ntp server - ntp client - debian based linux

A quick recipe on how to install and configure ntp servers and ntp clients on debian based Linux Systems.

Install the NTP daemon and utility programs
# apt-get install ntp 
Optionally you may install ntp-doc and ntpdate ( an ntp client )

Add some NTP servers at /etc/ntp.conf
#grep server /etc/ntp.conf 
server 0.pool.ntp.org
server ntp.ubuntu.com
server 1.debian.pool.ntp.org
You could also add the server's clock as last resort
server 127.127.1.0
fudge 127.127.1.0 stratum 10



A List of public Internet NTP Server Pools:
0.pool.ntp.org
1.pool.ntp.org
2.pool.ntp.org
3.pool.ntp.org
0.debian.pool.ntp.org
1.debian.pool.ntp.org
2.debian.pool.ntp.org
3.debian.pool.ntp.org
europe.pool.ntp.org
uk.pool.ntp.org


To allow time updates from a certain network eg: 10.0.0.0/8 you could add restrict statements
restrict 10.0.0.0 mask 255.0.0.0 nomodify


Check if you are able to synchronize with public ntp servers
#ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+tuxli.ch        213.239.239.165  3 u  105  128  377   76.294    2.642   0.263
+europium.canoni 193.79.237.14    2 u  103  128  377   82.345    1.168   0.378




Another way to Configure you NTP server to provide Time to your Local Network.
grep broadcast /etc/ntp.conf 
broadcast 192.168.99.255
192.168.99.0/24 is an example local network.

Allow UDP traffic on port 123 to the networks you provide time.
# iptables -A INPUT -p udp --dport 123 -s 192.168.99.0/24 -j ACCEPT
# iptables -A INPUT -m state --state NEW -p udp --dport 123 -s 192.168.99.0/24 -j ACCEPT
# iptables -A INPUT -p udp --dport 123 -s 10.0.0.0/8 -j ACCEPT
# iptables -A INPUT -m state --state NEW -p udp --dport 123 -s 10.0.0.0/8 -j ACCEPT



Test your ntp server from another host on the network in which you provide time.
$ apt-get install ntpdate
$ ntpdate 192.168.99.1
31 Dec 17:10:03 ntpdate[25638]: adjust time server 192.168.99.1 offset -0.028884 sec


Just query the NTP server
$ ntpdate -q 10.21.241.4
server 10.21.241.4, stratum 2, offset 21.797882, delay 0.02577
11 Mar 15:55:20 ntpdate[2715]: step time server 10.21.241.4 offset 21.797882 sec


or try ntpdate -u to use unprivileged ports
$ ntpdate -u 10.21.241.4
$ 26 Feb 01:48:20 ntpdate[29121]: adjust time server 10.21.241.4 offset -0.001598 sec


To figure out which ntp servers are OK to use you could use ntpdate -d (debug) and ntptrace eg.
$ ntptrace 10.21.241.4
ipduh.ipduh.awmn: stratum 2, offset 0.013533, synch distance 0.030645
nero.grnet.gr: stratum 1, offset 0.000000, synch distance 0.000000, refid 'GPS'
and
$ ntpdate -d 10.21.241.4
 4 Mar 01:37:27 ntpdate[4575]: ntpdate 4.2.4p8@1.1612-o Tue Apr 19 07:08:19 UTC 2011 (1)
Looking for host 10.21.241.4 and service ntp
host found : ipduh.ipduh.awmn
transmit(10.21.241.4)
receive(10.21.241.4)
transmit(10.21.241.4)
receive(10.21.241.4)
transmit(10.21.241.4)
receive(10.21.241.4)
transmit(10.21.241.4)
receive(10.21.241.4)
transmit(10.21.241.4)
server 10.21.241.4, port 123
stratum 2, precision -20, leap 00, trust 000
refid [10.21.241.4], delay 0.02570, dispersion 0.00000
transmitted 4, in filter 4
reference time:    d4de5a93.1a8c84bf  Mon, Mar  4 2013  1:26:11.103
originate timestamp: d4de5d37.65a0ddb3  Mon, Mar  4 2013  1:37:27.396
transmit timestamp:  d4de5d37.59ed9dfd  Mon, Mar  4 2013  1:37:27.351
filter delay:  0.02576  0.02571  0.02570  0.02571 
         0.00000  0.00000  0.00000  0.00000 
filter offset: 0.045579 0.045590 0.045589 0.045580
         0.000000 0.000000 0.000000 0.000000
delay 0.02570, dispersion 0.00000
offset 0.045589

