Hey, I have a good excuse though. Multiple, actually!
Vacation!
I took a vacation in the middle of June! That's why not much got done. Did you notice though? Probably not - except for a poorly timed ISP outage, Lain.la kept humming along wonderfully while I was frolicking around London. I had to step in once or twice to handle abuse requests but otherwise, pain-free. Very happy that my infrastructure basically runs and heals itself in my absence. Makes the time investment minimal for daily operations.
Here's an image from it. I picked a weird one.
Mini-Article: Securing Secrets for International Travel
A lot of my early June prep was in figuring out how the hell I was going to safely carry Lain.la secrets with me without them being groped by border security. I planned for the worst - that each and every device of mine would be scrutinized to the fullest. So, I wiped my personal phone except for MFA keys, wiped my work phone and used that as my primary phone, and took a work laptop with me that had some secret sauce installed on it to protect my OpenVPN keys. I want to go into a little detail about what I recommend for travel. And no - nobody gave a shit about my devices both to and from the UK. Doesn't hurt to be prepared though!
Disclaimer: My recommendations here are not necessarily what I actually did on my trip. Consider this just LARPing. Also not legal advice.
- No fingerprint or Face ID auth on phones or laptops. Don't do it. It can be compelled. Keep your authentication methods (first factor, anyway) strictly in your brain.
- Carry the bare minimum. The less things you have on you, the less that can be sniffed. A phone and a laptop ought to be enough, and they had better be wiped clean with stock everything. See "Blend In".
- Don't stand out. I know you want to wear that EFF shirt in the airport security line. Just don't. Don't give anyone a reason to suspect anything. See "Blend In".
- Don't get backed into a corner. You don't want to get put into a position where you have to say "No" to a security official. That won't end well. Give them exactly what they think they want and nothing more. They want access to your phone? Fine. There's nothing you need on there anyway, right? They want access to your laptop? Ok sure. You log them into the non-secure or non-hidden partition you have on it. If they get what they need, they'll leave you alone, but you don't have to give them what they want. That's the key. Look up Plausible Deniability. Oh, and for fun. Shove furry porn or something shocking (but not illegal) on it so they have their red herring.
- Use multiple layers of security. If you're carrying a keypair for OpenVPN or something similar, encrypt your private key, and then encrypt whatever that private key is sitting on with a separate password, and then hide that. E.g. a Veracrypt container hidden somewhere works great.
- Blend in. If you come barreling through security with Arch Linux on your laptop and a Tails flash drive in your bag, that might be hard to explain if someone takes a look. Look like everyone else instead. Just put Windows on your main partitions. Buy a burner iPhone, maybe. Don't root or jailbreak or hack or rice anything - just keep it normal. Feign ignorance if you have to - it's not illegal to forget something.
COVID.
Yeah, I hadn't gotten sick for 3 years straight, even through the entire pandemic. Not once. Then, I'm guessing someone must have given it to me in the UK which is apparently a COVID hotbed right now. I'm already mostly through it, but that kind of dulled the last week in June for me. Had a pretty bad fever, muscle aches, etc. Now it's just cough/congestion. That first day after the sore throat was the worst.
So anyway, I'm still here. I keep updating my 2022 plans with more and more things to do (even though that list has been hard to slim down). I have been primarily focusing on operations, vulnerability patching, abuse handling (proactive and reactive), new freebie VMs for some projects, Pomf statistics (check out https://pomf.lain.la/df.txt), and maybe possibly planning to get that automatic backup generator going by the end of the year if I have the cash to do so.
Some Other Thoughts:
- I've thought about donations again. If you check the monthly costs it's quite large now. Add a few big ticket capital expense items to that list and this gets into REAL money territory fast, not to mention the time investment. For example:
- That backup generator's gonna be like $6,000, but would completely take power outages out of my paranoia list.
- That storage server's gonna be like $6,000, but it's needed by the middle of next year by my estimates.
- I should really save $2,000 for spare server parts and such, just in case something blows up here.
- 10Gbe redundant networking is needed for the storage server, and that's maybe $300 and a LOT of my time to wire it all up.
- Multi-WAN is budgeted out and ready to go, but I'm deathly afraid of the downtime that will cause during failover testing.
All these things are dreams of mine to be able to do, and I will be able to on my own, given enough time. It's gonna be a while though. But it's maybe also a motivational thing? I understand thousands of people are already relying on my services but it's not like I can say hello to them or anything. Donations aren't just cash, but also an expression of a following, and I guess 10 people interested in me continuing my work is more interactive than 1000 people using my services. I don't know if that makes sense - it's just how I rationalize it. I'll give another example - I can look at Nginx logs that tell me I had well over 4 million GET requests inside of 2 days. That doesn't phase me. But when someone tells me they had 30 concurrent players on a game server that I hosted and it ran great, THAT somehow makes it real. Something about measuring real human impact vs just tailing server logs there that I can't quite put my finger on.
Anyway, I haven't fully decided yet. Maybe if you're reading this and would be interested, shoot me an email. I'll keep shouldering the burden for now.