Oracle, Thorium, Chats, Tor, Steganography, Netiter

1. Wrote a small Load-Generator script for Oracle VPS. Oracle aggressively terminates VPS servers which seem to be on idle. Even if those consume minimal resources, they'll still do it. So, easiest way to make sure that the systems aren't getting shutdown, is to run some kind of insane load generator script on background. This script actively accesses 4 GB of RAM and burns up plenty of CPU cycles by doing unnecessary cryptographic operations. - Win?

2. Yet again wasted two hours more, trying to access the instance on Oracle cloud, it simply doesn't just work, nope, impossible. Cloud services are nice, until those cause insane extended downtime, which would have been trivially avoided by self hosting. Again, always have a good backdoor to all of the systems you're hosting. Because official authentication can be so badly broken. What an amazing waste of time and energy, unfortunately often such things are undervalued greatly. Such platforms give major headache at random times. I remember having similar problems with OVH. Their console was broken around two weeks, you simply couldn't login. It just might sometimes annoy people when cloud services are suddenly down for two weeks. Yet even in this case, well placed scheduled reverse root console shell backdoor into the system, would have helped when official control methods were broken. Maybe that should be standard practice in future. You just start listening on specific IP specific port, and wait for a while, until you'll gain root access. I'll need to post the solution when I figure it out.

3. China gave a permission for Thorium nuclear reactor operations. Interesting to see how this goes. Yet there's nothing new about Thorium reactors in general. Non of those have reached commercial maturity so far.

4. Way way too long discussion about: Group Chat with public link, to knock, and approval process versus application to member / admin + personal invite. - Some people seem to love the first one and claim it's clearly superior process. And I like the second option because it's simpler and makes more sense. With knock process there's always huge mess to figure out who's knocking and why, etc. Well, after way way too long discussion, the end result was that our opinions differ. Both said that their approach is clearly better. So annoying, such a waste of time and resources. I also think the knock process is less secure, than the invite process. - Of course if there are enough resources, why not support all of the options. Lobby, knock and invite. - There could be also poll based join process, do we allow this user to join and then poll about that. - Access control and moderation, endless simple, stupid subjects, which have been solved ages ago. Except people keep creating new social problems and being poor and following processes. - Identity management, security, audit, everything. Yabba yabba, all solved long time ago.

5. Long discussion in one privacy & anonymity group about Tor configuration, pros, cons and so on. It's always important to know your tech and the situation where it's being used and against what threat model. Some configuration good for one, might not be the best configuration for someone else. Yet it's also good to remember, that changing key settings from default values can also make you stand out of the crowd quite easily.

6. Bunch of code crackers tried to crack my steganographic test message. It proved surprisingly hard to crack it, mostly be cause of unknown content and shortness of the message. Even if the message isn't actually even encrypted with a key, it's just encoded and slightly obfuscated, which could be called a key, but actually it isn't. The main purpose of the message is that it would be decipherable to anyone with resources and competence with codes. But not to anyone random noticing it, suspecting it to be a hidden message and trying to decode it. It only uses one very simple trick to throwing off very basic statistical analysis and even the presentation format it uses uses some things which could count as hints how to decode it.

7. Netiter v4 frontend (@ v4-frontend.netiter.com). A nice service which allows making IPv6 only hosted web sites IPv4 accessible and it's currently free.

2024-05-12