Why still run a VPS ?

and VPN Connections speeds using a VPS server

Why do I bother run my own Virtual Private Server (VPS)?

I do ask myself why I still bother with running a VPS on IONOS. I no longer have a business to run, so the old web pages are an archive now. I thought old URLs should never die (*).

I am often tempted to shut the VPS down and use email only service providers. They seem to be as expensive, even more than running as VPS that can run the email. I need 50Gb for each email box. Emails are a useful personal archive; ours goes back to 1992.

Running an email server on a VPS can be problematic. Both Google and Microsoft impose their email server monopoly on security grounds. Rarely they have blocked whole swathes of Internet Service Provider’s addresses, with no notice or explanation. I assume just one of the ISP’s customers has been naughty by sending out spam. It can take a day of two to get unblocked from these secret blacklists. I hope I have not jinxed it but the last such episode blocking email was over a year ago. This big-boys IP blocking was never reported by blacklisting sites such as MX toolbox. One needs to avoid getting on any blacklist lists so chose ISP carefully. Set up SPF DMARC DKIM and even DNSEC. All would be quite fiddly if it was not for the likes of PLESK to set up and control your VPS.

Plesk is very expensive when sold as a stand-alone, personal purchase, but cheap when it is part of the ISP VPS package. Always buy with a VPS server with cPanel or Plesk.

What do I still use VPS for?

1. EMAIL The advantage of running an email is you are your own man in the middle, your data is not being mined. You are in control and back up. I spoil the lack of data mining by having my google Gmail account pop read all the incoming emails. Searching of email is so much faster and intelligent with Gmail than directly searching on the server or Outlook. Gmail then is one of the backups. I also backup the entire server and settings to Dropbox. Tight fail2ban rules are essential for email servers and PLESK sets that up easily.

2. A Virtual Private Network VPN when abroad keeping a UK IP address is very useful. To use a VPS as a VPN is a cost saving, as a commercail VPN service can cost as much as a VPS, but you can do more with a VPS. The VPS’s IP is not recognised as a likely VPN address and has never been blocked as being from abroad; the IP address does not belong to any of the major VPN providers. Again, you are not being mined, logged or surveyed with your own. I use Softethervpn on the servers and Raspberry Pis as it is so much easier to set up and can use OpenVPN. Softethervpn even makes a client OpenVPN script to do so. Beware VPNs do not route IPv6 well, so to ensure that seen to be a UK address turn off IPv6 on your PC when abroad.

3. SSH tunnels and reverse tunnels. Some of my projects have no inbound route (say they are on 4g). Using autossh on the remote site will open a port on the server to connect to the remote site to use for anything, including VPN connections. SSH needs care: I change the default port number of SSH, run fail2ban and of certificate only, no password logins are allowed.

4. SOCAT. This is a useful programme if you want to reach the fixed IPv6 address from IPv4. One of my places has no fixed IPv4, no route from the internet (CGNAT) but has IPv6 allocation. Opening IPv6 pinholes on that router I can can access multiple devices from the internet, even using the same port number, at the remote site. Alas, some business networks, hotels and phones are still not routing IPv6. So I need to direct the request to a VPS server port, and the configured SOCAT will read IPv4 and forward on to the remote reachable IPv6 address.

5. Web Server. Setting up web pages. Social media has reduced the need to have a vanity domain and web pages as I set up long ago. For email alone one needs to get a proper a wildcard SSL certificate. You can then use that certificate on any machine (some are RaspberryPis) once using by the same domain or subdomain. Plesk makes setting all this up easier.

6. Frame forwarding. One can set up a subdomain and the point to a port to the server which is connected to a website elsewhere (such as a raspberry Pi) eg https://yell.bulger.co.uk is frame forwarded to a port on the VPS which has been autossh connected by the raspberry Pi in Shetland.

7. Never run TOR on a personal VPS server!

G3WIP

*Old URLs should never die, expect in Australia.  If a business stops trading or reduces to itself such that it no longer has an business number (ABN), then the domains .com.au have to be deleted by the registrar, along with email and contacts.   This is quite nuts.

VPN Connection Speeds

I use my own servers to double up as Virtual Private Network VPS servers. I also use RaspberryPis.   Seems safer and reliable to me than the commercial VPN offerings.  Nowadays it is quite cheap to set up the most basic internet based Virtual Server  (https://www.ionos.co.uk/servers/vps) .

I have used Softethervpn  https://www.softether.org/  as was the easiest to set up on the Linux servers and has many features and offers different protocols.

