OPENBSD

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

OpenBSD for me in my situation and needs -- is the way to go. Because Linux is getting bloated and more bloated as
time goes by. Yeah Gentoo is not bloated, but those Ubuntu and ubuntu like distros are ruining the UNIX philosopy.
Linux is getting popular but is is getting bloated and I don't like the SystemD anyway. I will try OpenBSD on its
latest update because last time maybe 2 years ago. I installed and because I was a noob it is so slow. I misconfigured it.
the system the supposed to run past in my machine that end up sucks and one day didn't boot anymore.
But if I fail I will try Gentoo at least. This is my first linux rants because what I experienced in Debian
the you need earlyoom to counter the lagging and hanging. But it was good in general I just don't really like
SYSTEMD and SJW that infiltrates linux and ruining it, that's way they love NooBuntu with propriety sofware in it
they having conflict in Linux as a Free Software. And would be a security threat as it is getting popular those
threat actors is getting in to it because is popular. But in OpenBSD in this moment they stand no chance of infiltrating
it. Linux is good if you know how to tweak it for hardening.

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOvplQACgkQVYFrPBLD
rx1aTQwAwSIcUzBVPFb/5We9zU+i8hpe4uiiBIuB3aJA2rebLRNsTE7yT8Y8mXqd
ZpbMBBQcGf6Tj2nvFVNGDEegl9Jj6Gg05Ukq5pDVenrwAoK/oz9+5svwARqmp1lt
kl10JBhAqqrrhchjB7RAZAKLP2pwoaaA4tHgY4I/bUXFSpYEYNIhoWF6aNCu1JZ+
dTk3ddd4yRjw+FdxBQvi+5GESYpncqEtLl+GNmTnHpeazrylqd9cjXgNo8ff/mAu
nLTo2crEiuvFOyTZyfQMEc++1ejuu8jOUwclIFamnpXiXpeLltOVE74RzP+/ezH2
mHLk6w046is5thj1L6kSX5X7XlCHvlhfQW3D366EwnMxrA/ys20bgGEfCM0jEl7b
uEWOmD3uAikfgXFeEMejJLfZgZKjPQaq351YRFgrmp4KbxsN9ojqUBkfx+W5EefK
1s1wyEhuTDoRpySqejjDpLzR6lRF6q8bHSZq+3tMJcvuapvPCVb5x4De2eLT7di0
/yxJTzzB
=Gygl
-----END PGP SIGNATURE-----

OpenBSD or FreeBSD?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

:I'm contemplating migrate to Unix for web browsing. And some simple task. A little bit of python and C language,
and some security softwares. A little bit encryption. I won't install games, albeit I am able to do so. The problem is
my device specifically laptop cannot run those updated version of unix.

I installed unix before I tried FreeBSD and OpenBSD. I am not so sucessful in OpenBSD It needed some hardware driver
I used it for a while but it was so slow. It will make you smart I am pretty sure I learned how to configure unix system
more and you can also do it in linux. I installed xfce desktop, because by default it has not desktop interface, so I had
to learn the ropes of UNIX for the first time. Then I uninstalled it hoping the FreeBSD would do better.
Then I install FreeBSD but it is slow I used it for a couple of weeks and then it did not boot at all there was a problem
so I uninstalled it, I ended up installing DEBIAN LINUX, and used it for almost 3 years without any problem, I was impressed
to its hardware and software supports and the community is so big unlike UNIX, you wait and you wait until you die.

Until I had this hardware problem the SSD died so the Debian died with it. I run linux in USB Flash Drive as I write
this shit. But I still have this kind of aspiration or kind of self-fullfilment. And the reason LINUX distros becoming
shits as those SJW infiltrate it and made shitty policies. And the SYSTEMD makes it bloated and a potential security
threat. Oh di ba?

-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOoENoACgkQVYFrPBLD
rx2uZgv/QThMQl+YHrIYca+KlOQOCcMZB6Zs0drK5QL/tAMQ2WB45kbMxzdQFtiO
wTIC1Tuj7fK/DmTiGaxzR+ctWH2mEdYLXeee9wcpTiiUFDHBgAz2cPMble/AF+SX
ZhJxyuC2NoFXJ3Ddi4uIwka3rDq0J9YLcSWrbGdxdUVdzLtHmUz1G7CmMYGPwwxe
STfY/ytXmM0T2vn7u2qrSoxTp0d3NrbYwGyHTgVlcwhRMipQcJKcX4JlyV793Jtc
TICHSe5tdFabHhiAPh+JQjydqriVvPy1jRf8OuSOfm8fePX/QS2a/dVpX5vJOIYN
rA+CGEnfJ99DLuCEdiYBwNe0d/Tk5vue0KHTDTEyUttOaU4OSlJRmt/oGo6NvXR5
+afvbVXy9zjaBN0MVRJpbqqZZsiYSY5eDtx7M1/sgi1Zlgn7sbC12jPDbWQhiOD4
zFLsYVPisyjeD9DeYrK+50iLqjDnUAwz2mrNIyOAw3FgS8YaODRoCG/ygM2Swf6e
XnzNFoEu
=YI3h
-----END PGP SIGNATURE-----

Redirection and Manipulation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I can say it is double edge sword one thing bad can cause you harm or good. The pride of masses can use to
manipulate, the ignorance of masses can be used against them. The people we call intellectuals who are
capable of critical thinking and with skepticism, the luck few. They stand no chance against the guillible masses,
but the masses is invulnerable to populists.
People with no capability of critical thinking tends to believe things without questioning. I don't agree with
the people who is saying that they should not listen to other but exclusively listen to them, hell no. Human beings
are capable of lying and manipulating. We don't we are being fooled until it's to late.
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOiBugACgkQVYFrPBLD
rx3H7wv/edvEwTzi3VYN8oVS0pu/iPRiiU0ahIV53dLvDRsyiXf6cJk6grlz61oF
7Fu0k51gleTmzk5dsyP9VyDniDYk4S2mjz4gCQM0R5Og3MEyG+lP5LjokSgkSUB9
fPYCJqafGIaFTi/LtwJdie8Ac3bD5KopwD8PbHV46LJupWXbl61dN7xz4zbjRqo1
hue2HeDzDmiH7i7iNidmJdRX3nAUWDPTzY1jxGH6S6PD8cT6pAJesyJVuF6TEHEX
C+1adNwpOiJ08fwuzaafbR0Vg+7PnzJtY/gXYuPNSqOYGl472umuRgWjubTBeHrP
hsO5AdZfDVjxmxj/aAr2dKm+VI1uhFbyXWxqnyJh7sHCwPxUrdcVXyDkf1ouVLH/
RvlFIAfINW0fB6H0TFKGLRRp9W1KcR/Z3EEa6C1ResHIONcYJC9MtOiuC2RDAfZw
geelLUT0c2maieAmFUWKWh4WhFrjAIWZscEgwffI5T4qq0um+ay7I8nWjYgk/vP7
l1TrKk/R
=Cn8/
-----END PGP SIGNATURE-----

Always Make Back Up

That's the computing doctrine always make backup or copy of your
file because there is always risk of losing files, it is not perfect
computer can fail you. Hardware and software failure really exist!
So do be so easy on your important files always make backup

A little step forward

You don't have to do something completely when it hard, but do it completely is just reference and it is also
a good thing. But there is something that entrench on you. A little step forward might be the only thing you
can do this time.

Strange Quietness

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Wed Dec 14 10:14:29 PST 2022
Almost home alone almost left, today for the first time since the pandemic.You wouldn't here
shits anymore but it is a weird feeling, it's so quiet. It is peaceful but is kind of strange: My dog, my oldman and myself.
But each everyone of us not made even a single noise since everyone else went somewhere. It is a strange feeling for the longest
time I never heard the clanking of my keyboard this for so long it strange.

But I heard a news about how Ukraine attack some military hardware and infrastructure inside territory, is this the start of
escalation of a bigger war? I don't know but, war is almost a year since it started last February 24, 2022. I end it here because
anything could happen in the next few days or week.

The SIM card registration here is so delayed, and so unconvinient that must have done this a long time ago. Some of the numbers I keep
is in the threat of deactivation. But we all the system here shit even if you do there is a chance of deactivation.

The good thing is the scammers' wet dream is going to end, somehow.:
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOZOCoACgkQVYFrPBLD
rx03dgv/eK9LLeoEGlPH3T1YJgFaiW6HbLZAIHBvd/vqklhRroU9aW7Cmg9vY9Ha
jSuCMMF1T71kwh/OriqKnxqafj456CXMJf/mSrZLc3wRXLV5ojAYcY8F36Z935Sb
v3lJWhfDY0b9mDHIWZVTVPY0kIOvnitorKKjD2Lm6ZN/rcfuX+dtLsdHQgsGellv
rDk2ettAeQAKYK4B+tiZ80KoJ8bTT416HQQebQP0jaSyi0tUhL8Va1qWzVnxg5nu
sEGjCBd4AHQ70LnwgLLZxCXWrMYEbZI5L7jcQ9lhLb/yYm3kf03ZYlUkvynwyGTN
kgZl015AJd6LODeNjqT8IiTgII1Y//bJdkXtr4FsijQw4HQ9wZzg1xz/oH4bQKwB
M6obyyzOcaX+k+zt5jLcIZDUNal7w7IKf8n9lmC847kk3nGHxlbCdAyXDAXYYHmQ
67NqNys8+4vBu6mtdx4ErWWXi9Ky7A70C6KqtICf9r+bVgNSUS35SW6eVuVofOPf
bmcXEzR+
=HyWR
-----END PGP SIGNATURE-----

Wudju agree or not?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


There should be progression in thinking and ideas and attitude towards disagreements.
It is given disagreements is a negative connotations, but in its absence it is also unhealthy, It is sign of manipulation or dictatorship
but that's not always the case, but is a red flag. Disagreements is bad when it is to much, whereas to much agreements is unhealthy as well.
Both party are idiots or one of them is idiot and one of them is sociapath/manipulator/dictator.

The unpleasant thing about me if I can't agree with someone in a thing,
I just ended up, hating the person. And it creates prejudice against the person, it will blind my reasoning. I'm fully aware, it
is not unique to me and it happens almost to everyone.when we hate a person, even he stating a good thing it tends us disagree,
we all have personal biases. I not a psychologist nor a sociologist, just a human experience or let's say, observation?.
Maybe I'm wrong or it just me.

And it is a same thing in the people we love and adore, everything he will say will be
good to you, it will sounds good to you, and the danger of it you are not thinking at all you just agree
with the same effect of hate it will blind your reasoning. It will be an avenue to abuse. That's the danger of fanaticism.

But there are worst kind of people with illogical sense fanaticim toward someone and seemed they adore
like demigod.

Why can't we just agree to concept and not needing a person as symbol for it. We are always
seeking for someone who will fulfill our inadequacy.

Why just agree to a concept a person can fail, concept don't, it just gives fraustration

It is given you can't agree with everything with everybody, unless you are worm or a maggot.

It is not democracy if there is no opposing ideas, maybe you are in an echo chamber and
it is chaos if there's always disagreement.

Those two thing should be in balance.

Why am I saying this? because dictatorship can cause war, Fanaticism can cause genocide and it will
affect me, my family, my friends and YOU.

I think we will never learn from this, World war 1 and 2, those are effect of fanaticim and dictatorship
We know hitler, mussolini, gadhafi,Idi Amin, Pol Pot, Hirohito and the latest Putin.
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOU5nYACgkQVYFrPBLD
rx1q8wv/Z/IEWFci0lM9njXH+HjZJZLuTwus9oMT2rwATrPU0V2sjsaFm2SJExjc
7zHlWjoGSE9/ANs/NIRDcpKD4Gjk237IQ9+2beW0mWu8PC4VLcKfNtgSt3A5zKPg
VblLD/cz7lcpPER0+xw6eGVtd9Nf0n1KxVNaGoWL2TZkdzVbo0gKRLoiEKJotbwt
W74JxbPtKUGrGd2SqLLO+r+I0rqNiaGJ2NmYpcwxw3MxxEoHy9ZdCHxnjTxkYXMV
uzd6Zxl2o6jBQ1GVWCtYfurWnt5ppaUEUnNfkZlkzI5Bnh11A9ngfALDfy8uo+JV
DU1Rg/FcBW3C+q/zfpVgmXSrYDjBRUnCeXC4UPp/Y31SsNuBshGugDBKjwpJ4nHR
S3wkWmtjRLtNLoyhrrS31fuvzFmz9of4z5uQLAdCp3FlonUVMSVA78NT7pvqflb1
2rqB7vr+3OgJjcjDS0C2ClOYrnlDIaeyrlpC2yF0MqqtvUDBxrefm/U1t4gLiCDN
d09eN0UJ
=W9y7
-----END PGP SIGNATURE-----

Challenge without reasonable purpose sucks

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I said I will do something I never done before, but should not irresponsible and stupid, well I never did anything
just an ordinary day. Just inside the house, almost not getting out. Never done anything I don't where I get started.
It is a simple thing to do, but it seemed hard because I'm so not in the mood to do it. Sometimes when you
want to be reasonable, you don't do anything without a real purpose, why should I talk to someone or do something
when I don't really feel to do it? just for challenge? Hell, no! I should have done better than this!
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOTgRsACgkQVYFrPBLD
rx3dYQv+Ke4WURUXlnleT0WyZoNtl2KvH6krCJFOx621kiV1vAMMMh98q9LoD71E
vTShoNj+RSLipk5cr/H8/hZNg1dBdyQwJoO5oJZWP4IliAO0C/kx4N/gvirfgDP4
TdAbpAq9Jj5gPYTkdztM40UQgdW41qdVzaUirASUE9y/1O3EXKXmrTqhBspz0XMb
iiMX/ekf4VpWEbAPQGakbQYcZ0Ls6G340lFVZMGXhksu8/2N3cZ/C8hdwTRjjwB2
agGGQ7Outnu6ShL6JMwfU2mpmspyuERhRXI76pO7xoJBKn+uSkGdJ6GnLNdHn+qZ
mH5HBM7bAK7NCVO6v6GB+8MD9MSnxoFi8ns3iNIboLk1TzRLA/1Ptskb+Yd7uJ0U
/Z7tAzQL09c27dqLxBm58YFZ3MGB8jRx/QbFpoyfmhHPFDqDHDN9TMTADbh+3ger
vZrcGemJpCsfkDbV/fiZNnBWmea+wIiCbd33y7FReK/47IOJc1HRekJLABsDUYjt
eDesLRMF
=lSGl
-----END PGP SIGNATURE-----