 4 Mar 01:37:27 ntpdate[4575]: adjust time server 10.21.241.4 offset 0.045589 sec


Now you could install ntp to other hosts on your network and use your NTP server at 10.21.241.4 or the one at 192.168.99.1 as the stratum 2 - `upstream` NTP servers or install ntpdate and run every so often ntpdate to synchronize their clocks.

NTP server - NTP client ... debian linux ubuntu etc

awmn public caching DNS and reverse zone authoriative server on debian

This is a quick and dirty recipe of how to set up a public caching and authoritative for a reverse zone nameserver for the Athens Wireless Metropolitan Network and the other Greek Wireless Communities on a debian based system.

Install bind
# apt-get install bind


Put the following on /etc/bind/named.conf
# cat /etc/bind/named.conf
//#g0 - 2012 

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";



Put the following on /etc/bind/named.conf.options
and replace 10.27.224.17 with your IP address.
# cat /etc/bind/named.conf.options 
options {
 directory "/var/cache/bind";

 version "awmn. #g0 2012 alog.ipduh.com";

        listen-on { 127.0.0.1; 10.27.224.17; };

 auth-nxdomain no;    # conform to RFC1035
};


Put something like the following in /etc/bind/named.conf.local
Replace 224.27.10.in-addr.arpa with your reverse DNS zone
# cat named.conf.local 
//g0 2012 http://ipduh.com/contact

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl internals {
        127.0.0.0/8;
 10.0.0.0/8;
};

view "internal" {
        match-clients { internals; };
        recursion yes;
        allow-recursion { any; };
        allow-query { any; };
        allow-query-cache { any; };

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

//10.27.224.0/24 reverse zone 
zone "224.27.10.in-addr.arpa" IN {
        type master;
        file "/var/cache/bind/db.224.27.10.in-addr.arpa";
        allow-update { none; };
};

zone "10.in-addr.arpa" IN {
        type forward;
        forwarders {
          //10.0.1.1;
          10.19.143.12;
          //10.19.143.13;
        };
};



//####################################
//# Greek Wireless Communities Zones #
//####################################
//# https://www.awmn.net/wiki/       #
//####################################
//Because awmn will go gwmn pretty soon g stands for Greek or Global ;)
//####################################

zone "awmn" IN {
        type forward;
        forwarders {
          //10.0.1.1;  
          10.19.143.12;
          //10.19.143.13;
        };
};

zone "wn" IN {
        type forward;
        forwarders {
                10.126.3.115;
                10.110.17.115;
                10.19.143.12;
                10.17.122.134;
                10.86.87.129;
                10.2.16.130;
                10.110.17.67;
        };
};

zone "swn" IN {
        type forward;
        forwarders {
                10.101.0.254;
                10.106.3.1;
                10.174.254.101;
                10.174.1.253;
        };
};


zone "twmn" IN {
        type forward;
        forwarders {
                10.104.76.65;
                10.122.20.70;
                10.122.3.68;
                10.122.14.72;
                10.104.1.74;
        };
};

zone "wthess" IN {
        type forward;
        forwarders {
                10.96.0.1;
                10.96.22.2;
                10.96.9.3;
        };
};

zone "ewn" IN {
        type forward;
        forwarders {
                10.145.7.150;
                10.146.210.130;
        };
};

zone "mswn" IN {
        type forward;
        forwarders {
                10.148.50.2;
        };
};

