WEB AND SOFTWARE DEVELOPER
SERVER SETUP - DEVELOPMENT
CRYPTOGRAPHY - TESTING
SECURITY - ONLINE PRIVACY
DIGITAL RIGHTS

Fascism is back – Everyone should be Worried


The recent rise in facism is a scary thing in the world. It is not only a UK problem; it is a worldwide problem. As I live in the UK I have seen how it has infiltrated the population through Mainstream Media. The Right Wing Press is the main cause for the return of Fascism in the UK. People who know me will know I have been stating for the past 12+ years that the Right Wing Press is the biggest threat to the Country, this has been proven true: Authoritarian Government, Brexit, £2.1trillion National Debt (Jan 2020) before COVID existed, extreme Cronyism, continual sell-off of public services which were making the Country billions (Tory continuation of the 80’s – in 1986 Thatcher privitised the Energy Companies), most COVID deaths per capita of any Country in the western world (currently at 139,000). Before I go into some great videos by Intellectuals on this I thought I would post what the word Fascism means:

Dictionary.com

More broadly, fascism is used to refer to any ideology or movement seen as authoritarian, nationalistic, and extremely right wing, especially when fundamentally opposed to democracy and liberalism.

Wikipedia.org

Fascism is a form of far-right, authoritarian ultranationalism characterized by dictatorial power, forcible suppression of opposition, and strong regimentation of society and of the economy.

You have an extreme right wing nationalist government propped up by a mainstream media system that only promotes what the Tories want them to promote, which includes speaking out against peaceful protests – while ignoring alt-right protest with violence and vandalism (BBC, ITV). Alongside an extreme alt-right press which is attempting to suppress any view against the authoritarian system. When you get more factual news from outside of the Country (posting facts against the UK Government) you begin to realise that the UK population is now under complete authoritarian control. The UK has fallen into this system mainly because of Brexit — the £200,000,000,000 fraud that’s left shelves empty – the logistic crisis will cause more businesses go bankrupt — something remainers were saying before the vote. The Tories under Thresa May played to the far right in order to stay in power using votes from parties such as UKIP and the Brexit Party (3 elections resulted in a hung Parliament). This is going to be a massive problem when they are removed from power, as seen in the US insurrection when Trump lost. The Press in the Country are purposely creating a divide – wait and see what happens as soon as the Tories go out of power: the Press will be telling the alt-right extremists to fight on the streets. This is exactly what Hitler did in Germany, he created a divide and told people with opposing views to fight in the streets, the middle classes ended up siding with him.

You have extreme alt right people supporting Boris Johnson and taking to the streets to support hatred and violence against any opposition – which has been spurred on by the disgusting press in the Country for the past 20 years. When Jo Cox (Labour MP) was murdered no-one was talking about the big problem the Country has with alt-right terrorism and the press outlets supporting it, she was murdered by an alt-right Brexit supporting extremist. The second a Tory MP was murdered by an ISIS extremist, guess who the right wing press instantly blamed? The supposed ‘alt-left’, the alt-left is non-existent and is a word used by people like farage (in the UK and the US) to create a sense of contradiction to what his supporters are doing, they use the opposites (what they are doing, not what the opposition are) to brainwash people into thinking the opposite of reality, we’ve seen this form of propaganda used worldwide to support fascism. Liberals are anti-war, pro-democracy (we don’t actually have democracy in the UK when it’s being controlled by fascists and Billionaires in Press) and pro fact. Now you have the right wing press using this opportunity to try to ban social media; which basically reads as fascism over intellectualism. Also you had Tory shills working for the Daily Mail posting articles making out that no-one is allowed to speak out against the Tories, but they must hate Labour – the same shill posted an article in the Daily Mail promoting the killing of the leader of the opposition (with a photo of Jeremy Corbyn in a casket) two weeks after Jo Cox was murdered. People would be outraged if they saw articles like this from other Countries. Fascism seems to have became the norm.

I have linked a number of interesting videos below, the main one which made me create this post was posted today showing factual videoed evidence of what is actually going on in this Country right now.

