Hackepedia - User contributions [en]

Timelapse

2021-06-16T19:37:19Z

Franks: Created page with " # Move pics to new folder $ mv IMG_{1842..1891}.JPG timeplapse2/ # Make the timeplase $ ffmpeg -framerate 30 -pattern_type glob -i "*.JPG" -s:v 1440x1080 -c:v libx264 -cr..."

# Move pics to new folder
$ mv IMG_{1842..1891}.JPG timeplapse2/
# Make the timeplase
$ ffmpeg -framerate 30 -pattern_type glob -i "*.JPG" -s:v 1440x1080 -c:v libx264 -crf 17 -pix_fmt yuv420p timelapse.mp4

Rsync

2021-05-02T19:58:03Z

Franks:

Trying to backup remotely using rsync + ssh so the transfer is encrypted.
Two things non-standard in my setup, I use a non-standard ssh port (4321), and I'm connecting from the box I want backed up, to the server. In most examples, you're connecting from the server, to the client.

$ rsync -avz -e 'ssh -p4321' /client/homedirectory remoteuser@remotehost:/remote/backup/directory

From Dir1 to Dir2:

$ rsync -av --delete /Directory1/ /Directory2/
–delete = This tells rsync to delete any files that are in Directory2 that aren’t in Directory1.

to exclude a few:

--exclude={"/tmp/*","/proc/*"}

Wireless

2021-03-10T03:28:24Z

Franks:

Wireless is technology that allows communication without a cable. Radio has been with us for more than 100 years and is the most well known wireless technology. Other wireless technology are infrared and visual light as the bearer of data.

In 1999 wireless [[ethernet]] (802.11abg+) became popular first offering 2 Mbps, 11 Mbps, 53 Mbps and currently they advertise 300 Mbps between laptop and base station.

Some people say they are allergic to the microwaves produced by wireless ethernet.

== Monitor your wireless connection ==

$ nmcli dev wifi

$ watch -n 3 cat /proc/net/wireless

$ nmcli connection show

$ nmcli connection show "$NAME"

You can likely find your wireless adapter from:

$ ip addr

or

$ sudo lshw -C network

we'll assume it's wlan0, replace that below with yours:

$ sudo iwconfig wlan0 | grep -i quality

In terms of third party apps, I did `apt install wavemon` and then simply run:

$ wavemon

Ssh

2021-03-09T19:03:29Z

Franks:

[[Image:socket.jpg]]

SSH stands for "Secure Shell" and was first written by a Finnish computer scientist named Tatu Ylonen. Mr. Ylonen went on to found [http://www.ssh.com SSH Communications] which continues developing the ssh program. The program uses both symmetric and assymetric [[cryptography]] in order to keep the [[OSI]] session layer secure from session [[hijacking]] and [[sniffing]].

== Public Key Differences ==

There are three versions used in SSH. One for v1 protocol, and two for v2.

* RSA1 is referred to as the original RSA key used for v1 protocols. These keys were used to encrypt the communications.

* RSA is referred to as the v2 protocol. This is used for signing the channel only since the underlying protocol is now handled by a different means.

* DSA was added to v2 protocol after [http://www.rsasecurity.com/ RSA Security] assured patent rights, and the IETF included DSA to allow for patent free implementation. '''Note: Due to how DSA works it requires a lot more good enthropy to be secure compared to RSA.'''

Which is the right one for you? Since the RSA patent has expired it is recommended by most of the OpenSSH team to stay with RSA keys since they have been around longer and are more known in terms of their strengths and weakness.

== The OpenSSH Fork ==

[http://www.openssh.com OpenSSH] was forked from a free version of SSH 1.2.12 and shipped with the [[OpenBSD]] 2.6 system. It has gained popularity among many vendors and is shipped with their products as well. [http://ssh.com/ Tatu Ylonen's company] took OpenSSH to court but lost.

== Cool SSH Tricks ==

Modern SSH clients and servers allow you to do some pretty nifty tricks. The most common is [http://en.tldp.org/HOWTO/XDMCP-HOWTO/ssh.html X11 Port Forwarding]. You can also [http://www.coder.com/daniel/kwlug/ssh-tricks/slide010.html forward arbitrary ports], and [http://www.coder.com/daniel/kwlug/ssh-tricks/slide006.html compress] files when transfering them over the network (all in addition to encrypting the data). One really nifty trick is to [[FlexLMForwarding| forward FlexLM]] connections. Another popular trick is [[ssh-keygen|passphraseless key exchange]].

== Travel ==

To use this, you'll need a [[shell]] account. This can be on a server you're running at home, or a machine that you trust. SOCKS mode is accomplished by adding the -D flag to start a SOCKS proxy.

$ ssh [[Variables|$home_machine]] -D127.0.0.1:8080

Now in firefox I enter a SOCKS proxy of 127.0.0.1 with port 8080 and it will appear to any website I visit that I am at home, not at my remote location! You can do this in any applications you wish ([[Firefox]],[[Thunderbird]] or [[Pidgin]] for example, or you can use this as a [[VPN]] for all applications.

== Lessons learned from Enigma ==

In world war 2 the germans used a cipher mechanism called [[enigma]] to secure their communications. Little did they know the british were able to read through this ciphertext and gain plain knowledge of everything being written. Enigma was a lazy concept, it allowed comforts on part of the operator and it was so complex that noone on the german side questioned it because they probably were too lazy to dig up dirt.

The same can be said for SSH, don't get lazy. Don't reuse private/public keys for passwordless access across systems. So far the public knows not of a case where it's possible to derive a private key from a public key. But we have a threat looming... quantum computers. If they manage to make this easy all security over public/private keys is diminished. It may even be safer to just use passwords (that are good! not simple ones). Stay vigilant my crypto heros, ssh shouldn't make you lazy!

== Rotate keys with ansible ==

Generate your new keys:

$ ssh-keygen -t rsa -b 4096 -C "ansible 2021" -f "ansible2021"

The following is dangerous in that you could get locked out of a remote system. For testing, I did --limit='server_one' in ansible to test on one host only, and I was manually ssh'd into that machine in case I did something wrong and had to manually replace my ssh key.

The following playbook assumes that your local username is localuser and in your hosts.yaml file you use ansible_user as the username:

'''
---
- hosts: all
tasks:
- authorized_key:
user: <nowiki>"{{ ansible_user }}" </nowiki>
state: present
key: <nowiki>"{{ lookup('file', '/home/localuser/.ssh/ansible2021.pub') }}" </nowiki>
exclusive: True

'''

Remove exclusive: True if you don't want to clobber/remove all existing ssh keys listed in authorized_keys, but simply want to add your new one!

SHA

2021-02-07T13:08:59Z

Franks: /* Using SHA256+ in Linux */

SHA-0 (Secure Hash Algorithm) was a proposal by the U.S. government that was replaced by SHA-1 in FIPS 180-1. SHA-1 addresses the weakness found in SHA-0 by adding an additional circular shift operation, thus deprecated SHA-0. SHA-1 has [http://theory.csail.mit.edu/~yiqun/shanote.pdf a reported weakness] as far as [[hash collision]]s are concerned and awareness should be raised if you are implementing it.

If you have the sha1 application installed, you can make use of the command like so:

$ sha1 /etc/passwd
SHA1 (/etc/passwd) = c7ae5b7306797d9f1f5fba85683cdd36ba8d1a08

=== Using SHA256+ in OpenBSD and NetBSD ===

As of OpenBSD 4.5 and NetBSD 4.0 the cksum command does SHA256, SHA384 and SHA512 the command is done like so:

$ cksum -a sha256 /dev/null
SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
$ cksum -a sha384 /dev/null
SHA384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
$ cksum -a sha512 /dev/null
SHA512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

A neat feature in OpenBSD is the -b flag in cksum which outputs the SHA checksum in base64:

$ cksum -a sha512 -b /dev/null
SHA512 (/dev/null) = z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==

The checksum is against the binary, NOT the hexdump of normal sha512.

