would there be any difference if the webpage has a JS button to put something in the clipboard, or it having code running in the background that puts things into the clipboard at page load?

Clicking a button shows user intent, whereas a page load doesn’t. No user expects loading a page to overwrite their clipboard, but every user that clicks a “Copy to Clipboard” button does expect it.

I’ve never heard of LoRa. The marketing and whitepapers for HaLow specifically mention the things I did, for example https://www.wi-fi.org/discover-wi-fi/wi-fi-certified-halow

Not sure what you mean by “controlled” given it’s open-source?

That’s pretty good given (as far as I know) the main use case for HaLow is for low bandwidth, very low power use cases, like for IoT devices and other things you’d use Zigbee or Z-wave for today, including devices that run for years off a single button cell battery

Which OS?

On Android, Moon+ Reader is pretty good.

My wife uses the Amazon Kindle app on her Android tablet. You can use it for non-Kindle books by sending an email to a special email address for your Kindle account: https://www.amazon.com/sendtokindle/email.

Calibre is useful for this. It shows an easy to use “send to Kindle” button, and can convert books in ePub, mobi, etc formats to the format that works best in the Kindle app (AZW3).

If you want a web interface for Calibre (eg to run on a home server and download books when you’re away from your computer), Calibre-web works well.

But why deal with separate software like dnscrypt-proxy when AdGuard Home has it built-in?

A recursive DNS server and a local DNS cache/forwarder/are two different things with two different purposes. You will always need both.

Why do you need two separate ones though? Recursive DNS servers also cache responses. Usually the only reason you’d run a local forwarder/cache is if you’re not running a local recursive server.

Yeah it’ll use the local copy if it exists.

I use a wildcard cert in some places, but most of them are individual certs. You can have multiple ACME DNS challenges on a single domain, for example _acme-challenge.first.int.example.com and _acme-challenge.second.int.example.com for first.int.example.com and second.int.example.com respectively.

The DNS challenge just makes you create a TXT record at that _acme-challenge subdomain. Let’s Encrypt follows CNAMES and supports IPv6-only DNS servers, so I’m using some software called “acme-dns” to run a DNS server specifically for ACME DNS challenges. It’s just listening on a IPv6 in one of my VPS /64 IPv6 range.

IMO it’s easiest to just use a real domain for your local network. For example, I use subdomains of int.example.com, where example.com is my blog.

Then, you can get Let’s Encrypt or ZeroSSL certificates for all the hosts. Systems do not need to be accessible over the internet - you can use an ACME DNS challenge instead of a HTTP one. Use something like certbot or acme.sh and renewals will be automated.

Only cost is for the domain, and some TLDs are less than $5/year. Check tld-list.com and sort by renewal price, not registration price (as some are only cheap for the first year).

I have Plexamp on my phone configured to automatically download the “loved” album (songs I’ve rated 4 or 5 stars). It automatically downloads songs I add to the playlist. My library is too big to download it all to my phone (most songs are in FLAC format) so I’d need to download a curated list anyways.

This seems to work well. I’ve used it a few times on flights or when I’m in a hotel room with spotty phone coverage and no wifi.

Throw Unbound on there too as your upstream recursive resolver

If you want to run your own recursive DNS server, why would you run two separate DNS servers?

You don’t even need to worry about an encrypted session to your upstream anymore because your upstream is now your loopback.

Your outbound queries will still be unencrypted, so your ISP can still log them and create an advertising profile based on them. One of the main points of DoH and DoT is to avoid that, so you’ll want them to be encrypted at least until they leave your ISP’s network.

You can download all your playlists.

AdGuard Home is a better choice than PiHole since it uses DNS-over-HTTPS by default. There’s also an app called AdGuardHome-Sync to sync settings between multiple instances.

I’d recommend running two DNS servers, and at least one of those separately from the rest of your infrastructure like on a Pi. That way, if you need to pull one of them offline, the internet still works.

Surely you mean WS_FTP LE.

Put all songs in a playlist and then download that playlist?

Their main product is a server that you run on a computer and lets you stream your own content.

It doesn’t necessarily need a click - it can be triggered by a keypress too (eg at my workplace we have a few internal pages where you can press a keyboard shortcut to copy a shortened URL for the current page).

It has to be something the browser considers a user interaction, meaning the user has expressed an intent to perform the action. That’s usually a button press or keypress.

but it can place text into the clipboard.

Only as the result of a user interaction, for example by pressing a button.

I set up voice recognition

This feature is extremely insecure now that there’s several AIs that can replicate voices. If a scammer calls you and you say a few words (like if you say “hello” and “sorry, I think you’ve got the wrong number”), a recording of that can be enough for them to replicate your voice.

This happened at my workplace. An attacker got into someone’s Schwab account by calling Schwab support and successfully getting past the voice verification, and attempted to transfer $100k (from a recent stock sale) out of their account. It took a bit of effort but they managed to get all the money back.

Schwab sent out a bulk email to everyone at my company saying they’re improving their security as a result, but I’m not sure if they’ve actually improved it. They’re still promoting this insecure feature.