Let me make sure I understand everything correctly. You have an OpenWRT router which terminates a Wireguard tunnel, which your phone will connect to from somewhere on the Internet. When the Wireguard tunnel lands within the router in the new subnet 192.168.2 0/24, you have iptable rules that will:

• Reject all packets on the INPUT chain (from subnet to OpenWRT)
• Reject all packets on the OUTPUT chain (from OpenWRT to subnet)
• Route packets from phone to service on TCP port 8080, on the FORWARD chain
• Allow established connections, on the FORWARD chain
• Reject all other packets on the FORWARD chain

So far, this seems alright. But where does the service run? Is it on your LAN subnet or the isolated 192.168.2.0/24 subnet? The diagram you included suggests that the service runs on an existing machine on your LAN, so that would imply that the router must also do address translation from the isolated subnet to your LAN subnet.

That’s doable, but ideally the service would be homed onto the isolated subnet. But perhaps I misunderstood part of the configuration.

It took me a few reads to internalize everything that you wrote, and it’s food-for-thought for when I level-up to adding another machine to my garage. It does seem that I can wait on the jointer for a long while, and on the thickness planer until my projects start using wider boards or I get really tired of hand planing those.

Good to know that the combo planer/jointer is not exactly optimal, and I’ll have to keep an eye out for either separate machine that happens to be for sale on the used market.

I have no other tool that could take a quarter inch off the thickness of a 10 inch wide board; the only tool I have that is appropriate for this task is my thickness planer.

As it happens, this was precisely what I also had to do for an earlier project, and I ended up using my router table to do it. It was an awful slog of a time, and I hope to never repeat that ever again. Throughout the ordeal, I kept thinking about how a CNC mill would have made quick work of it, but I suspect a used thickness planer is going to be a lot more affordable for me

If a normal bench plane is a chisel wearing a pair of steel toed boots, a shoulder plane is a chisel wearing strappy wedge heeled sandals.

This made me laugh, but was also effective at explaining the difference, as did some more image results that specifically show the iron of each plane.

At last, my collection of 3M Super 77 comes in handy!

Yes, most of what I typically have on hand is dimensional lumber. So it’s already mostly alright, but the surfaces might not all be square and I need to figure out ways to keep those errors from propagating.

Oh, I see. So a shoulder plane’s blade actually has exposure on three sides, and can cut the bottom and the sides simultaneously?

Ah! That makes much more sense

I figured that a shoulder plane and shooting board would be two disparate tools, but for my own knowledge, I haven’t figured out why exactly a shoulder plane with a shooting board doesn’t work. Is it because a shoulder plane tends to be short?

Thanks for this additional detail! I’m currently leaning on going with the shoulder plane, with intention to add a machine planer in future for dealing with larger material all at once. Would that be a sound plan?

Thank you for the detailed clarification!

In review, it sounds like a shoulder plane would prove its worth for very small, fiddly work that a general-purpose plane couldn’t reach, but it would be slower for flattening the poor stock that I often use. Would this mean a shoulder plane plus a machine planer be a reasonable combination, with the latter introduced later to enable larger-scale flattening?

The body of the plane is square to the sole, making 90° easily achievable by riding the side of the plane on an adjacent 90° surface

This might be the feature which sways my decision, since I think it means I can devise a simple jig for any size of stock by clamping to a known flat surface (or even just a surface that’s more flat than the stock) and guide the shoulder plane that way, to prepare for joining. I didn’t mention in my original post, but I also occasionally do “coarse metalworking” where all the stock I use is already nice and straight and flat, which would make good guiding surfaces for a shoulder plane (on wood lol).

Hmm, I think a nearby recycled building materials store might have exactly this. Do I understand correctly that this offcut would only be used as a smooth, abrasive surface?

That plane is gorgeous. To be clear, you would recommend this plane not just for my described use-cases but for all sorts of things, if I could only buy just one plane at this time?

Firstly, thank you for such a detailed reply!

This far, my woodworking would not be described as “fine woodworking” but rather as “coarse woodworking” haha. That is, I’m mostly putting together functional pieces where it’s permissible to be ugly-as-sin but should be structurally sound. Hence why I initially only considered fixing up the joints, to make wavy bits of wood come together.

You’ll need to get or make some winding sticks, a decent try square, and a straight edge, and you can straighten a board of any size, given enough cardio. Or, do like I did and buy a jointer and a planer.

But I take your point that a jointer and planer (is there such a thing as a combo?) would be fixing the root issue, with additional benefits. Certainly, if I could get my positional precision tighter than 1/8-inch deviation from my plans, I’d be thrilled. I may later circle back for these tools, after trying hand planing for a few pieces.

So, as long as your miter saw’s fence is straight, if you cut one board on one side of the blade, and the other on the other, those angles should be complementary/supplementary. Say your miter saw is swung to 44 degrees rather than 45. Well the other side should be 136, or if you invert the board, 46 degrees.

This part makes sense, and there’s much that I should adjust on my miter saw. Let me expand on exactly what I was trying to do last time that necessitated some geometric creativity. Basically, I wanted a cut where the miter saw would be turned 70 degrees, then another cut at the complementary 20 degree. My saw can only swing left or right by about ~60 degrees. So that’s why I set the saw for 20 degrees to the right, fed the piece from the left side. Then for the 70 degree cut, fed the piece from the front into the saw, such that I get the complementary angle of 70 even though the saw is still set at 20.

For reference, this is how pointy the 70 deg was to look. The 20 deg cut is not pictured.

A shooting board is a simple jig used to guide a plane precisely past the work, quite often holding teh stock at a 90 or 45 degree angle to the plane such that the plane cuts the end of the work to the desired angle.

