realistically any card is going to be selling your spending habits. Cash and crypto are about the only ways to have private purchases, and plenty of places won’t accept either

Personally I had a long hard think about my privacy practices and how they only isolated me and made me unhappy, and realized that if I’m already blocking all ads so I never get to see the results of the incredibly dystopian advertising hellscape, does it really matter that much if Google knows I spent $200 on random model train shit last month when they already know I watch a few hours of train-related content on Youtube? So I take smaller steps to not fully given in, but I don’t take steps that create extra hassle in participating in modern society and living my life to its fullest.

I got one for work. It literally just pastes into ChatGPT

I have memories of some random afternoons at the consulting firm my mom worked at, where everyone’s just poking at spreadsheets. I can’t imagine how cool the memory of going into the server farm and doing some hardware work there would be

Folder structures are a bizarre thing for many people

When learning about this I learned that in the analog days folks would actually put physical folders inside of physical folders and it both makes tons of sense and is mind blowing at the same time. -Late Millennial born to IT parents

With the amount of password resets I have to do at work, I can’t say I’m shocked

qbittorrent search makes it stupid easy too

There’s actually a real world example of this. Some cats that are disected in schools are euthanized cats from shelters, because the alternative is cat farms that breed cats just to be killed and disected

Contextual ads can be simple images/html without 20 thousand scripts buried in

The thing I don’t like about laptops are 1. Noise and 2. The bursty CPUs just don’t mesh well if I want to run a swarm of VMs or need to just run a big compress/decompress process. I watched one laptop slowly throttle itself all the way down to 700mhz while I was messing with a bunch of VMs and it really made me miss having a desktop where it can just chill at 5x the speed at 100% utilization and chew through whatever is being thrown at it

wont take palestinian refugees is because theyre such rabid dogs

Calling an entire people “rabid dogs” definitely tells me this is totally not fueled by racism of any kind and that you’re definitely on the right side of history

x86-64 is a CISC architecture

In many cases it’s actually RISC under the hood and uses an interpreter to translate the CISC commands and run them in the most optimal manner on the silicon

ARM and RISC-V absolutely scale up to multi-hundred watt server CPUs quite easily. Just look at the Ampere systems you can rent from various VPSes for example

The big benefit that ARM and RISC-V have is they have no established backwards compatibility to keep carrying technical debt forwards. ARM versions their instruction sets and software has to be released for given versions of ARM cores, and RISC-V is simply too new to have any significant technical debt on the instruction set side.

Atom cores were notable for focusing the architecture on some instructions then other instructions would be a slog to execute, so they were really good at certain things and for desktop use (especially in the extremely budget machines they got shoved into) they were painful. Much like how eCores are now. They’re very carefully architected for power efficiency, and do their jobs extremely well, but an all eCore CPU is a slog for desktop use in many cases

There’s even extreme edgecases where a compromised machine being part of a botnet actually improves security because the malware shores up security to help itself remain persistent and not find itself removed/blocked by other malware or attackers

I tossed mint on a PC after about 8 years of not using mint at all and I’ve been extremely impressed at how stable and friendly it is. It works exactly how you expect it to and Cinnamon has the best default workspace implementation of any DE I’ve used

get hyped for COSMIC

Honestly I’m just excited for a non-gnome DE with an actual company backing it. I can’t wrap my head around gnome’s expectations for how you use it, so the fact that it’s the default on every enterprise-backed Linux project is annoying as heck

I have two different ISPs serving the entire town I live in, both offering symmetric gigabit fiber to the home to the entire town, but can I get a lick of IPv6? Of course not!

Huh! Thank you very much for the detailed answer that’s extremely interesting!

Checking nmap’s documentation it looks like it’s perfectly possible to detect open udp ports

You should NOT have a WG tunnel from the home network to the VPS with fully unrestricted access to everything.

This is what I came here to make sure was said. Use your firewall to severely restrict access from your public endpoint. Your wiregaurd tunnel is effectively a DMZ so firewall it off accordingly

The really nice thing about tailscale for accessing your hosted services is absolutely nothing can connect without authentication via a professionally hosted standard authentication, and there’s no public ports for script kiddies to scan for, spot and start hammering on. There’s thousands of bots that do nothing but scan the internet for hosted services and then try to compromise them, so not even showing up on those scans is a good thing.

For example, I have tailscale on my Minecraft server and connect to it via tailscale when away from home. If a buddy wants to join I just send a link sharing the machine to them and they can install tailscale and connect to it normally. If for some reason buddy needs to be cut off, I can just stop sharing to that account on Tailscale and they can no longer access the machine.

The biggest challenge of tailscale is also it’s biggest benefit. Nothing can connect without connecting through the tailscale client, so if my buddy can’t/won’t install tailscale they can’t join my Minecraft server