=== SHA256 in FreeBSD ===

FreeBSD 7.0-stable has a sha256 program:

$ sha256 /dev/null
SHA256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

=== SHA256+ in Solaris 10 ===

Use the digest command:

$ digest -v -a sha256 /dev/null
sha256 (/dev/null) = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
$ digest -v -a sha384 /dev/null
sha384 (/dev/null) = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
$ digest -v -a sha512 /dev/null
sha512 (/dev/null) = cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

=== Using SHA256+ in Linux ===

On Debian/Ubuntu:

$ shasum -a 256 /dev/null
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b936ca495991b7852b855 /dev/null
# -a, --algorithm 1 (default), 224, 256, 384, 512, 512224, 512256

In this example it's OpenSuse 10.3, one has to use the openssl package:

> openssl dgst -sha256 /dev/null
SHA256(/dev/null)= e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
> openssl dgst -sha512 /dev/null
SHA512(/dev/null)= cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

There doesn't seem to be a sha384 though.

Main Page

2020-10-08T07:29:28Z

Franks:

<table width="87%" cellspacing="3" cellpadding="4">
<tr><td rowspan="2" width="56%" valign="top" bgcolor="#d7e7fa" style="border:1px solid #CEDEF4; padding:1em;padding-top:0.2em; color: black;">
The rough idea for this site was to create and provide answers to commonly asked questions and those that aren't currently answered online. It is maintained by hackers. If you do not understand a term, look it up at [http://www.wikipedia.org Wikipedia]. If you've come here to find answers or examples, hopefully you will find them. If you have an answer or example, we hope that you will leave those as well. Accounts are free, the only reason we require an email address to register here is to prevent the spam bots from hitting our site.

Ideally everything recommended here is free, open source, and works on most operating systems. If you see a page that you could make easier to understand for most readers, or would like to create one that follows this philosophy, please help us out, accounts are free!

You may have also been sent here because you're new to the [[internet]], or would like to learn the etiquette.

A few pages to get you started:

*[[Manual]]
*[[Socket]]
*[[Cider]]
*[[Bytes]]
*[[Satellites]]

As of Oct 7, 2020, we have surpassed over 14 million successful web requests!

</td><td width="24%" valign="top" bgcolor="#e7f7e7" style="border:1px solid #BAD0EF; padding: 1em; padding-top: 0.5em; color: black;">
'''Major Categories'''
{{MajorCategories}}

</td></tr>
</table>

Please see [http://meta.wikipedia.org/wiki/MediaWiki_i18n documentation on customizing the interface]
and the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for usage and configuration help.

Android

2020-08-09T05:17:58Z

Franks:

If you have an Android phone, here is some software that might be of interest:

== Security/Privacy ==

*[http://keepass.info/ KeePassDroid] - Password manager that uses encryption
*[http://www.whispersys.com/ TextSecure] - Encrypt SMS
*[http://code.google.com/p/droidwall/ DroidWall] - Firewall
*[http://bigtincan.com/downloads/android.html AdFree Android] - Requires root, but removes all ads

== Performance ==

* Only have wifi or GPS on while using it, turn it off asap after use.

== Samsung ==

* Kies Air from Samsung Apps (allows you to exchange content on the LAN through a web server)

== Backup ==

There are a few popular apps you should ensure you've manually backed up the shared secrets for, such as:
* Signal
* Silence
* [https://android.stackexchange.com/questions/187342/is-google-authenticator-data-saved-in-the-google-backup-cloud/190311#190311 Google Authenticator]
* Whatsapp

You'll need adb for this. On [[Debian]] or [[Ubuntu]]:
sudo apt-get install android-tools-adb

then you'll want to make a directory to back your files up to:
mkdir android-backup

cd into that directory, and start by backing up all your installed applications:

adb backup -all # Consider adding -apk -obb -shared as well

and now you can also backup your internal sdcard:

adb pull /sdcard/ .

The above assumes you're in android-backup, otherwise replace the . with the directory you want to backup to.

== Flash ==

Wipe System, Dalvik, and Cache and flash rom, gapps and magisk again.

Do NOT wipe Data and Internal Storage or you will lose all your data!

Android

2020-02-10T19:00:35Z

Franks: /* Backup */

Android

2019-09-29T21:53:21Z

Franks: /* Performance */

Riot

2019-09-26T18:47:25Z

Franks:

== Change a user's a password ==

$ ssh -L 8448:localhost:8448 serveruser@matrix.server.com

$ curl -XPOST -d '{"type":"m.login.password", "user":"<userId>", "password":"<pasword>"}' "https://localhost:8448/_matrix/client/r0/login"

get token

$ curl -XPOST -H "Authorization: Bearer <access_token>" -H "Content-Type: application/json" -d '{"new_password":"<new_password>"}' "https://localhost:8448/_matrix/client/r0/admin/reset_password/<userId>"

== Deactivate a user ==

#!/bin/bash
# from [gist]
echo -e "\e[97mPlease enter password for Synapse/Matrix root user:\e[0m";
read -s password
echo -e "\e[97mEnter user you'd like to deactivate\e[0m";
read user
#
url_user=`echo -n "$user" | jq -s -R -r @uri`
#
json=`curl -s --insecure -XPOST -d '{"type":"m.login.password", "user":"root", "password":"'$password'"}' "https://localhost:8448/_matrix/client/r0/login"`
access_token=`echo "$json" | jq -r ".access_token"`
#
curl --insecure -XPOST -H "Authorization: Bearer $access_token" -H "Content-Type: application/json" -d \
'{}' "https://localhost:8448/_matrix/client/r0/admin/deactivate/$url_user"

Riot

2019-09-26T00:07:18Z

Franks: Created page with " == Change a user's a password == $ ssh -L 8448:localhost:8448 serveruser@matrix.server.com $ curl -XPOST -d '{"type":"m.login.password", "user":"<userId>", "password":"<..."

Cryptsetup

2019-07-31T23:26:02Z

Franks:

== Find encrypted partitions ==

* lsblk -lf | grep LUKS

== Manually mounting an encrypted partition ==

* $ sudo cryptsetup luksOpen /dev/sda1 encrypted_partition
* $ sudo mkdir /media/decrypted_partition
* $ sudo mount /dev/mapper/encrypted_partition /media/decrypted_partition

== Manually unmounting a temporarily decrypted partition ==

* $ sudo umount /media/decrypted_partition
* $ sudo cryptsetup luksClose encrypted_partition

== Encrypting a partition on Ubuntu 7.10 (Gutsy) using cryptsetup (LUKS) ==

* fdisk your [[partition]]s and remember them.

I will use [[Variables|sdb2]] in my example.

* $ sudo apt-get install cryptsetup

* $ sudo cryptsetup luksFormat /dev/sdb2 -c aes -s 256 -h sha256

WARNING!
========
This will overwrite data on /dev/sdb2 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter LUKS passphrase:

This is where you make up a [[password]].

* sudo cryptsetup luksOpen /dev/sdb2 [[Variables|backup]]

I called it backup, you can call it whatever you want. You can do

$ ls -la /dev/mapper

and you should be able to see it!

* $ sudo mke2fs -j /dev/mapper/backup -L backup

You can label it whatever you want, most people use the same as that in /dev/mapper/ for simplicity. This also assumes you want an ext3 filesystem (the -j option). Make whatever [[filesystem]] you prefer. You can now [[mount]] /dev/mapper/backup manually, or add it to /etc/fstab and /etc/crypttab if it's a static partition.