zone "cywn" IN {
        type forward;
        forwarders {
                10.215.0.125;
                10.215.2.126;
        };
};

zone "dwn" IN {
        type forward;
        forwarders {
                10.174.1.253;
                10.174.254.101;
                10.174.17.250;
        };
};

zone "wiran" IN {
        type forward;
        forwarders {
                10.230.3.133;
        };
};

zone "wana" IN {
        type forward;
        forwarders {
                10.224.3.35;
        };
};

zone "awn" IN {
        type forward;
        forwarders {
                10.198.0.130;
        };
};

zone "pwmn" IN {
        type forward;
        forwarders {
                10.140.14.67;
        };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

};



Then put the zone info for 224.27.10.in-addr.arpa ( our example reverse zone ) at /var/cache/bind/db.224.27.10.in-addr.arpa or another appropriately named file

# cat /var/cache/bind/db.224.27.10.in-addr.arpa
$ORIGIN 224.27.10.in-addr.arpa.
$TTL 86400
@ IN SOA ns1.geioa.ns.awmn. systems-awmn.bot.ipduh.com. (
                    2012122501 ; serial
                    21600      ; refresh after 6 hours
                    3600       ; retry after 1 hour
                    604800     ; expire after 1 week
                    86400 )    ; minimum TTL of 1 day

          IN  NS ns1.geioa.ns.awmn.

1          IN  PTR router.geioa.ns.awmn.
17         IN  PTR serverakos.geioa.ns.awmn.



Then restart bind
# /etc/init.d/bind9 restart


AWMN public hybrid caching DNS and PTR server

Winbox on Wine on Linux

Winbox is a useful tool --even for command line sluts--
made by Mikrotik to manage RouterOS systems .
Wine is an easy way to get winbox working on linux systems.

Making it work on Debian Based Systems; Debian , Ubuntu , Xbuntu etc should be a breeze.

$ sudo apt-get install wine
$ wget http://download2.mikrotik.com/winbox.exe
$ chmod 755 winbox.exe
$ wine winbox.exe




winbox on wine --Linux

A caching DNS server on debian like systems ( Ubuntu 12.04 )

This recipe works on a 12.04 host and it does not on another 12.04 .
Try this instead.

I had to help a friend to setup a DNS caching server for his network. His network is a little bit special since he is connected constantly to three distinct networks: the Internet , the AWMN - A wireless community , and his `local` network.

The DNS server will serve the local network and provide a `public` DNS server to the wireless community.

I am setting the DNS caching server on an Ubuntu 12.04 server but the instructions following should work just fine on any Debian based system.

First of all we need to install bind
root@ubuntu-01:~# apt-get install bind9


Setting up bind

I like to reduce the number of files used to a minimum in any configuration so I set /etc/named.conf to the one following.

root@ubuntu-01:/etc/bind# cat named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
//#g0 - 2012 there is an entry describing this configuration at alog.ipduh.com
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/etc/bind/named.conf.default-zones";



Next let 's set the basics at /etc/named.conf.options. 10.27.224.17 is an IP address accessible by the whole Wireless Communtity AWMN and the local network. The gateway used by the server has Internet Access.
root@ubuntu-01:/etc/bind# cat named.conf.options 
options {
 directory "/var/cache/bind";

 version "some other version search alog.ipduh.com & awmn wiki";

        listen-on { 127.0.0.1; 10.27.224.17; };

 

 // If there is a firewall between you and nameservers you want
 // to talk to, you may need to fix the firewall to allow multiple
 // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

 // If your ISP provided one or more IP addresses for stable 
 // nameservers, you probably want to use them as forwarders.  
 // Uncomment the following block, and insert the addresses replacing 
 // the all-0's placeholder.

  //forwarders {
  // 0.0.0.0;
  //};

 //========================================================================
 // If BIND logs error messages about the root key being expired,
 // you will need to update your keys.  See https://www.isc.org/bind-keys
 //========================================================================
 //dnssec-validation auto;

 auth-nxdomain no;    # conform to RFC1035
 //listen-on-v6 { any; };
};


I disabled dnssec-validation and I will push the "." hint to the bottom so the DNS resolver-cache can deal with the wireless communities TLDs any way it wants.

