When this blog website went offline during blackouts, Cloudflare displayed the 522 – Connection timed out page.
I wanted something better – a simple fallback page with my own design, built at zero cost.

In this article, I’ll explain step-by-step how to configure a free Cloudflare Worker that keeps your website presentable even when your server is unavailable.

What are Cloudflare Workers

Cloudflare Workers are a serverless environment that allows you to run custom JavaScript directly on Cloudflare’s edge servers. They act as a thin programmable layer between your users and your origin server – intercepting, modifying, or replacing responses before they reach the visitor.

Although Cloudflare Workers are an excellent free solution, a similar result can be achieved using other platforms.
Here are a few popular alternatives:

• Netlify Edge Functions
• Vercel Edge Functions
• AWS CloudFront Functions
• Google Cloud Functions
• GitHub Pages + JavaScript Redirection

Since my DNS is already managed by Cloudflare, it made perfect sense to stay within the same ecosystem. Cloudflare Workers became an ideal choice for small personal or home projects, especially when you need a quick, cost-free way to serve a custom error page during server downtime.

How Cloudflare Workers operate

To better visualize the interaction between the user, the Worker, and the origin server, I designed a simple block diagram that explains the process.

Essentially, a Cloudflare Worker acts as a smart proxy between your visitors and your Raspberry Pi server. Every request first passes through Cloudflare’s network, where the Worker checks if the origin is reachable. If the server responds normally, the request is forwarded and the user sees the actual website. But if the Raspberry Pi is offline or too slow to respond, the Worker immediately takes over and serves a pre-defined fallback page.

Creating the Worker

Setting up Cloudflare Workers involves several key steps:

1. Creating a template Worker in one click
2. Editing the Worker’s code
3. Connecting it to your domain

Let’s go through each step in more detail.

Select the Template

1. Log in to your Cloudflare Dashboard.
2. In the left menu, select Compute & AI → Workers & Pages.
3. Choose the Hello World! template and click Get started.

This creates a simple “Hello World” script. At first, the code editor might look greyed-out (read-only). The only change I made initially was renaming the script to blackout – because in the next step, we’ll replace its code entirely.

Once you confirm creation, the new Worker appears in your list of services.

Editing the Worker Code

Next, click on the newly created Worker → open its main page → and press Edit code. This opens the editable code editor.

Since I don’t know JavaScript well, I asked ChatGPT to help me write the logic for my fallback page. Below is the full script I replaced the default “Hello World” with:

Expand to see the code:

addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

const ORIGIN_HOST = 'https://ostrich.kyiv.ua' 
const ORIGIN_TIMEOUT_MS = 10000

const FALLBACK_HTML = `
<!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8"/>
  <meta name="viewport" content="width=device-width, initial-scale=1"/>
  <title>Site temporarily unavailable — Сайт тимчасово недоступний</title>
  <style>
    body {
      font-family: system-ui, -apple-system, "Segoe UI", Roboto, sans-serif;
      margin: 0;
      display: flex;
      align-items: center;
      justify-content: center;
      height: 100vh;
      background: #f8f9fb;
      color: #111;
      text-align: center;
    }
    .card {
      max-width: 680px;
      background: white;
      border-radius: 16px;
      padding: 30px;
      box-shadow: 0 6px 25px rgba(0,0,0,.08);
    }
    h1 { font-size: 1.5rem; margin-bottom: .5rem; }
    p { margin: .6rem 0; line-height: 1.5; }
    .divider {
      border-top: 1px solid #ddd;
      margin: 1.4rem 0;
    }
    .time {
      font-size: 0.9rem;
      color: #666;
      margin-top: 10px;
    }
  </style>
</head>
<body>
  <div class="card">
    <h1>Site temporarily unavailable</h1>
    <p>Hello! If you are reading this message, please know that due to ongoing massive russian attacks on Ukraine's energy sector, my server is currently without power. I hope electricity will be restored soon, so please visit this page again later. <br>Support Ukraine! 💙💛</p>

    <div class="divider"></div>

    <h1>Сайт тимчасово недоступний</h1>
    <p>Привіт! Якщо ти читаєш це повідомлення, знай, що через постійні масовані атаки росії на енергетичну інфраструктуру України мій сервер зараз без електрики. Я сподіваюся, що найближчим часом живлення буде відновлено, тому запрошую відвідати цю сторінку пізніше. І найголовніше — підтримуй Україну! 💙💛</p>

    <p class="time">Last checked: <span id="ts"></span></p>
  </div>

  <script>
    document.getElementById('ts').textContent = new Date().toLocaleString('uk-UA');
  </script>
</body>
</html>
`

async function handleRequest(request) {
  // будуємо URL до origin (зберігаємо шлях і query)
  const url = new URL(request.url)
  const originUrl = ORIGIN_HOST.replace(/\/$/, '') + url.pathname + (url.search || '')

  // Обгортка для тайм-ауту
  const controller = new AbortController()
  const id = setTimeout(() => controller.abort(), ORIGIN_TIMEOUT_MS)

  try {
    // Пересилаємо отримані headers та method, телом при потребі
    const resp = await fetch(originUrl, {
      method: request.method,
      headers: request.headers,
      body: request.method === 'GET' || request.method === 'HEAD' ? null : request.body,
      redirect: 'manual',
      signal: controller.signal
    })
    clearTimeout(id)

    // Якщо origin повернув помилку 5xx або 4xx - можна показати fallback або все ж віддати origin
    if (resp.status >= 500 || resp.status === 524 || resp.status === 520) {
      // замість помилки origin повертаємо fallback
      return new Response(FALLBACK_HTML, {
        status: 200,
        headers: { 'Content-Type': 'text/html; charset=utf-8' }
      })
    }

    // В іншому випадку проксируємо відповідь від origin (включаючи заголовки)
    const responseHeaders = new Headers(resp.headers)
    // Можна додати cache control для статичних ресурсів, якщо потрібно
    return new Response(resp.body, {
      status: resp.status,
      statusText: resp.statusText,
      headers: responseHeaders
    })
  } catch (err) {
    // тайм-аут або помилка мережі -> показати fallback
    clearTimeout(id)
    return new Response(FALLBACK_HTML, {
      status: 200,
      headers: { 'Content-Type': 'text/html; charset=utf-8' }
    })
  }
}

After updating the code, click Deploy – this automatically saves and publishes your Worker to Cloudflare’s edge network.