Then there was a claim that WireGuard was a faster protocol, so I thought I would check it out.  Thanks to a nice script is now also a doddle to set up: https://github.com/angristan/wireguard-install on my servers.  Beware a “feature” is that the Wireguard client looks as if it has connected, creates a default route to nowhere, when there is no connection.  I thought it was not routing, it was much simpler than that; it had not connected at all. I had a firewall problem.   Wiregaurd should change the route until there is a connection.

I put WireGuard   https://github.com/angristan/wireguard-install server on Ubuntu VPS and a domestic RaspberryPi  using the same script. 

I am using my Windows 11 as the client at home

I turned off IPv6 (not all VPNs route or block IPv6). I tested various protocols to my VPS server (UK to UK).  The server is said to have a 3GB connection

Speedtest to the same end point averaged as follows:

Straight connection with no VPN on my fibre line gives 980Mbps.  Upload and download speeds were always similar.

SocksProxy using SSH (secured; key-only authentication) connecting to my VPS server came out best to my surprise.  I thought there were limitations to using a Socks proxy. Normally I used Seamonkey Browser to use this proxy tunnel, not all of windows.  It averaged 600Mbps.  When I set windows itself to use this proxy tunnel the speed was 680Mbps.

SoftetherVPN with its own protocol and client 460Mbps

WireGuard 280Mbps

Open VPN 150Mbps

L2PP/IPSEC    140Mbps

IPv6 and VPNs is a whole new ball game, and I do not know the rules.  At least WireGuard using this script prevented IPv6 direct routing to the internet (stopping a leak bypassing the VPN) when Windows has IPV6 on as does Socksproxy.  This is useful.   Better if ALL traffic, IPv4 and IPv6 is be routed via a VPN, I am not sure how to achieve that as yet (see such discussions https://www.reddit.com/r/WireGuard/comments/mg9mlp/ipv6_routing_subnet_through_wireguard/ ).  Currently with my setup with WireGuard VPN and other VPN protocols do not find sites by IPv6 address.

My conclusion is that I will use the Socks Proxy via SSH proxy more often. This little script below simplifies switching the proxy on and off.  https://github.com/zubir2k/WindowsProxySwitch.git  although  it offers no choice as which proxy to use if you have more than one set up.

Thoughts on crypto currencies

St Helena, on the South Atlantic, where I was working last year (2021) has vague notions that it can become a crypto centre.  It will have fast internet connections working within a year. Here are my ramblings:

It’s remote

I suppose St Helena could offer is a legislative framework to support some innovation.  It might be able to offer safe haven for storage of data.  

St Helena seems to be wondering about solutions for Africans without bank accounts. This is being tried elsewhere; I have a tiny amount invested in a crypto company that is trying to develop a modern version of M-Pesa in Indonesia, where 90% of its huge population did not have bank accounts.  M-Pesa and similar African schemes transfer money between people and their mobile phone accounts.  They are successful because simple and intuitive. Any new solution must be better, ergonomic, simples.  These African based phone companies must be trusted and in effect become on-line banks, so need to be licensed and regulated as such.  A crypto, distributed ledger is in theory safer and no need to find a “safe” trusted third party.   A Government could steal or nationalise M-Pesa,  or even its system could be hacked.  That’s still impossible with a distributed ledger.

The distributed ledger is an exciting solution said to be seeking a problem.  The one cited problem has been cost of financial transactions between people, the cost of selling a house, all because the current systems have been built of over centuries to create trust.    The distributed encrypted ledger should be able to cut out all middlemen, lawyers, brokers and even banks.   The ledger machines throughout the world have to agree that a transaction is genuine and correct.  It is a public record.  Anyone can look up a Bitcoin address for example and see the transactions on that address.   The land registry could be such a ledger, same for car ownership.

The distributed ledger is not instantaneous as it is limited by the speed of light, or rather by the latency of internet cables, and the speed of the computers holding the distributed ledgers.  It could not be easily used for high speed trading. St Helena, even with the new cable connection will suffer from a little longer ping time, longer latency, than servers within Europe, USA and Asia so this may limit St Helena’s use on the crypto scene.

There is an idea that perhaps the world should put precious data on the moon to keep out it of harm’s way.  St Helena could offer that safety on earth, but it would need power sources other than diesel to run any kind of servers, including any “mining” or distributed ledgers

People worry this is all crypto is all speculation, a ponzi scheme. Bitcoin has no intrinsic value.  The value is only a perception of what it is worth, as others agree.  But paper fiat money is the exactly the same; the paper is worth nothing, yet we all intuitively agreed on value of a £20 note (until inflation hits).  Governments have been printing fiat money, banks creating it (they lend more than their deposits) for decades, and it got worse with Covid, so its no wonder we now have inflation, principally of capital (houses) making the rich richer, but now inflation is at risk of running away.  The advantage of Bitcoin is the number of coins is limited to 21 million of them, the hard cap.  We would have expected Bitcoin to gain in strength as inflation hits. But it collapsed as too many were speculating using borrowed money and too fancy schemes linked to other asset classes.  This will wash out.   