TIL a shooting board. It also answers the question of how I’d keep a hand plane steady if the end grain might be quite small. And I could use my new hand plane to help construct a shooting board.

I suspect I now have projects for all remaining weekends of this month lol! Thank you again!

+1 because this is a much more concise description of free vs open source, the exact obligations of the (A)GPL license, and of use vs distribution, than what I’ve written in the past vis-a-vis proposals of non-free licenses like SSPL and Futo.

This doesn’t answer OP’s question, but is more of a PSA for anyone that seeks to self-host the backend of an E2EE messaging app: only proceed if you’re willing and able to upkeep your end of the bargain to your users. In the case of Signal, the server cannot decrypt messages when they’re relayed. But this doesn’t mean we can totally ignore where the server is physically located, nor how users connect to it.

As Soatok rightly wrote, the legal jurisdiction of the Signal servers is almost entirely irrelevant when the security model is premised on cryptographic keys that only the end devices have. But also:

They [attackers] can surely learn metadata (message length, if padding isn’t used; time of transmission; sender/recipients). Metadata resistance isn’t a goal of any of the mainstream private messaging solutions, and generally builds atop the Tor network. This is why a threat model is important to the previous section.

So if you’re going to be self-hosting from a country where superinjunctions exist or the right against unreasonable searches is being eroded, consider that well before an agent with a wiretap warrant demands that you attach a logger for “suspicious” IP addresses.

If you do host your Signal server and it’s only accessible through Tor, this is certainly an improvement. But still, you must adequately inform your users about what they’re getting into, because even Tor is not fully resistant to deanonymization, and then by the very nature of using a non-standard Signal server, your users would be under immediate suspicion and subject to IRL side-channel attacks.

I don’t disagree with the idea of wanting to self-host something which is presently centralized. But also recognize that the network effect with Signal is the same as with Tor: more people using it for mundane, everyday purposes provides “herd immunity” to the most vulnerable users. Best place to hide a tree is in a forest, after all.

If you do proceed, don’t oversell what you cannot provide, and make sure your users are fully abreast of this arrangement and they fully consent. This is not targeted at OP, but anyone that hasn’t considered the things above needs to pause before proceeding.

I mean, at the USA average price of electricity of $0.13 per kWh, then for a halving of 70 Watts, it’s about 11 cents per day, or $40 per year. But at the California average price of $0.35, then the savings is 29 cents per day, or $107 per year.

That’s not small money, especially if it’s free to make these gains by ripping out unneeded functionality. But the point is taken that it’ll be hard to find savings from older hardware, which simply didn’t prioritize energy efficiency.

A Nintendo Wii would also work, as exemplified by this blog running on a NetBSD Wii.

But in all seriousness, the original comment has a point: using a mobile phone as a server is possible but also wastes a lot of the included hardware, like the cellular baseband, the touchscreen, and the voice and Bluetooth capabilities. Selling the phones and using the proceeds to purchase a used NUC or an SFF PC would give you more avenues to expand, in addition to just being plain easier to set up, since it would have USB ports, to name a few luxuries.

From my limited experience with PoE switches, how much power being drawn in relation to how much the switch can supply has a notable impact on efficiency. Specifically, when only one or two ports on a 48-port switch are delivering PoE, the increased AC power drawn from the wall is disproportionately high. Hence, any setup where you’re using more of the PoE switch’s potential power tends to increase overall efficiency.

My guess is that it has to do with efficiency curves that are only reasonable when heavily loaded for enterprise customers. In any case, if either of those two candidate switches meet your needs today and with some breathing room, both should be fine. I would tend to lean towards Netgear before TP-Link though, out of personal preference.

This seems like a management/organizational issue, and so that means it needs to be handled by your manager, who would then figure out how to approach their counterparts on the other team. You would provide as detailed of info as you can to your manager, and leave it with them to best deal with that matter. If your manager needs concrete examples of how company time/effort is being wasted by the other team’s shenanigans, help them help you.

If you’re in engineering, your focus is to build stuff and make it work. And your manager’s focus is to maintain the prerequisites for you to do your job. This does necessarily mean that in the interim, while management works on a resolution, you may still be asked to fix some of their mess. And you should do so, in a professional manner, to the best degree that you can stomach. Obv, if management drags the issue out, then you’ll have to weigh your options, since it would demonstrate a management chain that isn’t doing their own job properly. And that’s no environment conducive to success on your part.

Setting aside the cryptographic merits (and concerns) of designing your own encryption, can you explain how a URL redirector requiring a key would provide plausible deniability?

The very fact that a key is required – and that there’s an option for adding decoy targets – means that any adversary could guess with reasonable certainty that the sender or recipient of such an obfuscated link does in-fact have something to hide.

And this isn’t something like with encrypted messaging apps where the payload needs to be saved offline and brute-forced later. Rather, an adversary would simply start sniffing the recipient’s network immediately after seeing the obfuscated link pass by in plain text. What their traffic logs would show is the subsequent connection to the real link, and even if that’s something protected with HTTPS – perhaps https://ddosecrets.com/ – then the game is up because the adversary can correctly deduce the destination from only the IP address, without breaking TLS/SSL.

This is almost akin to why encrypted email doesn’t substantially protect the sender: all it takes is someone to do a non-encryted reply-all and the entire email thread is sent in plain text. Use PGP or GPG to encrypt attachments to email if you must, or just use Signal which Just Works ™ for messaging. We need not reinvent the wheel when it’s already been built. But for learning, that’s fine. Just don’t use it in production or ask others to trust it.