AutoBinarySignals.com BinaryOptions.net

[Serial][UWDFF Alcubierre] Part 54

Beginning | Previous
Premier Valast felt a tingle. It began at the base of his spine and traveled moved upward, sending warm fuzzy feelings all throughout his body as it made its way to his brain and inserted itself in his conscious thoughts. After all of the misery. After all of the failures. For once, something had gone right.
How delightful. How extravagant. How deserved.
The Humans had made a mistake. Clearly, they had thought to expand upon their treachery, believing themselves to be invincible. Their monstrosity of a vessel had appeared just as their last one had, within Halcyon's inner perimeter. After their ruse of parlay, their beast had commenced belching out weapons of mass destruction, clearly in an attempt to retrieve the encryption key and the elite assassin-thief they had dispatched under the guise of a Witness.
They thought Halcyon weak. Defenseless.
Not true! Not true at all!
Kinetics. Valast laughed aloud, his rib cage heaving out great guffaws. Accelerated mass! More laughter. The savages thought to bring such inelegance against the might of the Combine? They mistook their prior fortune for competence. Their one-time success for future capability. Alas, poor Humans, the truth of your inadequacies is made manifest! The brief gap in the defenses brought on by the improbable chain of events that had resulted in their arrival had been filled. For all of their destructive potential, their weapons were useless.
Valast continued to cackle, his hindclaws scrunching up the soft material of his pillow, as he watched the Humans receive their punishment for their insolence. The Humans had made assumptions. Perhaps assumptions were fine in their backwater corner of the galaxy, but here, among civilization, assumptions could be quite dangerous indeed. It was quite unwise to assume Halcyon would leave the inner perimeter exposed. They must have thought their Evangi co-conspirators would leave the gates open for them, as the traitor Neeria had done when she had given them access to a Combine wormkey in the first place. Sadly for the Humans, their four-armed friends had been exposed for what they were. A great many of the Evangi now lay motionless on the floor of a Halcyon mainway, a fitting end to their perfidy.
Halcyon had stood since the beginning, and it would continue to stand long after the Human infestation had been expunged from the Combine Space. Perhaps the Humans should have spent more time pondering the nature of the place before they had meddled with forces they clearly did not understand. Halcyon existed in defiance of the chaotic nature of the neutron star it orbited. Its survival required an solution to the objects such a gravity well attracted. Halcyon had many such solutions, weaved together to maintain a delicate balance. Among them were the inertial dampeners.
The screen in Valast's paws bloomed with colors, indicating firings of Halcyon's inertial dampeners. Each blossom of color was an attempt by the Humans to deploy weapons in clear violation War Accords, cementing Humanity's position as a menace to decent civilization. Had Valast not commanded Bo'Bakka'Gah to take the necessary precautions, the devastation would have been significant.
Lines of crimson sailed through the blooms of color.
Valast's whiskers twitched, his eyes squinting as it tracked one of these lines.
The solution was not perfect. The intertial dampeners in close proximity to Halcyon were a final precaution, and their purpose was narrow. They were a fine net, meant to indiscriminately capture any residual high-speed astral particulate that had escaped the outer defenses. Their efficacy diminished at an exponential rate in proportion to the size and mass of the object they acted upon. Thus far, they had been quite successful at preventing the Humans from making use of their weapons, but dampeners had no effect on the Human vessels. Even if the dampeners could be used for such a purpose, their indiscriminate nature would have required the cessation of all space born travel within Halcyon, an unacceptable disruption to the workings of the Combine's capitol.
The Humans' small spherical vessels were thus capable of traveling unimpeded throughout Halcyon space, tracing their crimson lines behind them as they did so. Such a thing did not overly worry Valast. They could not fire their weapons, and they were susceptible to electromagnetic disruption, rendering them easy targets for the Peacekeepers. Were Valast not otherwise consumed with the affairs of state, he would perhaps take to the front line and dispatch a few himself. Sadly, his bravery would find no opportunity for direct expression beyond the valor found in the privilege of command competently exercised.
