Tasmota, Outlook, Static hosting, Privacy, PostgREST, IDmelon

1. Some tuning with Tuya Smart Living devices. No I didn't like the original Chinese cloud service. I replaced it with Tasmota using Tuya-Convert, now I can use my own platform and home-assistant to deal with things as I please.

2. Outlook.com email censorship is unbearable, they're blackholing (filtering out & emails disappearing without a trace) lots of messages. Personally I think this is totally unacceptable. I'm seriously again considering running my own email server, because the cloud providers stink so badly.

3. Just for fun studied how to create static pages using GitHub, GitLab, Bitbucket, Netlify, Hostman and Vercel. All worked great. Vercel also provides serverless functions with Python, which might be for some cases very interesting option. Vercel's CDN was also bit faster than Netlify's. But honestly these are all great options if you measure the bang for buck ratio.

4. Ahh, slight masochism but it worked out of the box after reading documentation. How to use weechat-matrix with OLM encryption in docker container. Works, doable, and now I can directly ssh to my weechat-matrix instance using SSH from trusted systems. The docker host is also inside trusted network perimeter, so it's ssh over ssh forwarding with key authentication. Works. First tunnel in to the hop point and then the trusted system is reverse connected to that jump server and when connecting to hop point you can forward local port to that and then SSH to local port using specific key and boom, matrix is up'n'running. Systems interconnected with wireguard and so on. Secure and bonkers, yes it is. Well, now it's done. kw: hsm, fido2, docker, ubuntu, ed25519-sk, weechat, matrix, olm, wireguard, vpn, tunneling

5. This is the first time I think that I'm seeing an attacker using a large number of sequential IP addresses in attack: "Null routing: 194.61.54.0/23". Now all that traffic is gone. Automation restores that routing after N time units and if attack continues, it'll gets dropped again.

6. EFF released s new updated - Cover Your Tracks (@ coveryourtracks.eff.org) which extended the good old panopticlick. Excellent tool for detecting how badly basic system configurations leak information. Using VPN won't help, if your browser and other applications leaks information like crazy. kw: privacy, internet

7. Read article about "WeChat Mini Program Circular QR codes". Err, wait, what? QR codes aren't circular, so the article is officially BS article. Sure there's some nice esthetics to make the code immediately stand out and look different, yeah. But then it's just 2 dimensional code, it's not a QR code anymore. As example: [ PDF417, DataMatrix, Aztec Code, MaxiCode ] aren't QR codes but 2D codes. Just like people think that bar codes are always EAN or UPC codes, wrong!

8. Tested a few new tools, winfr, winget, Windows Terminal. With the winfr the options for signatures which can be used for recovery is very very limited compared to many other tools.

9. Studied PostgREST API (@ GitHub) , it's RESTful API for Postgres / PostgreSQL database(s). Nice work. Might use it in future, if and when required. Actually it's really awesome when I continued to read the documentation, review the benchmarks and list of other projects using it.

10. I've done a few crude SQL - JSON / RESTful bridges, but those were more like, it works, minimal authorization, validation and checks. Just quick'n'dirty convert data between JSON and SQL and push it to SQL server and wise versa. Map returned data (rows) to JSON and send it back. If required minimal transactionality with global progress guarantee was provided by sending additional row content hash with response and running the update in way that it runs in transaction and check that the hash still matches before doing the actual update. Yet those were made "because functionality was required" asap, just get it done, so that it works, is reliable, is as versatile and powerful as possible. Which probably also means that it's total bomb in case the authentication / access control is circumvented in some way. Instead of trying to make anything even slightly sophisticated. Now it's done, and it works reliably.

11. I tested IDmelon (@ idmelon.com) Bluetooth FIDO2 device, with Windows it worked perfectly. With Linux there were some issues I felt serious. Full post when I've discussed with them about the solution and problems in detail.

12. Cloudflare's ASICs at the Edge (@ blog.cloudflare.com) blog post, very nice reading indeed. kw: ASIC, FPGA, HDL, TCAM, BGP.

2022-02-06