Here goes the heart of it all --the /etc/named.conf.local
root@ubuntu-01:/etc/bind# cat named.conf.local 
// #g0 2012 -- http://ipduh.com/contact -- there is a post on alog.ipduh.com
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

//No need we will make the caching DNS server available to everyone
//acl internals {
//      127.0.0.0/8;
//    192.168.0.0/16;
//  10.0.0.0/8;
//};

//view "internal" {
//       match-clients { internals; };
//      recursion yes;

//Moved to the bottom
// prime the server with knowledge of the root servers
//zone "." {
//       type hint;
//      file "/etc/bind/db.root";
//};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};


//####################################
//# Greek Wireless Communities Zones #
//####################################
//# https://www.awmn.net/wiki/       #
//####################################
//Because awmn will go gwmn pretty soon g stands for Greek or Global ;)
//####################################

zone "10.in-addr.arpa" IN {
        type forward;
        forwarders {
       10.19.143.12;
       10.19.143.13;
        };
};


zone "awmn" IN {
        type forward;
        forwarders {
              // 10.0.1.1;  
         10.19.143.12;
              // 10.19.143.13;
        };
};

zone "wn" IN {
        type forward;
        forwarders {
                10.126.3.115;
                10.110.17.115;
                10.19.143.12;
                10.17.122.134;
                10.86.87.129;
                10.2.16.130;
                10.110.17.67;
        };
};

zone "swn" IN {
        type forward;
        forwarders {
                10.101.0.254;
                10.106.3.1;
                10.174.254.101;
                10.174.1.253;
        };
};


zone "twmn" IN {
        type forward;
        forwarders {
                10.104.76.65;
                10.122.20.70;
                10.122.3.68;
                10.122.14.72;
                10.104.1.74;
        };
};

zone "wthess" IN {
        type forward;
        forwarders {
                10.96.0.1;
                10.96.22.2;
                10.96.9.3;
        };
};

zone "ewn" IN {
        type forward;
        forwarders {
                10.145.7.150;
                10.146.210.130;
        };
};

zone "mswn" IN {
        type forward;
        forwarders {
                10.148.50.2;
        };
};

zone "cywn" IN {
        type forward;
        forwarders {
                10.215.0.125;
                10.215.2.126;
        };
};

zone "dwn" IN {
        type forward;
        forwarders {
                10.174.1.253;
                10.174.254.101;
                10.174.17.250;
        };
};

zone "wiran" IN {
        type forward;
        forwarders {
                10.230.3.133;
        };
};

zone "wana" IN {
        type forward;
        forwarders {
                10.224.3.35;
        };
};

zone "awn" IN {
        type forward;
        forwarders {
                10.198.0.130;
        };
};

zone "pwmn" IN {
        type forward;
        forwarders {
                10.140.14.67;
        };
};

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

//};



Going around the resolv.conf madness on ubuntu 12.04 server.

Adding 127.0.0.1 on /etc/resolv.conf to be on the safe side
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1


Set base, original , and tail in the /etc/resolvconf/resolv.conf.d directory
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cat base
nameserver 10.27.224.17
nameserver 127.0.0.1
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cp base tail
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cp tail original


Restart Bind9 and Test Configuration
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# /etc/init.d/bind9 restart
 * Stopping domain name service... bind9                                                                                                                                                                    waiting for pid 5881 to die
                                                                                                                                                                                                     [ OK ]
 * Starting domain name service... bind9  
                                                                                
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# dig forum.awmn +short
10.19.143.13    
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# dig ipduh.com +short
85.25.242.245                                                                                                                         


OK, it works.

caching DSN for the AWMN --outdated

Console into MikrorTik - HyperTerminal Settings

A quick post on how to set Hyperterminal or any other Console Software
so you can console into a MikroTik routerboard router.

