I've noticed something new on my Debian Linux VPS. When I run "ss" or "netstat" with the appropriate parameters I find that there are a lot of IPv6 connections in the SYN-RECV state. This is something new.

The connections seem to all be to port 443 (my apache https port). They all seem to be IPv6 mapped IPv4 source addresses. If you geo lookup the IPv4 address, they map to Brazil. This has persisted over weeks maybe longer, and the IPs do shift over time especially the first and second components, the third seems to be in the 220-223 range, the fourth seems to be random, and the port seems random. The ones I've seen are all Brazil. It does not seem to be DDOS related as it causes no other issues I can see, and I see no evidence of intrusion. Just don't like this new thing. Feels like some sort of scanning.

So any ideas of what this is, or what to do about it?

Trump has taken to filing a bunch of law suites against various organizations. Many people believe many of these have very little merit. However, one method or the other they settle and pay him a large amount of money. Now it is the federal government which Trump controls and our money that he is pocketing. Not a good look. Thoughts?

Basically initial news articles were often quite miss-leading. Yes GPS jamming, but they were only delayed about 9 minutes, and they used a standard VOR/ILS approach which was not GPS based. About paper maps -- no but they may have looked up the VOR/ILS procedure on an electronic or paper chart and this is pretty standard.

Nice take on the Charlie Kirk situation. See the link.

Interesting experience, this has happened twice now. When house looses power I am still online now that I have moved to Fiber.

It feels a bit eerie. My network and computers, TV, media center, etc are all on UPS so they just keep going. Things just get really quite which is interrupted by just the periodic beeps of the UPS systems.

Does anyone know why my new Fiber connection does this but my old system which was bonded DSL did not? I know back in the early days of DSL I could do this, but some where along the way it stopped being power outage resistant.

Another AI fail. Letting AI write code and modify your file system without sandboxing and buckups. What could go wrong?

A nice overview of the impact of the Trump administration's cuts on US cybersecurity. Basically the concerns seem to be loss of knowledge, effects on information sharing, impact on government/industry coordination, and just chaos.

Nice update on the US Administrations shift in Russia/Ukraine policy.

Covers what we know about the Air India 171 accident. Includes information from the interum report.

The video explains why the US can never have peace with Putin. This is something that everyone needs to consider. The only thing that remains to decide is if we plan to win or loose, and the current plan seems to be to loose. Rather long video, but well worth it.

Well I just replaced my aging LG G6 with a new Google Pixel 8a running GrapheneOS. The G6 was based on Android 9 which was initially released in August 2018, and my last update was January 2019. The big issue, after 6 years since OS initial release, apps are starting to not support Android 9. Add to that, my USB-C plug was getting questionable in terms of retaining charging cables and my fingerprint reader has not worked for years.

So how to replace the G6? Well I choose a new Google Pixel 8a and GrapheneOS. The Google Pixel is one of the better supported hardware devices in the after market ROM landscape and GrapheneOS seems to be one of the most popular ROMs.

It took me about a week to do the transition. Lot of that was just normal when moving everything to a new phone and not using the vendors automatic tools. The actual initial setup and flashing though was pretty straight forward. It was a bit emotionally difficult to take new $400 hardware and then just simply re-flash it risking say bricking. This turned out to be a non-issue.

Benefits I see from doing this:

• Lack of Cruft. The lack of all the vendor loaded cruft was very nice. My old G6 has about 17 apps that I could never really delete because they were flashed into the ROM. Many of them fairly large Google suite apps.
• Profiles. The new phone can fully use user and work profiles, plus with Android 15 it has the Private Space feature. GrapheneOS also supports up to 31 user profiles, not the 4 supported by most distributions. I actually use the Private Space to contain my Google Play Services and Google Play Apps and otherwise just the owner profile. Might have been better to look at some of the other options, not sure.
• Storage Scopes are really useful. One can restrict App access to only certain folders. I have already used that a few times, probably more in the future.
• Backup. GrapheneOS allows one to do App backups to your own media or cloud storage. For stock systems normally only Google Drive is allowed, which I would never use.
• Sandboxed Google Play. I like the idea of sandboxing Google play. Presumably it should be more compatible then MicroG and some Apps require Google play. Interestingly the number that do seems fairly small. I actually further placed all my Play Services related stuff in a Private Space so I know what apps can actually use it.
• Device Integrity Check. Verified boot and some other device integrity checks are properly supported and so many apps that required them should run, though not all. This is not always the case with third party ROMs.
• Wifi Calling and Messaging seems more stable then my old G6. Maybe just the difference between Android 9 and 15.
• Updates should be supported for a full 7 years from initial device release which as of late 2024 is about another 6.5 years. My original G6 had about 1 year of updates.
• Hardening. Graphene has a bunch of hardening features not in typical distributions. Storage Scopes and really good Profile support are a couple I've mentioned, but there are many others.

One question that took me a while to consider is where to get Apps from. There are pros and cons and a lot of discussions about this. In the end, I used the GrapheneOS App Store, F-Droid, Accrescent, Obtanium, and the Aurora Store in that order for my owner profile, then installed sandboxed Google Play Services and the Google Play app in my Private Space.

As of now my limited experience with GrapheneOS has all been positive. The one App that I have had issues with is the UPS app for some reason. For that I'll just use their website for now. Not sure if the UPS app can be made to run or not. My understanding too is that Google Wallet may not fully function though I have not tried it and have never used it before anyway.

If your interested in GraphneneOS and have any specific questions, feel free to ask. All the best.

Vote. Need I say more.