== From passphrase prompt to a file ==

Although not recommended unless you're aware of the repercussions, you may wish to store the passphrase in a file on your system instead of being prompted. If this is the case, you can create a file either randomly:

$ sudo dd if=/dev/urandom of=/[[Variables|root/lukssecretkey]] bs=1024 count=4

or manually create a file with any passphrase in it you choose. Assuming sdc5 is the partition you want to encrypt, add the new key:

$ sudo cryptsetup luksAddKey [[Variables|/dev/sdc5]] [[Variables|/root/lukssecretkey]]

finally you want to edit your /etc/crypttab entry to use the keyfile:

# <target name> <source device> <key file> <options>
crypto [[Variables|/dev/sdc5]] [[Variables|/root/lukssecretkey]] luks,check=ext2,retry=5

Postfix:main.cf

2019-07-26T17:10:56Z

Franks:

This is a sample main.cf, not including the default [[variables]]. You can find the official options [http://www.postfix.org/postconf.5.html here]. If you like and understand the following, add it to the bottom of your main.cf file and run
# postfix reload

main.cf:
<pre>
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_etrn_restrictions = reject
smtpd_helo_restrictions =
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
permit
smtpd_sender_restrictions =
permit_mynetworks
reject_unknown_sender_domain
reject_non_fqdn_sender
permit_sasl_authenticated
permit_tls_clientcerts
warn_if_reject reject_unverified_sender
# Incoming email maximum size of one meg:
message_size_limit = 1024000
# This file needs to exist if you're going to use it.
header_checks = regexp:/usr/local/etc/postfix/header_checks
# If you don't have the following file, comment this out.
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
html_directory = no
syslog_facility = mail
syslog_name = postfix
disable_vrfy_command = yes
smtpd_banner = NO UCE ESMTP
# SASL
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
# This will only allow authentication of users once TLS has been
# started and information being transferred is encrypted.
smtpd_tls_auth_only = yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_CAfile = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions =
permit_mynetworks
reject_invalid_hostname
reject_unauth_pipelining
reject_unknown_recipient_domain
reject_unknown_sender_domain
reject_non_fqdn_hostname
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_sasl_authenticated
permit_tls_clientcerts
reject_unauth_destination
# A source of RBLs to use: https://www.dnsbl.info/dnsbl-list.php
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client proxies.relays.monkeys.com
reject_rbl_client opm.blitzed.org
reject_rbl_client blackholes.wirehub.net

</pre>

Also note these example [[header_checks]]

Postfix

2019-06-06T07:10:21Z

Franks:

[http://www.postfix.org Postfix] is Wietse Venema's sendmail alternative that attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users.

[[Postfix:pmm]] is our shell script to review Postfix maillog.

[[Postfix:main.cf]] contains additional ideas for your main.cf

[[Spf]] is how to create SPF records

== FreeBSD and TLS/SASL ==

Ignore the version numbers, the port names are what is important.
# pkg_info | egrep '(postfix|sasl)'
cyrus-sasl-2.1.21_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.21 SASL authentication server for cyrus-sasl2
postfix-2.2.6,1 A secure alternative to widely-used Sendmail

postfix:main.cf:
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

Anything extra in the directory below I put into the deactivated directory I created.
# ls /usr/local/lib/sasl2/
deactivated libdigestmd5.so.2 libplain.so.2
libcrammd5.a liblogin.a libsasldb.a
libcrammd5.so liblogin.so libsasldb.so
libcrammd5.so.2 liblogin.so.2 libsasldb.so.2
libdigestmd5.a libplain.a smtpd.conf
libdigestmd5.so libplain.so

rc.conf:
saslauthd_enable="YES"

In my case, I used the .pem file I had for imapd. You may have to generate on using mkimapdcert if you don't have [[variables|$file]].pem on your server.
And finally, start everything up.
# /usr/local/etc/rc.d/saslauthd.sh start
# postfix reload

Now

# tail -f /var/log/maillog

and try to use TLS & SMTP AUTH with your email client, watching the logs.

== OpenBSD and TLS/SASL ==

I just configured this on my BSD and it seems to work.
A [[tcpdump]] showed that this works encrypted over the
wire. I had to relax the strictness with [[TLS]] because
my provider's authorized certificate doesn't match
with the hostname or something.

Building from ports was like this

# cd /usr/ports/mail/postfix
# cd snapshot
# env FLAVOR=sasl2 make install

that should build this. My configuration looks like
this somewhat...:

# generic mailer stuff
smtp_generic_maps = hash:/etc/postfix/generic
# sasl stuff
broken_sasl_auth_clients = no
lmtp_sasl_auth_enable = no
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtp_enforce_tls = yes
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_starttls_timeout = 300s
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 2
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_scert_verifydepth = 5
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level = encrypt
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = yes

== submission ==

If you want to follow the [[RFC]], or if your [[ISP]] blocks port 25, you might want to have [[ports|port]] 587 available for [[SMTP]].
This is trivial in postfix. Remove the # in master.cf:
submission inet n - n - - smtpd
and restart postfix

# postfix reload

and now you should have both [[ports]] 25 and 587 listening.

Postfix

2019-06-06T07:09:43Z

Franks:

[http://www.postfix.org Postfix] is Wietse Venema's sendmail alternative that attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users.

[[Postfix:pmm]] is our shell script to review Postfix maillog.
[[Postfix:main.cf]] contains additional ideas for your main.cf
[[Spf]] is how to create SPF records

== FreeBSD and TLS/SASL ==

Ignore the version numbers, the port names are what is important.
# pkg_info | egrep '(postfix|sasl)'
cyrus-sasl-2.1.21_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-saslauthd-2.1.21 SASL authentication server for cyrus-sasl2
postfix-2.2.6,1 A secure alternative to widely-used Sendmail

postfix:main.cf:
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes

Anything extra in the directory below I put into the deactivated directory I created.
# ls /usr/local/lib/sasl2/
deactivated libdigestmd5.so.2 libplain.so.2
libcrammd5.a liblogin.a libsasldb.a
libcrammd5.so liblogin.so libsasldb.so
libcrammd5.so.2 liblogin.so.2 libsasldb.so.2
libdigestmd5.a libplain.a smtpd.conf
libdigestmd5.so libplain.so

rc.conf:
saslauthd_enable="YES"

In my case, I used the .pem file I had for imapd. You may have to generate on using mkimapdcert if you don't have [[variables|$file]].pem on your server.
And finally, start everything up.
# /usr/local/etc/rc.d/saslauthd.sh start
# postfix reload

Now

# tail -f /var/log/maillog

and try to use TLS & SMTP AUTH with your email client, watching the logs.

== OpenBSD and TLS/SASL ==

I just configured this on my BSD and it seems to work.
A [[tcpdump]] showed that this works encrypted over the
wire. I had to relax the strictness with [[TLS]] because
my provider's authorized certificate doesn't match
with the hostname or something.

Building from ports was like this

# cd /usr/ports/mail/postfix
# cd snapshot
# env FLAVOR=sasl2 make install

that should build this. My configuration looks like
this somewhat...:

# generic mailer stuff
smtp_generic_maps = hash:/etc/postfix/generic
# sasl stuff
broken_sasl_auth_clients = no
lmtp_sasl_auth_enable = no
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtpd_sasl_auth_enable = no
smtpd_sasl_authenticated_header = no
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtp_enforce_tls = yes
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_starttls_timeout = 300s
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 2
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_scert_verifydepth = 5
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level = encrypt
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = yes

== submission ==

If you want to follow the [[RFC]], or if your [[ISP]] blocks port 25, you might want to have [[ports|port]] 587 available for [[SMTP]].
This is trivial in postfix. Remove the # in master.cf:
submission inet n - n - - smtpd
and restart postfix

# postfix reload

and now you should have both [[ports]] 25 and 587 listening.