Port Settings

Bits per second: 115200
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None



Console into mikrotik RouterOS from Windows - HyperTerminal Settings

VMware windows 7 missing ethernet adapter

Have you ever had problems seeing the drivers of a virtual piece of hardware like a network adapter under VMware?

Recently I came across this when I had to help a friend to fix networking on a windows 7 virtual machine on VMware Workstation. His virtual machine would could not find drivers for the Ethernet adapter and he kept on installing and uninstalling the vmware tools in hopes of fixing it.

I had to help him. Well with a little help from my friends I found out about the infamous

ethernet0.virtualDev = "e1000"

missing from the virtual machine's .vmx

So I did put virtualDevs for both of the ethernet adapters in his virtual machine's vmx file like:
ethernet0.virtualDev = "e1000"
ethernet1.virtualDev = "e1000"


For no particular reason I put it just before everything ethernet* related in the vmx file. Guess what! It did not fix it! I kept on rebooting his virtual machine ... tried safe mode , windows repair , you name it.

However, Coffee-persistence always prevails. There is another entry in the vmx file named guestOS. Well this was set to "other" like:
guestOS = "other"


I changed guestOS to:
guestOS = "windows7"
and then I did set:
VM ->
settings ->
Guest Operating System ->
Microsoft Windows ->
Version: Windows 7

Yes! that did it! The Ethereal Adapter has drivers and Networking works!

So if you are missing the Ethernet Adapter driver in your Windows 7 machine:
  • turn your VM off
  • locate your VM's *.vmx file
  • add the line ethernet0.virtualDev = "e1000" to your VM 's vmx file
  • make sure that guestOS = "windows7" in your VM's vmx file
  • turn on your virtual machine normally and don't let windows to attempt to fix anything themselves


VMware windows 7 missing adapter --linux

make etc-network-interfaces and resolv.conf stick on ubuntu 12.04 desktop

There are plenty of good reasons for GUI Network Managers and complicated local DNS `cache` settings on Popular Linux Desktop Systems like Ubuntu 12.04.

There are plenty of good reasons for a technical person to get pissed on all these and start cursing while trying to figure out how to stop the Network Manager network-manager overwriting /etc/network/interfaces and stop resolvconf overwriting /etc/resolv.conf.

Why do I want to make /etc/network/interfaces and /etc/resolv.conf stick? Well, if you don't get it there is no reason explaining it.

To disable network-manager -- Make /etc/network/interfaces stick.
$sudo -s
#stop network-manager
#echo "manual" > /etc/init/network-manager.override


To disable resolvconf -- Make /etc/resolv.conf stick --

I ended up not disabling it ( just in case )
In Ubuntu 12.04 /etc/resolv.conf is just a symlink so it would be easy to change it /etc/resolv.conf to a regular file or change /sbin/resolvconf
but ...
If you disable network-manager you could just use /etc/resolvconf/resolv.conf.d/base as your /etc/resolv.conf and leave resolvconf alone.

# cat /etc/resolvconf/resolv.conf.d/base 
nameserver 10.1.2.12
nameserver 10.1.2.13


Make /etc/network/interfaces and /etc/resolv.conf stick on ubuntu 12.04 LTS desktop

BCM4311 Network controller on debian like systems

This is a quick post of how to get the Broadcom BCM4311 wireless card working on debian based systems ( ubuntu , *ubuntu , etc ).

BCM4311 is a descent wireless adapter used in many laptop computers. The thing is that many times it just does not work right after an installation and I am tired of trying to figure it out ( searching for that one debian packet I need to apt-get install ) every time, hence this post.