Anonymity versus Authenticity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

As a netizen: which is important to you? Anonymity or Authenticity? For me it depends on the situation.
There are situations you that need to be anonymous and there is situation you need to reveal yourself and prove your authenticty
Things should be balace, it shoudn't be so plain nor exaggerated.
It is undeniable that anonymity enables fraud, but it does more good than harm, rather than you kill it , it will be suppression
it will be the death of privacy and democracy. You will just strip off the rights of good majority. The keyword is moderation.
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOO5aAACgkQVYFrPBLD
rx1UrQwAvhi+utS6dH98QqsYTGIwDzc37/Wsk+1q4uWES31hs0f0EQ+0GvdlA5NO
eEmvRs1j3rPQq0LANPrAgdJQAoa0mqvIse1CgYg88lhClxWy/D5mg6rQcsqxPACM
omlbb45wklxeUHAMKybCPqPtd3uZQG9/BHMfqxsVjvivhLnE3d/j2pabwPmunbhw
dZ9Zshl13TCeetFRBVuWH0yKzWCFVz76n7lOXgF4JVLRvSWubIjJ+7fYSjE2wp2A
9MzHAhvXKUbCe37UiFPBzLcdNTg4Vw3bNQVrMC2NDvJtXV4N2yZXl65XR/mpfEWi
CN3Sq17GpP6tp5M0PzysCHJ7dEuik/wkLTyRXprL1HQPYNmKkqxcf8nRuNjCIqMO
T0wb+e3QzjC/0JlDh6fxT+2wQbs6PNAfErzOnGOoJbgiIZRpRL+zQZMW5c2kc7cQ
BQXJwATAQfjKN9P8ccQ9WZfUv+jfhBLwJUB8Ovpj+U+RMAj0LlWfA9xm4gRe9uk7
bZvQXs0V
=zhbC
-----END PGP SIGNATURE-----

Ignorance and gullibility

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

They said learning is lifetime experience. But I learned Ignorance is ageless anyone can be a victim
Look the world politics today the ones who are being fooled by fakenews and propaganda, the most are the older ones.
Just think about it 30 or 40 years from now, will we fall in the same fate? As we get older will we loose some reasoning power?
But look Noam Chomsky as he get older he gets wiser, all this just a theory or the old ones are just guillible from
the beginning? I don't know the answer maybe if get older somebody could say I have been fooled or not.
Hitler does it in Wold War 2 he fooled millions of people, believing they are the master race and
millions of people killed as a repercussion. Beware of Dunner-Krugger effect.
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOO4BsACgkQVYFrPBLD
rx2lhQwAhF4uRqsPZD5/PQcURVWGjub1jW2DopAGs7M5iPXCmmA0JeCZfn2M+zaC
8qEgjBWQFYXgaI79B2NZ9jX98OLcxeC6siihQWFnwptWp0YzffA37cMeF/G0PDv/
AIswFhq1FwF3IR4cbE6yWDsta7s82xH2MYVs3nM4Bbx7myQVPVhopwbPRa4jx+7w
IQ1LQEFJib2vKqf6GcI2I1LW6UGQHRxF4clJJztWZEb09VnkHBrCv4J9E0wOGPH1
sfg5mH4lfDHV0nMEcoGsJbeQnWkcTK0t8LRwG9MZjtdxTS7bMuqloSDXlIFiqSPo
76JhA1xlE3IoTQ+2fx/uaDHd6YEsxq5PyqgKwkX+D5eSFY2ixrIe2OtLq1gAyqfc
Ih/pJQ3oVlyUWEVyOVKZxozju2xMXxDqB+42qZ3Oz0HKxVaQs1dwDXXJoH09kZY1
ItkU5vmZgqa8Dz3LatTDD5TIJQK++QyRJwbnWm9xySnqBj2rGoP/3wGkEmIH18ZZ
C9DuKj3D
=i3fc
-----END PGP SIGNATURE-----

Anonymity versus Authenticity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

As a netizen: which is important to you? Anonymity or Authenticity? For me it depends on the situation. There are situations you need to be anonymous
and there is situation you need to reveal yourself and prove your authenticty it is a balance thing.
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOOMlMACgkQVYFrPBLD
rx2Tawv/cM18vRKLFfu91XF4A2kxdKqFj28vR1x92XfoLpYe96eNlaefQE+9qGwc
86ADE2j+Yc7SoIdgSc93ZmycTVzn5ztLKyljbC/oFWriJwp9sT9yG+3oxf0ZeS3i
daVEaUEHFZjyA/EqafEPBaoG5+BeDqS8NgeocdF7NGaFI1jR/bXCydPhy/Bn0bfp
REchWstcKhIXZx6karjE/iD7x+I9R8dw/qe0iY3qlEiYzQVPSkpmLViHR5ZGIgR8
g+T5Jas3YQlpSXkcyJQWjE/ZVbDbW05xxKn0JxPuWqUVTBDnFOKt7bnGn7pCwurZ
0nycq4rkGF6mNbAb5Df3tnuxSlsaA8FHMjvg405sgDrE6McOXAOpIOmwozCO2wrT
bcRfSz9n8M6fpde4i/QNcpyy6U46ehl4t3I64hK0BQiNBVNVFKuKFQZdHIjtSJww
SbhymT6HUAw59RSpU7T/WDiWyPJYLhfTjG2prX5623L7cv00s3K3X1giaF1QfPWZ
ZBhrPin0
=K5kD
-----END PGP SIGNATURE-----

CR-LF shits OS format

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Bunch shitty things happened to me today, there is something
I thought I knew when I'm not the unix and windows file format
effects the sending and recieving files via mail even you verify
it with gpg it will tell you it is a good signature but no there some
modified bytes in the end of lines CR-LF shits unix2dos or dos2unix shits
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmONth0ACgkQVYFrPBLD
rx1VUwv/QyFNEDVrVwKe8A/9VZSKzZtAeY2dZDTrqflILXKIrXx5mO2h7EwvyoSk
WFbZ2Uz6em4+mNZjomTrdIuZ/k9P0jvVXTNhbAUAcC67Frs+YNrkO8XLm1ofGv+H
ncm1/nRdVtjOqneT5CZqsjgBDxOcjM+fiFGmsopQRxFnZmPE5Y1IKxi6BkS0Ze3v
OZoWZeQU1/3cnlBOE1nVeisbSQPmB9BQxccIhMXgKxsHmfQ4UP1yoBeKHSsnnfj3
snVJSZrxnGJkmFz2uq1W3rXj7pHrsfr8nRv/6KUXAuv9eE7tKx1MOQIbIS4Fe7On
iRPjb3TdAepgms7J1pifu8amv2gn2yfxy/3+5KBSzNXGpJ702HTyAgBF7/B4LsBK
CaNpwplj9gpguzy5RqbwO22JkWk8TflGbsOcazfB/gpM1zcBmX33Rjpid+eWwxnY
e1Knl1iRAkM8hkPHUcV5j8lkmCSVKknTxRg/SRrnevyHjmELDDila2hiSkxg/OFo
VR48hBhP
=Khi0
-----END PGP SIGNATURE-----

Freedom with responsiblity and morality

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

I'm just getting started and dying in the process, that's one of the most absurd things in this life
It's not always fair, there are people the seem so lucky and seem so unlucky. I'm not very well appreciated
I not that known, I'm not that bad. There are they called honorable thieves, and it seem they are successful.

There are polite murderer...and it's sound paradoxial, but those people exist. It made me realized that I
should do things that I never did before. Let's start tommorow. Just one thing, everyday at least if possible
but I should not do stupid and irresponsible things. With the bounds of morality and practicality.
-----BEGIN PGP SIGNATURE-----

iQGzBAEBCgAdFiEEMaSGVbW1csUNPjn0VYFrPBLDrx0FAmOMy1UACgkQVYFrPBLD
rx13MAv/Xs43k6Aw3/l2jzW2ezzeq7AWfUqc+XnDOGE5NYClzZTjqvu/uQLy9/xf
hqS+4dZYVd96n8Lv+UBfj4Q7ygxnjJD/WXLyr4siTgBIlR3b9CgQ3drrYAHQW+9i
u1O4OyCfyToXMc9VRwX2/bOsUdQABk56cwQVOLQOa4Z4NgTl5kiBH1D4qE0xJsn1
ETAuBs/DavqnWZDTG8okoXwAK5SKUcab5ugZZEpBT3XTEieE2HgRF8KM3UcInh4l
UXg66xHTJ3vptN1dl7NA56tbi/Ey6hIdy0m7WB2V/5fWaPSYvn/NEaCxgraB+WbC
eCav0QzVgafqLNjLavVg42GvHf0+cfFQx2KVsudOIT9T5tm1rdIsRRTwuZkEdBZW
BJolNC4Pif7eAdCvs1C0aETVt6XvNrctFZlMOKDA4xjRf9FreQvsj5O4wwOr9eYF
ez0FhXXEN2RP2WptmOsEb+5moYghmh61plVtZw8ON0mjdhSmwiF9Kyle+AhfUEoB
TvBX9T3Q
=2cMd
-----END PGP SIGNATURE-----

Wrong Sent

-----BEGIN PGP MESSAGE-----

hQGMA9aezIJT5YwbAQv/Sk7AJsQJ5eLH6jkV6y3IsYfEB5jkGh7gXoUSOgzjdESP
S57/vX+3O61Y/gbaTmbGXAORMAgMbHBrKZN22k53XE2qpLzFbzTZwEnoSsynkb3c
hjbqkWIpjEWZUGoySvnU5aS8rbpKVUS6422XAPw38PY+QWBlMbQCy0s/EMBUU0Jn
+TvJQnvI7246tG6YUkx8Wv9Cqw6BtQ45kaF/xyx5qYfHfGQokP7eyPTZfBhZpQ4q
qh/FvAVFvDutuD1X1KA+EkxxNx4BZkWutmeeo1fCg8zIsCfAiplgmMj+33Vc68tp
BnagLHag4kXq+p9g4ByV3jdwqSjXaFlikrOIDFejPb4t1buPW6bOmI66sAWDWKp4
FC6S+tpgpM8JBD8jnWn3nidrHDTCXMA7l2Aa29uEfL4wm4KF+BjY1LJhNee/srLH
8/tUWDR2vVSJtXOKrfs/KgDAxH3OVD6J7oUl/PdZ6qoEVU8SL9FkvYUz4q1jCpS7
h9wCDil3BHJIEP1APy4H0sAnAabCjkDUKQiUnjjUNgwXh44Mmv2iuzuW7VH8lzDS
o3zhFMm164SYYwh9TdhVj3k6sXnZxFslDZM0eXpthgTT5Lw8ONxTKGF3wRAOalae
N788R2CRHKkSdkSKe8D+qkZQ8Vh/pg3zioPSq1SwevszdWnmtXPqdBoxy8AQsxoi
tL+xUqud9liF71CXNpqkg1+9YtDpC5yytpce25I2novF0M/qK/MdyKVOGdX0a950
NlqdRfvJWln9FuuFTtPiDoJOGely88uM+ugUmHyMXkrDwEzPyS5G0cdGzgvi38NS
Ms4CrDNl2fhA
=K1fl
-----END PGP MESSAGE-----

Sign me in sign me out

I think there is better email provider out there just
look for it

Check it out if it is wrong

Just checking out some messages I know it is all set
but if I did right I will save me time.

Is there any error?

-----BEGIN PGP MESSAGE-----

hQGMA9aezIJT5YwbAQv+MNYgY9VUbA+8dj0mlWVwKEt/wGl0fXfOrAN5azk7ruVX
1goJTvCoKA/53ZKecAZxPKBq3BBHW8jg6AUoN9TqRYdrbcu+1H+REtEgs46r7oXc
J/ZYEe4Erjt/TNG61HTXU0h9LOVvjSbZG4ByFFc/PQNNMqQhGdar0A9wLzBqc+8y
BTutoCk/55PYJwd2wHiXogjjoEFKI4EYPW0IRcahBw8I4LUTEvDnNFjxpi36mceC
bEzbE1nGSTedAJ7slzr6VsVVqrGbMNP+SJfc0NiLL2xHF8q23GOLPdJRWvzPoQUf
lRxndF3aO1K3p3ZUYdWpXVhWjR6MuwXoe9jmY3oJA7w5FUUoIYm5VTIb+ap8ttGu
pZlse55y52n9+ZZhm+sgCSYYTfVdVW+UsHTmb45GxW+myn39tyjqs9HzR6ntOP/N
xgpdHDwRUsczKozQGCmW8MReTXZ/TQaq60GfxrCjcEf8vOazux61O17FqLvoxWSt
AujkbT9Pmkgenvpv7BYJ0qYBE9w5uymXBLjqbM4W3GUYYw/GbuxlMWQQx705fPEk
2WoAJGN29bP2wEoriiA46bWuByFXbkDVRhYyhn9Iijv10DK2YCC4BeusZu4BKRjm
dlGfMelj1d978d4M7hzXaRGOkUYv/drZUfOg9B7Mp1tsyOWjoTPIuOcD7erxZqRZ
jQUBIZuIjy1gYbm4BeixMYQx+1eAqcQ+2brjOuYUDGfp0lUV1F98
=uwFa
-----END PGP MESSAGE-----

Postale Emaile

This is interesting my signature went to limbo, which is a good thing in this blog, but it is useful in a forum and shit like that.
but it can be done here just a few modifications.