Connecting the Worker to the Domain

On the Worker’s main page, open the Domains & Routes section – this ensures all website requests are processed by your Worker.

Click + Add and configure the following:

• Zone → select your domain (in my case, ostrich.kyiv.ua)
• Route → ostrich.kyiv.ua/*
• Failure mode → choose Fail open (proceed) so the website remains accessible even if the Worker itself fails.

Click Add route (or Update route if you already have one). The new route will appear in the table of active routes.

At this stage, the configuration is complete – time to test!

Testing the Worker

When my Raspberry Pi server goes offline, visitors now see a clean and friendly fallback page instead of the default Cloudflare 522.
Everything works seamlessly, and the best part – it’s completely free, with no additional servers or plugins required.

Conclusions

Cloudflare Workers turned out to be a simple yet powerful way to stay online even when my Raspberry Pi server goes dark during blackouts. All it takes is a few lines of JavaScript and a bit of curiosity to improve user experience. Since my DNS is already on Cloudflare, integrating Workers felt natural — no extra costs, no complex setup. This project proved that even in times of energy instability, it’s possible to keep a website alive — simply, reliably, and for free.

When I first got my Ubiquiti UXG-Lite gateway, I was excited to set it up and integrate it into my UniFi network. The device is powerful, minimalistic, and designed for professional-grade routing – but even the best hardware can run into trouble when firmware updates go wrong.

In this article, I’ll share my personal experience of how my brand-new UXG-Lite became completely unresponsive after a firmware update – and how I managed to bring it back to life using Recovery Mode. If you’ve accidentally “bricked” your UXG-Lite, this guide will help you recover it safely.

Introduction

I bought a new Ubiquiti UXG-Lite gateway and connected it for the first time. It successfully adopted on my self-hosted UniFi Network Application server running on a Raspberry Pi. I configured almost all of my network settings and was ready to finish the setup.

Then I saw a notification that a new firmware version was available. Great! I decided to upgrade immediately – a perfect way to wrap up my network day. However, after the router automatically rebooted, the nightmare began!!!

• The gateway refused to adopt. The UniFi interface kept showing messages like “Reset device to adopt”. After rebooting my switch, I completely lost network connectivity.
• Neither my UniFi switch nor my AP received IP addresses, and even my laptop couldn’t get an IP when directly connected to the LAN port of the UXG-Lite.
• To make things worse, the UniFi mobile app didn’t send any Bluetooth setup notifications, leaving me with no way to re-adopt the router.

I spent over two hours troubleshooting and chatting with Ubiquiti support – but without any working solution.

The reason of failure

The problem turned out to be related to the firmware update sequence. My device was updated directly from the factory firmware v3.1.15 to v4.3.2, skipping several intermediate versions. This large version jump caused the system to fail during initialization.

To resolve the issue, I had to downgrade the firmware from v4.3.2 to v4.1.13, which restored the gateway to working condition.

Prepare UXG-Lite and PC

There’s only one way to perform a firmware downgrade – by using Recovery Mode. The process is simple and takes just a few steps.

1. Download the firmware – Go to the official Ubiquiti website and download the firmware file you want to install. In my case, I downloaded version 4.1.13.
2. Configure your PC network settings – Set a static IP address in the 192.168.1.0/24 subnet. When I performed the recovery, I used 192.168.1.11.
3. Boot the UXG-Lite into Recovery Mode
   • Power off the UXG-Lite.
   • Using a toothpick or paperclip, press and hold the Reset button.
   • While holding the button, power on the router.
   • Keep holding for about 15 seconds, then release the button.
   • Connect your PC to the LAN port of the UXG-Lite.

Recovery process

In Recovery Mode, the gateway uses the reserved IP address 192.168.1.30. Open this address in a web browser – you should see the Recovery Mode interface.

This page displays system information and available recovery actions. In my case, it showed the current firmware version v4.3.2.33ac906. For safety, I checked the file system before proceeding.

Next, upload the firmware file you downloaded earlier.

The downgrade process will start automatically and usually takes about 2 minutes. Once it’s complete, you’ll see a confirmation message and the new firmware version displayed on the page.

Finally, click the Reboot button to restart your UXG-Lite.

Enjoy!

Conclussion

After the reboot, the gateway started working normally again – it was successfully adopted and became fully functional.

If your UXG-Lite becomes unresponsive after an update, don’t panic. Recovery Mode is your best friend. Just follow the steps above carefully, and you’ll bring your device back to life.

Firmware updates can occasionally fail, especially when jumping across major versions. To avoid this issue in the future, I recommend upgrading step-by-step through intermediate versions rather than directly to the newest release.

I have a Postfix mail server, and I regularly check its logs to identify junk IP addresses. On my UniFi Ubiquiti gateway, I created a blacklist to block this suspicious activity. For me, it’s a good idea to block unwanted IPs directly on the router, using its filtering power.