Related Link:
 1 - Politicians and Newspapers Whip Up Hatred, Then Demand Civility
 2 - Fascism is Back, We Need to Take it Seriously
 3 - Is Britain Sliding Into Fascism?

Debian 11 – Apache – PHP7


As I did some testing last week with Nginx and PHP I thought I would test out a new server setup using Apache2 instead. I was quite surprised by the results, but had to create way more configs for domains and modrewrite etc. These tests are using the exact same blog sites (same Databases) as I used for the Nginx testing.

VPS Setup:
1x Intel Core 3Ghz (of multi-core processor)
1024mb RAM
120GB SSD

OS:
Debian 11 - Release 16-08-21

Services:
Web Server: Apache 2.4.48
Hypertext Preprocessor: PHP 7.4.21
MySQL Database: MariaDB 10.5.11
HTTPS Encryption: TLS 1.3 RSA 2048
Firewall: Nftables (200kb Live Server Ruleset)

Server Boot

Server Total Usage:
156mb

Process Memory Usages:
apache2: www 1.0mb
apache2: master 0.7mb
apache2: www 0.6mb
php-fpm: master process 2.1mb
php-fpm: pool www 0.7mb
php-fpm: pool www 0.7mb
MariaDB 10.5mb

After loading blog site – receiving data from MariaDB

Server Total Usage:
179mb

Process Memory Usages:
apache2: www 1.4mb
apache2: master 0.7mb
apache2: www 1.0mb
php-fpm: master process 2.1mb
php-fpm: pool www 4.8mb
php-fpm: pool www 2.8mb
MariaDB 10.9mb

Loading multiple sites at same time, loading from 3 databases

Server Total Usage:
188mb

Process Memory Usages:
apache2: www 1.6mb
apache2: master 0.7mb
apache2: www 1.3mb
php-fpm: master process 2.1mb
php-fpm: pool www 5.6mb
php-fpm: pool www 5.2mb
MariaDB 11.1mb

Page Load Times:
General blog page load times direct from php, page loads 10 blog entries. This is not using a reverse-proxy or a cache which I would advise for Live servers, not only for Speed but also for Security.

100ms Page Load - General Blog Site

I am quite surprised by the results. Apache2 obviously uses more memory, and there is way more server side config set-up for php than Nginx. The memory usages for the server services are quite different though. I would definatelly use a reverse-proxy cache for better page load times. Nginx over-all is better imo for setup and Server Memory Usage.

Debian 11 PHP Testing


As Debian 11 came out officially on Monday, I thought I would do some testing for servers with it. I started with PHP, as I know a lot of people use it for blog sites etc. If you are using a VPS for PHP I would recommend Nginx over every other Web Server for speed. Just look how low the mem usages are below. I will be testing other Web Servers in future posts, hopefully testing email servers too.

VPS Setup:
1x Intel Core 3Ghz (of multi-core processor)
1024mb RAM
120GB SSD

OS:
Debian 11 - Release 16-08-21

Services:
Web Server: Nginx 1.20.1
Hypertext Preprocessor: PHP 7.4.21
MySQL Database: MariaDB 10.5.11
HTTPS Encryption: TLS 1.3 RSA 2048
Firewall: Nftables (200kb Live Server Ruleset)

Server Boot

Server Total Usage:
145mb

Process Memory Usages:
php-fpm: master process 2.1mb
php-fpm: pool www 0.7mb
php-fpm: pool www 0.7mb
MariaDB 9.7mb
nginx: worker process 0.3mb
nginx: master process 0.1mb

Loading blog site – receiving data from MariaDB

Server Total Usage:
154mb

Process Memory Usages:
php-fpm: master process 2.1mb
php-fpm: pool www 3.1mb
php-fpm: pool www 0.7mb
MariaDB 9.9mb
nginx: worker process 0.6mb
nginx: master process 0.1mb

Loading multiple sites at same time. Loading Data from Three Databases

Server Total Usage:
166mb

Process Memory Usages:
php-fpm: master process 2.1mb
php-fpm: pool www 5.5mb
php-fpm: pool www 5.4mb
MariaDB 10.5mb
nginx: worker process 0.6mb
nginx: master process 0.1mb

Page Load Times:

General blog page load times direct from php, page loads 10 blog entries. This is not using a reverse-proxy – or a cache which I would advise for Live servers, not only for Speed but also for Security.