Re: Authentication:This is it!

> This is it! Nobody can pretend to be me, I authenticated it, From now on at
> least I signed what I posted
> This should be an SOP so the scammer cannot get through on this. I am a
> little bit worried where should
> I store my private key. You know technology sucks sometimes if you lost it
> even though you know the password
> I won't make as my official pub key. At least it is spoof resistance for
> now.
>
Should I try a better ones?

Authentication:This is it!

This is it! Nobody can pretend to be me, I authenticated it, From now on at least I signed what I posted
This should be an SOP so the scammer cannot get through on this. I am a little bit worried where should
I store my private key. You know technology sucks sometimes if you lost it even though you know the password
I won't make as my official pub key. At least it is spoof resistance for now.

I'm stupid more than I thought

It takes courage and humility to accept you are wrong to the things you thought you were right. It is a fucking cognitive dissonace,
It is self inflicting paradox, I just haven't realized this thing as I grew older I should have known better and do better. As I get older
and death is waving at me from afar, I just feel regret in many things, and say cliche things, you know.
I should decide to break this bad habit of mine, that I am too slow, that I scrutinize things or overthink I acquired this habit in my mid 20s
'cause when I was younger I tend to believe things right away when I was in my teens, I was 19 that time I didn't grew up in good neigborhood
I let's say was not in the good crowd and then I decided to get rid of it, I am grateful it helped me a lot. And decide to associate myself
to a better crowd. It is like a school there is no perfect school, they have their own pros and cons.

I should decide when I think it's better because at the end of the day it's my life, I should know it better than anyone else.

Apolitical Virus

I've been so apathetic or let's say I wasn't care about politics until the
pandemic sored our lives and the decisions of the government officials
is a big thing it will make a big impact whether it is good or bad.

We were envy New Zealand so much its leaders listened to science and set
aside the politics and made a good outcome for their people.
Most of Nations leader failed to handle downplayed the seriousness of Covid-19 until hits our

It made people lives harder, until now as I write this down China is having lockdown
until now.

Let's get back what I was saying about being apolitical, it made me realized
the we should choice wisely who will be become our leaders because it will
affect us if they failed, we should choose the wise and sane leaders those
pragmatic ones, the ones who do their job.

So I care about politics now.

Testing Mutt

Yeah just a test mutt

Torture=Culture

I cannot confess it publicly, I would be ridiculed. In my culture if you are a little bit
deviant you will be considered weird, or unusual. There is a little or total absence of concept
of introversion, personal space and mental health is ridicously downplayed, or unaccepted or
something to be embarassed.
Critical thinking is foreign, you should have go with the flow, which is sucks.
In my culture people love drama, we are having fascination, more than adulation it is almost
worshipping someone, we are having cult behavior, it seems like it ingrained in our DNA.
We love the personality the idolism or idolatry more than the concept.
We are like those minions who always seek for a leader. I guess we would never learn in the
next 100 years.

RTOS - Real Time O.S.

Real Time Operating System it is cool thing for critical device and infrastructure, from self-driving car to medical equipment to war machines. It is an O.S. for critical device when you are talking about nano seconds. It is differ from known operating system
that we use commercially at home, for our games (GPOS General Purpose Operating System). When it come to multi tasking RTOS is the real deal. I want to learn this stuff, we can say it is a little bit too late to me, but if will make me happier why not?

Twitah

I've heard the news about When Elon Musk acquired twitter and fires 50 percent of its employees, it doen't sound sane to me, but it looks like there is something....will he rebranded it to something else?

Humanity

As human being there are thing that you couldn't just take away from you, even you know
what is right and what is wrong, sometimes you couldn't just do right thing when
egotism takes over your decision. You know narsicism is not always good to you but
it prevails when you are threaten.
The moral lesson you couldn't just view the humanity to the point of view you
already knew, it evolves, it devolves, it changes all the time. I guess it takes
more than a life time to know what is like to be a human.
We thought we learned about Hitler about world war I and II swear to ourselves that it won't happen
again, and yet there is war in eastern Europe and threaten the humanity with WORLD WAR III, this time
with Nuclear Bombs!
This important thing I learned: Dictatorship and Authoritarianism will not think about humanity.
Nobody but, nobody but us will annihilate ourselves!

Human

Human As human being there are thing that you couldn't just take away from you, even you know

The moral lesson you couldn't just view the humanity to the point of view you
already knew, it evolves, it devolves, it changes all the time. I guess it takes
more than a life time to know what is like to be a human.

We thought we learned about Hitler about world war I and II swear to ourselves that it won't happen
again, and yet there is war in eastern Europe and threaten the humanity with WORLD WAR III, this time
with Nuclear Bombs!

This important thing I learned: Dictatorship and Authoritarianism will not think about humanity.
Nobody but, nobody but us will annihilate ourselves!

Missiles

Today, I've heard the news about Russian missiles hit Poland, it is not confirmed if this is deliberate or just
an accident. They are talking about it right now. Again it is about to be confirmed.
If NATO will involve it means a bigger war in Europe.

Telephone Number

Telephone Number verification can cause more problem than a solution It threatens one's privacy, you jeopardize more when
you lose your device or you forget about it and it ends in the wrong hand, there are people here buying broken cellphone that you
forget your emails and some of your credentials picture (It could be compromising ones).

Picture you shouldn't share to public. But the unwary people just sell and saying there's nothing to worry about because they delete those compromising thing,
but they neglect or unknown to them that there is a chance that deleted files in the computer could be recovered.

But those unlogged Facebook, Instagram accounts, emails could be compromised once they fix the phones you sold to them. We should removed the device
storage if we are desperate sell them.

TEXT MESSEGE

Text messages becoming thing in the past
because social media´s messaging system it kills
the SMS

Soy Un Pendedor

I cant say anything about by the way
--
Tue Nov 15 02:16:02 PST 2022

Existential crisis

The opposite of this thing are those people who want quit this life they don´t even bothered about it.

Personal E-mail Server is Dying

The major mail servers discriminating personal mail servers it blocks them or it dinies them. And The social media becomes the major communications medium between people and it becomes very voyeur

Javascript less

When java becomes thing it eats some of our computing resources and it keeps going. what good about javascript less site it uses less resources and it is more faster

Uploaded textfile blog

I uploaded text files and becomes a blog that is a nice things in the time of
vloggers I am here in the old school blogging. I like videos I am now a telegenic guy
Expect me to upload more, because I've lost a lot of knowledge dump that's what i all it
to this cheatsheet

Linux Journal Copy Cat

I have this link I occasionally get updated:

https://raw.githubusercontent.com/telnet15/linux-unix-cheatsheet-tutorial/refs/heads/2ndmain/MyCheatsheet.txt.asc

CHEATCODES
GNU/LINUX RAMB MANUAL,TWEAKS AND TRICKS

PREAMBLE:

As years gone by , exploring Linux Distros I come to the point the explore the Unix Operating system FreeBSD and OpenBSD, and had this idea that Unix is better as a server O.S. because of rising popularity of Linux based Operating system it became target of cyber attacks, exploits and Ransomware. I am trying to use FreeBSD as my daily driver for file safe keeping, I don't have to install Anti-virus. So I started to dump text about Unix O.S.

INTRODUCTION:
 There is misconception or misinformation about LINUX. Linux is not an O.S. but it is a kernel. It is useless when it is used alone it needs distros to make it a powerful operating system.There are are many Linux-Distros--Debian, Slackware, OpenSuse, Fedora, Gentoo, Ubuntu, Red Hat, CentOS, Kali and the list goes on and on everyday.Many of us have no clue that Android O.S. use LINUX kernel or else it will be just a cripple. Many of us don’t recognize how powerful a linux distro is. Most of us are not aware that 85 to 97 percent of websites in the wold run in Linux Distros.

WHY I WROTE THIS?:
I wrote this for a personal reason. Linux is good when it comes to security but is hard to use ---> It will be only hard If you don't know what to do. Just invest some brain cells and it will be useful.Hoping would be a beginning for those who just learning the ropes.I intend it to be cheatsheet for newbie.Empirical Experience there are many times I have been in a forum, not all the posts there are useful. I chose the best of
them. So I have a reference when it comes tweaking.My last reason. I don't want to forget it.

I. MAY COMMAND LIVE AND PERSIST
Don't get intimidated by black screen and flickering green text on screen like those we’ve seen on those Hacker movies and claim to be a
super genious. Those overated and bullshits.

CLI --> Command Line Interface. CLI is useful use lesser memmory unlike its opponent GUI (Graphical Use’s Interface) use much memmory

BASH or Bourne Again SHell:A Linux/Unix shell that you type your command there are alternatives like xterm and konsole. The counterpart of bash in Windows is Batch files like Batch file, BASH does not need to be compiled to run. it just runs, and could change the code on the fly.

One of the useful tool Xterm shell is the crontab. I used to delete those files over and over again with this tool you can elimate
those habitual deletion of file and saves a lot times. In Linux shell type “crontab -l”
in my case : this is my crojobs it includes of the file path of my bash script---xhistory.sh
To edit the crontab type the “crontab -e" on linux shell

johndoe@linuxdistros:~$ crontab -e
Put the following lines of command and save it then restart your machine. It supposed to
work.

#every 15 minutes the machine will execute this bash script file
*/15 * * * * sh "/home/john/cronjobs/xhistory.sh"

And the xhistory.sh contains the following lines of script commands.

#It fills .bash_history with ramdom characters for 34 times
shred -n 34 "/home/charm/.bash_history"
#Then emptying the file by filling with null bytes

cat /dev/null > /home/john/.bash_history
history -c
history -w

shred -n 34 "/home/john/.local/share/recently-used.xbel"
cat /dev/null > /home/john/.local/share/recently-used.xbel

shred -n 34 "/home/john/.config/smplayer/smplayer.ini"
cat /dev/null > "/home/john/.config/smplayer/smplayer.ini"

The exections secure delete the contents of history files. It is a little bit
counter hacking but it is good when you used it mysql shell, rlogin, ssh passwords
it prevents the attacker to exploit you passwords. And one more thing it saves disk space.
Minute Hour Day MONTH YEAR commands
* * * * * /root/run_me.sh

HARDENED NETWORK SECURITY

iptables --> it is a very versatile firewall native in linux kernel. You don’t need to install a a 3rd party software, you just need
know how it works

YOUR SECURITY IS VITAL. You could avoid hackers scanning and launching ARP Network poisoning (Like wifikill on android devices )
which can cut you out from internet. And the worse is they can still information, passwords and even credit card number by
launching ssl strip tools. You could avoid that and become stealth in a network like in a public internet network.
Somebody can ping scan your machine your machine and that is start of the vulnerability. You are also vulnerale of what they call it
“Ping of death” which is a kind of DOS (Denial of Service) Attack and MITM (Man inn The Middle Attack) Attak which can totally strip naked
your privacy and it allows someone to steal your passwords in the site your visited. You could avoid those threat by utilizing
the following commands in linux system shell.

NOTE: It requires root access

#DISALLOWING REMOTE ACCESS in x11
root@linuxshell:~$iptables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A OUTPUT -p tcp --destination-port 6000 -j REJECT

#Disallowing ping from someone. Your machine rejects ping it does not reply.
root@linuxshell:~$iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p icmp --icmp-type echo-reply -j REJECT
iptables -A INPUT -s 192.168.1.103 -J DROP --> Drop all packets from specific IPaDD

To Check it out if the code works

root@linuxshell:$ iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:x11 reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:x11 reject-with icmp-port-unreachable
REJECT icmp -- anywhere anywhere icmp echo-reply reject-with icmp-port-unreachable

This one will prevent your machine from WifiKill and MITM and DOS attack in Local Network.
NOTE: It requires root access.
This one is wlan or wifi

root@linuxshell:~$echo "1" > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/net/ipv4/conf/wlan0/arp_announce

This one is for LAN or Ethernet card:
root@linuxshell:~$echo "1" > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/
net/ipv4/conf/wlan0/arp_announce

#######################################
YOU SHOULD TRY sysctl -a
You can set some firewall rules
and it retains even the system is restarted
the path of config file is
/etc/sysctl.conf
######################################

HARDENED PRIVACY ( needs to be edited)

In this section I will tackle more advance security. If you are an average internet users you don’t need to do this stuff, but if you are a journalist, eloectronic privacy
advocate or a wistleblower you want to expose some corruptions and it is definitely a matter of life and death. You have to be careful I advice to turnoff your swap before encrypting files and send it to someone.

I highly recommend to use “Tails” linux distro. A bootable OS can be booted on usb and CD. But if you want to leave any digital fingerprint and you want to hide an
incriminating data. (just google it)

After your machine boot up. Do this first in Linux Shell.

swapoff -a

a - all. turn of swap totaly
you can check it out by: typing the following command on Bash
htop - swap memmory should appear 0.
freem -a

The swap memmory also can be encrypted. just google it.

Creation of 6MB file
dd if=/dev/urandom of=swapfile.crypt bs=1M count=64
loop=$(losetup -f)
losetup ${loop} swapfile.crypt
cryptsetup open --type plain --key-file /dev/urandom ${loop} swapfile
mkswap /dev/mapper/swapfile
swapon /dev/mapper/swapfile

The result:

# swapon -s
Filename Type Size Used Priority
/dev/mapper/swap0 partition 4000176 0 -1
/dev/mapper/swap1 partition 2000084 0 -2
/dev/mapper/swapfile partition 65528 0 -3

swap0 and swap1 are real partitions.
shareimprove this answer
edited Feb 12 '13 at 22:39
cjm
20.3k57073
answered Feb 12 '13 at 21:10
ott--
7661512

5

This Configuration uses randomly generated keys at boot and will not support Hibernation to hard disk! You Should Disable Hibernation through your respectie DE Power Management Utility and set it to Shutdown on Critical to avoid Data Loss!

