Blog‎ > ‎

I2P, Tor, ScreenOS, Tablets, DB, lenc, Blockchain, Duplicati, Backups

posted Jan 23, 2016, 9:12 PM by Sami Lehtinen   [ updated Jan 23, 2016, 9:12 PM ]
  • Had very long discussion with a group about routing traffic over I2P and or Tor when required. As well as what kind of requirements using I2P or Tor sets for the application utilizing that anonymization layer. Running apps which aren't designed for anonymity over anonymizing layer is usually a very bad idea, because many protocols leak more or less information.
  • Helped a friend to setup a dedicated server in central Europe for one of his projects. Actually it was quite a swift thing. Order, quick delivery, and all the standard configuration stuff took less than 4 hours. That's the way to do it. With some service providers it takes 4 weeks to get an offer about a server. Lulz. I'm still eagerly waiting Hetzner's Finland DC. Some customers require server in Finland.
  • This Juniper ScreenOS backdoor doesn't surprise me at all. I've earlier written that it's really strange that WatchGuard requires detailed information about the 'target' where their firewalls are being used. Isn't it awesome. I want a list where firewalls are protecting nuclear facilities, I want a list of firewalls used in chemical weapons production or other military manufacturing, development, planning and testing. That's a dream or a nightmare, depending who we are asking and if they have access to that database and if they are 'our' allies. I was immediately alarmed when I did see that questionnaire first time. International high tech & military espionage, business as usual (?), yeah, I guess it is. It can be for sure even more profitable than selling the products alone? Maybe they'll be giving free devices for strategic targets in future? (Note, those entries aren't directly from WatchGuard list, but it did list especially important environments. I could check the exact list one day, if I just would care enough).
  • Checked out few rugged heavy duty tablets which can be used for business use in stores and warehouses. In many cases rugged models are so much heavier and more expensive, that it's just better to use consumer models and have a few extra ones immediately available if the device in use breaks down.
  • Now one project supports directly three different storage engines. You can use MongoDB, PostgreSQL and SQLite3 with it. It's just up to you which option you prefer in your environment. For testing and development SQLite3 is just awesome. For serious production other alternatives options are naturally better.
  • More discussion about on-line anonymity and how incredibly it is. There are just so many ways which can get you busted, even if the tool used for anonymization itself would be airtight. Some people (not me), seem to be very worried about bitcoin and online trade anonymity and security. As well as think differently what kind of measures should be used to form totally anonymous and untrackable but yet reputable identity. We know that this ID XXX can be trusted, but we don't know who's the person or group behind that identity. As well as can be trusted to what degree is awesome question.
  • OVH sponsors Let's Encrypt. This is something which every service provider should provide as default nowadays. Free by default on SSL for everyone. I see very little reason to disable that. But many service providers make it pretty expensive now if you want to use SSL, which isn't of course optimal. This is also the reason why there are tons of sites without SSL which really should use SSL.
  • I'm at times baffled by all this Blockchain talk. Blockchain isn't anything new, it has been official documented in 1981 by FIPS. With all this hype, there are also people who clearly misunderstand it. Technically it's very simple and nothing special at all. I personally find Merkle Tree more interesting than Blockchain, even if it's almost the same thing. Even old projects like Freenet use Merkle Tree as inodes to store data in blocks, etc. All very basic computer science stuff.
  • Duplicati - I'm still annoyed, why it has been designed so badly. There are only two bad options. 1. Command-Line version offers absolutely horrible experience for most of admins, which do not understand it's complexity at all. 2. GUI version doesn't notify at all when it's ready. It just needs to be killed using timer. Both options really suck. 3. I'll make my own code which accesses Duplicati database directly to figure out when it's done and then kills the process. Yeah, really moronic approach, but works. I hate this stuff. - After all I got so annoyed I wrote my own code which check the Duplicati database for running tasks and when it's completed tasks I've given, kills the process. How about just allowing --exit-when-done or something? No? Ok, then let's do it my way. - Let's just hope that the Duplicati 2.0 get's production ready. It's block store is also much improved, yet not generational, like I've posted earlier. I also don't like it's using the .NET but doesn't really matter, if I need it, then I'll use it.
  • First set database in backup mode, read last log id, then launch Duplicati, then check if the Duplicati has finished (from it's database task queue) when finished, unset the database backup mode, kill the Duplicati process and then dump new Duplicati log from it's database to the backup system log. - Works, Awesome. It took about two hours to get this done. But I just wish it wouldn't be this complex. But I got it done anyway.
Example Backup process log with very small test database.
Libs used: os, sys, sqlite3, traceback, configparser, logging, subprocess, ctypes, time
Example from actual logging, a few parts are redacted.

2015-12-23 08:53:41,734: *** Process started ***
2015-12-23 08:53:41,734: Reading configuration from config.ini
2015-12-23 08:53:41,750: Decrypting the database, if required
2015-12-23 08:53:56,766: Initiating database backup mode
2015-12-23 08:54:01,860: Success database backup mode active
2015-12-23 08:54:01,860: Getting last log id from DB
2015-12-23 08:54:01,860: Launching Duplicati
2015-12-23 08:54:01,860: Waiting for a while
2015-12-23 08:54:16,862: Starting Duplicati status checks
2015-12-23 08:54:33,825: Checking Duplicati status
2015-12-23 08:55:01,862: Duplicati Backup process finished
2015-12-23 08:55:01,862: Shutting down Duplicati
2015-12-23 08:55:01,862: Terminating database backup mode
2015-12-23 08:55:01,878: Duplicati log entries:
BackupType      : Incremental
[rest of log redacted]
2015-12-23 08:55:01,894: Everything done, Clean exit

Added notes: Actually from those time stamps you can see how much my blog is lagging with huge backlog. Well well. I'll try to catch up and post 1-2 posts / week.