I just wanted to share my experiences with the Fanless Mini PC Celeron J1900 Quad-Core . I ordered it from a Chinese retailer for about $150 with 4 GB RAM and 16 GB SSD.
So after a few installs I finally laid out the correct Network Setup ( I am no professional) and it runs extremely smooth with the basic configuration plus a dns_blocker.sh to filter advertisements by DNS-address. After a week I also activated the Intrusion Prevention System and I am extremely happy how it all works. My Nextcloud behind the firewall works perfectly fine with NAT and DynDNS on IPFire.
Only drawback is that the device has no HDMI connection so I had to get a VGA-cable to properly install IPFire first.
I saw a lack of success stories in the hardware section so I thought I share mine.
Thanks for your feedback. I run my Nextcloud on a Raspberry Pi 4 with an external 5 TB Harddisk. Not the most performant solution but a lot of memory for the buck. And sufficient for my homenet.
I use it on my homenet with IPS activated. CPU is on average 98% idle. I would think despite the hardware vulnerabilities IPFire increases the security of the network compared to my router firewall only. Of course this is not a setup for a professional environment.
Sorry to just get back to this Kenny… if you click on System then Hardware Vulnerabilities, does it show any problems with your hardware? Are they all mitigated by IPFire? Michael, if all the issues are mitigated, does that mean the device is secure? Personally, I’m running an old HP desktop I got off eBay for $75 for my router and everything is mitigated (well except for one possible exception I’ll ask about in another thread) so I guess I’m good. I like repurposing old stuff whenever I can. I’m reminded of that old saying “give a boy a hammer and everything becomes a nail”. I think your project is a success Kenny.
Intel has not published any internal details about the attacks and the Linux kernel developers and researchers are trying to reverse-engineer the processors.
This is the best that we have and we know that there might still be some way to exploit the processors. There are probably more vulnerabilities to come and we will have to keep patching reducing the performance of those processors even further.