The whiskers ceased their twitching and some cheer returned. It would not be long before the meddlesome Human spheres were swatted from the sky and the encryption key recovered.
Then they would dispatch the Human warship.
Then Humanity.
He need only wait.
-----------
"Get spread. Get small." Sana called out. Had to buy time. Had to get a handle on the situation. Not her first rodeo, but it was the first time where she had no idea what the hell she was riding. Maybe the aliens were riding her. Maybe it wasn't a rodeo, maybe it was just a slaughter.
That was the problem. No one knew anything.
The callsigns in her local were dropping like flies. Squaddies getting wiped without so much as a peep. The eggs in Science were saying EMPs, but the balls were supposed to be fixed against that frakkery. Sensors said the balls were still there even after they went dead, so maybe they were right. Couldn't think about that now.
Couldn't think about anything but the mission.
Captain Sana Bushida had a shit-shuttle to bring to station.
She needed to get from A to B. Normally the quickest point-to-point was a line, but the baddies were coming in from all sides. Trying to corral her in. So be it. She could handle a long and squiggly with the juice she had in the four balls attached to the cockpit. Only question was how long they'd be up for. Whatever they were using on the balls wasn't touching her. She was good, but she wasn't that good.
Guess they wanted her kicking and screaming.
Predators, not scavengers then.
Frakk 'em. Right in their stupid alien faces.
Sana's brain shunted command signals as fast as her eyes to parse the readouts in her pilot pod. Dodging. Weaving. Diving. Dipping. Half those words didn't even apply to space, but they felt right. Float like a butterfly, run like cheetah on amphetos. She'd sting 'em later.
Run run run, fast as you can. You can't catch me, I'm the shit-shuttle can.
Swipe. Swipe.
Two smaller ships moved in a pincer formation, one cutting off her angle around the larger ship she was skimming around. Sana let out a giggle, as she shoved the shuttle in another direction. "You thought you had me, crapdonkey? You never had me. You're gonna be seeing my ass all day." The giggle somehow transformed into a roar halfway through as a third ship appeared in her view, coming out from its hiding place on the other side of the large ship. "SCREW YOU!" They weren't going to win. Losing wasn't an option.
Swipe.
Patterns emerged as the ballet played out. Certain ships were the herders. The small annoying frakks that always seemed to be moving around her flanks. Other ships were the receivers. They were the big boys. The ones who just floated there like giant shits in space. Lazy frakks just waiting to be fed some shit-shuttle. Fine then. New info. New tactics. New rule: Get around the herders, never get closer to the receivers.
Herders bad.
Receivers bad-der-er.
As long as she was a step ahead of the herders and two steps away from the receivers, she'd be fine. Problem was they were more agile than her. Problem was there was more of them. Problem was the friendly callsigns on her readouts kept disappearing. Problem was that she was stuck in here instead of out there where she belonged.
Ninety-nine problems...
Swipe. Swipe.
All she needed was a line of sight. A place where she could get a whiff of open space and just gun it. Navigate the maze. Get through it. Light at the end of the tunnel. Glass is half full.
Metaphor.
Analogy.
Idiom.
The stream of consciousness flowed out of her, expressing itself in her verbiage and in the desperately navigating shuttle some distance away. Step forward. No steps backward. Okay, maybe one step backward, but it'll be okay. She'd take the step forward soon enough.
Just...needed...a...line.
Alpha, Beta, Charlie, and Delta was gone.
It was just her.
Swipe. Swipe.
The fate of the world.
The shit-shuttle must survive.
Swipe. Swipe.
The gap opened.
She saw it.
They didn't.
"There it is bitches!"
All four balls slammed the thrusters on. It wasn't a direct bee line to the Oppenheimer but it was good enough. She just needed to get out of the hornet's nest and into open space so she could keep pouring on the acceleration. She didn't know how much juice the herders had, but it was all she had going for her at this point.
Bitter bile rose up in her throat as the shit-shuttle surged forward, leaving A through D behind. Her squaddies. Her friends.
Abandoned.
She should be out there.