Spf

2019-06-06T07:09:08Z

Franks: Created page with "If you run a mail server, you likely want to setup spf and DKIM. For SPF, edit your DNS records and create a TXT record for your domain that says: v=spf1 a mx ip4:1.1.1.1 -..."

If you run a mail server, you likely want to setup spf and DKIM.

For SPF, edit your DNS records and create a TXT record for your domain that says:

v=spf1 a mx ip4:1.1.1.1 -all

Replace 1.1.1.1 with the IP address of your email server. Once you push the DNS, wait at least an hour and you can test it with:

$ nslookup -type=txt example.com

or

$ dig example.com txt

replacing example.com with your domain name.

Main Page

2019-06-05T18:57:19Z

Franks:

<table width="87%" cellspacing="3" cellpadding="4">
<tr><td rowspan="2" width="56%" valign="top" bgcolor="#d7e7fa" style="border:1px solid #CEDEF4; padding:1em;padding-top:0.2em; color: black;">
The rough idea for this site was to create and provide answers to commonly asked questions and those that aren't currently answered online. It is maintained by hackers. If you do not understand a term, look it up at [http://www.wikipedia.org Wikipedia]. If you've come here to find answers or examples, hopefully you will find them. If you have an answer or example, we hope that you will leave those as well. Accounts are free, the only reason we require an email address to register here is to prevent the spam bots from hitting our site.

Ideally everything recommended here is free, open source, and works on most operating systems. If you see a page that you could make easier to understand for most readers, or would like to create one that follows this philosophy, please help us out, accounts are free!

You may have also been sent here because you're new to the [[internet]], or would like to learn the etiquette.

A few pages to get you started:

*[[Manual]]
*[[Socket]]
*[[Cider]]
*[[Bytes]]
*[[Satellites]]

As of June 5, 2019, we have surpassed over 9.5 million successful web requests, and we're on track to surpass 10mm before the end of 2019!

</td><td width="24%" valign="top" bgcolor="#e7f7e7" style="border:1px solid #BAD0EF; padding: 1em; padding-top: 0.5em; color: black;">
'''Major Categories'''
{{MajorCategories}}

</td></tr>
</table>

Please see [http://meta.wikipedia.org/wiki/MediaWiki_i18n documentation on customizing the interface]
and the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for usage and configuration help.

Main Page

2019-06-05T18:56:15Z

Franks:

As of June 5, 2019, we have surpassed over 9.5 million successful web requests! Thanks!

<table width="87%" cellspacing="3" cellpadding="4">
<tr><td rowspan="2" width="56%" valign="top" bgcolor="#d7e7fa" style="border:1px solid #CEDEF4; padding:1em;padding-top:0.2em; color: black;">
The rough idea for this site was to create and provide answers to commonly asked questions and those that aren't currently answered online. It is maintained by hackers. If you do not understand a term, look it up at [http://www.wikipedia.org Wikipedia]. If you've come here to find answers or examples, hopefully you will find them. If you have an answer or example, we hope that you will leave those as well. Accounts are free, the only reason we require an email address to register here is to prevent the spam bots from hitting our site.

Ideally everything recommended here is free, open source, and works on most operating systems. If you see a page that you could make easier to understand for most readers, or would like to create one that follows this philosophy, please help us out, accounts are free!

You may have also been sent here because you're new to the [[internet]], or would like to learn the etiquette.

A few pages to get you started:

*[[Manual]]
*[[Socket]]
*[[Cider]]
*[[Bytes]]
*[[Satellites]]

On December 8, 2012 we reached our first million views. It is predicted that we'll reach
two million views around April 1, 2016.

</td><td width="24%" valign="top" bgcolor="#e7f7e7" style="border:1px solid #BAD0EF; padding: 1em; padding-top: 0.5em; color: black;">
'''Major Categories'''
{{MajorCategories}}

</td></tr>
</table>

Please see [http://meta.wikipedia.org/wiki/MediaWiki_i18n documentation on customizing the interface]
and the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for usage and configuration help.

Osxbackups

2015-12-08T19:00:08Z

Franks:

This page assumes you want to back up to a Ubuntu host.

apt-get install netatalk avahi-daemon

Now uncomment the last line in /etc/netatalk/afpd.conf

- -tcp -noddp -uamlist uams_dhx2.so -nosavepassword

Notice above I remove one of the old defaults from uamlist, this isn't needed for anything after osx 10.7.

Now you should prepare your backup partition. In my case, I created a user called 'maclaptop' (and thus my backup directory will be /home/maclaptop).

Now edit /etc/netatalk/AppleVolumes.default

/home/maclaptop "OpenSource Capsule" cnidscheme:dbd options:usedots,upriv,tm allow:timecapsule,@maclaptop

notice above the file entry allows the user maclaptop to ssh in. Also, you can rename "OpenSource Capsule" to what you want yours to be called.

== Errors ==

dsi_stream_read: len:0, unexpected EOF

Make sure the username after allow is allowed, and the path is correct.

timecapsule afpd[11819]: volume “TimeMachine” does not support Extended Attributes, using ea:ad instead

You can specify these if you wish

== Debug ==

add this to the afpd.conf file above:

- -tcp -noddp -uamlist uams_dhx2.so -nosavepassword -setuplog "default log_maxdebug /var/log/afpd.log"

warning, this will fill your disk space quickly, don't forget to remove this log entry, and empty afpd.log when done.

User talk:Vigeek

2015-06-26T16:48:55Z

Franks: Welcome!

'''Welcome to ''Hackepedia''!'''
We hope you will contribute much and well.
You will probably want to read the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents help pages].
Again, welcome and have fun! [[User:Franks|Franks]] ([[User talk:Franks|talk]]) 09:48, 26 June 2015 (PDT)

User:Vigeek

2015-06-26T16:48:54Z

Franks: Creating user page for new user.

Pdf

2015-05-19T20:12:06Z

Franks: Created page with " If you need to edit a PDF document, I just came across [http://xournal.sourceforge.net/ xournal] which was really handy. In this case, I was able to insert an image of my sig..."

If you need to edit a PDF document, I just came across [http://xournal.sourceforge.net/ xournal] which was really handy. In this case, I was able to insert an image of my signature into the pdf, export it back out as a pdf, no problem. There didn't seem to be any other handy tools that did this on [[UBO]]s.

Webdav

2015-04-24T05:59:04Z

Franks: Created page with " I should have started documenting this from the beginning, but hopefully this helps. <pre> <VirtualHost cal.example.com:80> ServerAdmin frank@example.com ServerName..."

I should have started documenting this from the beginning, but hopefully this helps.
<pre>
<VirtualHost cal.example.com:80>
ServerAdmin frank@example.com
ServerName cal.example.com
DocumentRoot /var/www/cal.example.com
<Directory />
Options FollowSymLinks
AllowOverride all
# Order allow,deny
# This line below, allows my subnet only (which if my IP is 1.2.3.4, I used the first 3 octets)!
Allow from 1.2.3
</Directory>
ErrorLog ${APACHE_LOG_DIR}/webdav.error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/webdav.access.log combined
Alias /webdav /var/www/cal.example.com/webdav
<Location /webdav>
Dav On
AuthType Basic
AuthName "webdav"
AuthUserFile /var/www/cal.example.com/passwd.dav
Require valid-user
</Location>
</VirtualHost>
</pre>

In your apache logs, if you see:

(13)Permission denied: An error occurred while opening a resource. [500, #0]

then make sure this matches (apache needs write permissions to the webdav directory!)

webdav$ ls -la
total 12
drwxrwxr-x 2 root www-data 4096 Apr 24 05:50 .
drwxr-xr-x 4 www-data www-data 4096 Apr 24 04:07 ..
-rw-r--r-- 1 www-data www-data 2970 Apr 24 05:50 mycal.ics

Dpkg

2015-03-29T05:36:42Z

Franks:

A friend told me to check the "menu" package in Debian GNU/Linux to find out how to autogenerate my [[fluxbox]] [[windowmanager]]. A quick look at the dpkg [[Manual]] shows that -L will show me what files were installed on my system from that package. In my case, I know I'm looking for an application, which are usually installed in a directory that ends with bin:

# dpkg -L menu | grep bin/
/usr/bin/update-menus
/usr/bin/update-menus.real
/usr/sbin/install-menu
/usr/sbin/su-to-root
/usr/sbin/wm-menu-config
/usr/bin/install-menu
/usr/bin/su-to-root

Lucky for me, when I read the first man page (update-menus) I realized this is the application I was looking for.