74ms Page Load - General Blog Site

I have gone more in depth with this review than previous ones. I hope this information will be useful to other sysadmins who are looking to upgrade – or even change server services. I am really impressed with Nginx – it uses next to no memory for servers. With a reverse-proxy cache you will get considerably faster page load times.

Psychology – Ruby Wax Books!


I have had a recent interest in researching Psychology (well, for the past year or so). Julia Hardy pointed me to these books as a starting point. The Ruby Wax series of books on Psychology are well worth a read (and yes she is a trained Psychologist). I think the latest book she has wrote is the best (How to be Human), but the whole series of books go in order, so if you are looking to read them I would advise reading them in order.

Related Links:
 1 - Sane New World: Taming the Mind - Ruby Wax
 2 - A Mindfulness Guide for the Frazzled - Ruby Wax
 3 - How to Be Human: The Manual - Ruby Wax

COVID19 Mythbuster


So I’m sure we’ve all been following what is going on with this Animal related coronavirus. I thought I would post this as we’ve seen many fake news meme’s being posted about the virus. The problem with this is; people with Mental Disorders aren’t seeing them as meme’s (so illogical that they are supposed to be taken as stupid / jokes), they are taking them as fact. This is extremely dangerous and why Facebook put in restrictions to sharing on WhatsApp. Not only this, people are continuing the Nationalist / Racist view on everything spreading fake news meme’s that are purely illogical and racist.

Another thing I’ve seen both online and off is people thinking they know everything yet haven’t even read the official studies done on the virus. Outbursts of “Only lasts 5 minutes on cardboard, soaks it up”. The official report of testing – which was posted on the 17th of March showed that the virus lasts for 24 hours on cardboard as it is smaller than a blood cell. In heat testing the virus didn’t start dying off until it was at 56°C or 132°F.

Load Time

Something else that I’ve heard from multiple people is comparing this virus to other things like seasonal flu and heart attacks. It’s beyond illogical to make that point: at the moment 31,855 people have died in the UK over a 2 month period while 90% of the Country has been in lockdown, this equates to nearly 200,000 deaths from the virus over a 12 month period.

You also have people in America not only going along with Trumps retarded comments, but also thinking 5G has caused the virus spread… what? Others with guns in underground stations protesting to get Bill Gates arrested. While Bill Gates is one of the few Billionaires in the world who has put millions into research, but you’ve got narcissistic people like Rupert Murdoch spreading fake news in newspapers to make more money (because Billions aren’t enough) – while laughing at all the people dying.

Related Links:
 1 - Covid-19: How long does it last? (17-03-2020)
 2 - Coronavirus UK Figures

iptables > nftables Tools


I have wrote my own tools and scripts for nftables. The main reason for doing this is: the official package seemed to be half written and half the rulesets from iptables to nftables were not in the tools, or overlooked.

I have created a lot of modules which I will be adding to my Linux Administration Software soon. These include: importing a range ban list into an nftables ruleset.nft file which also has custom chain ruleset options and direct iptables ruleset translation to nftables ruleset. Integration of incoming firewall rules translation from iptbales to nftables (which failed in official tools). I will also be integrating this into my Mail Server attack and blacklist detection software – which checks blacklisted IP data before adding a ban. I am not releasing these software packages or the scripts for free. If you are interested in these tools then please message me on twitter. I am thinking about providing these tools to the official nftables team (maybe just the modules).