She could be. She just needed to get the mission done. She was so close. She was putting distance between her and the baddies. Just a few more minutes...the link cut off.
Her thoughts were shunting into a wall.
She swiped, her eyes scanning the readouts.
Alcubierre - Shuttle - Cockpit (Ejection)(DISTRESS) no longer appeared.
For once, Sana was speechless.
---------------------
Kai retched air.
There was nothing else to throw up at this point. He'd given everything he had to give, and it was now floating about the cockpit in a viscous cloud. He was fairly certain Neeria was collateral damage in the matter. If she were ever to regain consciousness, she'd find she had been provided with a fresh coat of puke paint. At this point, being blind was something of a boon. Congratulations were owed to the sadist in the pilot's seat though, he hadn't emptied his stomach like this since flight sims.
He'd raise his hand in salute if it weren't for the incredible g-force shifts whipping him around like a rag doll as the pilot attempted to avoid whatever was out there. Some of the maneuvers seemed impossibly complex, as if the cockpit was navigating through an impassable morass of enemies. Or perhaps the pilot was just drunk. Either seemed possible.
The whipsawing continued. Back. Forth. Round and round. Acceleration never seemed to continue in a single direction for more than a few seconds. They were going in circles. They had to be.
Finally, it appeared the pilot had decided on a direction as Kai was slammed back into his chair as the cockpit rocketed forward under sustained acceleration. They must have broken through. Or the pilot had fallen asleep at the controls with the throttle down and they were all doomed. Either way. At this point, Kai was just eager for it to be over.
The acceleration continued. He felt like he was being crushed. Like an enormous hand was pressing against him, trying to squeeze all of his organs out through his eyes. Whatever was powering the cockpit now was beyond the parameters of the shuttle's acceleration compensators. His vision began to dim and his joints ached. Pain surged up in his right arm, which was still contorted within the goo. He was fairly certain a bone had just snapped.
"Oppenheimer..ETA," Kai managed to gasp out, drawing the breath back into his lungs with some effort.
"The shuttle is not currently on course to intercept with the UWDFF Oppenheimer."
"Joan." Kai wheezed. "Connect. Joan."
The acceleration cut off.
Kai took a huge gulp of air, the relief immediate. "Comm-link. Fleet Admiral Joan Orléans."
No response.
Kai tried again.
Silence greeted him.
Grumbling, he raised his left wrist toward his face. He stuck out his tongue and smeared it along the wrist console's interface. None of the expected beeps and chirps sounded out. It was dead, and, he suspected, so was the cockpit along with whatever had been propelling him. No life support. No way to call out for help. No way to do anything but sit there. For all intents and purposes, they were a hunk of space junk drifting off into the black oblivion.
Fair enough. It was a fitting end.
Helpless.
Hopeless.
Kai tried to muster some anger at the situation, if only to distract him from the pain coursing through his body, but found he was up to the task. It was easier to be motivated when there was something to do. Some way he could impact the situation. But there was nothing to do but wait. Maybe he'd live. Probably he'd die. He didn't mind it, that was the same binary he faced every other day. It was a bit more present in his mind than it normally was, but the truth was that he was overdue for demise. He'd given death the slip more times than anyone had a right to.
Still. It bothered him.
Not the death part. The not doing what he set out to do part.
He had run through walls, both literal and figurative, to make it this far. He didn't know what making it back to the Oppenheimer would mean for Humanity, but it had to be better than not making it. The encryption key -- what did it do? What could it do? Would it be doable? Neeria -- could she guide them? Could she help them navigate the treacherous galaxy Humanity was just beginning to play a part in?
There were so many questions. The answers could matter.
Kai tried to remember how much time they had. Without life support, the supply of oxygen would rapidly begin to deplete. He supposed it didn't matter, since he had no idea whether Neeria breathed, what Neeria she breathed, or the rate she consumed it. His space suit had a few hours of stored supply, but it was designed to work in conjunction with his helmet. Without the wrist console, he'd need to find some way to manually vent it.
That was something to do. Small, but perhaps meaningful. Anything to tilt the scales just a little bit more in their direction. Just a few more minutes of air could make a difference.