Attempts to create stable coins are fraught, as to peg say a tether $ would mean Tether would have to hold a fiat $ to every tether $ electronic coin.  But it never did, so acted like a bank creating more Tethers than it held. Bringing back the principle of the need to trust someone, and thus acting like a bank.  There are many mathematical attempts to resolve this dilemma to establish more stable coins, but recently those algorithms failed spectacularly (Terra USD)

Governments flirt with the idea of creating their own crypto coins. They would be stable, hard linked to their fiat. Coins and paper would cease to exist.  They could mint more coins, have total control over money supply. This would seemingly abolish banks being involved in transactions, people would no longer need bank accounts.  All money electronic.  This of course is a communist idea of absolute control over the population.  Tax impossible to avoid, all spending monitored by Government.  Since Banks would no longer hold deposits where would any lending come from?   The Government.  

I am not sure I can see how St Helena can fit into this revolution as yet.

https://www.theregister.com/2022/09/08/doj_rongelap_atoll_crypto_charges/?utm_source=daily&utm_medium=newsletter&utm_content=article

Dr Gerry Bulger   ex SMO St Helena

Abuse of NHS Doctor’s Appraisal System

Some in the NHS  wish to use GP appraisals as a reference system, to check for suitability for a particular job by asking to GPs to send in their appraisal output data or “copy of appraisal”.  There are also administrators who wish to use doctor’s appraisals as a management tool for audit and performance in line with other work sectors’ appraisal systems.  The reply must be no to any request send copy of appraisal or appraisal summary to employers.  Doctors are already concerned about reflection in their appraisals after the Dr Hadiza Bawa-Garba case.  This new use as a reference tool would make matters much worse.

It was discovered in March 2021 that the GMC seemed to support the employers’ new stance  with a statement on GMC web site Appraisal documentation is confidential. When requested, doctors should share summary appraisal outcomes with the organisations where they work (in addition to their designated body) but they should not be expected to share their full appraisal portfolios on a routine basis.”    It turns out (March 2021) that the GMC now recognises that this wording is an error and will be changed.  The thrust of this essay remains true. I have been assured of this after representation to the GMC by the RCGP Revalidation team on my behalf.  My view is that, if anything, doctors could provide the appraisal statement which is a few tick boxes that in effect states that we have had an appraisal.  The statement is very different from the appraisal summary which is the detailed nub of the appraisal and should never be shared, nor should any other part.

Appraisals, if used as references by NHS Trusts, other employers or GP practices, will compromise the appraisal process and could break revalidation.  A salaried GP would certainly not want to share their appraisal  with their workplace and practice manager. Appraisers will start designing the appraisal output to reflect a new status as a reference for third parties to view, and not as the appraisal output is currently assumed to be; a confidential, reflective document, while appraisees will not mention serious issues.   

Below is the letter that started my concern I received after some months working via an agency.  I had worked in that area since 1993, and appraised locally.  I was licensed and revalidated:   

Hertfordshire Community NHS Trust   1st  August 2018                                                  Dear Dr Bulger   Re: Appraisal Output request for Gerard Bulger  As you will be aware the Responsible Officer regulations came into force in 2012. As the Deputy Responsible Officer for the Designated Body Hertfordshire Community NHS Trust (HCT), I am accountable for seeking regular assurance that Doctors who work for HCT in any capacity are up to date and fit to practice across their whole scope of work.  As such and in accordance with the HCT process Non Designated Body Doctors’ Governance Process’ approved in January 2017 by the Workforce and OD Committee, I kindly ask that you provide your last appraisal output form no later than 8th August 2018.As you will be aware the Responsible Officer regulations came into force in 2012. As the Deputy Responsible Officer for the Designated Body Hertfordshire Community NHS Trust (HCT), I am accountable for seeking regular assurance that Doctors who work for HCT in any capacity are up to date and fit to practice across their whole scope of work.”  

In March 2021 I got another request, a CQC inspired compliance list from another employer which included a demand for “copy of my appraisal”, as if standard and matter of fact.  My reply to both reply was no.  The employers can check references, my place on performers’ list (so therefore appraised) and can check I am licensed and revalidated on line.  The Trust or any other employer have no right to demand to see my appraisal output (which, as it happens is suitably glowing, so I should show it off); the  principle is that that appraisals are also private reflections.