First of all this is the adapter I am talking about:
# lspci | tail -1
0c:00.0 Network controller: Broadcom Corporation BCM4311 802.11b/g WLAN (rev 01)


You should see at least that much with an lshw:
# lshw -C network
  *-network               
       description: Network controller
       product: BCM4311 802.11b/g WLAN
       vendor: Broadcom Corporation
       physical id: 0
       bus info: pci@0000:0c:00.0
       version: 01
       width: 32 bits
       clock: 33MHz
       capabilities: pm msi pciexpress bus_master cap_list


To fix it for good do:
$ sudo -s
# apt-get update
# apt-get install firmware-b43-installer
# apt-get remove bcmwl-kernel-source
# shutdown -r now


Once your computer comes up you should be able to use your wireless interface.
# iwconfig
lo        no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bg  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off


# ifconfig wlan0
wlan0     Link encap:Ethernet  HWaddr 00:19:7d:61:8e:ab  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)



Note: the one above is not my Mom's neither Nick's MAC. It is made up.
I am sorry if it's yours.



BCM4311 Network controller on debian like systems

weed-out-from a-list another-list

This week I wrote from scratch and then lost at least four times a script to clean up a list of elements from elements contained in another list --I had to make sure I do not accidentally block white-listed networks on Firewall and Gateway machines.

It is a relative simple task that can be accomplished with a tiny bit of dash, bash, perl, or your other favorite language, in a few if not just one line. However, having to figure it out 4 or more times a week adds up --especially now-days that I have better things to do than showing off my command line slutness to junior sysadmins. Here is the weed-out-from bash script I put together and officially added to my toolbox. It is certainly not the most efficient way of doing it but hey!

weed-out-from
#!/bin/bash
#weed-out-from - g0 2012 , aLog.IPduh.com

function help {
        echo "weed-out-from usage: weed-out-from infected-list list-of-weeds"
        exit 3
}

if [ -z $1 -o -z $2 ]
then
        help
fi
if [ ! -f $1 ]
then
        echo "weed-out-from: I cannot read the file $1"
        help
fi
if [ ! -f $2 ]
then
        echo "weed-out-from: I cannot read the file $2"
        help
fi

DIRTY=$1
DIRT=$2

for i in `cat $DIRTY`
do
        grep -i $i $DIRT &> /dev/null
        if [ $? -ne 0 ]
        then
                echo $i
        fi
done


weed-out-from usage:
$ cat spring-garden-before 
Windflower
groundsel
Azaleas
Allium
pigweed
Belladonna-Lily
Strelitzia
Bloodroot
Calla-Lily
Cornflower
Cosmos
kikuyugrass
Crocus
Crabgrass
Dahlia
spurge
Bermudagrass

$ cat list-of-weeds 
groundsel
pigweed
kikuyugrass
Crabgrass
spurge
Bermudagrass

$ weed-out-from spring-garden-before list-of-weeds 
Windflower
Azaleas
Allium
Belladonna-Lily
Strelitzia
Bloodroot
Calla-Lily
Cornflower
Cosmos
Crocus
Dahlia


Note: List elements may be separated by new lines or space.

Install weed-out-from for all users:
# wget http://kod.ipduh.com/lib/weed-out-from
# chmod 755 weed-out-from 
# mv weed-out-from /usr/bin


weed out a list from another list

Disable autorun on windows XP Pro

Disable autorun because it is annoying and to defend against USB viruses.


Disable autorun on Windows XP Pro with the Group Policy Editor Gpedit.msc :
  • Click Start, click Run, type Gpedit.msc in the Open box, and then click OK.
  • Under Computer Configuration, expand Administrative Templates, and then click System. In the Settings pane, right-click Turn off Autoplay, and then click Properties.
  • Click Enabled, and then select All drives in the Turn off Autoplay box to disable Autorun on all drives.
  • Click OK to close the Turn off Autoplay Properties dialog box.
  • Restart the computer.


If you do not have Gpedit.msc on your system use the Registry Editor regedit to disable autorun :.
  • Click Start, click Run, type regedit in the Open box, and then click OK.
  • Locate and then click the following entry in the registry: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutorun
  • Right-click NoDriveTypeAutoRun, and then click Modify.
  • In the Value data box, type 0xFF to disable all types of drives.
  • Click OK, and then exit Registry Editor.
  • Restart the computer.