Over time, the list has grown to more than 200 IP addresses. When I tried to copy and paste this IP list from the UniFi web interface, I noticed that only the visible IPs were copied – all others, hidden by scrolling, were ignored. Since I didn’t want to manually copy the list six entries at a time, I decided to extract the IPs in another way.

New name and location of list

After upgrading the UniFi Network Application to version 9.5.21, the Network Objects were renamed to Network Lists.
The UI uses lazy loading, meaning only visible elements are loaded in the browser window. Therefore, when copying manually, I can only get the IPs that are currently displayed.

To view IP Network Lists in the UniFi Cloud Network Application or a self-hosted UniFi instance, do the following:

1. Open Settings
2. Click the Overview menu
3. Scroll down to find the Network Lists section

Where IP Network List located?

I know that the UniFi gateway runs on a Linux-based OS, which means it uses iptables and ipset to manage network rules.
The name of my Network List is Postfix Blacklist, which helps me locate the corresponding rule quickly. To find this list, I need to connect to the gateway via SSH.

Connect to gateway via SSH

Before connecting, I need to make sure that SSH access is enabled. For cloud-based gateways such as UCG Max, this option is found in:

Settings → Control Plane → Console tab

If SSH is disabled, enable it and set a password. Once it’s active, connect using the root account:

ssh [email protected]

Find the IP list

After connecting, I can list all ipset entries using the following command:

sudo ipset list

I found my blacklist under the section named:

UBIOS46894dcc581515d0a7d85e9ba

Example output:

Name: UBIOS46894dcc581515d0a7d85e9ba
Type: hash:net
Revision: 6
Header: family inet hashsize 64 maxelem 10000
Size in memory: 6976
References: 1
Number of entries: 312
Members:
162.142.125.216
204.76.203.231
23.185.120.116
...
128.14.236.41
147.185.133.191
20.163.60.142

The corresponding configuration file is located at:

/data/udapi-config/udapi-net-cfg.json

Now I can manage this list directly from the console — copy, export, or edit the data as I need.

Conclussion

By exploring how UniFi gateways manage firewall and network lists internally, I found that it’s possible to bypass the visual limitation of the UniFi interface and access the complete blacklist directly from the system.

This approach is especially useful for administrators who regularly monitor and block spam or malicious IPs at the network level.
Managing lists through SSH provides more control, easier backup options, and the ability to automate updates – something that the web UI currently limits.

Blocking suspicious IPs directly at the gateway remains one of the most efficient ways to protect the network and reduce unwanted traffic to the mail server.

In today’s digital world, where the volume of data is growing exponentially, the issue of reliable storage and convenient transfer is becoming increasingly acute. High-resolution photos, 4K videos, large projects, and games require significant space. The Western Digital My Passport 4TB (WDBPKJ0040BBK-WESN) external hard drive is one of the most popular solutions on the market, offering huge capacity in a compact body. High-resolution photos, 4K videos, large projects, and games require significant space. Let’s take a closer look at it.

Appearance

The first thing that catches the eye is the minimalist and stylish design of the device. The body is made of high-quality matte plastic with a glossy diagonal texture, which not only gives it an elegant look but also makes it resistant to fingerprints. Thanks to its compact size (107.2 x 75 x 19.15 mm) and weight of only 210 grams, the drive easily fits into a jacket pocket or laptop bag, making it an ideal companion for travel.

What’s in the box?

Typically, the WD My Passport drive package is standard and includes everything you need to get started:

• The WD My Passport 4TB hard drive itself.
• USB 3.0 cable (compatible with USB 2.0).
• Quick start guide.

WD My Passport 4TB – unboxing

WD My Passport 4TB – package

WD My Passport 4TB – cable

Key Features

The main advantage of this model is the combination of large capacity and reliable data protection functionality. 4TB of space allows you to store hundreds of thousands of photos, thousands of hours of music, or dozens of modern games and movies in high quality. The drive comes with proprietary software, which is the control center for your data.

WD My Passport 4TB – WD Discovery

WD My Passport 4TB – encryption

• WD Backup: An easy-to-set-up utility for automatic scheduled backup of important files.
• WD Security: Allows you to set a password and activate 256-bit AES hardware encryption. This means your data will be reliably protected from unauthorized access, even if you lose the drive.
• WD Drive Utilities: A tool for diagnosing the drive’s condition, formatting it, and setting a sleep timer.

Performance and Speed Tests

The WD My Passport is equipped with a USB 3.0 interface. The most interesting part of any drive review is the speed tests. The device was connected to a laptop via a USB 3.0 port to obtain objective data. Testing was performed using two popular utilities: CrystalDiskMark 8.0.4 and HD Tune Pro 5.75.

CrystalDiskMark Test

This test shows the peak sequential read and write speeds of large files. The results demonstrate excellent performance for its class:

• Sequential read speed: 130.95 MB/s
• Sequential write speed: 121.41 MB/s

HD Tune Pro Test

This program allows you to evaluate the speed across the entire surface of the disk. Your test results were extremely high for a portable HDD, indicating excellent performance of this particular instance.

• Minimum speed: 122.3 MB/s
• Maximum speed: 223.7 MB/s
• Average speed: 219.1 MB/s

In practice, speed depends on many factors, including the size of the files being transferred and your computer’s configuration.

Compatibility

The drive is formatted out of the box in the NTFS file system, making it fully compatible with Windows 8.1 and Windows 10/11 operating systems. For use with macOS, it needs to be reformatted to HFS+ or APFS, which is easily done using the standard “Disk Utility”. After formatting, it will work perfectly with Time Machine for backup.

