blocking youtube, insta and facebook once and for all

I have been busy for a while figuring out just how much freedom and control I need to use to keep my children from harm from the online world.. after all I know how much trolling is going on and how much hate is being generated/amplified there.
At the same time I am still that blind optimist that believes as long as people talk to each other eventually the good guys will pravail and win because they work together.
Now, with facebook and google using smart algorithms mining big data that they generate from millions of hosts and applying that with addiction-generating systems that generate revenue.. I must admit that is a) very smart, b) a dick move and by all means c) unacceptable if it happens on the back of innocent, uncorrupted and ignorant beings (namely my children)

so I have been using google family link to control the devices of my kids for a while now.
I don’t care what websites they use and who they chat with, they need to learn that some people don’t want to be your friend themselves.
But I have created a blacklist that contains three words:
– youtube
– instagram
– facebook

these three started out wonderful and creative and are now what McDonalds feels like. Fat, lethargic and only interested in making more money. In my eyes they don’t exist anymore but I realize how much the peers of my children are pushing them back and always back again into these platforms.
Everyone who knows a bit about data mining will understand that even without a facebook account, the fact that 5 of your friends have one and they have your number in their address book, that facebook app has access to that address book (to help you “find your friends faster”) and that they get location and demographic information about you by banner ads and tracking cookies that are sent to your device will pretty much tell them all about you without you having an account. It is highly efficient and super scary.

So… while I can more or less control the mobile devices I can not do this for the PC at home.
Also I was looking for a time keeper to control how many hours they are busy.
(Again.. I don’t care if it’s music videos, reddit or minecraft.. but there has to be a balance)

Also laptops can be carried to the neighbors, so installing a pi-hole or DNS blocklists won’t work once they are at the neighbors, whos mother things I am paranoid (I am!) so.. another solution was needed. > see below

It comes in multiple stages.
For mobiles: (Android only – we don’t use Apple iDevices anymore, sorry)
– google family link – create parental account and child account
– restrict all PG/R rated stuff (get rid of that once they are 14)
– restrict all browsers except chrome (otherwise the blacklist won’t work)
– restrict all new software installs / parental approval needed
– blacklist URLs/domains for chrome – block insta, facebook, youtube by keyword
– restrict time by hours / day and bedtime (no activity after 21:00 and before 06:00)

the parent app can create “single-use” keys that disable the restriction for a day, so if they can explain to me why they used the phone for 3 hours for school reasons (the school has a e-learning app) – I can see that in the “usage” overview and send them a code to disable for the day.

the same works for the nintendo switch – it is set to lock after one hour during week and 2 hours in the weekend > I can disable it remotely using my phone for a day (switch parental controls) – also there.. don’t care what exactly they play (as long as it is not rape simulator 2020 or whatever it is these days…) just the time matters.
https://www.nintendo.com/switch/parental-controls/

For the PC: (Windows/Ubuntu)
– there are timekeeping and app tracking apps that are super-scary, like.. I really don’t want to think about the poor children who have to have their parents whitelist every single contact they want to email with – but I want to know if you used the 2 hours for minecraft or for school or for videos.
So – Windows parental controls – track app usage and time. Also bedtime.
https://support.microsoft.com/en-us/help/4028244/microsoft-account-set-up-screen-time-limits-for-your-child
Ubuntu: Timekpr-next (had been deprecated twice, this is the most recent version)
https://launchpad.net/timekpr-next

And for the last part.. how do I block those sites without using the WLAN router and a DNS profile that can be bypassed easily by going to the neighbor?

> enter the hosts file. (Ubuntu: located in /etc/hosts and windows: Find it in \Windows\System32\drivers\etc\hosts )

I will upload the file here but it basically forces static DNS resolve addresses that point to 0.0.0.0 or 127.0.0.1 or whatnot.. something that is NOT the Internet.

0.0.0.0 apps.facebook.com
0.0.0.0 connect.facebook.net
0.0.0.0 facebook.com
0.0.0.0 fbcdn.com
0.0.0.0 fbsbx.com
0.0.0.0 fbcdn.net
0.0.0.0 graph.facebook.com
0.0.0.0 login.facebook.com
0.0.0.0 s-static.ak.facebook.com
0.0.0.0 static.ak.connect.facebook.com
0.0.0.0 static.ak.fbcdn.net
0.0.0.0 www.connect.facebook.net
0.0.0.0 www.facebook.com
and so on .. there are people on reddit that make a list.. it is still changing so don’t assume this will work forever.
hosts <– grab the entire file here

Also if your kids learn how DNS and networking works (and they manage to assume root) you can’t do much here, either.. but I kinda dream of the day being pwn’d by my daughter.. so I’ll allow it.

automated Plex backup 2019 style

2019 – ubuntu is now using systemd (18.04LTS), my home server is running a ryzen processor, CIFS is almost as fast as NFS now and the automated rsync jobs have stopped.
Time to re-build them!
Note: This is a closed system, I am not taking care of security here much as my network is considered “secure” – this is probably not going to win many security awards