Ref: Disable autorun on windows

Disable Autorun on Windows XP pro

1,000,001 Apple iPhone and Apple iPad UUIDs available to everyone. All the Apple UUIDs are held by the FBI.


All the Apple iPhone and iPod devices have a hardcoded Universally Unique Identifier String of characters, UUID. According to Anonymous a list of all apple UUIDs along with full owner names, device types ,cell numbers , addresses , zipcodes , etc is held by the FBI.

The Anonymous claim that somehow they got a hold of this ~12 million devices long list and decided to release a part of it so everyone can look at it. So they released a list containing 1,000,001 UUID, Apple DevTokens, User Defined Device Names, and Device types. The anonymous trimmed out personal data such as full names, cell numbers, addresses, zipcodes, etc.

This way a ridiculously large amount of people can certify the Anonymous' claim and blackhats cannot do too much with the list. This is also a good way for any organization interested in buying this list to verify its validity.

I do not own any Apple iOS devices , I know I am weird , so I do not have a way to verify that this list is legit. Then again, only 1,000,001/~12,000,000 UUIDs were released. I will guess that it is a legitimate list and that the Anonymous who released it are not lying.

So, if you or someone in your family own a good looking shiny jail --iOS device- please try to find the UUID in the list.

You can download the list from any of this

If you want to download the list I would recommend to: download the list , grep for your UUIDs , delete the list and all associated files , let everyone know if you did find you UUID corresponding to your User Defined Device Name.

Here is a little script that decrypts the list:
#!/usr/bin/bash
md5sum $1
echo "Does the above MD5sum match e7d0984f7bb632ee19d8dda1337e9fba ?If yes the file downloaded is the original file"
echo "When asked use the password: antis3cs5clockTea#579d8c28d34af73fea4354f5386a06a6"
openssl aes-256-cbc -d -a -in $1 -out decryptedfile.tar.gz
tar -xvzf decryptedfile.tar.gz
echo "the list is at iphonelist.txt"


To find out if your UUID and User Defined Device Name is listed try:
$grep myUUIDhere iphonelist.txt
or
$grep myUDDNhere iphonelist.txt


To permanently delete the list and the related files use shred, secure-delete tools, or some other tested digital shredder
Using shred:
$shred -u -z -n 30 decryptedfile.tar.gz
$shred -u -z -n 30 iphonelist.txt
$shred -u -z -n 30 download.txt
Now restart to wipe off RAM:
$sudo shutdown -r now


Using secure-delete:
$sudo apt-get install secure-delete
$srm decryptedfile.tar.gz
$srm iphonelist.txt
$srm download.txt
Memory Wipe:
$smem
Reboot:
$sudo shutdown -r now


This Post is based on this Pastebin Paste.





1,000,001 Apple iPhone and Apple iPad UUIDs available to everyone. All the Apple UUIDs are held by the FBI.

Busted Web Sites

A list of notorious seized web sites:

Los Web Sitos Bustendos




Busted Web Sites

The internetz - Percentage of Real Users

Social Media:

Facebook :
Facebook claims that they have 955 million users. There are approximately two billion Internet users at this moment ( 1346067182 ). The 955 million number is ridiculous and whoever believes that these 955 million users correspond to 955 million distinct humans is clueless.

How many of these users correspond to unique humans? A web search reveals hundrends of sites that sell Facebook fans-facebook likes from $9 to $99 per 1000 likes. The facebook fan buildup has become a business for all the seo "professionals" and all the advertising agencies. There is good evidence that even some of the WOW gold farms in the East have been exploring new business models like: virtual social media fan buildup, backlink buildup, and crowd sourcing sites audience buildup.

I and whoever is equipped with a working human brain would also guess that Facebook inflates the number of users in their reports. In a short survey I found that a large number of simple Facebook users have multiple accounts. In order to prove that most facebook users are fake, I do not need and I am not going to reproduce or take into account any spook or big brother stories. Social media marketing alone is a good reason. Everyone needs to sell and he will go to great lengths to do so.