Make sure to run sudo -s or su before running the following.

Disable Swap:

# swapoff -a

Locate the existing Swap Partition

# lsblk

You will get something like this:

sda3 8:3 0 8G 0 part [SWAP]

Overwrite Old Swap

# dd if=/dev/zero bs=1024000 of=/dev/sda<#>

for example:

# dd if=/dev/zero bs=1024000 of=/dev/sda3

fstab setup

# vim /etc/fstab

Replace old SWAP device with crypttab mapper name: /dev/mapper/cswap

#<file system> <mount point> <type> <options> <dump> <pass>
/dev/mapper/cswap none swap pri=1,defaults 0 0

Crypto Setup

# ls -lF /dev/disk/by-id

For Example:

ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 -> ../../sda3

# vim /etc/crypttab

# <name> <device> <password> <options>
cswap /dev/disk/by-id/ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256

Active Encrypted Swap

# reboot

Verify Enctypted Swap Operations

For example:

# dmsetup -C info
cswap 253 0 L--w 2 1 0 CRYPT-PLAIN-cswap
# lsblk
â"œâ"€sda3 8:3 0 8G 0 part
â"‚ â""â"€cswap 253:0 0 8G 0 crypt [SWAP]
# cat /proc/swaps
Filename Type Size Used Priority
/dev/dm-0 partition 8385532 0 -1

####################################################################
ENVIRONMENTAL VARIABLES

You can also edit environmental variables. In your home directory search for .bahrc
if there’s none in existence make one. This is a cool thing you can decide what you wanted
to do with your bash shell environment. Open “.bashrc" and add this line:
PS1='\u@\h:\w\$ '

When you open the cosole the display would be like this.

john@bashshell:~$

you can just change it whatever you want to do with it like:
PS1='\u@\h:\w\# '

It results:
john@bashshell:~#______

There is another one useful for changing environmental variables.
this one is like a starup folder in windows.

open the file path /etc/profile.d/

If you ought to install software in another folder besides the nstandard installation folder (like your new downloaded firefox you want it to install in other folder like an encrypted disk beside the standard disk)you have to change the environmental variables like in this case the java is installed in none standard way. you can check it out by typing “which java” in my case java could not found because it is installed in none standard way.
First I move The jkd7 folder from /usr/lib64/jdk7 to /usr/jdk7 (you can also do this in umounted devices encrypted volume like truecrypt and luks you program runs there)

if i type java -version in bash I recieve this
bash: java: command not found

This the original path
#!/bin/sh
export JAVA_HOME=/usr/lib64/jdk7
export PATH='/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'

This is the modified path
#!/bin/sh
export JAVA_HOME=/usr/jdk7
export PATH='/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/jdk7/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'

restart your machine.
on conssole type: java -version
Java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)

You supposed to see the java vesion. In that case it should work all the way.

feb 3, 2016
If you want to torrify your download. run tor first and do the
next step: this time i download the file with name “youtube-dl”
i tunnel the connection in TOR using socks5
curl --socks5-hostname 127.0.0.1:9150 http://youtube-dl.org/latest/youtube-dl -o youtube-dl

The good thing about “curl” if the download is interupted or experinced disconnection you can still resume your download. if the file is too large and you want continue the download the next day you can still resume the remaining bytes.

OPENSSL OPEN SSL
There was something in my machine always bothering me I can’t install
openssl properly it was always butt-in the older installed ssl version
the problem is I was so stupid that I din’t think about the path name of the old one just to overight my machine is a little bit eccentric it din’t install openssl in the standard directory so i have no configure the installation first this is the path that work in my machine: ./config --prefix=/usr/local --openssldir=/usr/local/openssl
./config
make
make test
make install

I just browsed it on the web I don't know if it is working

HOW TO ANONYMIZE FIREFOX on 2010-08-10

wrote :

change in about:config

browser.download.manager.scanWhenDone = false
browser.send_pings = false
dom.disable_window_open_feature.menubar = true
dom.disable_window_open_feature.scrollbars = true
intl.accept_charsets;utf-8
intl.accept_languages;en
intl.charset.default;utf-8
intl.charsetmenu.browser.cache;UTF-8
keyword.enabled = false
layout.css.visited_links_enabled = false
network.http.sendRefererHeader;0
network.http.accept.default;*/*
network.prefetch-next = false
network.proxy.socks_remote_dns = true

########################################################################

add to about:config (for faking the user agent)

new - string: general.useragent.override - value: Mozilla/5.0 (en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2

########################################################################

change settings
(in firefox 3.5 and higher first choose "user default" to change some settings)

javascript:disabled
java: disabled
history: disabled
chronicle: disabled
save data: disabled
cookies: disabled
clear private data: enabled (all)
remember passwords: disabled
offline storage: 0 mb cache

########################################################################

search engines disable/uninstall

PACKET WARS
#to forward the traffic to your machine between your target and router.
echo 1 > /proc/sys/net/ipv4/ip_forward

MORE ABOUT NETWORK SECURITY
SSH - Safe shell. A future network admin should know how to use telnet, rlogin , sftp, gopher and ssh.
Safe shell is secure. You should know how configure ssh server and client for encrypted connection. In my case I
use OpenSSH for BSD
https://archive.is/o/zCaQN/www.ssh.com/support/documentation/online/ssh/adminguide/32/Generating_the_Host_Key.html
-----------------------------------------------
SSH PROXY connection

ssh -p 443 -C2qTnN -D 52233 skyssh.com-florp@146.185.160.149


ssh -D 12345 myuser@remote_ssh_server
SOCKS Host: 127.0.0.1 port: 12345 (I, actually, used 8080) with
ssh -C2qTnN -D 8080 user@my_server

create.sshgoogle.com
fastssh.com
skyssh.com

sshagan.net
go-ssh.com

http://www.phcorner.net
un: json***
pw: cro*****

tcpvpn.com
bestvpnssh.com
mytunneling.com
createssh.com


ssh -C2qTnN -D 8080 -p 443 skyssh.com-anonme@188.166.190.87

ssh -C2qTnN -D 51234 skyssh.com-krang@45.32.147.45
-------------------------------------------------------------------------------------

PUT YOUR WIRELESS CARD IN MONITOR MODE
(It depends on your wlan card if it is supported listening or monitor mode.

ON YOUR SHELL
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up

ifconfig wlan0 down
iwconfig wlan0 mode managed
ifconfig wlan0 up


#redirect all of torify's traffic to localhost
sudo iptables -t nat -A OUTPUT -m owner --uid-owner torify -j DNAT --to-destination 127.0.0.1
#allow vm to access privoxy, tor
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 8118 -j ACCEPT
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 9050 -j ACCEPT
#allow tor to access vm
sudo iptables -A OUTPUT -o lo -m owner --uid-owner debian-tor -p tcp --dport 5022 -j ACCEPT
#if we allow it outgoing, allow it incoming and don't interfere with prior connections
sudo iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
sudo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -m state --state RELATED -j ACCEPT
#don't let anything access vm on localhost
sudo iptables -A OUTPUT -o lo -p tcp --dport 5022 -j DROP
#don't let torify snoop around on listening localhost ports
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP
#don't allow external machines to access vm
sudo iptables -A INPUT ! -i lo -p tcp --dport 5022 -j DROP
#drop all torify traffic failsafe and protocol agnostic
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP

To make sure the rules stay after reboot, type the following command: sudo iptables-save
Next we'll need to make sure Privoxy works with Tor. Type this command: sudo gedit /etc/privoxy/config
Delete everything in the file and replace it with this:
# Generally, this file goes in /etc/privoxy/config
#
# Tor listens as a SOCKS4a proxy here:
forward-socks4a / 127.0.0.1:9050 .
confdir /etc/privoxy
log /etc/privoxy
#actionsfile standard # Internal purpose, recommended
#actionsfile default # Main actions file
#actionsfile user # User customizations
#filterfile default.filter
# Don't log interesting things, only startup messages, warnings and errors
#logfile logfile
#jarfile jarfile
#debug 0 # show each GET/POST/CONNECT request
#debug 4096 # Startup banner and warnings
#debug 8192 # Errors - *we highly recommended enabling this*
user-manual /usr/share/doc/privoxy/user-manual
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
Now, type this command:

sudo /etc/init.d/privoxy restart


Well, that didn’t work like intended. We dropped ARP related traffic to the IP address, but not on IP level. This is also visible in the arp -n list:
root@ubuntu:/data# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.20             ether   00:a7:22:23:d1:f3   C                     eth0
192.168.1.1              ether   d8:d7:21:22:5a:f4   C                     eth0
So to make this work, we simply have to flush the ARP cache. We delete the related ARP entry:
root@ubuntu:/data# arp -d 192.168.1.1
root@ubuntu:/data# arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.20             ether   00:a7:22:23:d1:f3   C                     eth0
192.168.1.1                      (incomplete)                              eth0


Specific traffic filtering
Back to our original mission: only allow our router to exchange ARP packets.
root@ubuntu:/data# Block ARP traffic from all machines (default: DENY)
arptables -P INPUT DROP

root@ubuntu:/data# Allow router (fixed ARP)
arptables -A INPUT --source-mac d8:d7:21:22:5a:f4 -j ACCEPT
All ARP packets are blocked now. Each system which will transmitting traffic will end up as an (incomplete) entry.
Enable all ARP traffic
If we want to allow traffic again:
root@ubuntu:/data# arptables -P INPUT ACCEPT
root@ubuntu:/data# arptables --flush
Flushing the full ARP cache can be done with ip utility:
root@ubuntu:/data# ip -s neighbour flush all
Conclusion
Arptables is a very powerful utility to filter traffic and avoid an unexpected router taking over our connectivity. However, keep in mind that connectivity is not fully blocked. Only ARP traffic is blocked (layer 2/3 on the OSI model). If someone is able to manually add an entry to the ARP table, traffic is able to flow again.

One hardening trick I like is to turn off ARP completely with:
ip link set dev eth0 arp off
Then add a static ARP entry for the router so you can get to that:
arp -s 10.0.0.2 00:0c:29:c0:94:bf

------------------------------

gpg --keyserver pgpkeys.mit.edu --recv 8B48AD6246925553

#######################
To update java download java.33.3..gz and extract the files in the current directory of java installation just a sort of copy and paste
######################################
you could secure delete klipboard it is located in /.kde/ but you can disable the saving in klipboard in options

Set Environmental variables
export MYHOME=/mnt/live/memory/data/AdwCleaner/

###############################
# TO DISABLE BASH HISTORY PERMANENTLY #
# echo 'set +o history' >> ~/.bashrc #
###############################

JUST DISABLE HISTORY IN A CURRENT SHELL

set +o history

##############################################
The OpenSSH 7+ does not support deffie-hellman handshake by default
you should config it or type it specifically in CLI. And does not display the key in md5 hexadecimal string format but a series of gibberish. To make it work in that way one should edit this config as I explain below:

/home/user/.ssh/config
Host 192.168.1.1
KexAlgorithms +diffie-hellman-group1-sha1
FingerprintHash md5

/home/user/.ssh/config
What I did is to make something in old format md5 display and old
Host * # anyhost
ForwardX11 yes
Compression yes
X11 is also cool thing
==============================
Linux command line show directory sizes
du -sh *
http://112.203.90.24//admin/pldt.asp --might be exploited
=========================================
LEARNING APACHE MORE
This is substantial
http proxy using apache “proxy-html.conf <--Im gonna study about that



f2592419@mvrht.comf2592419@mvrht.com

=================================
DNS/NameServer
I find a more effective way to customize dns server

=========================================================
#add into .bashrc
genpasswd() {
local l=$1
[ "$l" == "" ] && l=16
tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}

===============================================================================

unix tools
fc ---edit .bash_history
LINUX/unix MONITORING TOOLS
iptraf --network
top --process
vmstat --process
iostat
iftop --network
du -sh * --> show directory sizes
1. Fire up airodump-ng, lock to the channel that has the network AP you are interested in.
2. Note the BSSID of the AP and the MAC of a connected client.
3. Use aireplay-ng to force a deauth. Since Association and Re-Association packets contain the SSID whether hidden or not,
when the client reconnects, your airodump-ng session should capture the SSID and report that in your session window.
Basic syntax is:
aireplay-ng -0 3 -a $BSSID -c $CLIENTMAC $INTERFACE
aireplay-ng --ignore-negative-one -0 30 -a C4:6E:1F:48:DB:E4 -c 04:1B:BA:44:A3:E8 mon0
aireplay-ng --ignore-negative-one -0 -a 00:13:33:F3:84:9B -c 9C:B7:0D:26:0D:59 mon2
B315_9487D



root@bt:~# /pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:19:5B:52:AD:F7 -w - /tmp/wpa2*.cap



-----------------------------------------------------------------------------------------------------------------------------------
iptables -I FORWARD 5 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
456 iptables -I FORWARD 1 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
457 iptables -I FORWARD 2 -s 10.42.0.52 -j DROP
------------------------------------------------------------------------------
Conserning about bandwith quota In my own machine not the forwarding or shared
connections ones. this is 20 mb limit 20 971 520
iptables -A INPUT -p tcp -m quota --quota 20000000 -j ACCEPT
iptables -A INPUT -j DROP

