Think critically and perhaps engage the services of a lawyer to provide expert advice before you rely on that system.

Yeah only use doh on router, expect per device security otherwise.

I don’t use nextdns so I don’t know. Some mullvad stuff (like their http proxy!) is only functional when you’re using their vpn, but the doh server works fine without it.

DNS over https makes a connection with the dns server using the encrypted https protocol. That means that when I want to go to hanksbuttplugemoprium.com my isp doesn’t see the request because it’s encrypted. Normally those requests get passed up the chain in plaintext and that’s a Big Problem.

Like I said, I don’t know about nextdns, but it seems like it’s built around using dns level blocking.

The problem with blocking stuff through dns at the router level (like pihole and nextdns and if you’re not careful with what you choose, mullvads doh) is that you might end up stopping normal legitimate internet use. I stopped using pihole and later uhh the one with home in the name for that reason. Shit didn’t work and people wouldn’t tell me when it happened so I couldn’t whitelist stuff.

If you’re worried about your isp seeing dns requests and cataloging them, selling them or just blocking them and reporting you to the authorities, set up dns over https at the router level.

What are you trying to accomplish?

You can pay for mullvad month to month by sending them five bucks and a piece of paper with your special number written on it in an envelope.

Might make it more affordable.

There is one thing you should probably change post haste (see what I did there?): get you one of those polarized privacy screen protectors and stop using biometrics. At least in the us biometrics aren’t protected by laws against unlawful search and compelled speech.

Brand doesn’t matter. They’re all equally bad.

There’s two passwords to change: your routers administrator password and your WiFi password.

There’s mainly one setting to disable, but it’s often broken up into many across several parts of the device’s configuration page: wan administration or access to anything under any circumstances.

The smart starting point with dns is: dns over https. It’s probably all you need so don’t worry about pihole or other stuff. You mentioned mullvad. Use theirs.

These recommendations will provide a good baseline for security that doesn’t break the places you want to go on the internet. You could do more on the client side like use a vpn from your computer or configure your browser to use encrypted client hello and never store cookies or cache.

Oh, and the person you’re helping may be better served by either the dosdude Catalina patcher or the open core legacy patcher.

Walk through your process on these with someone who’s used them first before you just go off, if you don’t have access to another device running macos then you can “soft lock” yourself.

If you’re gonna work on macs it’s good idea to have one, even what the kids used to call a hackintosh.

You need to know what you have. Other people have teased out that you have a MacBook Air, but there’s several different versions.

Apple hardware for like twenty years has used two types of naming conventions, the Trade Name (Approximate Date) and the Trade Name Number,Number designation. You might have a MacBook Air 7,1 for example which is an Early 2015. The TN N,N is the model Identifier and the TN (AD) is the model.

You can find out what you have by clicking on the apple menu in the upper left hand corner and choosing “about this mac”. The window that pops up will tell you the model and if you click “system report” you will get a ton of information that should have the model identifier somewhere near the top.

You can also look up the serial on the website everymac.com and it’ll tell you a best guess which is almost always right!

Once you’ve done that you can much more effectively search for the pitfalls of installing Linux on that computer.

What do the logs say?

Buy unlocked. It’ll cost more and you won’t have the option of doing the carrier/manufacturers no interest payment system, but that’s what it costs to actually not be locked into a particular carrier for the foreseeable future.

My actual advice about phone choice is to learn the unjailbroken ios way of doing things because what you’re asking for in your post knocks out a lot of the more specific things people recommend on android devices and pushes you to smaller or not privacy focused roms.

You’re not auditing the code so you need the most eyes on it that you can get so running smaller or less privacy oriented software becomes more of an issue.

If you haven’t already, make a threat model and see if/how that changes your requirements and desires.

Ty!

That sucks. I’ve done that a lot of times by either not understanding what I was doing or fat fingering some decision.

If you do decide to try again, tag me and I’ll set up a vm environment similar to yours and walk you through any confusing steps.

Everyone is saying yes.

They are wrong.

You will absolutely have to troubleshoot in order to figure out how to do what you want to do.

Linux is different than windows or macos and you’re gonna have to gain an understanding (however dumbed down you might describe it) of those differences in order to use the computer.

If you can get over that hump of understanding then I think you’ll be fine.

I meant to write socket instead of port because I was tired.

If for example a program can take rpc over a socket which is a file somewhere is it just the filesystem permissions that determine what can be done or is there more at play?