Conclusions

Western Digital My Passport 4TB is an excellent choice for those looking for reliable, capacious, and portable storage. It is ideal for students, photographers, travelers, and ordinary users who need to expand their laptop’s memory or create a reliable archive of their data. In summary, the WD My Passport 4TB is a balanced and time-tested solution that offers an excellent combination of price, volume, and reliability.

Many apartment owners, private households, and small businesses are looking for affordable yet reliable security solutions. One such device is the Hikvision DS-E04NI-Q1 – a compact NVR (Network Video Recorder) for 4 IP cameras that combines easy setup, an intuitive menu, and the possibility of flexible scaling.

Why Hikvision

When I was choosing an NVR, my main criteria were not only technical specifications but also practical aspects.

First of all — compact size. Most video recorders take up a lot of space and look like mini-computers, but the Hikvision DS-E04NI-Q1 stands out with its very small case. Its dimensions are 265 × 225 × 45 mm, which means it easily fits into a narrow niche or on a shelf next to the router. This was important for me since I had already planned a mounting box for low-voltage equipment during my apartment renovation.

The second factor was SSD support. I immediately decided to use a solid-state drive instead of a traditional HDD. This NVR comes with a built-in 1TB SSD, which is enough for many hours of recording. Thanks to the absence of active cooling and the SSD itself, the device operates completely silently.

The third important point was the price. This is not exactly a budget model — its cost is about $150–180, which is roughly twice as expensive as entry-level recorders. However, in my opinion, the price is fair for what it offers. For home use or a small office, there is no reason to overpay for “professional” solutions, and buying outdated models makes little sense. Against the background of other options, this NVR looked like the most optimal choice.

In the end, it was precisely the combination of these three factors — compact size, fair price, and SSD support — that became the decisive argument in favor of purchasing the Hikvision DS-E04NI-Q1.

First Impressions

Even before powering it on, the device leaves a good impression with its packaging. Inside the box you will find everything necessary to get started:

• The NVR itself
• A 12V power adapter
• A mouse for menu navigation
• An Ethernet cable
• A user manual

Everything is packed neatly and logically, showing the manufacturer’s attention to detail.

Hikvision DS-E04NI-Q1 – package

Hikvision DS-E04NI-Q1 – charger

Hikvision DS-E04NI-Q1 – mouse

Hikvision DS-E04NI-Q1 – ethernet

Hikvision DS-E04NI-Q1 – user manual

The case of the recorder is compact and minimalistic, designed in a classic style without unnecessary elements. On the front panel, there are several LED indicators that allow you to instantly check the device status: whether it’s powered on, recording, or connected to the network.

Hikvision DS-E04NI-Q1 – top

Hikvision DS-E04NI-Q1 – front

Hikvision DS-E04NI-Q1 – back

On the back side, there are also only the essential ports — Ethernet for connecting to a router or switch, HDMI for connecting a monitor, two USB ports for the mouse and another device, and a 12V power connector.

Thanks to its small size, the NVR can be placed next to the router, on a shelf, or even hidden in a cabinet so that it doesn’t attract attention.

Features and Usage

The DS-E04NI-Q1 is designed to work with four IP cameras, which is more than enough for a small apartment or house. It supports modern video compression formats, allowing recordings to take up less disk space while maintaining good image quality.

What’s especially convenient is that the user can choose how to interact with the recorder. It can be connected to a monitor and controlled directly with a mouse, or configured through the mobile Hik-Connect app. This is very practical since it allows you to view live video or playback recordings even when you are far from home.

Setup

When I first connected the NVR, it automatically obtained an IP address. I just had to check it and open the settings page in a browser. During the initial setup, the system requires user initialization: creating a password and setting up recovery methods in case the password is lost.

Hikvision access password

Hikvision channel password

Hikvision restore password

I assumed the camera was already configured, so the following steps focused only on the NVR. At this stage, I needed to add the camera. For convenience, I used the Hikvision IVMS-4200 software.

After launching the program, you go to the Device Management section to add both the NVR and the camera. In the “Devices” menu, all supported devices in the local network are displayed automatically. You simply need to add the NVR by entering the login and password you set earlier.

Then you add the camera as well.

Once both devices show an “online” status, you can proceed to the next step: linking the camera to the recorder. In the Devices menu, under the Operation column, click the settings icon and open Basic Settings. This opens the web interface of the NVR.

To add the camera, go to the System menu, then Camera Management, and select Quick Add. The NVR will automatically find the camera, and all you need to do is confirm by clicking OK.

Now the camera is connected. The next step is to configure the recording type. In my case, I chose 24/7 recording triggered only by motion detection. This is configured under the Storage menu, in the Schedule Settings submenu. There you select the camera (in my case, only one — Camera 01), enable recording, and set “Motion” as the event type, applying it across the 24-hour timeline. Once saved, the schedule is ready.

Other parameters, such as image quality and detailed camera settings, are configured directly in the camera, so I won’t cover them in this article. But feel free to leave a comment if you have questions — I’ll be glad to help.

Conclusion

The Hikvision DS-E04NI-Q1 is a simple and reliable NVR that is perfectly suited for home use or small business applications. Its main strength lies in the balance between price and functionality. You get a device that is easy to set up, convenient to use, and capable of ensuring your security on a daily basis.

The classic Domain Name System (DNS) is one of the key components of how the Internet works. However, in its basic form DNS does not have a mechanism to verify the authenticity of data. To solve this problem, DNSSEC (Domain Name System Security Extensions) was developed — a set of extensions to DNS that add integrity and authenticity checks.