Debian 10 (buster) Changes


Most notable changes to Debian 10 (buster). Removal of ifconfig from the net-tools package – changed to using ip – which falls in line with other distrubtions. Here is a brief overview of some version changes:

System

  • Linux kernel 4.19 (from 4.9)
  • systemd 241 (from 232 – which has forced many changes)

Web Servers

  • Apache 2.4.38 (from 2.4.25)
  • nginx 1.14 (from 1.10)

Programming Languages

  • Go 1.11 (from 1.7)
  • Node.js 10.15.2 (from 4.8.2)
  • PHP 7.3 (from 7.0)
  • Python 3.7.2 (from 3.5.3)
  • Ruby 2.5 (from 2.3)
  • Rust 1.34 (from 1.24)

Database Servers

  • MariaDB 10.3 (from 10.1)
  • PostgreSQL 11 (from 9.6)

Moved from iptables to nftables for firewall rules and packet filtering.

The biggest change for me as a SysAdmin is the move from iptables to nftables. I have wrote modules for iptables rules and rulesets within my cross-platform Linux Administration software. I will be writing some new software for nftables. The official Debian documentation is not great; they placed a link to the official nftables wiki, but the tools which you need to use (which seem to be half written) cannot be installed on Debian 10. There is an apt package with the tools to convert iptables rulesets to nftables rulesets named iptables-nftables-compat; as stated you cannot install this with a default Debian 10 apt list – so you may have to do this before upgrading. They state in the official documentation for nftables to use a tool named iptables-restore-translate; I have used this tool but still had to go through my rulesets to change certain things that it did not pick up. Be very careful using these tools as not everything in iptables rulesets gets translated correctly. I am seeing a lot of posts about this move from sysadmins online at the moment.

Another big change you will notice is the move to using systemctl for a lot of commands that you used to be able to run in bash, this is down to the new systemd version.

New Pages Added


You may have noticed some changes to the site: I have added a Books page that has a listing of books relating to ICT, Programming and Finance that I have read. These are not all the books that I have read, but are a general list of important books I have read. I am going to try to keep this page updated as best as I can as I am always reading new books on ICT to keep up with industry changes to systems and programming. I have separated the Political news feed to a separate static feed. Everything on the front page from now on will be Tech based. I am currently writing Documentation for Debian 10 – there are some massive changes for servers! I am also going to be doing a lot of Server testing with this new version of Debian, making optimization comparisons between the new version and the previous version.

I have removed the Disqus comment platform for commenting on posts from the entire site due to their integration of Facebook buttons and advertising. I will be using my own comment system – a vast majority of questions and feedback for the site are made to my twitter account, so please feel free to message me there.

Shared Host or Linux Pro Server?


I’ve posted a lot against shared hosting on here in the past and thought I would write a quick review with some facts and information on why shared hosting is so bad. People are saying “Hey I get the same site with shared for free as I do paying a Linux Expert”… No you don’t, in this article I will go through differences with examples of insecurities.

Shared Hosts have no way of firewalling or blocking ports because they have to be open worldwide for worldwide customers. Which means no-one using the shared host can secure the server properly. Secondly most shared hosts never update their servers which leads to unpatched vulnerabilities that hackers and agencies can use to hack said server. Customers to shared hosts have zero access to vital server logs; such as email server logs (because the service is shared across thousands of other domains), which is the main area admins need to look to see attempted, successful and blocked attacks. Shared hosts I have seen recently have as many as 100,000 domains signed to a single IP. This doesn’t necessarily mean they are running all of them on one server (could be a cluster of servers on a single IP) – but in 90% of cases that is what they are doing.

Dedicated Secure setups by Linux admins are completely different as they don’t have to set ports to be open world wide – which means the linux admin can lock-down ports to only allow the server owner and customer access to them. Not only that they can also lock-down ports to specific IP’s for say receiving mail (IMAP etc), so only the customer can access the emails from said server. Also they can setup reverse-proxies with firewall rules: in a reverse proxy setup the ports on the real dedicated server are locked to the proxy server – only the proxy server can see the ports are open and connect to them through a single IP. This brings about security in many ways; online scanners will never pick up the ports being open and hackers won’t know where the real server is or find out the real servers IP.