West Herts Trust  tried to apply to NHS England for the appraisal data is if I was moving responsible officer that is moving area, using the RO to RO form (MPIT). NHS England’s response was robust and the request refused.  The data cannot be used by anyone other than the doctor’s one and ONLY responsible officer.  NHS England’s Programme Manager replied to me in 2018:” We would not consider sharing your appraisal documentation with any employer and it should not be used in the manner in which your organisation is suggesting. I am happy to write to them on behalf of your RO to confirm your fitness to practice and that you are fully engaged with the appraisal programme.  That is all..”

These requests are a nasty extension of the use of the appraisal system output as a reference and a management tool.  This is not appraisal’s purpose, which is about probity, reflection, developing a personal development plan for licensing and revalidation.  No doctor should volunteer to send their appraisal output to anyone outside their own Responsible Officer’s team.

West Herts implied in the letter that in effect a doctors could have more than one GMC responsible officer, so each Trust could view appraisals outputs. 

BMA: Responsible Officers (ROs) are the individuals within designated bodies who have overall responsibility for helping you with revalidation. A designated body is the organisation (likely to be your main employer) that will support you with your appraisal and revalidation.  You only have one designated body and one Responsible Officer irrespective of how many organisations you are contracted with or employed by. Only UK organisations can be designated bodies, because the legal rules that determine this – the Responsible Officer regulations – only cover the UK.

GMC: Taking Revalidation Forward  the GMC has the following statement in Sir Kieth Pearsons recommendations (Appendix B)
9 Responsible officers should make sure that the revalidation process for individual doctors is not used to achieve local objectives that are not part of the requirements specified by the GMC. 

LMC: “believes this is a gross misuse of the appraisal process and that there are no such requirements for outputs to go to new employers”

GPC: An employee should not be requesting this information and you do not need (nor should you) share it. All they need to know is that you are on the performers list (which you can only do it you are keeping up with appraisals and revalidation. 

During my time as an appraiser I assured my doctors that the appraisal process was confidential, and that the only person who may see it would be their one and only responsible officer and their appraiser.  A doctor has one, and only one GMC Responsible Officer, no matter how many employers he or she has.

We have understood that appraisal remains a formative and reflective process. The output has no pass or fail unless there are clinical risks found or the doctor is not engaging.  The purpose of appraisal is to demonstrate continued probity, learning and reflection to keep a license.  The doctor’s one R.O. can approve for revalidation after five years.

A Trust can check that a GP had had a recent appraisal, that he is licensed, revalidated and on the GP performer’s list.  Should a Trust need to know that a doctor is suitable for a particular job this is achieved by references and interview.  The appraisal data would be a poor way to do this.  To provide appraisal data to third parties is an extension of the appraisal and revalidation system beyond its scope and purpose.

GPs must refuse to send appraisal output demanded by employers. They have no right nor reason to see it. 

Gerry  Bulger

https//bulger.co.uk/message.htm

 

Covid: Bureaucracy blocked Clinicians working

Time to rage against most of the NHS? 10/01/2021

At the height of the second wave I was waiting for the call up to help in the overwhelmed hospitals or for the vaccination campaigns.    Not a word, not a single email.

Meanwhile my inbox was full of requests from Australian agencies offering up to $2,700 a day for Covid related work, in a country where, so far, Covid is pretty much under control.  I also remain on the Australian register, but I cannot get there unless I self-isolate at my expense in special hotels, and I would need a new visa.

Here in UK I did the in-house training for NHS Nightingale and its on-line modules, got the lanyard, ID card, staff number and T-shirt, but thankfully never needed.  I also other modules and the NHS “credentiality” checks for 111 primary care work. All that extra training is imposed on doctors as if they are not already in practice. It was designed for those coming out of retirement, and the rigid rules set place could not be changed for those already working and appraised.   A list of some of the stuff is here:  https://www.bbc.co.uk/news/uk-55516277

Most of so-called mandatory training modules such as anti-radicalisation are not even mandatory at all. Apart from some internal health and safety rules, there is no legislative or GMC requirement for the training modules. The “mandatory” aspect is an NHS urban myth that keeps many in employment.  Doctors must be professional and keep up to date.  We undergo annual appraisal and then revalidation to prove it. That alone is our training duty.  The NHS as invented the rest.  It may seem sensible that module to recognise allergic reactions.  But if any doctor does not know how to recognise or deal with that then we need to look seriously at the 10 years+ of medical training.  I very much doubt the Health Secretary’s vow to reduce this will have a lasting effect, as the culture to require this nonsense it too imbedded. https://www.bmj.com/content/372/bmj.n13

Did anybody in NHS other than Casualty and ITU staff in the NHS know there was a war on?   Could they not slash these requirements and call up trained doctors to help?