What is DNSSEC

DNSSEC is a set of cryptographic extensions to DNS that allow you to:

• Verify the authenticity of records (source validation);
• Protect against forged or tampered responses (integrity protection);
• Build a trusted chain from the DNS root to a specific domain.

The principle of operation is based on digital signatures. Each DNS record is signed with a private key. The client (resolver) receives not only the value but also a cryptographic signature, which can be verified using the public key stored in the parent zone.

How DNSSEC Works

Visually, and very simply, on my real domain ostrich.kyiv.ua can build the following diagram:

• Key creation. A key pair is generated for the domain:
  • KSK (Key Signing Key) — signs the keys;
  • ZSK (Zone Signing Key) — signs the records in the zone.
• Zone signing. All records (A, MX, TXT, etc.) are signed using the ZSK.
• Public key delegation. The hash of the public key (DS record) is published in the parent zone (for example, in .ua for the .com.ua domain).
• Chain of trust. When a resolver receives a response, it verifies the signature, and then checks whether the key is trusted through the chain from the DNS root.

As a result, the user can be confident that the received DNS data is genuine and has not been tampered with.

Example of Use

Suppose a user visits my website. Without DNSSEC, a hacker could spoof a DNS response and redirect them to a phishing site. With DNSSEC, the browser (via the resolver) will only receive signed records, and if the signature does not match, the response will be rejected. Thus, the user will only reach the legitimate server.

DNSSEC Settings

The registrar of my domain name is a local provider that recently added DNSSEC to their services. I decided to use this opportunity and configure it. Since the registrar is not Cloudflare but my local provider, the configuration must be applied on the registrar’s side. However, the data itself is obtained from Cloudflare because my DNS records are hosted there.

Enabling the feature is quite simple. In the Cloudflare panel, go to DNS → Settings → DNSSEC → Enable.

A window will display all the necessary information for activation in your domain registrar’s control panel, with a warning:
“To enable DNSSEC you will need to add this DS record to your registrar. Most registrars will ask for only a few of the fields below. We have instructions for common registrars.”

My registrar requires filling in only 4 fields:

• Key tag
• Algorithm
• Digest type
• Digest

Literally within a few minutes, the DNSSEC status changes to “Success! ostrich.kyiv.ua is protected with DNSSEC.”

Verification

To check whether the changes have actually been applied, it is enough to run the following command in the terminal, which queries Cloudflare directly:

dig +dnssec ostrich.kyiv.ua @1.1.1.1

The expected result is an additional line in the output with an RRSIG record:

ostrich.kyiv.ua.        300     IN      RRSIG   A 13 3 300 20250926095050 20250924075050 34505 ostrich.kyiv.ua. IQE6axVd6YMeHnyXC2zW9ELt9P+6ZNzuhPbWQ4BqRnAtAGkQtIA7ETiE k/079aSTNqHk+fnnKidHU3Jp5pdORQ==

This record consists of the following parameters:

• A — The signature covers A (IPv4) records.
• 13 — Signature algorithm. 13 = ECDSA Curve P-256 with SHA-256 (a modern algorithm, used by Cloudflare by default).
• 3 — Number of labels in the domain name (for ostrich.kyiv.ua → 3: ostrich, kyiv, ua).
• 300 — TTL in seconds with which the record was signed (the maximum caching time of this signature).
• 20250926095050 — Signature expiration time (UTC, format YYYYMMDDHHMMSS). Here → September 26, 2025, 09:50:50 UTC.
• 20250924075050 — Signature inception time (UTC). Here → September 24, 2025, 07:50:50 UTC. (The signature is valid only within this time interval.)
• 34505 — The DNSKEY key tag used for signing. The resolver looks for the DNSKEY with this tag to validate the signature.
• ostrich.kyiv.ua. — The domain name of the signer.
• IQE6axVd6YM… — The actual cryptographic signature (base64). Used together with DNSKEY to verify authenticity.

Thus, just a few minutes after applying the changes, additional DNS protection can be obtained.

There is also the dnssec-analyzer resource, which visually shows whether domain validation is working correctly.

Conclusion

DNSSEC is an important step toward improving Internet security. It does not replace HTTPS or VPN, but it makes DNS names more trustworthy.
For website owners, enabling DNSSEC is a way to demonstrate care for visitors’ security and readiness for future standards (such as DANE).
If your DNS provider supports DNSSEC (for example, Cloudflare), it is strongly recommended to enable it.

Today, a charger has become almost as important as the smartphone or laptop itself. We are used to the idea that the more powerful the charger, the larger and bulkier its body. However, the emergence of GaN (Gallium Nitride) technology has changed this approach.

What is GaN?

GaN is a modern semiconductor material that is gradually replacing silicon in power electronics. Thanks to it, engineers can create more compact and efficient power supplies that provide high output without excessive heat.

GaN in chargers

In traditional chargers, most of the space is taken up by silicon transistors and the cooling system. In GaN chargers, the GaN elements are transistors (switches) in both the high-voltage and low-voltage stages. They replace silicon MOSFETs and allow the switching frequency to rise to the megahertz range, which reduces the size of the transformer, filters, and the overall housing. This means GaN makes it possible to pack 65–100 W of power into a body that, just a few years ago, would typically be used for a standard 18–20 W charger.

Key GaN components in chargers:

• Power transistors (GaN FET, GaN HEMT)
• Rectifiers and synchronous switches
• Integrated circuits (GaN IC)

In other words, GaN is only the power part of the circuit that switches the energy. The result is a compact “brick” that delivers several times more power than its silicon counterpart. Such a charger easily supports modern fast charging standards — Power Delivery, Quick Charge, and others — and can simultaneously power a smartphone, tablet, and even a laptop.