"Seconds matter," Kai wheezed out. His breath was wet and tasted of iron. He'd worry about that later. Air first. It wasn't much of a plan, but it was better than nothing.
He hoped Joan's plans were faring better.
-------------------
The Admiral's Bridge was awash in a sea of red. Multiple views vied for primacy as the situation continued to deteriorate. So far, the Oppenheimer itself had withstood the sustained EMP assault directed its way, but the same could not be said for the battle balls. Callsigns continued to blink out of existence with every passing second. The Oppenheimer had immediately attempted to provide supporting fire, but its kinetic weaponry was similarly disabled. Whatever the circumstances had been that had allowed the Alcubierre to destroy an alien vessel, they were clearly no longer relevant to the situation at hand. Without kinetics, the vast majority of Humanity's space-born projective power was effectively nullified. Science was looking into explanations and alternatives, but it would take time.
The Oppenheimer's EMP arrays had succeeded in firing, but the alien vessels appeared to be impervious to that form of assault. It was unclear whether they possessed EMP hardening around core processes similar to the Oppenheimer or they had other means of deflecting attacks of that nature. In the absence of an alternative, the Oppenheimer was continuously discharging the EMP arrays as they became available, attempting to test for weaknesses. The energy drain from the sustained fire was easily accommodated by the altered physics of local space, but it was unclear whether alien defenses could be worn down by continuous assault.
Other oddities were appearing as the situation unfolded. The aliens did not field any tactical fighters that their sensors could identify. There were ships of different sizes, but, thus far, no vessels had moved to directly engage the balls. Kai's cockpit was being corralled by a series of smaller ships working in conjunction with the larger ones, but that was it.
Joan considered it, trying to parse out deeper meanings from the absence. Human conflict, both Earthside and in space, had always heavily relied on tactical fighters. They had numerous advantages in terms of firepower projection and significantly increased tactical dynamism in a battle zone. Either the aliens had never considered the approach, or it was considered suboptimal within this environment.
Joan squinted, watching as the battle ball's callsigns dropped from the battle status view. She tilted her head. "This environment," she muttered to herself, her eyes drawn to the EMP array firing status. The recharge bars filled and expended. Filled and expended. Each cycle representing an incredibly powerful pulse of electromagnetic energy at the speed of light.
Speed of light.
Speed.
The answer struck her. The ramifications of the answer were displeasing. Plans must be altered. Contingencies reconsidered. The Black Fork was too optimistic. Their position was considerably worse than hoped for, but not entirely beyond anticipated outcomes, which had included their immediate destruction upon arrival in the system. They simply had fewer tools than she desired.
Tactical fighters had low utility when combat operated at the speed of light. There was no yield on agility, because no thruster could move faster than light could travel. There was no evading a lightspeed weapon at these distances. Unless a tactical fighter could retain functionality under fire, which the death balls so far could not, they were a pointless extravagance. At best, they could serve as a momentary distraction, particularly when their weapons were inoperable.
The unique characteristics of Humanity's birthplace were a hindrance here. Kinetics were the logical path for weaponry to take in an environment where destructive output was a matter of maximizing scarce energy resources. They were also the easiest, most natural extension from their Earthside forebears. Humanity had begun development of lightspeed weapons, the EMP and the Griggs pulse among them, but they placed tremendous strain on ship systems. The Oppenheimer, as a dreadcarrier, was among the few Earth spaceships that contained a full battery of EMP arrays. Due to the extremely demanding specifications, only a Pulser class ship could make use of a Griggs pulse. Had Humanity known what it faced just beyond its doorstep, it would have invested its research and development resources differently.
Too late now.
The game was not lost yet, they simply must play the hand they were dealt to its greatest effect.
A display flashed from green to red and moved toward the center of the wall, increasing in size. Simultaneously, three other displays shifted in color, position and size, in a chain reaction. Joan frowned. Or perhaps the game was lost, and she was only just realizing it. The shuttle cockpit's callsign, along with the four balls that had attached to it, had disappeared. Her hands darted up and began a series of gestures, swiping North to South as she removed some filters from the local space scan and South to North as she applied others.