1000/1024 bytes = 1 kb

 1 MiB = 220 bytes = 1024 kibibytes = 1048576bytes

ssh -C2qTnN -D 8090 usrname@hostname -p 443

###################################################
NETWORK SECURITY!
MITM NO PROBLEM IGNORE ICMP OR BROADCAST REQUEST
Add the following line “/etc/sysctl.conf”

Ignore ICMP request:
net.ipv4.icmp_echo_ignore_all = 1
Ignore Broadcast request:
net.ipv4.icmp_echo_ignore_broadcasts =1
#load new setting by typing the following command# sysctl -p

to show all the rules: sysctl -a

IT IS ALSO A GOOD THING IF YOU DISABLE YOUR IPV6 IF YOU DON'T
USE IT:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

another method permanent effect edit the following file:
/etc/sysctl.conf
#with this lines
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

#############################################

CREATING A BOGUS SSID OR AN EVIL TWIN
airbase-ng -a 00:09:5B:6F:64:1E --essid
"Fakeaccesspoint" -c 11 mon0

#########################################################
miselenious tricks display time in the upper left of the terminal
while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done &

07/05/17 07:30:58 PM
Adding the rule
iptables -A OUTPUT -p udp --dport 53 -j DROP

removing the rules
iptables -D OUTPUT -p udp --dport 53 -j DROP
Sunday, November 12, 2017
If you were having a problem in your default DNS server e.g. your pesky router. Just dont forget the resolve.conf in “/etc/resolve.conf”
and add the following line:

nameserver 8.8.8.8 #invoking google server as you dns server

##########################################################################
What’s more surprising I solved a long time problem in sshd put it in booting up. And might solve other problem like putting httpd servic in startup
just change the chmod 0777 the file specific file in this directory “/etc/rc.d/”

#AUTO START SCRIPT IN MY MACHINE WITHOUT ERROR
# FILENAME: rc.local
# DESCRIPTION: This script enable tap functions of touchpad in this machine
# lenovo.modprobe startup script is not functioning and I dont know why.
# INSTRUCTION: Add the following script on rc.local the directory /etc/rc.local
# if does not exist create it or Simply copy this file [/etc/rc.local]
# and execute this command: [service rc.local restart] without the square brackets
# This procedure must have effect already your touchpad tapping function. Reboot your machine
# init 6
modprobe -r psmouse
modprobe psmouse proto=imps

It more

######################################################################

Sunday, November 19, 2017
In this moment in time I completely configured working dnsmasq DNS server in
this machine but sandly my linux machine at home is broken. It saddens me the fact that I have good internet connection at home and cound not even practice stardard networking practice at home I had to be a snitch. To digest everything I learned in a short period at time. I know it is wrong but I coudn’t help myself to solve something (a long time problem) . I eager to learn more that’s how I get my drive to insist my persitence in learning.
By the way I wanted to write down details how I solved that DNS (dnsmasq problem)
saving queries in a text file
dnsmasq --no-daemon --log-queries --log-facility=/var/log/dnsmasq.log
just show log queries
dnsmasq --no-daemon --log-queries

Slax DEBIAN BASED ERA

2018-04-09 07:51:

I have installed new linux base OS
It is in its infancy but I guess I would learn a lotfrom it
The first and foremost problem I encountered and solved is about
the autologin of Debian OS even though it has password(It is modified version of Debian it is sort of minimalist OS so many features are not includedin the system. like the desktop manager ). I just googled it unlike
before I had to do it all by myself.

systemctl set-default multi-user.target

To make it back in autologin

systemctl set-default graphical.target

As I have said, I don’t have Desktop manager I couldn’t
even adjust the brightness. Just like I did in the first I googled it
Debian has a lot of community support unlike the former distro I had.
This is the solution.

echo 1000 > /sys/class/backlight/intel_backlight/brightness
just like that. But it depends on your hardware you should follow the /sys/class/backlight and browse the directory to find out which is which.
script to make it automated

#################################################
#!/bin/sh
if [ $1 -le 0 ]
then
echo "1" > /sys/class/backlight/intel_backlight/brightness
else
echo $((2400 * $1 / 100 )) > /sys/class/backlight/intel_backlight/brightness
fi

#################################################

MORE GOOD FIREWALL RULES FROM EXPERTS JUST PASTED WHOLE THING HERE JUST FIGURE IT OUT
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1

###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1

###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
net.ipv4.icmp_echo_ignore_all = 1

If you have issues on your touchpad here is the solution
https://forums.kali.org/showthread.php?221-Touchpad-Synaptics-Tapping-issue-Solved
on the command line:
modprobe -r psmouse //disable touchpad first
modprobe psmouse proto=imps //it should function your touchpad

If you want to make it automated. modify the file of the
following path /etc/modprobe.d/anyname.conf
add the following line
options psmouse proto=imps

Insert date from cli output VIM editor
:r !date

Sat May 5 04:11:45 EDT 2018

I dont like Windows OS specially windows10 it is the biggest
spyware. It captures screen shots and the plain text of the text file
is being spied so I tranfered this text on a volume
I googled and it said you can make a virtual disk, like ext4 file system
you can make it, but you must make a file container first you can use

fallocate or dd (google it stupid). and make it by use some
tools like mkfs, e.g. mkfs.ext4 <nameofthefile) and you can mount it
like you just mounting a regular disk.

Creation of 500mb container:

dd if=/dev/zero of=MyDrive.img bs=1M count=500
This one is pretend to be a broken disk

dd if=/dev/zero bs=1k count=100 | tr "\000" "\377" > /dev/sdb
My discovery it can be used to wipe ssd/hhd
dd if=/dev/zero of=foo.bar bs=300k count=1 conv=notrunc
Formatting of the Container:

mkfs -t ext3 MyDrive.img
Now you can mount it.
mount MyDrive.img /mnt/mountfolder

--------------------------------------------------------------
THIS COULD BE SOLUTION TO MY LONG TERM PROBLEM
DNS SERVER WITH CUSTOM PORT

87.118.100.175 (Ports: 53, 110)
94.75.228.29 (Ports: 53, 110, DNSSEC)
87.118.104.203 (Ports: 53, 110,DNSSEC)
62.141.58.13 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
87.118.109.2 (Ports: 53, 110, DNSSEC)

09.12.2019

ULTIMATE SOLUTION FOR SECURE E2EE FOR DNS ASIDES FROM HTTP-DNS
dnscrypt-proxy
# FileName: dnscrypt-proxy.conf
# A more comprehensive example config can be found in
#
# /usr/share/doc/dnscrypt-proxy/examples/dnscrypt-proxy.conf

ResolverName random
ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
#cloudflare
#yandex
#ipredator
Daemonize no
#fallback_resolver = 77.88.8.7:53
# LocalAddress only applies to users of the init script. systemd users must
# change the dnscrypt-proxy.socket file.
# to edit systemctl edit dnscrypt-proxy.socket
LocalAddress 127.0.2.1:53
----------------------------------------------
# To Edit systemctl edit dnscrpt-proxy.socket
#fileName dnscrypt-proxy.socket
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.2.1:53
ListenDatagram=127.0.2.1:53

https://forums.gentoo.org/viewtopic-t-164165-start-0.html

Fri Jun 1 09:41:01 CST 2018
Open_SSH7.4p1 disables the following key exhange algorithms and
cipher by default. so I need to define the following
line in ~/.ssh/config to pull this out.

Host 10.0.0.1
FingerprintHash md5
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers 3des-cbc

--------------------------------------------
disable a certain linux service
-------------------------------------------
systemctl disable dnsmasq.service

#check status
systemctl status dnsmasq
------------------------
show services and etc
systemctl --all

Monday, October 08, 2018
NOTE TO MYSELF
Just searching all over again for something. Those pesky files stored in a removable SSD storage
I fear it is gone for good.
use “dd” command to overwrite file with zeros or make a container file “mkfs” at least I have a clue
doing something than nothing.
I’ve got the best solution before.

Create your image file of the size you want:

dd if=/dev/zero of=./your.img bz=1M count=<number of megabytes you want>
Format it

mkfs.ext3 ./your.img
(Recheck that command before running it, do read what is printed out.)

Mount it:

mount -o loop ./your.img /some/mount/point
And you're done. Don't forget to unmount before you copy/send that image file anywhere.

dd if=/dev/zero of=~/theFile.img bs=1M count=10
$ /sbin/mkfs.ext4 theFile.img
$ sudo mount -o loop theFile.img /mnt/tmp/

Oct 11, 2018
In any GNU LINUX distros if you install something related to video or audio and if it does
not work in non-root user try to add that user(s) in that group video/audio/graphic shits shits.

October 17, 2018
IMAGE AND DEVICE ENCRYPTION
LUKS / CRYPTSETUP
Sample of creation of encrypted image file
fallocate -l 100M encryptedimage.bin
mkfs.ext4 -j encryptedimage.bin
cryptsetup -y luksFormat encryptedimage.bin

MOUNT LUKS IMAGE / DISK CONTAINER

cryptsetup luksOpen enk.bin enkVolume
mkfs.ext4 /dev/mapper/enkVolume
TO UNMOUNT LUKS IMAGE / DEVICE
cryptsetup luksClose /dev/mapper/enkVolume

November 15, 2018
I just discovered tcplay means tru3 crypt play it can create and mount TC volume
HERE ARE some of the procedures according to your need
Encrypting a file as a virtual volume
Invoke

$ losetup -f
to find the first unused loopback device; in this example, /dev/loop0.

Note: As of udev 181-5, the loop device module is no longer auto-loaded.
Create a new container foo.tc, 20M in size for instance, in the working directory:

# fallocate -l 20M foo.tc
# losetup /dev/loop0 foo.tc
# tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
Enter a secure password for the volume, and confirm the query to overwrite foo.tc with the new volume. tcplay will then write random data into the volume. Map the volume and create a filesystem on it in order to mount

# tcplay -m foo.tc -d /dev/loop0
# mkfs.ext4 /dev/mapper/foo.tc
# mount /dev/mapper/foo.tc /mnt/truecrypt/
To unset the container,

# umount /mnt/truecrypt
# dmsetup remove foo.tc
# losetup -d /dev/loop0
Mounting an existing container for a user
Consider /dev/loop0 the first unused loop device, foo.tc the TrueCrypt container, /home/you/truecrypt/ the desired mount point. The user you in this example has uid=1000 and gid=100. The steps for mounting the container as a virtual volume are:

Associate loop device with the container
Map the container to the loop device
Mount the container in the filesystem
The following commands perform the above actions.

# losetup /dev/loop0 foo.tc
# tcplay -m foo.tc -d /dev/loop0
# mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
Note, if the container uses ext4 or another filesystem that supports file ownership, the uid and gid parameters aren't needed and will not work. Therefore the third command would be simply:

# mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/
To reverse them:

# umount /home/you/truecrypt/
# dmsetup remove foo.tc
# losetup -d /dev/loop0
Using tcplay-helper
The tcplay-helper-gitAUR[broken link: package not found] tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.

The following command creates a 3Mb container called foo.tc.

# tcplay-helper create foo.tc 3M
To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/

# tcplay-helper open foo.tc
Alternatively, we can supply a username to mount the container as.

# tcplay-helper open foo.tc archie
Finally, to close the container this command does the trick.

# tcplay-helper close foo.tc

ovember 16, 2018
FOR THE BROADER KNOWLEDGE ABOUT FILE SYSTEM
LET TRY SQUASH FILE SYSTEM
It can be mounted but it just a read-only filesystem
you can use tar, zip, 7zip etc instead

bash# mksquashfs /var/arch /var/arch.sqsh
bash# mkdir /mnt/tmp
bash# mount /var/arch.sqsh /mnt/tmp -t squashfs -o loop
bash# ls /mnt/tmp

CHANGE VLC USERAGENT
vlc 'http://wiki.videolan.org/' :http-user-agent='FooBar/1.2.3'

may 20, 2019
I Learned things in a hardway because I am stupid
Learn How to PURGE
apt remove package ----just remove to program the config files not included
apt-get purge dnsmasq ----> remove programs dependencies including config files

# SET UP FAKE CAM
#!/bin/sh
# install v4l2looback first
# card label that would be your camera name
printf "Requires root access"
modprobe v4l2loopback video_nr=5 card_label="Intergrated Webcam"

#--------------------------------
# this one works well you could play even file in url
ffmpeg -re -i sadak.mp4 -r 10 -pix_fmt yuyv422 -f v4l2 /dev/video5

ffmpeg -f x11grab -r 15 -s 1280x720 -i :0.0+0,0 -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 /dev/video0
ffmpeg -re -i video.mp4 -c:v rawvideo -pix_fmt yuv420p -f v4l2 -s 640*360 /dev/video0
ffmpeg -re -i input.mp4 -map 0:v -f v4l2 /dev/video0

Sept.12.2019
Useful tools ipcalc
root@ibm~# ipcalc 10.0.0.1/8
Address: 10.0.0.1 00001010. 00000000.00000000.00000001
Netmask: 255.0.0.0 = 8 11111111. 00000000.00000000.00000000
Wildcard: 0.255.255.255 00000000. 11111111.11111111.11111111
=>
Network: 10.0.0.0/8 00001010. 00000000.00000000.00000000
HostMin: 10.0.0.1 00001010. 00000000.00000000.00000001
HostMax: 10.255.255.254 00001010. 11111111.11111111.11111110
Broadcast: 10.255.255.255 00001010. 11111111.11111111.11111111
Hosts/Net: 16777214 Class A, Private Internet
So I discovered open host slots