RZTK GaN2 65W Review

The RZTK GaN2 65W charger with two USB-C (PD3.0) ports provides fast and efficient charging for your devices. Thanks to GaN2 technology, this charger is compact and lightweight, yet powerful.

GaN2 65W – ports

GaN2 65W – specifications

GaN2 65W – certification

Features:

• 65W power: Delivers fast charging even for demanding devices such as laptops, tablets, and smartphones.
• Two USB-C (PD3.0) ports: Allow simultaneous charging of two devices with Power Delivery 3.0 support, ensuring optimal charging speed.
• Compact design: With GaN2 technology, the charger is smaller and lighter, making it convenient for travel and everyday use at home or in the office.
• USB-C to USB-C 100W cable included: A high-quality cable that supports up to 100W ensures reliable and fast charging.

This charger becomes an indispensable companion for those who value speed, reliability, and stylish design.

Comparison of chargers

For clarity, it is enough to visually compare two chargers I have at hand:

• Xiaomi (MDY-08-EI) – 18W — a classic silicon model
• RZTK GaN2 (GAN2CW) – 65W — a modern fast charger from a Ukrainian manufacturer

Their bodies are almost the same size, so at first glance, they look similar. But once you hold them, the difference is obvious: the GaN charger is heavier. And this is natural — it delivers several times more power, has more complex electronics, and a more powerful transformer.

GaN dimensions comparison

GaN dimensions comparison

I also checked the weight to see how big the difference is.

GaN weight comparison

GaN weight comparison

This is where the real advantage of GaN shows: in a traditional design, a 65W charger would be much larger and bulkier. The technology made it possible to keep the body compact — almost at the level of the small 18W model — while providing three and a half times the power.

Conclusion

Comparing the standard 18 W Xiaomi charger and the 65 W GaN from RZTK highlights the main point: GaN technology does not make powerful chargers “light,” but it does make them compact and convenient. In the past, a powerful adapter took up half a bag, but now it is hardly bigger than a basic smartphone charger. This is critical for those who travel with a laptop, tablet, and phone: one small adapter can replace several different power bricks.

That is why GaN chargers are becoming the new standard: they combine mobility and power, save space in your bag, and save time during charging.

The Kingston DataTraveler SE9 G3 (DTSE9G3/64GB) is a stylish metal-bodied USB flash drive aimed at users who want a balance of durability, aesthetics, and solid performance. The 64 GB version offers a good amount of storage for everyday use – documents, photos, video clips – while keeping things compact and sturdy. In this review I tested the 64 GB model.

Specifications

Here are the main specs of the Kingston SE9 G3 series:

High Speed ​​- USB 3.2 Gen 1 interface allows for speeds of up to 220MB/s read and up to 100MB/s write. Metal Body – Adds style and durability. All-metal gold body, portable enough to fit in your pocket, backpack, or keychain. Large Capacity for Large File Storage – Store and share movies, music, RAW photos, and more with the large 64GB capacity.

Package

The blister packaging is standard; inside is the USB stick with a metal housing that feels solid, somewhat weighty for its size but durable. The key-ring loop is handy if you want to carry it on your keychain.

Design & Aesthetics

The gold metal finish of the Kingston DataTraveler SE9 G3 gives it a sleek and professional appearance. The capless design is convenient — no lid to misplace — and the sturdy loop makes it easy to attach to a keychain.

However, on closer inspection, the engraving quality leaves something to be desired. The text on the body looks shallow and not as sharp as expected, which slightly diminishes the premium feel. In addition, the color tone is rather pale, not as deep or vibrant as in promotional images. While these are cosmetic details, they may matter to users who expect flawless aesthetics from a “gold edition” drive.

Kingston DataTraveler SE9 G3 front

Kingston DataTraveler SE9 G3 back

Kingston DataTraveler SE9 G3 data

Performance

I tested the Kingston DataTraveler SE9 G3 (64 GB) on my personal PC equipped with an Asus PRIME A520M-K motherboard. This board supports USB 3.1 Gen 2, which is backwards compatible with USB 3.2 Gen 1 devices like the SE9 G3. However, real-world performance can be lower than the maximum values listed in Kingston’s specifications due to controller, NAND, and system differences.

Running CrystalDiskMark 9.0.1 on the freshly unboxed drive produced the following results:

• Sequential Read (Q8T1): ~229 MB/s
• Sequential Write (Q8T1): ~21 MB/s
• Sequential Read (Q1T1): ~225 MB/s
• Sequential Write (Q1T1): ~21 MB/s
• Random 4K Read: ~13 MB/s
• Random 4K Write: ~0.5 MB/s

These numbers show that the drive delivers excellent sequential read performance, very close to the advertised ~220 MB/s. On the other hand, write speeds are noticeably lower than Kingston’s “up to 100 MB/s” claim. In practice, this means the drive is well-suited for quickly reading or backing up large files, but writing many gigabytes of data (especially small files) will be relatively slow.

Verdict

If you’re considering the 64 GB SE9 G3, it’s a solid choice. It offers a strong combination of speed, style, and capacity for everyday use without going overboard on price. Unless you regularly transfer huge files or need top write performance, the 64 GB will likely serve very well.

If you need more storage (say video libraries, high-res photos, etc.) you might step up to the 128 GB or 256 GB models; just be aware you likely won’t see dramatically better speed in all cases (especially writes), because USB 3.2 Gen 1 has inherent limits, and performance depends a lot on the host system and how full the drive is.