I was shocked and aghast attending “Pinnacle” and Covid Vaccine roll out on-line NHS Team Meeting seminar at the start of the vaccination programme.  Even the GPs leading it have got wrapped up in the bureaucracy of it and believed in it.  They should be in a rage.  Instead, their energy seemed to be directed to worrying about £10.00 fee for nursing home jabs.  Vaccinations centres as in GP hubs are being loaded with computers, printers and scanners and specialised software.  We all have computers in our pockets which can scan bar codes of all sorts, surely there is app for that would make that pile of kit redundant.   Less is more.

During that Team meeting it was clear that the hoops expected by the software and NHS minions were no longer necessary.  Previous anaphylaxis is not a contraindication, and no need to watch the patients for 15 minutes.

Sir John Bell has it bang on. “NHS could vaccinate UK against Covid in five days, says Oxford professor: Bureaucrats are blocking a rollout that could prevent many more deaths, according to Sir John Bell  https://www.theguardian.com/world/2021/jan/09/nhs-vaccinate-uk-covid-five-days-oxford-professor

Those working in Casualty and in ITU manage despite of the system. They pull in levers in Government and nothing happens, as the NHS system blocks and delays.  Time to rage against most of the NHS, not clap it. 

I carried on working elsewhere in the NHS part-time.

Dr Gerard Bulger BSc MBBS DCH FRCGP FRACGP CCFP

https://bulger.co.uk/message.htm

Junk is stuff in the wrong place

I was back down working in the Falklands in 2020. Behind the house was a yard with local TV tower with assorted radio junk scattered about. I was sure cared for and some is in locked containers, perhaps to be shipped back one day. It belongs to KTV Falklands Digital Channel https://en.wikipedia.org/wiki/KTV_Ltd. Later of course once out of Covid isolation, I met its owner Mario, VP8EME. In such Isolation, with no RS store or Amazon to deliver the next day, he needs to keep stuff.

To any amateur radio operator this would have seemed mouth watering stuff. Rows of parabolic dishes, some with various transponders still attached. Then power supplies, heat sinks, cables.

I suspect the reason for apparent discarding is that there now decent internet here via satellite, 4g mobile phones, a few free TV stations and more if you pay a fee to KTV. So individual dishes are no longer needed. There are issues with the local telecoms monopoly…even bringing down your out Satellite Phone with data is illegal, let alone setting up your own satellite data dish. All about those problems and more is on https://openfalklands.com

Upgrades to the telephone system filled the yard with even more stuff. BAS seems to have left a container here once used for HF coms.

Enough here to build a few antenna towers. Then there coils of fat low loss coax piled up. I assume too expensive to ship any of it back to the UK so it sits here waiting to be used, but I imagine the next project here would bring in new materials. This stuff is the wrong place. I assumed parts would be used and appreciated by many back home.

In memoriam: Looking at some of the old kit I appreciated the work and engineering involved in creating it within the last 30 years. Unless you build a cathedral everything we do is ephemeral. Much of this was so beautifully made with professional screening of parts, solid aluminium casing. A lot of thought and brain power, time and care went into each part, now not used. A graveyard of effort. Some of the boards have rows for Z80 chips which were used until quite recently, even a 555s.

Then I realised that even for hams and electronic enthusiasts little of all this is of use to us nowadays. It’s frankly simpler to write line of code into a computer than it is to make stuff. So we use the internal complexity of millions of transistors in a PC chip to achieve something that could be achieved in “simpler” manner by old school working.

Waveform Old school with op amps and 555 chips

But the old school in inflexible. Once made with wires and components it does its one thing. A Raspberry pi is cheap and light. Make an error reformat and start again. Reliable too. I had one doing its thing as router/VPN for over year without a reboot.

Some of this stuff here could be used for interfacing, a PC’s output need to attach to something in the end.

VP8DPD G3WIP

Fibre and Phone Broadband Routing IPv4 & IPv6 to home machines & servers: Hyperoptic Router Fixes

Our central London apartments have 1GB fibre connections with Hyperoptic which are reliable and fast. We get the speeds advertised, and at one our flats it is even a little faster. Ping is time 1ms. With such fast speeds, upload as fast as download, it is tempting to run servers at home and run a private cloud. The snag is the devices at home are not reachable from the internet using IPv4; the home routers are behind CGNAT, just as phone companies do in order to share the rationed IPv4 addresses and protect their network. You can pay Hyperoptic and other fibre companies extra each month for a fixed IPv4 address that is then reachable from the outside using IPv4. You may not need to. Better to use IPv6 anyway.