Shared Hosting example of Vulnerabilities:

Load Time

These shared hosts that don’t get updated for 11+ years are causing even more problems worldwide, as hackers are using those servers to piggyback and attack from. We see it in server logs all the time – vulnerable shared hosts being used for both attack and scanning. When shared hosting first started it was widely used as servers costed a lot due to servers not being very fast. These days there is no benefit to using shared hosting – if you do use it and are happy using it don’t be surprised if your emails and data are leaked online. By law now Companies are liable for data protection which means the servers they use must be secure if they want to run a shop. If a shared server is breached and your customers details are leaked, a shared host will tell you that you are liable not them. Shared hosts are not meant to be used for payment sending or online shops even if they have TLS. A lot of amateurs creating websites think because they have TLS they are secure – this is false.

What happened to UK Tech?


I recently watched a talk by Bruce Schneier (Cryptographer and Computer Security Expert since the 1970’s) and it got me thinking about all the things that have destroyed UK Tech. The problems outlined by Bruce in the talk with Governments not understanding how Tech works – but still pushing through policy. The video also talks about IOT and future problems IOT will cause (placing everything on the Internet that doesn’t need to be). You can check the video out at the bottom of this post.

Going back to the title of this article: What has happened within UK Tech over the past 10 years? Software Companies have closed and all big tech based retail websites have moved their servers out of the UK. Why? Well unless you keep up on the Industry you probably won’t know why. The Tech Industry over all are a tight knit community – people from all over the world communicate on Social media (mainly twitter – all security people are against Facebook) about Information Security, Development and Policy changes. This keeps a vast majority of Servers Secure through information sharing. To Secure systems you need to know how attacks work and what vulnerabilities can be used against a system, which means information sharing and instant access to information about service or software vulnerabilities is vital to having secure systems and networks. Insurance Companies also have a big interest in Information Security as they have to check liability.

The Policy underlining the decline in UK Tech began when the Tories got into power. When Theresa May was in position of Home Secretary she spent her whole time moaning about Tech (see the story continuing?). She publicly announced that 1) She was going to force Tech Companies to log all Internet Activity into a National Database and 2) Remove Human Rights to do this. Privacy falls under international law under the UN as a Human Right. A lot of people don’t seem to realise the difference between posting things publicly Online and what is Private, so I will explain now: Private Internet Browsing means collecting every page you browse, not just information you post online. This would mean (if it worked) everything you browse is logged into a National Database that can be viewed and edited to create false positives. This also means other Private information can be disclosed (emails, form data, address, phone numbers etc). Law enforcement has a massive upper hand already with Tech – they have more information now than they have had in human history.

In the talk Bruce states that pushing Policy without understanding is more dangerous than non-technical people think. Not only does bad Policy introduce insecurity, it also effects Economy within Countries; the Tech Industry is the biggest Industry in the World right now – that is fact. Recently we’ve seen even worse policy pushed in Australia where they have pushed through Laws to backdoor all Encryption – this will never work in practice and they will have no way to enforce it. Security people within ICT have been constantly stating: “A Government Only Backdoor is Impossible”. If you have a back door in your systems hackers (a minor threat) can access the data through that back door and find the back door, furthermore enemy Intelligence Agencies (a massive threat) will also find these back doors and access information. Not only can they use the back door’s to find information (boring – they want network access), they could potentially use the back doors to get across entire Internal / External networks and use those networks to attack from. In a public sense back dooring Tech systems would mean no-one would be able to purchase anything online as with any Encryption back door – you will be making Encryption Irrelevant thus people will be sending Credit Card and Personal Information non-securely. This will never work and will never be enforceable – Companies will have massive liability for the data if someone finds the back door – Insurance Companies will be liable not the Government. Any Company looking at this kind of wording is going to do what? Yes – move all their data out of the said Country proposing these Policies. This is exactly what has happened in the UK under the Tories.

Related Links:
 1 - Bruce Schneier: "Click Here to Kill Everybody" | Talks at Google
 2 - UK Surveillance Regime dealt another blow in court