To see the files a .deb file will install:

# dpkg-query -c [[Variables|sensors-applet.deb]]

Encfs

2015-03-09T20:34:35Z

Franks:

== on [[osx]] ==

You will need [http://brew.sh brew] and [https://osxfuse.github.io/ osxfuse] installed. Once you have them installed, run the following in Applications/Utilities/Terminal:

$ brew install encfs

This will take some time, as it downloads all of your dependencies. Now to create your first encrypted directory. The encrypted data will be stored in .crypt, and when you mount it, it will be ~/crypt in your home directory. You could replace ~/.crypt with ~/Dropbox/Private to store your encrypted drive on Dropbox.

$ encfs ~/.crypt ~/crypt

To umount it, make sure you're not in the directory (~/crypt in the above example) and:

$ umount ~/crypt

You can mount it elsewhere later if you wish:

$ encfs ~/.crypt ~/newcryptdir

== errors ==

You may get the error:
$ encfs ~/.crypt ~/crypt
dyld: Library not loaded: /usr/local/opt/gettext/lib/libintl.8.dylib
Referenced from: /usr/local/bin/encfs
Reason: image not found
Trace/BPT trap: 5

If you get this error, install gettext and you should be OK:
$ brew install gettext

Encfs

2015-03-09T20:32:37Z

Franks:

== on [[osx]] ==

You will need [http://brew.sh brew] installed.

$ brew install encfs

This will take some time, as it downloads all of your dependencies. Now to create your first encrypted directory. The encrypted data will be stored in .crypt, and when you mount it, it will be ~/crypt in your home directory. You could replace ~/.crypt with ~/Dropbox/Private to store your encrypted drive on Dropbox.

$ encfs ~/.crypt ~/crypt

To umount it, make sure you're not in the directory (~/crypt in the above example) and:

$ umount ~/crypt

You can mount it elsewhere later if you wish:

$ encfs ~/.crypt ~/newcryptdir

== errors ==

You may get the error:
$ encfs ~/.crypt ~/crypt
dyld: Library not loaded: /usr/local/opt/gettext/lib/libintl.8.dylib
Referenced from: /usr/local/bin/encfs
Reason: image not found
Trace/BPT trap: 5

If you get this error, install gettext and you should be OK:
$ brew install gettext

Osx

2015-02-26T08:19:22Z

Franks:

* [[osxbackups]]
* Encrypt directories with [[encfs]]

== Shortcuts ==

* Hold down "d" on boot to do a hardware test
* Hold down alt/option on boot to boot into safe mode
* Hold down apple + "s" on boot for single user mode
* Hold down apple + "v" on boot for verbose mode
* Command + Control + Power also brings one into single user mode

== dynamic_paging ==

I noticed on my MacBook Air that after a few weeks I would run out of diskspace, without downloading anything, forcing me to reboot. Before I did, I checked /tmp and nothing looked large enough. Bryan F from [yh] pointed out "man dynamic_pager"

$ ls -la /private/var/vm/swapfile
$ sysctl vm.swapusage

I noticed gigs worth of files! At your own risk:

$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

and reboot. After reboot, sysctl vm.swapusage shows 0 and /private/var/vm/swapfile is empty. replace "unload" with "load" above to revert to default.

== Make application default ==

When trying to open video files, I noticed that it defaults to Quicktime, and I wanted it to default to VLC. With no obvious way to delete quicktime, I wasn't sure what to do. While I tried to setup "Always open with" and pick VLC, that didn't seem to work. In the end, I discovered you need to right click on the file then

Get Info -> Open With (Choose VLC) and then click "Change all..."

== Re-install ==

Do this at your own risk, and after backups. These steps worked on a MacBook Air with OSX Lion 10.8!
* Install [http://blog.gete.net/lion-diskmaker-us/ Diskmaker 2]
* Using the App Store, download the InstallESD.dmg
* Follow the steps in Diskmaker 2 and install the image on an 8G USB stick
* Reboot holding down the ALT key, choose the USB stick as the boot device
* Choose Disk Utility, and Erase the main partition/image
* Close Disk Utility and Install OSX

== Format a disk on the command line ==

In Terminal (Applications -> Utilities) on the command line type:

diskutil list

will show you all of the disks. In my case, disk1 is the one I want to erase and format:

diskutil eraseDisk HFS+ UntitledUFS disk1

== dd an .iso ==

Instead of using Disk utility, I find it easier to simply dd your iso to a USB stick. Find out what your USB stick device is.

diskutil list

then I added the USB stick and ran the same command. Under the IDENTIFIER column it will show you the name, in my case disk1. Make sure it's unmounted:

diskutil umount /dev/disk1

then

sudo dd if="[[Variables|mydiskimage.iso]]" of=/dev/disk1

and then patiently wait. When it's done, if the numbers match for input and output, you should be good to go!

== Wifi spots in range from the command line ==

Add airport to your path:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

To see a list of the nearby wifi spots from a broadcast scan:

airport -s

Your current wireless status:

airport -I

Encfs

2015-02-26T08:18:36Z

Franks:

Encfs

2015-02-25T21:19:47Z

Franks: Created page with " == on osx == You will need [http://brew.sh brew] installed. $ brew install encfs This will take some time, as it downloads all of your dependencies. Now to create yo..."

Sitesupport-url

2015-02-17T20:12:38Z

Franks:

Monday Oct 13, 2014: Upgraded licence from Attribution 2.0 Canada to Attribution 2.5 Canada - Creative Commons.

Feb 17, 2015: Upgraded to Mediawiki 1.24.1

Osx

2015-01-23T23:46:03Z

Franks: /* Wifi spots in range from the command line */ case sensitivity

[[osxbackups]]

== Shortcuts ==

* Hold down "d" on boot to do a hardware test
* Hold down alt/option on boot to boot into safe mode
* Hold down apple + "s" on boot for single user mode
* Hold down apple + "v" on boot for verbose mode
* Command + Control + Power also brings one into single user mode

== dynamic_paging ==

I noticed on my MacBook Air that after a few weeks I would run out of diskspace, without downloading anything, forcing me to reboot. Before I did, I checked /tmp and nothing looked large enough. Bryan F from [yh] pointed out "man dynamic_pager"

$ ls -la /private/var/vm/swapfile
$ sysctl vm.swapusage

I noticed gigs worth of files! At your own risk:

$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

and reboot. After reboot, sysctl vm.swapusage shows 0 and /private/var/vm/swapfile is empty. replace "unload" with "load" above to revert to default.

== Make application default ==

When trying to open video files, I noticed that it defaults to Quicktime, and I wanted it to default to VLC. With no obvious way to delete quicktime, I wasn't sure what to do. While I tried to setup "Always open with" and pick VLC, that didn't seem to work. In the end, I discovered you need to right click on the file then

Get Info -> Open With (Choose VLC) and then click "Change all..."