I recently had to go through the process of returning a router Ubiquiti UXG-Lite according to the program RMA due to hardware failure. This experience turned out to be interesting not only from a technical point of view, but also from the point of view of international logistics and warranty conditions. In this posts i detailed describe each stage.

What is an RMA?

RMA (Return Merchandise Authorization) is an official procedure for returning equipment to the manufacturer for diagnosis, repair or replacement. In other words, this is a kind of “permission to return”, which confirms that the manufacturer has recognized the device as defective and is ready to accept it back.

For Ubiquiti RMA is a key element of after sales service. If the user has hardware problems that cannot be solved by updating the firmware or changing the settings, the support service after analyzing the logs and tests can issue an authorization for RMA. Next, the device is sent to the manufacturer’s service center, where it is checked and, depending on the terms of the warranty and the nature of the breakdown, provided repair or replacement with a new copy.

Background and problem with the router

July 14, 2025 year I first encountered a problem – the internet is gone, while the indicators on the equipment lit up as usual. The ISP confirmed that the problem was not on their end, but within my network. After restarting the gateway, the situation is not improved. Only restarting the switch briefly restored communication, but then the problem recurred. I checked the cable connected between the gateway and the switch – it was good, which I confirmed with the RJ45 tester. I collected diagnostic support files from the equipment and handed them over to technical support Ubiquiti.

A few days later, another, more serious problem appeared: the UXG-Lite gateway began to overload periodically, while the use of processor resources reached 100%. IN logs errors appeared WHO- packages and notice of HLOS Panic [0x47]. I suspected it might be related to a known vulnerability CVE-2023-33063 in chipsets Qualcomm IPQ5018 (on which it is based UXG-Lite). This error causes memory corruption and system crash. I even asked support if there was a patch – they replied that the information was passed on to the developers for future updates.

July 27-29, 2025 year, the situation was repeated every day:

• The network worked for 12–24 hours
• Then the gateway suddenly lost the interface br0 (core bridge VLAN)
• Recovery was possible only after hard reboot

Based on the following symptoms, I received a final conclusion of support:

“Loss of interface br0 indicates an internal failure. This is a hardware issue that is unrelated to the software part and cannot be fixed by firmware.”

2025-07-26T12:23:26+03:00 UXGLite systemd-networkd[1279]: br0: Link DOWN
2025-07-26T12:23:26+03:00 UXGLite systemd-networkd[1279]: br0: Lost carrier

This means that the device’s primary network bridge occasionally just “fell off”what led to before disconnection. It’s official to me recommended to issue an RMA to replace the device.

Stages of the RMA process

Ubiquiti’s official RMA system shows six statuses through which the request goes. Of course, there are intermediate stages, such as sending the router and receiving it. Upon completion process I took a final screenshot and that’s it posts I will describe each stage in detail.

Sending a request

This is the first stage when I act as the initiator of the application. Of course, in order to submit a claim, there must be some proof that the device is faulty, such as a photo of the damage or a report from the support service with evidence in the form of logs. So I submitted an application with the following text:

Application approval

The next day, the application was approved without any comments. From the day the application is approved, the user has 30 days to send the device. I understood that my router was unstable, but I decided to continue analyzing the problem for another 10 days, working closely with support.

Sending the router to the Netherlands

After the application was approved, I was given the following recommendations for shipping and packing the router:

• Need to print packing slip and put it inside the box.
• Provide readability of the sticker with the MAC address on the device.
• No need to send original packaging or accessories.
• If it is part of a kit, it must be returned in its entirety (this is the rule for the AmpliFi Kit, but the UXG-Lite is a separate device).

I packed the router as recommended and sent it to of the Netherlands. I paid for international shipping 544 hryvnias, which is equivalent to $13. In the window Awaiting RMA Item I confirmed the shipment by clicking on the link “Mark as Sent“. After that, the status was updated to “Product Sent“.

Now it remains to wait for the device to be accepted, checked and will send I have a replacement.

Receipt of the router by the RMA

National Post of Ukraine – Ukrposhta delivered the package to the Netherlands quite quickly – in a week, but it was delayed at customs in the Netherlands. I decided to notify the RMA manager about this so that the company can resolve the customs issues and speed up the process of receiving the router. The router was still at customs for more than two weeks until it was cleared. It turned out that in the Netherlands, duty is charged on any product, so Ubiquiti paid an additional €33.63, which caused a delay in logistics.

• August 15 – Request for payment of shipment costs sent
• August 27 – Payment for shipment costs received

The total delivery time was 3 weeks.

Testing UXG-Lite

On the day of receipt of the router, RMA specialists tested it, which I received a message by mail. This message is usually sent with the receipt message.

Fulfillment

Literally in half an hour I received another message about changing the status to “Fulfillment”. Such a quick reaction is most likely due to the fact that the shipment is created electronically through the postal service.

Sending the router to me

When I already physically sent the router by mail to the Netherlands, I was told in support that RMA does not send devices to Ukraine on the way back, so they expect me to eat i hope another receiving address in the EU.

It’s good that I have the possibility to use the services of a remote warehouse in Poland, so I sent a new address that was transferred to the RMA service. According to this address, a shipment was created on the same day. Of course, this is the way Netherlands -> Poland -> Ukraine and longer in terms of time and more expensive in terms of finances, because the shipment will be at my expense.

• Dispatch Netherlands -> Poland was held by a logistics company FedEx by Ubiquiti and the deadline was only 2 days
• Dispatch Poland -> Ukraine was held by a Ukrainian logistics company Meest at my expense, I paid €7.5 and lasted 7 days

Receiving the device

I received a notification from the postal company Most that the package is already in the branch and can be picked up. I was surprised by the size of the box, which was twice the size of the original packaging. After opening the shipping box, I saw a new UXG-Lite router, but with a European revision.