Home devices can be reached by IPv6 addresses from the internet which when calling from an IPv6 enabled network. IPv6 is fixed and we are given a whole reachable subnet. Then we can set the home router’s IPv6 filter; that is open pinholes or IPV6 filter rules to local devices’ IPV6 address and ports we want. We can now have multiple reachable devices from the internet and even using the same port, say port 443, as there is no address sharing (NAT).

There has been a snag using Hyperoptic routers, even their latest H3600 router when it comes to IPv6 routing. Many customers give up and buy their own routers. The Hyperoptic router manual has incorrect instructions for IPv6 filters. The first thing to note that the “LOW” firewall setting does not seem to affect IP4 blocks and port forwarding rules, but low does open all IPv6 devices on the LAN, so an open port of any device is reachable on the internet in IPv6 addresses. Not a good idea. But middle and high settings are fine, I set mine to high so all ports are closed unless defined by the filter rules.

Now adding filter rules was a pain, and it took me a day to realise why some rules worked and others did not. The IPv6 filter rule secret is NOT to declare the incoming port. It you put a number in there the rule is ignored.

Connection works from IPv6 enabled networks away from home. It does not always work from some workplaces or from many phones because still some ISPs still use IPv4 only routing. To solve this I use another server (my VPS) that has fixed IPv4 and IPv6 connections I use the VPS as a middle man to “cat” the connection from IPv4 to an IPv6 address. I can access home systems anywhere and can give my home machines domain names IPv4 and IPv6 with DNS entry. On this middle machine, a Linux site (a VPS) I use SOCAT command with the IP and ports I want like this:socat TCP4-LISTEN:9831,fork,su=nobody TCP6:[2a01:4b02:a40a:4b10:af9b:c59c:b1b8:2e7x]:2529. Connecting to MyVPSserver:9831 using IPv4, connects to my a home device on IPv6:2529. I run a VPN though it (SoftetherVPN). It’s magical (don’t forget to open the port on the middle server if needed). It is very fast, I do not notice any degradation. When using Myvpserver domain I set DNS A (IPv4) to the VPS server and DNS AAA (IPv6) direct to the home device IPv6 address.

As it happens I found that if you have two places with Hyperoptic fibre connections you can access the other by using the internal Hyperoptic IPv4 addresses that are given to their routers (in 10.0.0.0 range). These internal Hyperoptic IPv4 addresses seem fixed. These IPs have not changed over multiple reboots.

The other approach to reach your server is to use a reverse SSH tunnel from home server to one with a fixed IP such as a VPS. Using a Softether VPN ( the easiest of VPNs to set up) we can have full access to the network. To automate this I use autossh, set up in /etc/rc.local rc.local is now depreciated but I find it easier.

autossh -M 0 -N -f -o “ServerAliveInterval 30” -o “ServerAliveCountMax 3” -o “PubkeyAuthentication=yes” -o “PasswordAuthentication=no” -i /root/.ssh/id_mykey -R 50020:localhost:5555 user@mydomain -p 2526 & This connects the remote, behind the firewall machine (usually a Raspberry) Pi to my VPS SSH port 2526 using the key id_mykey. The VPS now has the the 50020 as a tunnel back to the remote machine’s Softether default port 5555. A Profile on Softether client on any device can be set to connect to mydomain port 50020 (if port open or localhost:50020 to tunnel the port via SSH)

I was also using the reverse tunnel to connect to a 4g router. This is a 4g dongle attached to Raspberry PI as part of a remote ham radio project. I have no space in London for antenna. I was to run Remote Rig though the tunnel but 4g latency was the problem.

https://bulger.co.uk/message.htm

Three Broadband 5G. Atrocious upload

Update on 5g Three Broadband (as was Relish broadband)

See 2015 blog on the 4g Three Boadband product

I get on the phone to dump Relish (Three Broadband), giving up the £30 a month contract after some years with them.  I was getting better connection and upload speeds on my phone.  My phone uses the same Three’s Network 4g or Vodafones’ 4g (it’s dual sim).  Setting my phone as a hotspot was better than using the Three home broadband hub. Time to give up on the 4g Relish (Three) home broadband hub.

Three Broadband then said 5g was now in my area, so I was sent the new Huawei 5g hub/router (over £350 to buy).  My testing went ahead using wired ethernet from hub to PC.