############################################################
#HOW To convert unixtime to readable format vice versa. [tag unix time]

bash# date -d "2019-11-09 18:24:30" "+%s"
1573323870

bash#date --date='@1573323870'
Sat Nov 9 18:24:30 UTC 2019
##################################################################
Samba client
mount.cifs //[IP_ADDR]/SERVER_NAME/FOLDER_NAME /mountpoint

nmblookup '*'
nmblookup -S WORKGROUP
#######################################################
GET SUM IN FILES
NOTE: IT ALSO COMPUTES DECIMAL NUMBERS
awk '{ sum += $1 } END { print sum }' Oct24-Nov30.txt
#######################################################
###################################
Get the sum of list of number
Warning It ignores decimal places
###################################
grep -oE '[0-9]+' Oct24-Nov30.txt | paste -s -d + - | bc
ou can use grep + paste + bc

$ grep -oE '[0-9]+' file
10
10
20
20
20

$ grep -oE '[0-9]+' file | paste -s -d + -
10+10+20+20+20

$ grep -oE '[0-9]+' file | paste -s -d + - | bc
80

tr 'A-Za-z0-9' 'N-ZA-Mn-za-m5-90-4'
################################################3
bssid: Upper Room
BC:C0:0F:BF:90:80
1john3v16
chrome.exe --proxy-server="socks5://localhost:9050" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"
===========================
screen capture FFMPEG
https://ffmpeg.org/ffmpeg-devices.html#x11grab
===========================
ffmpeg -f x11grab -framerate 25 -video_size cif -i :0.0 out.mp4

Sun Jun 6 03:56:34 CST 2021
NEW TRICKS IN MY SLEEVES
Can execute command in text stream
The nice thing about it different
command from everyline
just press CTRL-C for the next command
line in the next line.
$/bin/sh -c "$(cat IoT.txt)"

Thu Jul 8 06:26:40 UTC 2021

pgrep firefox | xargs kill
ps -auxf
ps firefox
ps -A

Thu Jul 8 07:41:44 UTC 2021
A Golmine
Ctrl-c kill foreground process
Ctrl-z Suspend fg process
Ctrl-d Terminate input, or exit shell
Ctrl-s Suspend output
Ctrl-q Resume output
Ctrl-o Discard output
Ctrl-l Clear screen

CHEATCODES
GNU/LINUX RAMB MANUAL,TWEAKS AND TRICKS

INTRODUCTION:
    Many people is misconcepted or misinformed about LINUX. Linux is not an O.S. but it is a kernel. It is useless when it is used alone it needs distros to make it a powerful operating system.There are are many Linux-Distros--Debian, Slackware, OpenSuse, Fedora, Gentoo, Ubuntu, Red Hat, CentOS, Kali  and the list goes on and on everyday.Many of us have no clue that Android O.S. use LINUX kernel or else it will be just a cripple. Many of us don't recognize how powerful a linux distro is. Most of us are not aware that 85 to 97 percent of websites in the wold run in Linux Distros.

WHY I WROTE THIS?:
    I wrote this for a personal reason. Linux is good when it comes to security but is hard to use ---> It will be only hard If you don't know what to do. Just invest some brain cells and it will be useful.Hoping would be a beginning for those who just learning the ropes.I intend it to be cheatsheet for newbie.Empirical Experience there are many times I have been in a forum, not all the posts there are useful. I chose the best of
them. So I have a reference when it comes tweaking.My last reason. I don't want to forget it.



I. MAY COMMAND LIVE AND PERSIST
    Don't get intimidated by black screen and flickering green text on screen like those we've seen on those Hacker movies and claim to be a
super genious. Those overated and bullshits.

    CLI --> Command Line Interface. CLI is useful use lesser memmory unlike its opponent GUI (Graphical Use's Interface) use much memmory

BASH or Bourne Again SHell:A Linux/Unix shell that you type your command there are alternatives like xterm and konsole. The counterpart of bash in Windows is Batch files like Batch file, BASH does not need to be compiled to run. it just runs, and could change the code on the fly.

One of the useful tool Xterm shell is the crontab. I used to delete those files over and over again with this tool you can elimate
those habitual deletion of file and saves a lot times. In Linux shell type "crontab -l"
in my case : this is my crojobs it includes of the file path of my  bash script---xhistory.sh
To edit the crontab type the "crontab -e" on linux shell

johndoe@linuxdistros:~$ crontab -e                  
Put the following  lines of command and save it then restart your machine. It supposed to
work.

#every  15 minutes the machine will execute this bash script file
*/15 * * * *  sh "/home/john/cronjobs/xhistory.sh"

And the xhistory.sh contains the following lines of script commands.


#It fills .bash_history with ramdom characters for 34 times
shred -n 34 "/home/charm/.bash_history"
#Then emptying the file by filling with null bytes

cat /dev/null > /home/john/.bash_history
history -c
history -w

shred -n 34 "/home/john/.local/share/recently-used.xbel"
cat /dev/null > /home/john/.local/share/recently-used.xbel

shred -n 34 "/home/john/.config/smplayer/smplayer.ini"
cat /dev/null > "/home/john/.config/smplayer/smplayer.ini"

The exections secure delete the contents of history files. It is a little bit
counter hacking but it is good when you used it mysql shell, rlogin, ssh passwords
it prevents the attacker to exploit you passwords. And one more thing it saves disk space.
Minute   Hour    Day   MONTH   YEAR      commands
 *        *       *     *        *       /root/run_me.sh

HARDENED NETWORK SECURITY

iptables --> it is a very versatile firewall native in linux kernel. You don't need to install a a 3rd party software, you just need
            know how it works

YOUR SECURITY IS VITAL. You could avoid hackers scanning and launching ARP Network poisoning (Like wifikill on android devices )
which can cut you out from internet. And the worse is they can still information, passwords and even credit card number by
launching ssl strip tools. You could avoid that and become stealth in a network like in a public internet network.
Somebody can ping scan your machine your machine and that is start of the vulnerability. You are also vulnerale of what they call it
"Ping of death" which is a kind of DOS (Denial of Service) Attack and MITM (Man inn The Middle Attack) Attak which can totally strip naked
your privacy and it allows someone to steal your passwords in the site your visited. You could avoid those threat by utilizing
the following commands in linux system shell.

NOTE: It requires root access

#DISALLOWING REMOTE ACCESS in x11
root@linuxshell:~$iptables -A INPUT -p tcp --destination-port 6000  -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p tcp --destination-port 6000  -j REJECT
root@linuxshell:~$ip6tables -A INPUT -p tcp --destination-port 6000 -j REJECT
root@linuxshell:~$ip6tables -A OUTPUT -p tcp --destination-port 6000 -j REJECT

#Disallowing ping from someone. Your machine rejects ping it does not reply.
root@linuxshell:~$iptables -A INPUT -p icmp --icmp-type echo-request -j REJECT
root@linuxshell:~$iptables -A OUTPUT -p icmp --icmp-type echo-reply -j REJECT
iptables -A INPUT -s 192.168.1.103 -J DROP --> Drop all packets from specific IPaDD

To Check it out if the code works

root@linuxshell:$ iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere             tcp dpt:x11 reject-with icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere             icmp echo-request reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere             tcp dpt:x11 reject-with icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere             icmp echo-reply reject-with icmp-port-unreachable




This one will prevent your machine from WifiKill and MITM and DOS attack in Local Network.
NOTE: It requires root access.
This one is wlan or wifi

root@linuxshell:~$echo "1"  > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/net/ipv4/conf/wlan0/arp_announce

This one is for LAN or Ethernet card:
root@linuxshell:~$echo "1"  > /proc/sys/net/ipv4/conf/wlan0/arp_ignore
root@linuxshell:~$echo "8" > /proc/sys/
net/ipv4/conf/wlan0/arp_announce


#######################################
YOU SHOULD TRY sysctl -a
You can set some firewall rules
and it retains even the system is  restarted
the path of config file is
/etc/sysctl.conf
######################################



HARDENED PRIVACY ( needs to be edited)

In this section I will tackle more advance security. If you are an average internet users you don't need to do this stuff, but if you are a journalist, eloectronic privacy
advocate or a  wistleblower you want to expose some corruptions and it is definitely  a matter of life and death. You have to be careful I advice to turnoff your swap before encrypting files and send it to someone.

I highly recommend to use "Tails" linux distro. A bootable OS can be booted on usb  and CD. But if you want to leave any digital fingerprint and you want to  hide an
incriminating data.  (just google it)

After your machine boot up. Do this first in Linux Shell.

swapoff -a

a -  all. turn of swap totaly
you can check it out by: typing the following command on Bash
    htop  -  swap memmory should appear 0.
          freem -a

The swap memmory also can be encrypted. just google it.




Creation of 6MB file
dd if=/dev/urandom of=swapfile.crypt bs=1M count=64
loop=$(losetup -f)
losetup ${loop} swapfile.crypt
cryptsetup open --type plain --key-file /dev/urandom ${loop} swapfile
mkswap /dev/mapper/swapfile
swapon /dev/mapper/swapfile

The result:

# swapon -s
Filename                                Type            Size    Used    Priority
/dev/mapper/swap0                       partition       4000176 0       -1
/dev/mapper/swap1                       partition       2000084 0       -2
/dev/mapper/swapfile                    partition       65528   0       -3

swap0 and swap1 are real partitions.
shareimprove this answer
edited Feb 12 '13 at 22:39
cjm
20.3k57073
answered Feb 12 '13 at 21:10
ott--
7661512

5

This Configuration uses randomly generated keys at boot and will not support Hibernation to hard disk! You Should Disable Hibernation through your respectie DE Power Management Utility and set it to Shutdown on Critical to avoid Data Loss!

Make sure to run sudo -s or su before running the following.

    Disable Swap:

    # swapoff -a

    Locate the existing Swap Partition

    # lsblk

    You will get something like this:

    sda3    8:3    0     8G  0 part [SWAP]

    Overwrite Old Swap

    # dd if=/dev/zero bs=1024000 of=/dev/sda<#>

    for example:

    # dd if=/dev/zero bs=1024000 of=/dev/sda3

    fstab setup

    # vim /etc/fstab

    Replace old SWAP device with crypttab mapper name: /dev/mapper/cswap

    #<file system>      <mount point>   <type>  <options>   <dump>  <pass>
    /dev/mapper/cswap   none            swap    pri=1,defaults  0   0

    Crypto Setup

    # ls -lF /dev/disk/by-id

    For Example:

    ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3 -> ../../sda3

    # vim /etc/crypttab

    # <name>    <device>                            <password>  <options>
      cswap     /dev/disk/by-id/ata-HGST_HTS545050A7E680_TEK55D4F0BU3GV-part3   /dev/urandom    swap,cipher=aes-cbc-essiv:sha256,size=256

    Active Encrypted Swap

    # reboot

    Verify Enctypted Swap Operations

    For example:

    # dmsetup -C info
    cswap      253   0 L--w    2    1      0 CRYPT-PLAIN-cswap  
    # lsblk
    ├─sda3                8:3    0     8G  0 part  
    │ └─cswap             253:0    0     8G  0 crypt [SWAP]
    # cat /proc/swaps
    Filename                Type        Size    Used    Priority
    /dev/dm-0               partition   8385532 0       -1


####################################################################
ENVIRONMENTAL VARIABLES

You can also edit environmental variables. In your home directory search for .bahrc
 if there's none in existence make one. This is a cool thing you can decide what you wanted
 to do with your bash shell environment. Open ".bashrc" and add this line:
PS1='\u@\h:\w\$ '

When you open the cosole the display would be like this.

john@bashshell:~$

you can just change it whatever you want to do with it like:
PS1='\u@\h:\w\# '

It results:
 john@bashshell:~#______


There is another one useful for changing environmental  variables.
this one  is like a starup folder in windows.

open the file path  /etc/profile.d/

If you ought to install software in another  folder besides the nstandard installation folder (like your new downloaded firefox you want it to install in other folder like an encrypted disk beside the standard disk)you have to change the environmental variables like in this case the java is installed in none standard way. you can check it out by typing  "which java" in my case java could not found because it is installed in none standard way.
First I move The jkd7 folder from /usr/lib64/jdk7 to  /usr/jdk7   (you can also do this in umounted devices encrypted volume like truecrypt and luks you program runs there)

if i type java -version  in bash I recieve this
bash: java: command not found

This the original path
#!/bin/sh
export JAVA_HOME=/usr/lib64/jdk7
export PATH='/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/lib64/jvm/bin:/usr/lib64/jvm/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'

This is the modified path
#!/bin/sh
export JAVA_HOME=/usr/jdk7
export PATH='/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/jdk7/bin:/usr/jdk7/jre/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/jdk7/bin:/bin:/usr/games:/usr/lib64/kde4/libexec:/usr/lib64/qt/bin'
 
restart your machine.
on conssole type: java -version
Java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)



You supposed to see the java vesion. In that case it should work all the way.


feb 3, 2016
If you want to torrify your download. run tor first and do the
next step: this time i download the file with name "youtube-dl"
i tunnel the connection in TOR using socks5
 curl --socks5-hostname 127.0.0.1:9150 http://youtube-dl.org/latest/youtube-dl -o youtube-dl

The good thing about "curl" if the download is interupted or  experinced disconnection you can still resume your download. if the file is too large and you want continue the download the next day you can still resume the remaining bytes.