== Re-install ==

Do this at your own risk, and after backups. These steps worked on a MacBook Air with OSX Lion 10.8!
* Install [http://blog.gete.net/lion-diskmaker-us/ Diskmaker 2]
* Using the App Store, download the InstallESD.dmg
* Follow the steps in Diskmaker 2 and install the image on an 8G USB stick
* Reboot holding down the ALT key, choose the USB stick as the boot device
* Choose Disk Utility, and Erase the main partition/image
* Close Disk Utility and Install OSX

== Format a disk on the command line ==

In Terminal (Applications -> Utilities) on the command line type:

diskutil list

will show you all of the disks. In my case, disk1 is the one I want to erase and format:

diskutil eraseDisk HFS+ UntitledUFS disk1

== dd an .iso ==

Instead of using Disk utility, I find it easier to simply dd your iso to a USB stick. Find out what your USB stick device is.

diskutil list

then I added the USB stick and ran the same command. Under the IDENTIFIER column it will show you the name, in my case disk1. Make sure it's unmounted:

diskutil umount /dev/disk1

then

sudo dd if="[[Variables|mydiskimage.iso]]" of=/dev/disk1

and then patiently wait. When it's done, if the numbers match for input and output, you should be good to go!

== Wifi spots in range from the command line ==

Add airport to your path:

sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport

To see a list of the nearby wifi spots from a broadcast scan:

airport -s

Your current wireless status:

airport -I

Osx

2015-01-23T20:54:42Z

Franks:

Thunderbird

2015-01-05T08:34:39Z

Franks:

Thunderbird is a an [[MUA]]. If you've made the change from Internet explorer to the [[Firefox]] [[browser]], you should [http://www.mozilla.com/en-US/thunderbird/ give thunderbird a try]. It also comes from Mozilla.

== Remember your password==

If you have to enter the password for your email account(s) every time you start Mozilla Thunderbird, you can open your prefs.js file on most [[UBO]]s

$ find ~ -name prefs.js | grep thunderbird

to find the file. open it, and modify the line that says:
user_pref("signon.rememberSignons", false);
and change false to true. Now start thunderbird again and you should be set.

I had an issue where thunderbird kept showing me 3 new messages in one folder, but when I clicked on that folder, there was nothing new. The next time I looked at thunderbird, it said 3 new messages in that folder again. What I did was right click on the folder, and chose both

Mark Folder Read
Compact This Folder

== Transition between [[Linux]] and [[Windows]] ==

You will want to copy the data from:
(on Windows)
Application Data/Thunderbird/Profiles/*
(If you do not see these folders in Windows explorer, you might need to change: Tools -> Folder options -> View -> Show hidden files and folders)
to
(on Linux)
$HOME/.thunderbird/*
(.thunderbird might also be .mozilla-thunderbird)

You can also follow these steps in reverse

I've used * above in place of xxxxxxx.default/, this is the directory you want to copy over. Before starting thunderbird on the other system,
change profiles.ini from

IsRelative=1 to IsRelative=0
and
Path=Profiles/xxxxxx.default to Path=/home/you/.thunderbird/xxxxxx.default

== Transition between [[Linux]] and [[OSX]] ==

scp -rp ~/.thunderbird on linux machine to ~/Library/Thunderbird on OSX.

== Encryption ==

[http://enigmail.mozdev.org/home/index.php Enigmail]

----
[http://kb.mozillazine.org/Import_.pst_files Convert Outlook .pst files into Thunderbird]

Screensaver

2014-11-12T06:52:43Z

Franks: Created page with " == Using Gnome == The command that worked for me: gnome-screensaver-command --lock You can gnome-control-center and then scroll to Keyboard and click the Shortcuts..."

== Using Gnome ==

The command that worked for me:

gnome-screensaver-command --lock

You can

gnome-control-center

and then scroll to Keyboard and click the Shortcuts tab. In my case, I went to Custom Shortcuts, and created one called "Lock my screen" and ran the command above with --lock. After I entered that, I clicked on the right side of the window and hit the keyboard sequence I wanted to use, to have the screen lock come on immediately, requiring a password to use the system.

Android

2014-11-09T01:03:34Z

Franks:

If you have an Android phone, here is some software that might be of interest:

== Security/Privacy ==

*[http://keepass.info/ KeePassDroid] - Password manager that uses encryption
*[http://www.whispersys.com/ TextSecure] - Encrypt SMS
*[http://code.google.com/p/droidwall/ DroidWall] - Firewall
*[http://bigtincan.com/downloads/android.html AdFree Android] - Requires root, but removes all ads

== Performance ==

* Only have wifi or GPS on while using it, turn it off asap after use.

* [http://www.androidtapp.com/advanced-task-killer/ Advanced Task killer]
* [http://latedroid.com/juicedefender Juice Defender]
* [http://www.appbrain.com/app/juiceplotter/com.latedroid.juiceplotter Juice plotter]
* [http://www.appbrain.com/app/green-power-free-battery-saver/org.gpo.greenpower Green power]

== Samsung ==

* Kies Air from Samsung Apps (allows you to exchange content on the LAN through a web server)

== Backup ==

You'll need adb for this. On [[Debian]] or [[Ubuntu]]:
sudo apt-get install android-tools-adb

then you'll want to make a directory to back your files up to:
mkdir android-backup

cd into that directory, and start by backing up all your installed applications:

adb backup -all

and now you can also backup your internal sdcard:

adb pull /storage/sdcard0/ .

The above assumes you're in android-backup, otherwise replace the . with the directory you want to backup to.

OpenBSD

2014-10-31T10:28:30Z

Franks: /* Export Restrictions */ removing test

OpenBSD is an open source Unix-like Operating System. It is free to download, copy and modify. It is not similar to [[Linux]] in a sense because it was based on the 4.4BSD Operating System developed at the University of California at Berkeley ([[UCB]]). OpenBSD's mascot is [[puffy]] the Blowfish. [http://www.openbsd.org OpenBSD Project Home Page]
OpenBSD is written with [[C]] programming language.

== OpenBSD 5.6 ==

The [http://www.openbsd.org current] OpenBSD version is 5.6:

OpenBSD's preorders for 5.6 are on:

[http://www.openbsd.org/56.html OpenBSD 5.6 Release Page]

This season puffy does LibreSSL.

== Ported programs that orginated at OpenBSD ==

* [[ssh|OpenSSH]] is a side-project of OpenBSD. It was forked from ssh with an old version that had little license restrictions and is compatible now with ssh 2.0.
* [[pf]] was created at OpenBSD first (before being ported to other BSD's). Pf stands for Packet Filter and is a layer 3+ firewall. It was created to replace ipf.

== Release Song ==

Since release 3.0 OpenBSD has released a promotional song with its CD, it makes the project more hip this way. The songs and their lyrics can be found [http://www.openbsd.org/lyrics.html here]

== Hackathons ==

Hackathons are get-togethers of the programmers of OpenBSD. Since OpenBSD makes money by selling CD's and other merchandise, there is enough money to pay some developers travel, room and board. At a hackathon which spans usually over a week or so the programmers do a lot of code and can help others that need some information at hand. [http://marc.info/?l=openbsd-cvs&r=1&w=2 Marc.info] can be used to track changes to the openbsd source tree which gets updated very often during a hackathon (otherwise one can subscribe to the list through majordomo).

== Export Restrictions ==

[[FreeBSD]] recently implemented ACPI code in its implemenatation that has [http://marc.info/?l=openbsd-misc&m=128634319422034&w=2 export restrictions]. OpenBSD has no such export restrictions since the project is based in Canada which is known for its liberal export rules.

