flatbield

Drainage is often done incorrectly in new construction too. Very common to have all the water drop beside the front door and create a pond. Very common to have beds around the house that create little swimming pools. If nothing else the ground will sink around the foundation and have to be filled quite soon.

I am a FOSS guy so I’d just configure Debian or Ubuntu to do most of the server, media center, desktop, and laptop stuff. Smart Phones Google Pixel 8a or another a series flashed with GrapheneOS. For network I would look at PfSense, OPNSense, OpenWrt, or DD-WRT devices. I have DD-WRT devices but have they do not get updates sadly, but there are some vendors that base their devices on DD-WRT. Not sure which ones. ASUS? Buffalo? Is there a list somewhere?

The other direction is to go more commercial which is probably what you want. Lot of people like Synology products. In particular they have nice NAS products (which actually can run other services too) which should be fine if you just run them on the LAN. If you want to connect while traveling, setup some sort of VPN. Do not expose any of this stuff to the WAN. For network devices I would consider Netgate, I think they have some PfSense firewalls. Some people seem to like Ubiquiti stuff.

I personally have generally favored Netgear but as I said, I mostly have just re-flashed with DD-WRT but am thinking of doing something different at least with regard to my boundary router. It has gotten so we all need to have our network devices rapidly updated, especially exposed ones like the boundary router.

Consider low maintenance materials. Simple roof line, with good landscape drainage away from the house. Metal, ideally stainless steel roof. Triple pane metal clad or fiberglass windows choose by the sun exposure in terms of coatings. Heavily insulated. ERV ventilation. Consider commercial grade doors, and hurricane approved windows, etc. Consider unpainted stucco or another low maintenance exterior. Ground loop heat pumps for heating. Enough electrical capacity for all electric house including eV charging, but with backup power source. Design for no maintenance in the first 50 or 100 years. You might consider a safe room.

Edit: Might consider hidden and/or locked storage too, a locked filing cabinet at least, or a safe.

Edit: You might also consider a security, home automation, and house monitoring system but choose carefully. One that you control, not some cloud service.

Consider network boxes and structure of net. At a minimum segregate things on different network segments. Guest, IOT, Your Stuff, Wired, Wifi, etc. Your boundary router and everything inside it should be yours and get automatic updates. Ideally two network providers, one fiber, one wireless. Encrypt everything on the net.

Avoid wifi and bluetooth if you can, but probably you do not want to. If you use them, secure them the best you can. Strong keys, SSIDs that tell nothing, etc. You can set your wifi APs to ignore clients outside of a certain range at least. Also hardwire the APs. Airgap things that really matter. For example Airgap at least some of your backup archives, and take some offsite too. A nice way to do that is host mountable SATA draws on your backup server with high capacity real spinning magnetic disks (no SSD or Flash stuff).

On systems that matter at least use volume mirroring, or some level of Raid, and do have an UPS. Maybe consider a whole house UPS if your loaded with money. Your network boxes should be on have UPS support too, and at least one of your network providers (starlink, other sat provider, maybe cell or wimax, old style DSL, etc).

Actual network connectivity, consider how your going to do that. You could route all network traffic though a VPN or Tor, but you may not want to do that. Big downsides too. One could choose to route certain subnets that way though.

Actively keep everything patched, monitored updated. Remember, less is more. Minimize what needs to be patched, monitored, and updated. Put firewalls on everything and minimize the software and services and attack surface. Treat every device on your net as mostly untrusted.

Consider shielded Ethernet cabling. Would be nice to also put in conduit for everything both electric, Ethernet, everything.

Yes. More people need to realize that Apple is less transparent but not necessiarily that user oriented in areas such as privacy and security.

Frankly, just build a new full up Linux workstation in a media center case. You want to be able to run a browser and a media center app, and use it as your home server for things like nextcloud, etc. Been doing it this way for 20 years.

Edit: For remote control a wireless key board is great. KDE Connect works well now too.

An instance is not even required to access our posts and some user information. Most pages are just public.

Thanks. You can get it by Obtainium too.

Regarding de-googling. Keep in mind it does not have to be all or nothing. At least on Graphene you can just install Google Play and Google Play Services in either the Private Space or in one of the other Profiles (that is one of the other User or Work Profiles). When you close those down that space Google Play and the remaining apps you cannot de-google are locked up. For me, I installed Google Play into my Private Space along with the few apps that I actually needed which was really only Lyft, and Uber. Other apps that I found needed Play and Play Services included GoodRx, Google Maps, PlutoTV, and TubiTV. and Home (for Chomecast) plus any app you want to Chromecast but there are other alternatives for these.

My banking app would just not run on my new phone even with Play installed and so I just left it on my old phone even though it no longer has cell. Primarily I need the banking app to deposit checks. Everything else can be done via the web. Google Wallet at least for payments probably does not run either so I plan on playing with Venmo at some point. That should work though I do not know if it needs Play or not.

Some of this is changing patterns too. A good way to de-google is to use the web more and/or use PWAs (Progressive Web Apps) if they are offered. Native Alpha is also an interesting tool to get a PWA like experience for sites that don’t have PWAs. Some sites heavily promote their Apps to the point that they do not work well without using the Desktop site explicitly. User-Agent Switcher plugin in Firefox can set this by site. Other useful Firefox plugins may include uBlock Origin, NoScript, and Cookie AutoDelete which allow a lot of per site configuration.

Another useful strategy for de-googling is to avoid the Play store where you can and focus on your ROMs App Store (Graphene for example), F-Droid, Accrescent, and Obtainium sources. Then fetch the rest (mostly a few remaining commercial apps) via the Aurora Store with anonymous login.

Edit: Another problematic app is the UPS app. Never got that to work even with Google Play. One can just use the website for this though.

As for other devices than the Google Pixels, it is pretty bleak since the end of DivestOS a month ago now. One basically has to decide the ROM you want to run, then see what it supports. None of the other ROMs will be as locked down as GrapheneOS and maybe not as compatible. Other ROMs to look at include CalyxOS, /e/, IodeOS, LineageOS, and crDroid. I have no personal experience with these others and not all of them have a privacy focus, but the ones I listed seem to be fairly popular. You might find this comparison of ROMs helpful: https://eylenburg.github.io/android_comparison.htm .

Hardware. I find the Fairphone interesting. Maybe some of the Moto’s since they are so common and inexpensive. One has to decide to what extent you want a Chinese phone considering the current geo-politics and your personal situation. I personally just upgraded to a new Pixel 8a and GrapheneOS myself. You can find my previous post https://beehaw.org/post/17618967 . Feel free to ask me anything.

Google Pixel 8a is probably the best and most cost effective at the moment and flash GrapheneOS. Typicically a recent “a” series phone is a good choice. Google now supports them for 7 years from release. Divide price by remaining support to get annual cost estimate.

The site alternativeto.net can help learn more about a piece of software and the alternatives. I have not tried but can you download an extension and run it through VirusTotal? I use that for software all the time.

Like others said, less is more. Also use uBlock Origin to the fullest. It does most of what you need usually. Though it is a pain, I have also started using Noscript again too.