Skip to main content

2025-09-19 - Summer hurries not over yet

  • Closed cloud perimeter for direct SSH access, adjusted firewall policies.
  • Mail client to support Microsoft 365, IMAP, PGP encryption/signing and S/MIME encryption/signing.
  • Speech recognition engine MacWhisper run locally (data remains local)
  • Tested Calendar BusyCal as alternative to native MacOS Calendar.
  • Deployed an open-source web-commerce web application 'opencart' in GCP with Cloud SQL as backend.
  • Protected above-mentioned with Multi-Factor Authentication (MFA) before web application configured on nginx+google authenticator module (users and tokens via PAM (/etc/ga-secrets)).
  • Participated on SUSE Partner event in RIYADH (organized by Ingram, thanks for invite, guys)
  • Database server EnterpriseDB PostgreSQL Extended Server (edb-pge)
    • Setting up Transparent Data Encryption 
    • Setting up Replication to the second server 
    • Enabling High Availability (HA) with EnterpriseDB Failover Manager (edb-efm)
  • SIP phone Grandstream WP816 firmware upgrade
  • VPN tunnel between on-prem and cloud environments using Cisco ASA5505 to OPNsense
    • Obtaining and activating Free 3DES-AES license from CIsco
    • Upgrading from v8.2 to minimum v8.4 (but did till v9.1(7)32) to support IKEv2 and IPsec
      • Install TFTP server/client on Windows XP (tftpd32 by Philippe Jounin amd PumpKIN by Klever Group)
  • Network Printer HP LaserJet 1320dn configuration for ability to print remotely (behind VPN)
  • Began a list of software with latest supported versions (for Windows XP, MacOS High Sierra and similar classics because they are still in use)
  • DDoS defender fail2ban: fine-tuned to send mail notifitications.
  • Deployed Web Application Firewall 'modsecurity' as module for nginx webserver to protect applications.
Back to top