The first one I saw was Debian 3.1 (Sarge). I was in school and our objective this time was installing debian + getting a working Xorg session. Never heard of Linux before, didn’t get a working Xorg session, but wow man, there’s something other than Windows and MacOS. I couldn’t have imagined.

The first one I actually used on a desktop (laptop for school, in that case) was Ubuntu 6.06 (Dapper Drake).

I’ve tried oh so many different linux distributions over the years, I probably forgot most of them. Maybe some don’t even exist anymore. My goal was always Arch Linux, having seen it on a schoolmates laptop. I really fell for the “here’s a pretty minimum base, do whatever” thing.

In the end, I exclusively used Arch from 2020 until this year. Actually using Arch and reading the ArchWiki were probably what taught me most of what I know about linux in general and how things work.

I’ve been searching for a less DIY-solution which is still up-to-date (especially with kernels and mesa) and I landed on Fedora Workstation, which is what I’m currently using on my work latpop and desktop at home. I do miss some things from Arch, but Fedora has been pretty good to me and I, for the meantime, intend to stay here.

Yeah, I do daily VM-backups which include all of the data on syncthing. No matter what you have, you always gotta have a good backup-strategy.

I use syncthing for some of my “can-never-lose-these” files. syncthing synchronizes files between different devices. This is not an online-file-hosting thing like Google Drive or OneDrive. These files are physically present on all synchronized devices.

My server is the “main” (you can make everyone equal) syncthing every other syncthing connects to. With an established connection, files will be synchronized on participating devices. AFAIK, syncthing is compatible with Windows, Android and Linux.

This way, my important files are on my server, my smartphone, my PC and my laptop and every single one of these devices must simultaniously explode for me to lose my data. Also, it’s on docker hub

pi-hole is another great one. Local adblocker for the whole network, just set it as your DNS server or let the DHCP server propagate this DNS server to your clients. This too is on docker hub

I don’t know what stingray is, but if it needs a connection to somewhere and the protocol to connect verifies os-trusted certificates, it should be safe.

Set OPNSense default policy

As far as I remember, OPNSense has a default policy rule of “deny all incoming, allow all outgoing”. If not, this should be one of the first steps to take.

Get your own VPN

If you can, you could use your own VPN service. I run a VPS for 6 € / month. If you can get your hands on something like this and install an openvpn server, you could always use that VPN for every connection.

So even if an attacker highjacks your connection somehow, he would only be able to see encrypted content and all content will be encrypted by a server you own and can verify / trust. You could also integrate this VPN into your OPNSense, so you’ll be connected as soon as OPNSense starts up and has internet.

Regarding MITM attacks

Please someone correct me if I am wrong, but MITM attacks should generally be impossible when connecting to SSL backed connections, right?

These certificates (or rather the certificate authority the HTTPS certificates have been issued by) are generally trusted by your own operating system. Therefore, if someone wanted to highjack your connection without you getting some kind of certificate error, he would have needed to get his hands on a certificate issued by a worldwide trusted certificate authority and the address name matching the certificate.