OpenBSD

2014-10-31T10:20:19Z

Franks:

User talk:Adnascentia

2014-10-25T20:47:36Z

Franks: Welcome!

'''Welcome to ''Hackepedia''!'''
We hope you will contribute much and well.
You will probably want to read the [[https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents|help pages]].
Again, welcome and have fun! [[User:Franks|Franks]] ([[User talk:Franks|talk]]) 13:47, 25 October 2014 (PDT)

User:Adnascentia

2014-10-25T20:47:36Z

Franks: Creating user page for new user.

A moment of happiness,
you and I sitting on the verandah,
apparently two, but one in soul, you and I.
We feel the flowing water of life here,
you and I, with the garden’s beauty
and the birds singing.
The stars will be watching us,
and we will show them
what it is to be a thin crescent moon.
You and I unselfed, will be together,
indifferent to idle speculation, you and I.
The parrots of heaven will be cracking sugar
as we laugh together, you and I.
In one form upon this earth,
and in another form in a timeless sweet land.
Rumi

Osxbackups

2014-10-20T02:41:59Z

Franks: Created page with "This page assumes you want to back up to a Ubuntu host. apt-get install netatalk avahi-daemon Now uncomment the last line in /etc/netatalk/afpd.conf - -tcp -noddp -uam..."

Osx

2014-10-20T02:29:59Z

Franks:

Sitesupport-url

2014-10-14T19:45:46Z

Franks: updated copyright licence

Monday Oct 13, 2014: Upgraded licence from Attribution 2.0 Canada to Attribution 2.5 Canada - Creative Commons.

Robots.txt

2014-10-14T09:41:13Z

Franks: Created page with "If you're wonder how search engines get your website's information, it's through automated tools, or robots, called spiders. Once a spider discovers a new domain name, like on..."

If you're wonder how search engines get your website's information, it's through automated tools, or robots, called spiders. Once a spider discovers a new domain name, like onedaywebsite.ca, it will ask the domain for a unique file called robots.txt.
The robots.txt file has several purposes, most notable to tell the robot what to exlcude. This standard is known as the Robots Exclusion Protocol or robots.txt protocol.
You should take a second right now try https://www.google.com/robots.txt as well as add /robots.txt to the URL to the root of your website to see if it exists. (don't try a subdirectory like example.com/example/subdirectory/robots.txt)

If you don't yet have a robots.txt file, you can create one and just have the following two lines:
User-agent: *
Disallow:

This tells all robots visiting your website that they are welcome to visit all files on your website. If you don't want any robots visiting your website to index you on their search engines, simply add a / after Disallow:

User-agent: *
Disallow: /

Robots all have a User-agent, and you can change the rules for each.
User-Agent: googlebot
Disallow: /private/

tells googlebot to ignore your /private/ directory

That's the basics. A few other nonstandard extensions:
Allow, which makes an exemption from a Disallow extension. For example, to allow the robot access to a specific file in a disallowed extenstion:

Allow: /private/onepublicfile.pdf
Disallow: /private/

There's the Sitemap directive:

Sitemap: www.onedaywebsite.ca/sitemap.xml

Host allows websites with multiple mirror websites to specify their preferred domain:

Host: newsite.example.com

Now you can take another look at https://www.google.com/robots.txt and understand what's in this file. Take the time to build your robots.txt, so you don't have any surprises on which of your files are now indexed on the popular search engines.

It's worth noting that there's no technical requirement to follow robots.txt, it's just the commonly accepted behaviour by popular search engines. There's nothing stopping a bot, or a human, from looking at files and directories listed under Disallow: as that's where you can often find some interesting things! If you don't want your files or directories published, they should never be made available.

[http://www.robotstxt.org/db.html List of popular robots to consider when building your robots.txt file]

I wonder if there is a search engine that only hosts Disallow information?

Header checks

2013-12-29T03:58:08Z

Franks: Created page with " # Important! This might break stuff. Once you have installed it, do a # postfix reload while running tail -f /var/log/mail.log and watch for errors. Send some text emails usi..."

# Important! This might break stuff. Once you have installed it, do a # postfix reload while running tail -f /var/log/mail.log and watch for errors. Send some text emails using the subjects below and watch what happens
# This should block everything from 1900-2012.
/^Date: .* 200[0-12]/ REJECT Spam Header Past Date 2000s
/^Date: .* 19[0-9][0-9]/ REJECT Spam Header Past Date 1900s
/^Subject: .*Make Money Fast!/ REJECT
/^Subject: .*Loan Offer/ REJECT Not looking for a loan thanks
/^Subject: *Your email contains VIRUSES/ DISCARD virus notification
/^Content-Disposition:.*VIRUS1_DETECTED_AND_REMOVED/
DISCARD virus notification
/^Content-Disposition:.*VirusWarning.txt/ DISCARD virus notification
# Do not accept these types of attachments
/^Content-(Type|Disposition):.*(file)?name=.*\.(bat|com|exe)/ REJECT Bad Attachment .${3}
# non-RFC Compliance headers
/[^[:print:]]{7}/ REJECT 2047rfc
/^.*=20[a-z]*=20[a-z]*=20[a-z]*=20[a-z]*/ REJECT 822rfc1
/(.*)?\{6,\}/ REJECT 822rfc2
/(.*)[X|x]\{3,\}/ REJECT 822rfc3
# Unreadable Language Types? -- NON-acsii un-printable
/^Subject:.*=\?(GB2312|big5|euc-kr|ks_c_5601-1987|koi8)\?/ REJECT NotReadable1
/^Content-Type:.*charset="?(GB2312|big5|euc-kr|ks_c_5601-1987|koi8)/ REJECT NotReadable2
/^Subject: =?big5?/ REJECT Chinese encoding not accepted by this server
/^Subject: =?EUC-KR?/ REJECT Korean encoding not allowed by this server
/^Subject: ADV:/ REJECT Advertisements not accepted by this server
/^Subject: =?Windows-1251?/ REJECT Russian encoding not allowed by this server
/^Subject: =\?KOI8-R\?/ REJECT Russian encoding not allowed by this server
/^Subject:.*=\?(big5|euc-kr|gb2312|ks_c_5601-1987)\?/ REJECT Language not accepted by this server as it is probably spam
/[^[:print:]]{8}/ REJECT Sorry, ascii characters only permitted by this server
/^From:.*\@.*\.cn/ REJECT Sorry, Chinese mail not allowed here
/^From:.*\@.*\.kr/ REJECT Sorry, Korean mail not allowed here
/^From:.*\@.*\.tr/ REJECT Sorry, Turkish mail not allowed here
/^From:.*\@.*\.ru/ REJECT Sorry, Russian mail not allowed here
/^From:.*\@.*\.ro/ REJECT Sorry, Romanian mail not allowed here

Postfix:main.cf

2013-12-29T03:22:45Z

Franks: header_checks link

This is a sample main.cf, not including the default [[variables]]. You can find the official options [http://www.postfix.org/postconf.5.html here]. If you like and understand the following, add it to the bottom of your main.cf file and run
# postfix reload

main.cf:
<pre>
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_etrn_restrictions = reject
smtpd_helo_restrictions =
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
permit
smtpd_sender_restrictions =
permit_mynetworks
reject_unknown_sender_domain
reject_non_fqdn_sender
permit_sasl_authenticated
permit_tls_clientcerts
warn_if_reject reject_unverified_sender
# Incoming email maximum size of one meg:
message_size_limit = 1024000
# This file needs to exist if you're going to use it.
header_checks = regexp:/usr/local/etc/postfix/header_checks
# If you don't have the following file, comment this out.
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
html_directory = no
syslog_facility = mail
syslog_name = postfix
disable_vrfy_command = yes
smtpd_banner = NO UCE ESMTP
# SASL
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
# This will only allow authentication of users once TLS has been
# started and information being transferred is encrypted.
smtpd_tls_auth_only = yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_CAfile = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions =
permit_mynetworks
reject_invalid_hostname
reject_unauth_pipelining
reject_unknown_recipient_domain
reject_unknown_sender_domain
reject_non_fqdn_hostname
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_sasl_authenticated
permit_tls_clientcerts
reject_unauth_destination
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client proxies.relays.monkeys.com
reject_rbl_client opm.blitzed.org
reject_rbl_client blackholes.wirehub.net

