PostgreSQL, Home Networking, Social Media, COMSEC

  • PostgreSQL 12. Again, great improvements. I really like Postgres. "REINDEX CONCURRENTLY", very handy when there's need to rebuild indexes on production system.

  • Updated lots of networking stuff in home. New UPS system rated at 2,5kW, with 15 minutes reserve. As well as configured IPv6 routing for a few services via Cloudflare, using independent IPv6 address for CF specific services, using CF issued certificate allowing strict SSL/TLS. Firewalled the service and bound it so, that it's only accessible via Cloudflare and so on. Yet I've written about this earlier. Extra IPv6 address, bind services to it, and then allow via firewall only on specific interface, from CF IPv6 addresses to specific local address only used by the service, and then it's done. As mentioned, I've written scripts which auto-update these firewalls based on CF published address ranges. Generally really happy, everything went really smoothly and took less than an hour to configure. Only thing which didn't go smoothly was adding extra IP addresses via interfaces. On Ubuntu, it just doesn't seem to work. Still need to figure out why. Sometimes it's the most simplest things, which never work and create the most annoyance because those should be absolutely trivial. Sigh! Rearranged everything in rack. It's good to test that alerts work, I got almost flooded by monitoring system alerts (a few separate systems) when system went down temporarily for reconfiguration. Alerts work, check. Tried several methods adding IP address. It's trivial, but always broken after boot. Added script to add addresses later and restart services. I know how moronic this is, but no can do, because the system is inherently so badly broken. I did read documentation and try at least four different all "approved answers" to add addresses, which all are disinformation and do not work. So typical. This is just great, adding IP address took several times more time, than setting up Nginx, SSL certs (including stapling and CA and Origin certificates), Cloudflare, reverse-proxy for python scripts and configuring IPv6 tunneling and firewalls. Adding one freaking static IPv6 address was the most complicated thing. All the instructions about interfaces were bad and none of those worked. Took over 100 reboots, didn't work. Then did the only obvious thing and moved required configuration scripts to rc.local and boom. It's done.

  • Internet and social media being blocked in Turkey due to military action. Well, that's obvious. That's why your communication security protocols should cover situations where you're lacking things which obviously will be missing in case of emergency. Like power and Internet, mobile / land lines, etc. How about using aggregates and HF radios? Depending how serious the situation is and who's in power etc even satellite communications can be shutdown. In that case, mobile HF radio is your best bet. And if required you can just send short data bursts and move out of harms way if they think your transmission is unauthorized. And if the situation is really bad, then remotely operate the radio, in that case you can expect that you'll lose the equipment. In case if kinetic response. But it's still better to lose the equipment than your life. Some say you'll need permission to operate such equipment. Sure, in normal conditions. But in special condition nobody cares, it doesn't matter if you're certified HAM operator or not. You'll just need to get the messages moving and know the basics. Using directional wire antennas which you can just discard when moving out quickly etc. Just based on visible antennas alone, as example many embassies got HF radios. Basic 100W HF radio with digital modes like JT8 should give you a more than a reasonable range with relatively small antenna. D-STAR and also allows data transmission. Or you can moon bounce it, no that wasn't a joke, yet it's not practical. I've also written about code books several times and Q codes and Ten-codes are great examples. Also CW QRP radios are just very classic spy stuff. Also delta loop and inverted v / l antennas are something you can setup quite easily in middle of nowhere just utilizing existing structures like trees. I've also got a few short / medium / wave receivers, with external antenna connectors, which can be used to pick up ti transmissions from far far a way or from local "universal radios" AM like mentioned earlier. In case of power outage those frequencies come quite free from all the noise that is generated by all the electric equipment around. Many of the devices sold are fixed to HAM bands by firmware. But if and when required you can replace the firmware to remove those restrictions.

2020-10-11