Can a windows boot usb also not read them? If so and if you have the space to do so, it’s worthwhile to backup, reformat and repopulate the unreadable drives.

If Unix permissions don’t work for you, acls are the next logical step.

It used to be that someone with midi controllers could be assumed to be technical enough to say “you’ll be fine, everything will work”, but most of the time nowadays software just automatically figures out stuff and you don’t have to go looking at the implementation chart and using midiox to see where you’re screwing up,

So,

I’ve never seen an interface that didn’t work, but if you’re not comfortable troubleshooting midi signals then give it a shot and see.

What are you using midi for, a daw?

If you can boot back into windows, turn off quick startup/shutdown, run chkdsk or whatever on the drives, reboot back into windows then boot back into Linux and you’ll be okay.

Quick startup is a kind of weird sleep/hibernate mutant that leaves drives in an unclean state when it turns off, so the Linux drivers for ntfs say “I’m not gonna touch that possibly damaged drive”.

The language you want is “nonfree” in Debian derivatives.

Someone else wrote about how you’ll have a problem creating feature parity and integration like apple services. They’re right.

A better idea is the thing everyone always says: make a threat model.

The easiest thing to do for an Apple user is to simply make an iCloud recovery key, turn on advanced data protection and remove any account recovery method other than the key.

I would also gently counsel against trusting prismbreaks recommendations without research as they still point people at federated services where any bad or coerced administrative actor federated with the target users platform has access to a huge swath of data that most users would put in the category of “private”.

eh, if you don’t have spinrite or something like it and don’t wanna wipe your device with dd then it works well for the purpose of renewing ssds.

with the -n flag it will probably help and shouldn’t cause any damage, assuming the problem is that you have an old clapped out ssd.

remember, you’ll have to run it from a usb boot or something.

Always have a backup.

Badblocks shouldn’t output anything when run on an ssd. It’s not really useful for its intended purpose there because ssds have hundreds to thousands of bad blocks to start with (depending on how you define “blocks”) and reprovision messed up sections all the time to cover up the fact that they’re screwing up constantly from the bus.

It’s also true of rotational hard drives nowadays, not that they’re fundamentally based on using a medium that’s incredibly prone to “failure” but that they don’t expose the actual addresses on the medium to the controller.

The old way, what the bad blocks tool is intended to address, is like if there were a big warehouse and when you wanted something you asked for the thing in rack 6F, shelf D8. The disk goes and gets it for you and if it’s the right thing then you’re golden and if it’s wrong you got a problem.

Badblocks -n grabs the thing on 6F,D8, sets it aside and asks the disk to put something else in there, then asks for it back. If it succeeds then wonderful! “Block” 6FD8 is good and it puts the thing that was originally there back and moves on to the next one ad infinitum.

Of course, new rotational disks and all available ssds don’t actually work like that. You hand the disk an object and say “put this in 6FD8” and the device says “you got it” and then promptly opens the package you handed over and puts its contents wherever it wants.

When you ask for 6FD8 back the device grabs all the stuff that’s supposed to be there, puts it all back together and hands it to you. The disk itself might have all kinds of messed up things going on internally and you only see it when the data you put in doesn’t come out the same.

Part of what makes the secure erase functionality work on ssds is that very insane obfuscation. When there’s no actual physical structure to the way data is stored, no “raw” read of the ccd chips can make heads or tails of it. The disk can be easily and quickly “wiped” just by asking the disk itself to kindly forget its own key used to locate information requested and viola! Secure erase!

Of course, none of that matters because we’re not using badblocks to figure out if there are bad blocks, we’re using it to force the ssd to rewrite its ccds so they respond to requests faster.

The behavior we care about is writing something to the “block” then erasing it and rewriting the original data into it. Badblocks -n should do that.

There are times when it might not though, the ssd may hand you porno.mov out of “6FD8”, write random data to somewhere in the ccd chip that it writes down is supposed to be 6FD8, read it back to badblocks, then when badblocks says “alright, that one passed, lets put porno.mov back there” the ssd says “wait a second, I have a string of bits that matches this!” And just update its internal ledger that 6FD8 is now what it was before that silly random data kerfuffle, never actually rewriting anything.

It saved a write cycle on those cells after all! It did you a favor!

So sometimes badblocks -n doesn’t work in this application. Spinrite is the “correct” tool, but for some applications it doesn’t work either (non x86 systems) so I use dd in that case to just slam the disk full of something so it can’t reprovision and save any write cycles and writes every possible cell with something. That destroys data, of course.