Step 1: Networking

Ubuntu 18.04 uses systemd and netplan so no more hacking around /etc/network/interfaces. The config is in /etc/netplan – the default file is 50-cloud-init.yaml

network:
version: 2
ethernets:
enp2s0:
dhcp4: false
addresses:
- 10.0.0.2/24
mtu: 9000

and apply the settings with sudo netplan apply
and verify withip addr
ST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP
however, this did not bring the mtu to 9000 so we need another thing:
> sudo ip link set mtu 9000 enp2s0
and from what I hear this may not be transitory / survive reboots.. in that case it needs to go into the startup scripts.
Anyway: that’s what I wanted:
enp2s0: MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP

Step 2: Mount the NAS

verify shares are working (NFS and CIFS)

andreas@plexcloud:/$ showmount -e 10.0.0.1
Export list for 10.0.0.1:
/shares/public *
/shares/andreas *
andreas@plexcloud:/$ smbclient -L //10.0.0.1 -U andreas
WARNING: The "syslog" option is deprecated
Enter WORKGROUP\andreas's password:
Sharename       Type      Comment
---------       ----      -------
public          Disk      public
andreas         Disk      Andreas sein Zeug

try to mount is manually: (as root because I will mount using fstab later)

root@plexcloud:~# mount -t cifs -o username=andreas,password=xxxxxxxxxxxx,iocharset=utf8,file_mode=0777,dir_mode=0777,soft,user,noperm,vers=1.0 //10.0.0.1/public /mnt/NAS/

root@plexcloud:~# ls /mnt/NAS
[data]

actually. it’s 2019.. I changed my mind wrt fstab.. let’s use automount (As I never know if my NAS will be up or not while I move to my new place)
https://help.ubuntu.com/community/Autofs <<< that’s supposed to be easy?

apt install autofs
edit /etc/auto.master and add the line
/mnt /etc/auto.smb
(which should tell autofs to look at /etc/auto.smb and perform its magic in /mnt) – basically mounting SMB shares in the /mnt directory. CIFS would be a better way.. which doesn’t work for me.. so it’s the manual mode for me for now

for the lazy me: edit fstab and add:
//10.0.0.1/public /mnt/NAS/ cifs username=YOURUSERNAME,password=YOURPASSWORD,iocharset=utf8,file_mode=0777,dir_mode=0777,soft,user,noperm,vers=1.0
vers=1.0 is to bypass the “host is down” error (assuming proper authentication should be used) and the rest is to bypass said authentication and not to fuck around with file permissions (just behave like a fucking USB stick, damn it.. no one else is using you!)
yeah, I know.. “guest” would probably work, too.. but I had bad experiences with permissions afterwards.

so now I have a mountpoint, let’s do backups!

Step 3: test and automate rsync jobs

motivation: rsync with delete – whatever I delete from the source can be deleted on the backup, too
full sync for the server directory, only check by size for the media files
I like -v and “–progress” as it gives me an indication what is going on (on the first run…)
however not in the scripts, a simple –stats will have to do, there…

so for the server backup:
rsync -ahv /var/lib/plexmediaserver/ /mnt/NAS/backups/plexmediaserver/ --progress --delete --stats --dry-run
non-verbose and “live” mode:
rsync -a /var/lib/plexmediaserver/ /mnt/nas/backups/plexmediaserver/ –delete

(I removed the -z because the data dir is 7 GB and the compression too too long on that stupid atom-based nas)

and for files:
rsync -ahv /plex/ /mnt/NAS/plex/ --progress --size-only --delete --stats --dry-run
and non-verbose:
rsync -aq /plex/ /mnt/NAS/plex/ --size-only --delete

first version of the script used copy but this took AGES to finish so rsync all the way now. After all it seems my old seagate NAS does rsync :D

the /var/lib/plexmediaserver dir still takes way too long.. so I will tar and zip it and rsync it over instead – much faster – also –delete-source-files is handy (as mv can not overwrite and I don’t feel good calling rm -rf in a script executed by root….)

tar -zcvf plexmediaserver.tar.gz /var/lib/plexmediaserver/

finished script: added to crontab

0 4 * * * cd /home/andreas && sh backup_plex.sh>>plex_backup.log

#!/bin/bash
echo "+++stopping plex media server"
systemctl stop plexmediaserver.service
sleep 5
echo "+++backing up server and cache"
#rsync -ahz /var/lib/plexmediaserver/ /mnt/NAS/backups/plexmediaserver/ --stats --delete
tar -zcf /opt/plex/plexmediaserver.tar.gz /var/lib/plexmediaserver/
echo "+++copying tarball over to NAS"
#rsync -ahv /opt/plex/ /mnt/NAS/backups/plex/ --remove-source-files --progress --stats
rsync -ah /opt/plex/ /mnt/NAS/backups/plex/ --remove-source-files
echo "+++restarting plex media server"
systemctl start plexmediaserver.service
echo "+++server backup complete - now for the files"
#rsync -ahv /plex/ /mnt/NAS/plex/ --progress --size-only --delete --stats
rsync -ah /plex/ /mnt/NAS/plex/ --size-only --delete