I would guess that 1/20 facebook users corresponds to a real human. My guesstimate is that the number of unique humans with Facebook accounts is 50 million or less. This is a guesstimate, it is most probably false, like the claim that 955 million distinct humans are using facebook.

Twitter :
Twitter claims that they have ~200 million users. Yet another ridiculously large number. Again hundreds of sites sell twitter followers in the thousands and twitter followers are usually cheaper than facebook likes. Most of the Twitter accounts are obviously fake, not in use, or operated by bots. Twitter has become yet another RSS feed to some and yet another Bot Command Distribution Network ( like IRC ) to others. The spamming and iffy twitter accounts have been reduced lately but still even legitimate twitter accounts are nothing more than broadcasting bots. The IPduh twitter account is an example ... a human rarely logs into it. I would guess that 1/20 twitter accounts corresponds to a real human who does use his account. My guesstimate is that the number of humans with active Twitter accounts is 10 million or less. Again, this is a guesstimate and it is most probably false but the claim that ~200 million distinct humans do use Twitter is definitely false.

Google Plus :
The people involved in building followers wear lighter color hats and many of the dudes selling followers and likes do not even mention google plus. A bit research on blackhat seo sites reveals a lot of talking about trades of followers and not that much outright selling of pluses. Building bots manipulating google plus accounts is a notch higher than the ridiculously simple. Through my tiny circles in real life I can see that even though many people have accounts not very many using it. I think that the ratio of distinct humans to user accounts is higher in google plus than in the other two major human networking sites in the west. However, many of these humans are users who just created an account and they are not active users.

Crowd sourcing Rating Systems :
There are Crowd Sourcing Rating sites for everything. They rate plumbers, restaurants , bars , websites , strippers , roof installers , hotels, small businesses, large businesses, platform apps, videos, movies , whatever. Most of the crowd sourcing websites in the business of rating others have iffy business models that contradict their mission statements. They sell trust seals , proofs of approval , top page placements, leads , etc. Even, when iffy business models are not in use the crowd sourcing rating systems are easily manipulated and the ones being rated or their competitors are usually the only ones motivated enough to use them. Obviously, at least 50% of the negative ratings and 50% of the negative comments are fake and approximately 95% of the positive comments and 95% of the positive ratings are fake.

Disqus and Forums:
Recently I spent approximately one hour exploring the disqus comments on a site claiming millions of visitors. To my surprise (not :)) >90% of the disqus users commenting there have commented only on that site and they had only a few comments. Spelling mistakes and idioms were common to many of the disqus users in the threads. I do not claim that most disqus users are fake. However, much site interaction on wannabe successful and successful sites is made up. Alone, the fact that disqus allows free nofollow backlinks for each comment makes me believe that a good percentage of the users are true and not just the website authors talking to themselves. However, every "virtual" community - forum is inflated, the degree of inflation varies a lot.

Youtube:
Yet again, many sites are in the business of selling youtube views. Letting the crowd common consciousness to decide the rank is a great idea. However, this ranking system is easily manipulated in a digital environment. The promoters, the marketers, and the wannabe famous are going to great lengths to manipulate the easily manipulated crowd-sourcing systems.







The Internetz - Percentage of Real Users

Messing with lists

Google Sites or Sites with a google in their names :

Google Sites 1
Google Sites 2
Google Sites 3

Sites with address in their names:

*address* sites

Sites with dns in their names:

*dns* sites 1
*dns* sites 2

Sites with search in their names:

*search* sites 1
*search* sites 2
*search* sites 3
*search* sites 4
*search* sites 5
*search* sites 6
*search* sites 7

Sites with research in their names:

research sites 1
research sites 2

Sites with yahoo in their names:

Yahoo Sites

Sites with facebook in their names:

facebook sites 1
facebook sites 2

Sites with twitter in their names:

twitter sites








Messing with Lists