</pre>

Also note these example [[header_checks]]

Postfix:main.cf

2013-12-29T03:19:45Z

Franks:

This is a sample main.cf, not including the default [[variables]]. You can find the official options [http://www.postfix.org/postconf.5.html here]. If you like and understand the following, add it to the bottom of your main.cf file and run
# postfix reload

main.cf:
<pre>
strict_rfc821_envelopes = yes
smtpd_helo_required = yes
smtpd_etrn_restrictions = reject
smtpd_helo_restrictions =
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_hostname
permit
smtpd_sender_restrictions =
permit_mynetworks
reject_unknown_sender_domain
reject_non_fqdn_sender
permit_sasl_authenticated
permit_tls_clientcerts
warn_if_reject reject_unverified_sender
# Incoming email maximum size of one meg:
message_size_limit = 1024000
# This file needs to exist if you're going to use it.
[[header_checks]] = regexp:/usr/local/etc/postfix/header_checks
# If you don't have the following file, comment this out.
mime_header_checks = regexp:/usr/local/etc/postfix/mime_header_checks
html_directory = no
syslog_facility = mail
syslog_name = postfix
disable_vrfy_command = yes
smtpd_banner = NO UCE ESMTP
# SASL
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl2_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
broken_sasl_auth_clients = yes
# This will only allow authentication of users once TLS has been
# started and information being transferred is encrypted.
smtpd_tls_auth_only = yes
# TLS
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_cert_file = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_CAfile = /usr/local/share/courier-imap/imapd.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
smtpd_recipient_restrictions =
permit_mynetworks
reject_invalid_hostname
reject_unauth_pipelining
reject_unknown_recipient_domain
reject_unknown_sender_domain
reject_non_fqdn_hostname
reject_non_fqdn_recipient
reject_non_fqdn_sender
permit_sasl_authenticated
permit_tls_clientcerts
reject_unauth_destination
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client sbl.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client dul.dnsbl.sorbs.net
reject_rbl_client proxies.relays.monkeys.com
reject_rbl_client opm.blitzed.org
reject_rbl_client blackholes.wirehub.net

</pre>

Django

2013-12-28T19:22:56Z

Franks: Created page with "== Install on Debian == sudo apt-get install python-django You can verify it's installed after by running: $ python Python 2.6.6 (r266:84292, Dec 26 2010, 22:31:48) [..."

== Install on Debian ==

sudo apt-get install python-django

You can verify it's installed after by running:

$ python
Python 2.6.6 (r266:84292, Dec 26 2010, 22:31:48)
[GCC 4.4.5] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import django;
>>> django.VERSION
(1, 2, 3, 'final', 0)
>>> quit();

and now to create and test our first app:

$ django-admin startproject test_project
$ cd test_project

Replace 1.2.3.4 in the following line with your IP:

$ python manage.py runserver 1.2.3.4:9090
Validating models...
0 errors found

Django version 1.2.3, using settings 'test_project.settings'
Development server is running at http://1.2.3.4:9090/
Quit the server with CONTROL-C.

and now you should be able to go into your browser and look at ttp://1.2.3.4:9090/
If everything worked, the page will read:

It worked!
Congratulations on your first Django-powered page.

Aircrack-ng

2013-12-28T11:10:55Z

Franks: Created page with "== Installation on OSX == It's easy with brew! $ brew install aircrack-ng Warning: You have not agreed to the Xcode license. Builds will fail! Agree to the licen..."

== Installation on [[OSX]] ==

It's easy with [[brew]]!

$ brew install aircrack-ng
Warning: You have not agreed to the Xcode license.
Builds will fail! Agree to the license by opening Xcode.app or running:
xcodebuild -license
Warning: It appears you have MacPorts or Fink installed.
Software installed with other package managers causes known problems for
Homebrew. If a formula fails to build, uninstall MacPorts/Fink and try again.
==> Downloading http://download.aircrack-ng.org/aircrack-ng-1.1.tar.gz
######################################################################## 100.0%
==> Patching
patching file scripts/airodump-ng-oui-update
==> make CC=clang
==> make prefix=/usr/local/Cellar/aircrack-ng/1.1 mandir=/usr/local/Cellar/aircr
==> Caveats
Run `airodump-ng-oui-update` install or update the Airodump-ng OUI file.
==> Summary
🍺 /usr/local/Cellar/aircrack-ng/1.1: 34 files, 1.0M, built in 33 seconds

WEP

2013-12-28T11:08:42Z

Franks: /* Fluhrer, Mantin, and Shamir attack */ added link

WEP stands for Wired Equivalent Privacy and was the first encryption used in [[Wifi]] (WLAN). It has been replaced with WPA2, however most wifi cards still support WEP for whatever reason.

== WEP payload ==

The plaintext payload has a 4 byte (32 bit) CRC trailer. The message is then XOR'ed against a keystream. The ciphertext is then prepended by a 24 bit [[IV]].

== RC4 keystream ==

Given a 24 bit IV and either a 40 bit or 104 bit [[PSK]] an [[RC4]] keystream is derived. A keystream is meant as a stream of bytes that look random but are reproduceable with the same IV and PSK.

== 24 bit IV ==

A random 24 bit IV is prepended to every encrypted payload (every frame). Given its limited size there will be IV collisions after so many frames. A collision means that the value is the same for two or more IV's. When an IV is the same that means that the keystream between those collision packets is the same as well.

== Fluhrer, Mantin, and Shamir attack ==

This is a successful attack (also known as FMS attack) against WEP. It is used by the program [[aircrack-ng]].
Due to this WPA was invented supposedly.

== Replay attacks ==

Replay attacks are possible with WEP, and they are the reason that people can replay [[ARP]] requests and gather IV's (and IV collisions) that way.

== Injection attacks ==

Because the payload has a 32 bit CRC at the end someone can make a replay with an IP address changed. One needs to recompute the IP checksum which is 16 bits and recompute the 32 bit CRC at the end of the plaintext payload (802.11 header + IP packet + CRC32 checksum).
Most home routers should allow outgoing packets...

Brew

2013-12-28T10:57:30Z

Franks:

I was having issues with brew on [[osx]], when I would try

brew update

I was getting a long list that ended with:

Please move or remove them before you can merge.
Aborting
Error: Failure while executing: git pull -q origin refs/heads/master:refs/remotes/origin/master

To resolve it, I did:

$ cd $(brew --prefix)
$ rm Library/Formula/argp-standalone.rb
$ rm Library/Formula/cocot.rb
$ git fetch origin
remote: Counting objects: 306, done.
remote: Compressing objects: 100% (150/150), done.
remote: Total 301 (delta 116), reused 298 (delta 113)
Receiving objects: 100% (301/301), 109.15 KiB, done.
Resolving deltas: 100% (116/116), done.
From https://github.com/mxcl/homebrew
* [new branch] gh-pages -> origin/gh-pages
* [new branch] go -> origin/go
$ sudo git reset --hard origin/master
Password:
HEAD is now at bf807ec etcd 0.2.0

Now you should be good to go again!

$ brew update
Already up-to-date.

Now's a good time to see what else you can do to optimize brew:

$ brew doctor