5g is only JUST available in my flat in only one spot, at an impossible to mount area within one bedroom.   Then it seemed that if I made any adjustments to the router firmware, such as change the LAN IP range, the router lost its ability to find the local 5G signal.  It would only find 5G tower after a hard reset.  That is all support would suggest.

Huawei H112-370.

The best 5g I got was with the hub router propped up on books in one precise spot was 100MB/s.   What was most disturbing was the fractional upload speed, best at 2.8Mbs.   Everywhere else in the flat is it the hub dropped down to 4g but at least that gave better upload speeds of 4-6Mb/s

Best with 5g:

Best 5g in area and 5g Area in our flat near window, pointing at local tower.

Three Broadband will not tell you what upload speeds to expect, talking rubbish that it depends on various factors, but those factors would also affect download speed, although I accept transmission power is lower from the hub. One the other hand power is needed for reception’s download handshaking so I would have thought factors affecting download would affect upload to the same extent. Perhaps 5g is more complex.

Three Broadband refuse to give any indication of an upload guide number, and simply state “it is not guaranteed”. That is all they will say.   Three Broadband’s refusal to give any technical details to users is something Ofcom should look into.  We should know what we are buying.  Upload speed and with latency are crucial factors for a useful broadband connection; download speed is just on factor and is a bigger number.  It is the only one they like to headline.  Funny that.

They probably refuse to quote any number because upload is deliberately throttled.   This was the case with their original Relish 4g hub (again this was never mentioned anywhere on their web site).  The best upload speed I got on 4g on Relish hub was 8MB/s despite downloads of up to 72Mb/s .   Most 4g SIMS in phones are pretty much synchronous, you get similar upload and download speeds unless the network is busy.   I gather some “5G” systems split upload and put upload back onto 4g.  Perhaps this is what Three does, but seems slower than when the hub is using 4g. All very odd.

The hub is not locked, so I was able to put my 4g Vodaphone SIM in the Huawei H112-370 hub this afternoon, a busy period in central London (things here speed up evenings and weekends).  This afternoon it gave 72Mb/s download and 20Mb/s upload.

Vodaphone 4g sim in the 5G hub. Note upload speed

Using 4g Vodaphone sim in the Huawei hub this busy afternoon in central London.

In the evenings on 4g phone sim I often get 98Mb/S with 70Mb/s upload, or uploads can even faster than download.

So I am sending back the Three Broadband 5g hub.   5G is hardly here at all, and upload speeds are atrocious.

5g here is giving 100Mb/s download with upload throttled to 2.8Mb/s, that upload speed is a fraction of what normal 4g offers.   There is no question that the better option is still 4g and is cheaper.  I plugged in a 4g USB modem into my Draytek router with a Smarty sim, which gives unlimited data, decent upload speeds at £20 a month no contract. Done deal while waiting for the block to get fibre installed.  Hyperoptic fibre cable is synchronous and we get at our other flat 700Mb/s up and down with low pings.  5G can wait because there are some nasty marketing practices bordering in fakery here. Deception of customers by deliberate omission, made worse an outright REFUSAL by support team to state the facts.

Gerry Bulger

https://bulger.co.uk/message.htm

Working from Work: Access your home PC as a Web page from anywhere.

Screen shot of my PC logged into my apartment’s PC as a web page. I can do this from work

Thininfinty Web login

Working from areas with tight security and behind firewalls which you cannot control can be very problematic.  Some places the blocks are simply too clumsy, making internet connection almost useless. Even medical sites such as dermnet.nz can get blocked (skin tones=too much skin). Or using medical terms such as “Oral” too much. So safely log into your home computer.

The simplest and secure solution, that does not imply any hack, download or compromises the security of the work site, is to connect to your outside home computer using a web page, port 80 or better port 443 (https, encrypted).  Those ports are never blocked.  This method does not require ANY software installation at the work end.   You are simply viewing a web page on any browser. You are not downloading or introducing anything of risk to the work system.  No malware can pass.  

The setup is to uses Thinfinity.   This offer a fast VNC like connection to your home computer using a web page alone.  Once installed on the home computer, at work just type in the URL or IP address of your home machine on the work PC’s web browser, eg   https://10.20.30.40/ or something like https://myhome.mydomain.com   

On your home router you will have to port forward port 80 or 443 to your home computer that is running the Thinifinfity workstation server, and that machine needs to be left on!  Give it a strong long password.

The non-commercial single use workstation license is free.

That’s it.

You can then look at all emails, all files, one drive, dropbox, edit stuff and post to NHS email address, and even use WhatsApp messaging that is connected to the phone left in the car.

