Thing is, its EOL, per Asus. Does this mean that it won’t be supported on OpenWRT for much longer?

OpenWRT tends to support devices longer and better than the OEM, but it depends on the popularity of the chipset inside the router.

Many different routers by different companies are almost identical internally, because they use the same chipset. Eg the RT-AC3100 seems to be a bcm53xx variant, of which OpenWRT supports a few dozen products. Support will probably only be dropped when every single one of those devices goes EOL and several years pass (ie no people left contributing/maintaining it and the builds break somehow).

Router chipsets can be very long lived. Many new devices use decade old chipset designs. Some chipset families have almost identical chips released every few years with slightly different peripherals, clocks & pinouts; but are supported by the same kernel drivers.

(This is all much better than the world of mobile phone hardware support. Maybe it’s because of different market pressures? Not to mention you don’t have a monopoly that benefits from keeping the hardware fractured. Imagine if people could make a competitor to Android that works across most devices out there)

As far as I understand, wireguard is designed so that it can’t be portscanned. Replies are never sent to packets unless they pass full auth.

This is both a blessing and a curse. It unfortunately means that if you misconfigure a key then your packets get silently ignored by the other party, no error messages or the likes, it’s as if the other party doesn’t exist.

EDIT: Yep, as per https://www.wireguard.com/protocol/

In fact, the server does not even respond at all to an unauthorized client; it is silent and invisible.

Read-only, or the ability to edit filenames & upload files?

Read only: as per other answers here, basically any HTTP server. The easiest one I know would be darkhttpd, because it requires no config files and can be run without root.

Read write: I like WFM https://github.com/tenox7/wfm

*mooshrooms

We rented our technology and could not read nor write.

25/10 for 65AUD/m (43USD/m). Australia, NBN (monopoly across entire country, technically government owned but run like a private corp because of politics). It’s the lowest speed now available, but it’s already overpriced. $780/year is far more than all of my wifi capable equipment is worth together, including laptops.

https://halestrom.net/darksleep/blog/054_nvme/

Summary: two Silicon Power P34A80’s died within a few months of use, the second one was the warranty replacement of the first. In both cases sectors suddenly became permanently unreadable.

Supply-side Jesus (short animation) is a brilliant take on trickle-down economics and circular arguments about why the successful are successful and the poor are poor.

“Tax cuts will double our revenues and ensure that the empire never declines or falls!”

“Should you feed the lepers, Supply side Jesus?”
“No Thomas, that would just make them lazy.”
“Then shouldn’t you at least heal them Supply Side Jesus?”
“No James, leprosy is a matter of personal responsibility. If people knew I was healing the lepers there would be no incentive to avoid leprosy”

SFF = Small Form Factor. It’s smaller than traditional ATX computers but can still take the same RAM, processors and disks. Motherboards and power supplies tend to be nonstandard however. Idle power consumptions are usually very good.

USFF = Ultra Small Form Factor. Typically a laptop chipset + CPU in a small box with an external power supply. Somewhat comparable with SBCs like Raspberry Pis. Very good idle power consumption, but less powerful than SFF (and/or louder due to smaller cooler) and often don’t have space for standard disks.

SBC = Single Board Computer.

I wouldn’t attack via USB, that path has already been too well thought out. I’d go for an interface with some sort of way to get DMA, such as:

• PCIE slots including M.2 and external thunderbolt. Some systems might support hotplug and there will surely be some autoloading device drivers that can be abused for DMA (such as a PCIE firewire card?)
• Laptop docking connectors (I can’t find a public pinout for the one on my Thinkpad, but I assume it’ll have something vulnerable/trusted like PCIE)
• Firewire (if you’re lucky, way too old to be found now)
• If you have enough funding: possibly even ones no-one has thought about like displayport + GPU + driver stack. I believe there have been some ethernet interface vulnerabilities previously (or were those just crash/DOS bugs?)

I recommend using a different set of flags so you can avoid the buffering problem @thenumbersmason@yiffit.net mentions.

This next example prevents all of your ram getting uselessly filled up during the wipe (which causes other programs to run slower whenever they need more mem, I notice my web browser lags as a result), allows the progress to actually be accurate (disk write speed instead of RAM write speed) and prevents the horrible hang at the end.

dd if=/dev/urandom of=/dev/somedisk status=progress oflag=sync bs=128M

“oflag” means output flag (to do with of=/dev/somedisk). “sync” means sync after every block. I’ve chosen 128M blocks as an arbitrary number, below a certain amount it gets slower (and potentially causes more write cycles on the individual flash cells) but 128MB should be massively more than that and perfectly safe. Bigger numbers will hog more ram to no advantage (and may return the problems we’re trying to avoid).

If it’s an SSD then I issue TRIM commands after this (“blkdiscard” command), this makes the drive look like zeroes without actually having to write the whole drive again with another dd command.

N.B. to anyone reading this: ask your isp to “opt out of CG-NAT”. Talking about IPv6 may confuse the staffer you’re talking to, it’s partially related but not the fully picture.

This has some similarities to the invite-tree method that lobste.rs uses. You have to convince another, existing user that you’re human to join. If a bot invites lots of other bots it’s easy to tree-ban them all, if a human is repeatedly fallible you can remove their invite privileges, but you still get bots in when they trick humans (lobsters isn’t handshakes-at-doorstep level by any margin).

I convinced another user to invite me over IRC. That’s probably the worst medium for convincing someone that you’re human, but hey, humanity through obscurity :)