OPENSSL OPEN SSL
There was something in my machine always bothering me I can't install
openssl properly it was always butt-in the older installed ssl version
the problem is I was so stupid that I din't think about the path name of the old one just to overight my machine is a little bit eccentric it din't install openssl in the standard directory so i have no configure the installation first this is the path that work in my machine: ./config --prefix=/usr/local --openssldir=/usr/local/openssl
./config
make
make test
make install

 I just browsed it on the web I don't know if it is working

HOW TO ANONYMIZE FIREFOX on 2010-08-10


wrote :

change in about:config


browser.download.manager.scanWhenDone = false
browser.send_pings = false
dom.disable_window_open_feature.menubar = true
dom.disable_window_open_feature.scrollbars = true
intl.accept_charsets;utf-8
intl.accept_languages;en
intl.charset.default;utf-8
intl.charsetmenu.browser.cache;UTF-8
keyword.enabled = false
layout.css.visited_links_enabled = false
network.http.sendRefererHeader;0
network.http.accept.default;*/*
network.prefetch-next = false
network.proxy.socks_remote_dns = true

########################################################################

add to about:config (for faking the user agent)


new - string: general.useragent.override - value: Mozilla/5.0 (en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2

########################################################################

change settings
(in firefox 3.5 and higher first choose "user default" to change some settings)


javascript:disabled
java: disabled
history: disabled
chronicle: disabled
save data: disabled
cookies: disabled
clear private data: enabled (all)
remember passwords: disabled
offline storage: 0 mb cache

########################################################################

search engines disable/uninstall


PACKET WARS
#to forward the traffic to your machine between your target and router.
echo 1 > /proc/sys/net/ipv4/ip_forward

MORE ABOUT NETWORK SECURITY
SSH - Safe shell. A future network admin should know how to use telnet, rlogin , sftp, gopher and ssh.
Safe shell is secure. You should know how configure ssh server and client for encrypted connection. In my case I
use OpenSSH for BSD
https://archive.is/o/zCaQN/www.ssh.com/support/documentation/online/ssh/adminguide/32/Generating_the_Host_Key.html
-----------------------------------------------
SSH PROXY connection

ssh -p 443 -C2qTnN -D 52233 skyssh.com-florp@146.185.160.149




ssh -D 12345 myuser@remote_ssh_server
SOCKS Host: 127.0.0.1 port: 12345 (I, actually, used 8080) with
 ssh -C2qTnN -D 8080 user@my_server


create.sshgoogle.com
 fastssh.com
 skyssh.com

 sshagan.net
 go-ssh.com

http://www.phcorner.net
un: json***
pw: cro*****

tcpvpn.com
 bestvpnssh.com
 mytunneling.com
 createssh.com



 ssh -C2qTnN -D 8080 -p 443  skyssh.com-anonme@188.166.190.87




ssh -C2qTnN -D 51234 skyssh.com-krang@45.32.147.45
-------------------------------------------------------------------------------------



PUT YOUR WIRELESS CARD IN MONITOR MODE
(It depends on your wlan card if it is supported listening or monitor mode.

ON YOUR SHELL
ifconfig wlan0 down
iwconfig wlan0 mode monitor
ifconfig wlan0 up
     

ifconfig wlan0 down
iwconfig wlan0 mode managed
ifconfig wlan0 up





#redirect all of torify's traffic to localhost
sudo iptables -t nat -A OUTPUT -m owner --uid-owner torify -j DNAT --to-destination 127.0.0.1
#allow vm to access privoxy, tor
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 8118 -j ACCEPT
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -p tcp --dport 9050 -j ACCEPT
#allow tor to access vm
sudo iptables -A OUTPUT -o lo -m owner --uid-owner debian-tor -p tcp --dport 5022 -j ACCEPT
#if we allow it outgoing, allow it incoming and don't interfere with prior connections
sudo iptables -A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
sudo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -m state --state RELATED -j ACCEPT
#don't let anything access vm on localhost
sudo iptables -A OUTPUT -o lo -p tcp --dport 5022 -j DROP
#don't let torify snoop around on listening localhost ports
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP
#don't allow external machines to access vm
sudo iptables -A INPUT ! -i lo -p tcp --dport 5022 -j DROP
#drop all torify traffic failsafe and protocol agnostic
sudo iptables -A OUTPUT -o lo -m owner --uid-owner torify -j DROP

To make sure the rules stay after reboot, type the following command: sudo iptables-save
Next we'll need to make sure Privoxy works with Tor. Type this command: sudo gedit /etc/privoxy/config
Delete everything in the file and replace it with this:
# Generally, this file goes in /etc/privoxy/config
#
# Tor listens as a SOCKS4a proxy here:
forward-socks4a / 127.0.0.1:9050 .
confdir /etc/privoxy
log /etc/privoxy
#actionsfile standard # Internal purpose, recommended
#actionsfile default # Main actions file
#actionsfile user       # User customizations
#filterfile default.filter
# Don't log interesting things, only startup messages, warnings and errors
#logfile logfile
#jarfile jarfile
#debug 0 # show each GET/POST/CONNECT request
#debug 4096 # Startup banner and warnings
#debug 8192 # Errors - *we highly recommended enabling this*
user-manual /usr/share/doc/privoxy/user-manual
listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
Now, type this command:

sudo /etc/init.d/privoxy restart


Well, that didn't work like intended. We dropped ARP related traffic to the IP address, but not on IP level. This is also visible in the arp -n list:
root@ubuntu:/data# arp -n
 Address                  HWtype  HWaddress           Flags Mask            Iface
 192.168.1.20             ether   00:a7:22:23:d1:f3   C                     eth0
 192.168.1.1              ether   d8:d7:21:22:5a:f4   C                     eth0
So to make this work, we simply have to flush the ARP cache. We delete the related ARP entry:
root@ubuntu:/data# arp -d 192.168.1.1
root@ubuntu:/data# arp -n
 Address                  HWtype  HWaddress           Flags Mask            Iface
 192.168.1.20             ether   00:a7:22:23:d1:f3   C                     eth0
 192.168.1.1                      (incomplete)                              eth0








Specific traffic filtering
Back to our original mission: only allow our router to exchange ARP packets.
root@ubuntu:/data# Block ARP traffic from all machines (default: DENY)
arptables -P INPUT DROP

root@ubuntu:/data# Allow router (fixed ARP)
arptables -A INPUT --source-mac d8:d7:21:22:5a:f4 -j ACCEPT
All ARP packets are blocked now. Each system which will transmitting traffic will end up as an (incomplete) entry.
Enable all ARP traffic
If we want to allow traffic again:
root@ubuntu:/data# arptables -P INPUT ACCEPT
root@ubuntu:/data# arptables --flush
Flushing the full ARP cache can be done with ip utility:
root@ubuntu:/data# ip -s neighbour flush all
Conclusion
Arptables is a very powerful utility to filter traffic and avoid an unexpected router taking over our connectivity. However, keep in mind that connectivity is not fully blocked. Only ARP traffic is blocked (layer 2/3 on the OSI model). If someone is able to manually add an entry to the ARP table, traffic is able to flow again.




One hardening trick I like is to turn off ARP completely with:
ip link set dev eth0 arp off
Then add a static ARP entry for the router so you can get to that:
arp -s 10.0.0.2 00:0c:29:c0:94:bf


------------------------------

gpg --keyserver pgpkeys.mit.edu --recv 8B48AD6246925553

#######################
To update java download java.33.3..gz and extract the files in the current directory of java installation just a sort of copy and paste
######################################
you could secure delete klipboard it is located in /.kde/ but you can disable the saving in klipboard in options


Set Environmental variables
export MYHOME=/mnt/live/memory/data/AdwCleaner/


###############################
# TO DISABLE BASH HISTORY PERMANENTLY #
# echo 'set +o history' >> ~/.bashrc                    #
###############################

JUST DISABLE HISTORY IN A CURRENT SHELL

set +o history


##############################################
The OpenSSH 7+ does not support deffie-hellman handshake by default
you should config it or type it specifically in CLI. And does not display the key in md5 hexadecimal string format but a series of gibberish. To make it work in that way one should edit this config as I explain below:
 
/home/user/.ssh/config
Host 192.168.1.1
        KexAlgorithms +diffie-hellman-group1-sha1
        FingerprintHash md5



/home/user/.ssh/config
What I did is to make something in old format md5 display and old
Host *  # anyhost
 ForwardX11 yes
 Compression yes
X11 is also cool thing
==============================
Linux command line show directory sizes
du -sh *
http://112.203.90.24//admin/pldt.asp --might be exploited
=========================================
LEARNING APACHE MORE
This is substantial
http proxy using apache "proxy-html.conf  <--Im gonna study about that








f2592419@mvrht.comf2592419@mvrht.com



=================================
DNS/NameServer
I find a more effective way to customize dns server






=========================================================
#add into .bashrc
genpasswd() {
    local l=$1
           [ "$l" == "" ] && l=16
          tr -dc A-Za-z0-9_ < /dev/urandom | head -c ${l} | xargs
}

===============================================================================

unix tools
fc ---edit .bash_history
LINUX/unix MONITORING TOOLS
iptraf --network
top   --process
vmstat --process
iostat
iftop --network
du -sh *  --> show directory sizes
1. Fire up airodump-ng, lock to the channel that has the network AP you are interested in.
 2. Note the BSSID of the AP and the MAC of a connected client.
 3. Use aireplay-ng to force a deauth. Since Association and Re-Association packets contain the SSID whether hidden or not,
when the client reconnects, your airodump-ng session should capture the SSID and report that in your session window.
 Basic syntax is:
 aireplay-ng -0 3 -a $BSSID -c $CLIENTMAC $INTERFACE
aireplay-ng --ignore-negative-one -0 30 -a C4:6E:1F:48:DB:E4 -c 04:1B:BA:44:A3:E8 mon0
aireplay-ng --ignore-negative-one -0 -a 00:13:33:F3:84:9B -c 9C:B7:0D:26:0D:59 mon2
B315_9487D



root@bt:~# /pentest/password/jtr/john --stdout --incremental:all | aircrack-ng -b 00:19:5B:52:AD:F7 -w - /tmp/wpa2*.cap





-----------------------------------------------------------------------------------------------------------------------------------
iptables -I FORWARD 5 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
  456  iptables -I FORWARD 1 -s 10.42.0.52 -p tcp -m quota --quota 104857600 -j ACCEPT
  457  iptables -I FORWARD 2 -s 10.42.0.52 -j DROP
------------------------------------------------------------------------------
Conserning about bandwith quota In my own machine not the forwarding or shared
connections ones. this is 20 mb limit 20 971 520
iptables  -A INPUT -p tcp  -m quota --quota 20000000 -j ACCEPT
iptables -A INPUT -j DROP

1000/1024  bytes = 1 kb

 1 MiB = 220 bytes = 1024 kibibytes = 1048576bytes


ssh -C2qTnN -D 8090 usrname@hostname -p 443

###################################################
NETWORK SECURITY!
MITM NO PROBLEM IGNORE ICMP OR BROADCAST REQUEST
Add the following line "/etc/sysctl.conf"

Ignore ICMP request:
net.ipv4.icmp_echo_ignore_all = 1
Ignore Broadcast request:
net.ipv4.icmp_echo_ignore_broadcasts =1
#load new setting by typing the following command# sysctl -p

to show all the rules: sysctl -a


IT IS ALSO A GOOD THING IF YOU DISABLE YOUR IPV6 IF YOU DON'T
USE IT:
echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6

another method permanent effect edit the following file:
/etc/sysctl.conf
#with this lines
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1



#############################################

CREATING A BOGUS SSID OR AN EVIL TWIN
airbase-ng -a 00:09:5B:6F:64:1E --essid
"Fakeaccesspoint" -c 11 mon0

#########################################################
miselenious tricks display time in the upper left of the terminal
while sleep 1;do tput sc;tput cup 0 $(($(tput cols)-29));date;tput rc;done &

07/05/17 07:30:58 PM
Adding the rule
iptables -A OUTPUT  -p udp --dport 53 -j DROP

removing the rules
iptables -D OUTPUT -p udp --dport 53 -j DROP
Sunday, November 12, 2017
If you were having a problem in your default DNS server e.g. your pesky router. Just dont forget the resolve.conf in "/etc/resolve.conf"
and add the following line:

nameserver 8.8.8.8 #invoking google server as you dns server

##########################################################################
What's more surprising I solved a long time problem in sshd put it in booting up. And might solve other problem like putting httpd servic in startup
just change the chmod 0777 the file specific file in this directory "/etc/rc.d/"


#AUTO START SCRIPT IN MY MACHINE WITHOUT ERROR
# FILENAME: rc.local
# DESCRIPTION: This script enable tap functions of touchpad in this machine
# lenovo.modprobe startup script is not functioning and I dont know why.
# INSTRUCTION: Add the following script on rc.local the directory /etc/rc.local
#               if does not exist create it or Simply copy this file [/etc/rc.local]
#   and execute this command: [service rc.local restart] without the square brackets
# This procedure must have effect already your touchpad tapping function. Reboot your machine
# init 6
modprobe -r psmouse
modprobe psmouse proto=imps

It more


######################################################################

Sunday, November 19, 2017
In this moment in time I completely configured working dnsmasq DNS server in
this machine but sandly my linux machine at home is broken. It saddens me the fact that I have good internet connection at home and cound not even practice stardard networking practice at home I had to be a snitch. To digest everything I learned in a short period at time. I know it is wrong but I coudn't help myself to solve something (a long time problem) . I eager to learn more that's how I get my drive to insist my persitence in learning.
By the way I wanted to write down details how I solved that DNS (dnsmasq problem)
saving queries in a text file
dnsmasq --no-daemon --log-queries --log-facility=/var/log/dnsmasq.log
just show log queries
dnsmasq --no-daemon --log-queries

Slax DEBIAN BASED ERA

2018-04-09 07:51:

I have installed new linux base OS
It is in its infancy but I guess I would learn a lotfrom it
The first and foremost problem I encountered and solved is about
the autologin of Debian OS even though it has password(It is modified version of Debian it is sort of minimalist OS so many features are not includedin the system. like the desktop manager ). I just googled it unlike
before I had to do it all by myself.

systemctl set-default multi-user.target

To make it back in autologin

systemctl set-default graphical.target

As I  have said, I don't have Desktop manager I couldn't
even adjust the brightness. Just like I did in the first I googled it
Debian has a lot of community support unlike the former distro I had.
This is the solution.

echo 1000 > /sys/class/backlight/intel_backlight/brightness
just like that. But it depends on your hardware you should follow the /sys/class/backlight and browse the directory to find out which is which.
script to make it automated

#################################################
#!/bin/sh
if [ $1 -le 0 ]
then
echo  "1" > /sys/class/backlight/intel_backlight/brightness
else
echo $((2400 * $1 / 100 )) > /sys/class/backlight/intel_backlight/brightness
fi

#################################################










MORE GOOD FIREWALL RULES FROM EXPERTS JUST PASTED WHOLE THING HERE JUST FIGURE IT OUT
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3

##############################################################3
# Functions previously found in netbase
#

# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#

###################################################################
# Magic system request Key
# 0=disable, 1=enable all
# Debian kernels have this set to 0 (disable the key)
# See https://www.kernel.org/doc/Documentation/sysrq.txt
# for what other values do
#kernel.sysrq=1

###################################################################
# Protected links
#
# Protects against creating or following links under certain conditions
# Debian kernels have both set to 1 (restricted)
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
#fs.protected_hardlinks=0
#fs.protected_symlinks=0
net.ipv4.icmp_echo_ignore_all = 1



If you have issues on your touchpad  here is the solution
https://forums.kali.org/showthread.php?221-Touchpad-Synaptics-Tapping-issue-Solved
on the command line:
modprobe -r psmouse //disable touchpad  first
modprobe psmouse proto=imps //it should function your touchpad

If you want to make it automated. modify the file of the
following path /etc/modprobe.d/anyname.conf
add the following line
options psmouse proto=imps

Insert date from cli output VIM editor
:r !date



Sat May  5 04:11:45 EDT 2018

I dont like Windows OS specially windows10 it is the biggest
spyware. It captures screen shots and the plain text of the text file
is being spied so I tranfered this text on a volume
I googled and it said you can make a virtual disk, like ext4 file system
you can make it, but you must make a file container first you can use

fallocate or dd (google it stupid). and make it by use some
tools like mkfs, e.g. mkfs.ext4 <nameofthefile) and you can mount it
like you just mounting a regular disk.