I set it is as a subdomain of my own domain, so it can share the site’s lets encrypt SSL certificate.  You can use http, port 80, but it is not encrypted. Thinfinity have their own certificate system for https, but that requires connecting to their servers, which could get blocked, and the certificate did not work when I tried.  Domains can be created for any home router using dyndns or similar products, but I feared such domains may be blocked, so I used my own.  You could use the home IP address if it is fixed.

To untrained it could imply a security worry. From work, via this system, you can see on your home computer thus any site or file, such as time-wasting Facebook. But we are responsible professionals and just need access to all our clinical stuff.   

There is no record on the work computer or knowledge what sites your home computer has been looking at.   The work computer just sees the connection to a single domain or the IP address of the home machine as a single encrypted web page. All its doing is sending a screen image.

When logged to your home PC via Thinfinity in there is a hidden menu at the top middle: clicking on it you can scale the screen to fit the browser window. You may also need to hit refresh there if not seeing a window.

Gerry Bulger

Contact https://bulger.co.uk/message.htm

Older links on similar subjects

http://bulger.co.uk/satellitecost2.htm

http://bulger.co.uk/softethervpn.htm

Doctors Cause Crime

Prison Healthcare

There has an exponential in the use of gabapentin and pregabalin medication amongst prisoners over the last decade. These drugs are now almost exclusively used by those with other dependencies in prisons. During this time of increasing use of these gabapentinoids and other prescribed medications, we saw an increase of violence in prisons. This violence may not be due to illicit Spice use and reductions in the number of security staff.

I am the suspicious that us doctors may not be doing any good. Doctors do not have any medication to treat crime, but our best of intentions may now be causing criminal side effects.

Many of my prisoner patients have recognised themselves in the following scenario:

You have a criminal tendency, making you feel nervous, or you may have heroin habit, whereby you have to “find” £100+ a day for that. This make you very nervous, an anxiety state. You go to your kind GP who gives you diazepam at least, but clonazepam is your preferred benzo choice (10x more potent). You now feel relaxed and invulnerable. You feel better inside yourself, but you are now worse to others.  Relaxed you can thieve more. Then there is that paradoxical aggression these medications give, so that knife you have with you is now more likely to be used. Of course you prefer the similar effects given by the gabapentinoids, the new benzos, which you can seek for that old ankle fracture and back pain. Gabapentinoids can give a high on their own, make heroin highs better and cheaper, and any spare capsules can be sold on.

Your life is now a mess, and you feel grief, guilt and remorse. These are uncomfortable sensations, which should protect you from more damaging high-risk behaviour. These feelings are depressing and annoying. Your GP now adds in an SSRI for your “depression”, but you may seek Mirtazapine, as you cannot sleep (perhaps partly caused by the cocaine), and you may want a bit of weight on. The anti-depressant detaches you from your emotions (that’s partly how they work in depression), releasing you from guilt and remorse.  

You now have ideas that others do not like you, you have no insight as to why that is so. Your mood swings are violent, disinhibited, so now you now have added quetiapine or olanzapine to the cocktail. These major tranquilisers were designed to stop the overthinking in a psychosis and schizophrenia, but here the tranquilisers block thought, further imagination and hope and they also make you fatter.

With this concoction of these prescribed medications you now are free of anxiety, grief, guilt, remorse and hope. You are detached and have no feelings for others. You now have full blown Iatrogenic Antisocial Personality Disorder with multiple convictions.

Weight goes on and on, blood sugar rises. You are now diabetic.

Gapabentinoids  and opiates are a lethal combination.   Apart from anything else they block with the opiod antidote Naloxone.   Patients arriving in prison have their Gabapentindoids quickly reduced to stop but will still be given detox or maintenance for their opiate dependency.

 

Full latest prison blog is here

More of the pointless NHS Administration

Most of the boxes are NHS related 1993-2008

I have added back an archive of NHS Commissioning documents based in Hertfordshire, 1999-2008.

Perhaps someone will copy and paste some of the old documents for yet another new project, as all has been done before under different names.  Family health Authorities, Regional Health Authorities, Area Health Authorities. Primary Care Trusts. Practice Based Commissioning Groups, and now Clinical Commissioning Groups.  It’s pointless.

All NHS reforms do is play musical chairs.  No reform dares start on the basis that these functions are simply not needed. They are moved to different named bodies.

I have worked in Australia where these layers of NHS administration simply do not exist, despite the fact that Australia is considered to be over governed.

https://bulger.co.uk/dacorumhealth

Part of the Achive