An amazing moment with a guarantee

Official warranty for the UXG-Lite router – 1 year. At the time of my appeal the warranty period has long passed. However, after diagnosis, technical support is still available approved by RMA – obviously, given the nature of the malfunction and the confirmation that it is a non-standard operation of the device. After sending the router, I was not charged additional money, so I consider it free.

Another nuance – although the purchase was made through a website in the USA, I had to send the device not to America, but to the Netherlands. This is due to the fact that Ubiquiti has a European service center that serves customers from this region.

Conclusions

Even after the warranty expires Ubiquiti can approve an RMA if there is proof of a manufacturing defect and the device was purchased directly from the ubiquiti website. The process is clearly structured: from submitting an application to receiving a new device. Logistics can be international, even if the purchase is made in another country. The main thing is to save all evidence of the malfunction (logs, screenshots, description).

Raspberry Pi often used in 24/7 projects. In this mode, the issue of cooling becomes critical. One of the most common options is PoE HAT with built-in fan. At first glance, it may seem that it is enough to connect the HAT and everything will work automatically. But in practice, nuances sometimes arise, as it happened to me.

I bought Waveshare PoE M.2 HAT+. I connected it according to the instructions, but I noticed that the fan worked constantly at maximum speed. Of course, this behavior is unexpected and I started looking for a reason to eliminate it.

Kernel parameters

The PoE HAT fan does not run “directly” from voltage. He is guided kernel parameters and a special driver that reacts to the temperature of the processor and changes the revolutions. These parameters are configured in the Raspberry Pi configuration file /boot/firmware/config.txt

The following block of settings must be added to this file:

# Fan settings
dtparam=cooling_fan=on
dtparam=fan_temp0=55000,fan_temp0_hyst=2000,fan_temp0_speed=80
dtparam=fan_temp1=60000,fan_temp1_hyst=2000,fan_temp1_speed=140
dtparam=fan_temp2=65000,fan_temp2_hyst=2000,fan_temp2_speed=200
dtparam=fan_temp3=70000,fan_temp3_hyst=2000,fan_temp3_speed=255

I will describe this block in more detail using the example of the first line:

• dtparam=cooling_fan=on – enables the hardware fan driver on the Raspberry Pi 5.
• from_temp0=55000 – threshold in milli-degrees °C (55,000 = 55 °C). When this temperature is reached, the fan will turn on.
• from_temp0_hyst=2000 – hysteresis (2 °C). This means that the fan will only turn off when the temperature drops below 53 °C.
• fan_temp0_speed=80 – speed of rotation at this threshold. Values ​​range 0–255 (where 255 = maximum revolutions). 80 ≈ low speed, effectively “quiet cooling”.

After applying these changes, I rebooted Raspberry Pi, but no changes occurred, the fan continued to run at maximum speed. I was forced to look for other reasons to solve the problem – constant maximum fan speed.

Fault diagnosis

Since the entered parameters did not affect the behavior of the fan, I decided to look at all possible parameters that could theoretically be responsible for the temperature and fan speed. To do this, I ran three commands in sequence.

cat /sys/class/hwmon/*/fan1_input
13863

Shows the number of pulses per secondfan.fan1_input – standard sensor in Linux hardware monitoring (humon). Usually, the values ​​here fluctuate depending on the PWM signal (that is, what speed is set via fan_tempX_speed or target_pwm).

/vcgencmd measure_temp
temp=27.9'C

Utility vcgencmd reads CPU temperature (via GPU firmware). Means the ARM core is currently at 27.9 °C. This is the “official” way to see the temperature of the Raspberry Pi, and it is this data that the cooling system uses.

cat /sys/class/hwmon/hwmon0/temp1_input
27050

The same CPU sensor, but accessible through an interface Linux humon. temp1_input gives the temperature in millidegrees Celsius. 27050 = 27,050 m°C = 27.05 °C. This is a more “raw” way of accessing temperature that type utilities use sensors or monitoring systems (Zabbix, Prometheus, lm-sensors).

Since every parameter gave me data, it means that the sensors are active and working. I started looking for a hardware problem. First I turned off and unplugged the Raspberry Pi, unplugged the PCI Express cable, and completely unplugged the PoE HAT board. I saw that one of the pins on the Raspberry Pi fan connector was bent, and this became a big problem, because the connector itself is very small, and even the needle size scale seems quite large. So that you understand the scale of the thumbnail, I took this photo with a macro lens.

As you can see in the photo, the contact was pressed to the bottom and slightly deformed. I was able to lift it with a needle only to a vertical position, but the contact itself remained bent. In order for it to enter the connector correctly, I had to use a needle to widen the hole for it. After connecting, the Raspberry Pi started, and the fan began to receive signals about the number of revolutions depending on the temperature.

By now executing the command to check the number of fan pulses cat /sys/class/hwmon/*/fan1_input i got the value 3447 which is three times less than the previous value. This way I overcame the problem and now my fan is controlled correctly depending on the CPU temperature.

The main conclusion is as follows: for stable and quiet operation of PoE HAT on Raspberry Pi it is necessary not only to correctly adjust the parameters in config.txt, but also make sure the integrity of the connector and pins. My example clearly shows that this should not be neglected, and if a problem has already occurred, it is not easy to solve it, because the connector elements are so small that it will be either impossible or very difficult to physically align them, and for this a needle or tweezers will be quite large tools.