Creation of 500mb container:

dd if=/dev/zero of=MyDrive.img bs=1M count=500
This one is pretend to be a broken disk


dd if=/dev/zero bs=1k count=100 | tr "\000" "\377" > /dev/sdb
My discovery it can be used to wipe ssd/hhd
dd if=/dev/zero of=foo.bar bs=300k count=1 conv=notrunc
Formatting of the Container:

mkfs -t ext3 MyDrive.img
Now you can mount it.
mount MyDrive.img /mnt/mountfolder

--------------------------------------------------------------
THIS COULD BE SOLUTION TO MY LONG TERM PROBLEM
DNS SERVER WITH CUSTOM PORT

    87.118.100.175 (Ports: 53, 110)
    94.75.228.29 (Ports: 53, 110, DNSSEC)
    87.118.104.203 (Ports: 53, 110,DNSSEC)
    62.141.58.13 (Ports: 53, 110, HTTPS-DNS, DNSSEC)
    87.118.109.2 (Ports: 53, 110, DNSSEC)

09.12.2019

ULTIMATE SOLUTION FOR SECURE E2EE FOR DNS ASIDES FROM HTTP-DNS
dnscrypt-proxy
# FileName: dnscrypt-proxy.conf
# A more comprehensive example config can be found in
#
# /usr/share/doc/dnscrypt-proxy/examples/dnscrypt-proxy.conf

ResolverName random
ResolversList /usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv
#cloudflare
#yandex
#ipredator
Daemonize no
#fallback_resolver = 77.88.8.7:53
# LocalAddress only applies to users of the init script. systemd users must
# change the dnscrypt-proxy.socket file.
# to edit systemctl edit dnscrypt-proxy.socket
LocalAddress 127.0.2.1:53
----------------------------------------------
# To Edit systemctl edit dnscrpt-proxy.socket
#fileName dnscrypt-proxy.socket
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.2.1:53
ListenDatagram=127.0.2.1:53


https://forums.gentoo.org/viewtopic-t-164165-start-0.html



Fri Jun  1 09:41:01 CST 2018
Open_SSH7.4p1 disables the following key exhange algorithms and
cipher by default. so I need to define the following
line in ~/.ssh/config  to pull this out.

Host 10.0.0.1
FingerprintHash md5
KexAlgorithms +diffie-hellman-group1-sha1
Ciphers 3des-cbc

--------------------------------------------
disable a certain linux service
-------------------------------------------
systemctl disable dnsmasq.service

#check status
systemctl status dnsmasq
------------------------
show services and etc
systemctl --all


Monday, October 08, 2018
NOTE TO MYSELF
Just searching all over again for something. Those pesky files stored in a removable SSD storage
I fear it is gone for good.
use  "dd" command to overwrite file with zeros or make a container file "mkfs" at least I have a clue
doing something than nothing.
I've got the best solution before.


Create your image file of the size you want:

dd if=/dev/zero of=./your.img bz=1M count=<number of megabytes you want>
Format it

mkfs.ext3 ./your.img
(Recheck that command before running it, do read what is printed out.)

Mount it:

mount -o loop ./your.img /some/mount/point
And you're done. Don't forget to unmount before you copy/send that image file anywhere.

dd if=/dev/zero of=~/theFile.img bs=1M count=10
$ /sbin/mkfs.ext4 theFile.img
$ sudo mount -o loop theFile.img /mnt/tmp/


Oct 11, 2018
In any GNU LINUX distros if you install something related to video or audio and if it does
not work in non-root user try to add that user(s) in that group video/audio/graphic shits shits.


October 17, 2018
IMAGE AND DEVICE ENCRYPTION
LUKS / CRYPTSETUP
Sample of creation of encrypted image file
fallocate -l 100M encryptedimage.bin
mkfs.ext4 -j encryptedimage.bin
cryptsetup -y luksFormat encryptedimage.bin

MOUNT LUKS IMAGE / DISK CONTAINER

cryptsetup luksOpen enk.bin enkVolume
mkfs.ext4 /dev/mapper/enkVolume
TO UNMOUNT LUKS IMAGE / DEVICE
cryptsetup luksClose /dev/mapper/enkVolume

November 15, 2018
I just discovered tcplay means tru3 crypt play it can create and mount TC volume
HERE ARE some of the procedures according to your need
Encrypting a file as a virtual volume
Invoke

 $ losetup -f
to find the first unused loopback device; in this example, /dev/loop0.

Note: As of udev 181-5, the loop device module is no longer auto-loaded.
Create a new container foo.tc, 20M in size for instance, in the working directory:

 # fallocate -l 20M foo.tc
 # losetup /dev/loop0 foo.tc
 # tcplay -c -d /dev/loop0 -a whirlpool -b AES-256-XTS
Enter a secure password for the volume, and confirm the query to overwrite foo.tc with the new volume. tcplay will then write random data into the volume. Map the volume and create a filesystem on it in order to mount

 # tcplay -m foo.tc -d /dev/loop0
 # mkfs.ext4 /dev/mapper/foo.tc
 # mount /dev/mapper/foo.tc /mnt/truecrypt/
To unset the container,

 # umount /mnt/truecrypt
 # dmsetup remove foo.tc
 # losetup -d /dev/loop0
Mounting an existing container for a user
Consider /dev/loop0 the first unused loop device, foo.tc the TrueCrypt container, /home/you/truecrypt/ the desired mount point. The user you in this example has uid=1000 and gid=100. The steps for mounting the container as a virtual volume are:

Associate loop device with the container
Map the container to the loop device
Mount the container in the filesystem
The following commands perform the above actions.

 # losetup /dev/loop0 foo.tc
 # tcplay -m foo.tc -d /dev/loop0
 # mount -o nodev,nosuid,uid=1000,gid=100 /dev/mapper/foo.tc /home/you/truecrypt/
Note, if the container uses ext4 or another filesystem that supports file ownership, the uid and gid parameters aren't needed and will not work. Therefore the third command would be simply:

 # mount -o nodev,nosuid /dev/mapper/foo.tc /home/you/truecrypt/
To reverse them:

 # umount /home/you/truecrypt/
 # dmsetup remove foo.tc
 # losetup -d /dev/loop0
Using tcplay-helper
The tcplay-helper-gitAUR[broken link: package not found] tool simplifies the process of creating, mounting and unmounting tc-play containers. The tool is still a work-in-progress, but should work fine for most users wanting to work with simple secure tc-play containers.

The following command creates a 3Mb container called foo.tc.

 # tcplay-helper create foo.tc 3M
To mount the container file we can either mount it as root with the following command. The container will be mounted under /mnt/truecrypt/

 # tcplay-helper open foo.tc
Alternatively, we can supply a username to mount the container as.

 # tcplay-helper open foo.tc archie
Finally, to close the container this command does the trick.

 # tcplay-helper close foo.tc




ovember 16, 2018
FOR THE BROADER KNOWLEDGE ABOUT FILE SYSTEM
LET TRY SQUASH FILE SYSTEM
It can be mounted but it just a read-only filesystem
you can use tar, zip, 7zip etc instead

bash# mksquashfs /var/arch /var/arch.sqsh
    bash# mkdir /mnt/tmp
    bash# mount /var/arch.sqsh /mnt/tmp -t squashfs -o loop
    bash# ls /mnt/tmp

CHANGE VLC USERAGENT
vlc 'http://wiki.videolan.org/' :http-user-agent='FooBar/1.2.3'

may 20, 2019
I Learned things in a hardway because I am stupid
Learn How to PURGE
apt remove package ----just remove to program the config files not included
apt-get purge dnsmasq ----> remove programs dependencies including config files


# SET UP FAKE CAM
#!/bin/sh
# install v4l2looback first
# card label that would be your camera name
printf  "Requires root access"
modprobe v4l2loopback video_nr=5 card_label="Intergrated Webcam"

#--------------------------------
# this one works well you could play even file in url
ffmpeg -re -i sadak.mp4 -r 10 -pix_fmt yuyv422 -f v4l2 /dev/video5



ffmpeg -f x11grab -r 15 -s 1280x720 -i :0.0+0,0 -vcodec rawvideo -pix_fmt yuv420p -threads 0 -f v4l2 /dev/video0
ffmpeg -re -i video.mp4 -c:v rawvideo -pix_fmt yuv420p -f v4l2 -s 640*360 /dev/video0
ffmpeg -re -i input.mp4 -map 0:v -f v4l2 /dev/video0

Sept.12.2019
Useful tools ipcalc
root@ibm~# ipcalc 10.0.0.1/8
Address:   10.0.0.1             00001010. 00000000.00000000.00000001
Netmask:   255.0.0.0 = 8        11111111. 00000000.00000000.00000000
Wildcard:  0.255.255.255        00000000. 11111111.11111111.11111111
=>
Network:   10.0.0.0/8           00001010. 00000000.00000000.00000000
HostMin:   10.0.0.1             00001010. 00000000.00000000.00000001
HostMax:   10.255.255.254       00001010. 11111111.11111111.11111110
Broadcast: 10.255.255.255       00001010. 11111111.11111111.11111111
Hosts/Net: 16777214              Class A, Private Internet
So I discovered open host slots

############################################################
#HOW To convert unixtime to readable format vice versa. [tag unix time]

bash# date -d "2019-11-09 18:24:30" "+%s"
1573323870

bash#date --date='@1573323870'
Sat Nov  9 18:24:30 UTC 2019
##################################################################
Samba client
mount.cifs //[IP_ADDR]/SERVER_NAME/FOLDER_NAME /mountpoint

nmblookup '*'
nmblookup -S WORKGROUP
#######################################################
GET SUM IN FILES
NOTE: IT ALSO COMPUTES DECIMAL NUMBERS
 awk '{ sum += $1 } END { print sum }' Oct24-Nov30.txt
#######################################################
###################################
Get the sum of list of number
Warning It ignores decimal places
###################################
grep -oE '[0-9]+' Oct24-Nov30.txt | paste -s -d + - | bc
ou can use grep + paste + bc

$ grep -oE '[0-9]+' file
10
10
20
20
20

$ grep -oE '[0-9]+' file | paste -s -d + -
10+10+20+20+20

$ grep -oE '[0-9]+' file | paste -s -d + - | bc
80

tr 'A-Za-z0-9' 'N-ZA-Mn-za-m5-90-4'
################################################3
bssid: Upper Room
BC:C0:0F:BF:90:80
1john3v16
chrome.exe --proxy-server="socks5://localhost:9050" --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"
===========================
screen capture FFMPEG
https://ffmpeg.org/ffmpeg-devices.html#x11grab
===========================
ffmpeg -f x11grab -framerate 25 -video_size cif -i :0.0 out.mp4


Sun Jun  6 03:56:34 CST 2021
NEW TRICKS IN MY SLEEVES
Can execute command in text stream
The nice thing about it different
command from everyline
just press CTRL-C for the next command
line in the next line.
$/bin/sh -c "$(cat IoT.txt)"

Thu Jul  8 06:26:40 UTC 2021
To kill a process that don't need to know the Process ID
pgrep firefox | xargs kill
ps -auxf
ps firefox
ps -A

Thu Jul  8 07:41:44 UTC 2021
A Goldmine
Ctrl-c kill foreground process
Ctrl-z Suspend fg process
Ctrl-d Terminate input, or exit shell
Ctrl-s Suspend output
Ctrl-q Resume output
Ctrl-o Discard output
Ctrl-l Clear screen
Ctrl-w deleting a word in the left

Encrypted PDF files

You could encrypt, unencrypted pdf files using

this tool, QPDF. For sensitive data if you want to send a copy

via facebook or emails. A prompt for password will appear everytime someone trying to open it

I tried in some android devices pc it all works. all supported that built in library for encryption

sample qpdf usage:

qpdf --encrypt mypassword 256 -- stateaccount.unencrypt.pdf encrypted.stateaccout.pdf