She exhaled.
The shuttle had not been destroyed, only incapacitated. It was careening through space away from the cluster of alien ships closest to Halcyon, though a few were in rapid pursuit. The pursuers had acceleration in their favor, but the shuttle's current course brought them toward the Oppenheimer.
Joan flicked a few fingers, pulling the course data from the local scan and pushing it into the timer view.
Before Joan could issue the order, the nearest balls peeled off and immediately began an intercept course with the shuttle. Joan pulled up the command-chain, it appeared that Captain Bushida had decided to be proactive. Very well, but it would not be enough. The balls were more likely than not to be incapacitated before they could be used in any rescue effort. This required a more substantial intervention if the outcome were to be changed.
Joan pushed a new course heading into her comm-link with Ragnar. "Captain, I am moving us off of the Black Fork standing orders."
Ragnar glanced at the course heading. "That's even further in."
Joan nodded, "It's the only way we'll recover the cockpit. The balls can't get the job done."
"There's a risk the Oppenheimer won't get it done either. They're holding back," Ragnar replied, his eyes scanned off screen, bouncing between the various readouts and inbound requests. "Doesn't make any sense they'd only have EMPs. They've got more."
"Likely. My current belief is that they will refrain from further escalation until they have either secured the cockpit or believe they can no longer retrieve it. Each moment of escalation from them has been in response to an action on our part directed at the cockpit."
Ragnar wiped the back of his sleeve against his brow, mopping up the sweat. "Must be something important."
"Must be. The prize is likely worth the pain here, Ragnar. Retrieving the cockpit is the top priority. Preservation of ourselves is an ancillary concern."
"G4 is only a few out. We can hold that long," Ragnar said.
"Get the job done, Captain," Joan ordered and then cut the comm. Ragnar was a sophisticated battlefield tactician. The overlap between them was significant, and the differences between them were accretive to both. They both knew there was another card to be played, it was just a matter of whether Humanity could adapt to it.
Joan opened another comm-link. "Chief Adeyemi."
The Chief blinked a few times as the interjection, as if being pulled from a daze.
"Idara!" Joan exclaimed. "Where's Science at?"
Idara wet her lips, "We've gathered the data and mapped it to a few different explanations...but we need more--"
"You don't have it. Best guess, go."
"Some sort of inertial dampening field. Effects smaller objects. Weakens as the objects get larger. Only affects objects moving a certain speed. Only affects objects in space. Our kinetics are getting caught. Bigger objects, like the fighters, like the Oppenheimer, are fine. Bullets fired inside of the Oppenheimer are fine.
"Any sense on source?"
Idara shook her head.
"But it doesn't effect the fighters. Doesn't effect energy based weapons."
"From what we can see, that's right."
Joan's eyes drifted toward the tracker on Kai's cockpit. Hurtling through space.
"Idara, when the Alcubierre was heading for Proxima Barrier, your modeling said the ship would survive the impact, correct?"
"Yes, Admiral. There isn't an equal an opposite reaction. Actor has primacy in these physics."
Joan stared at Idara, lost in thought. The Chief shifted uncomfortably, "Is there something else--"
"I have what I need," Joan replied, cutting the comm.
She pulled up the status tracker on the balls. Over eight-five percent of launched fighters had already been incapacitated. The Oppenheimer still retained a final wing in its hangers, numbering approximately a hundred and twenty additional balls.
Joan watched the timers ticking down. They needed to go on the offensive. To find a way to tilt the situation in their favor. Even if they retrieved the cockpit, it was a long way back to the wormhole, and a long time to survive before G4 appeared. If the aliens had an ace up their sleeve, that would be the time to play it, when they had nothing to lose, and everything to gain.
She re-opened the comm with Ragnar. "Captain, I think we can even the odds a bit."
"I'm all ears, Admiral."
Joan pushed a series of orders to Ragnar. He glanced at them and then glared at her, "You want--
"Yes, Captain, that's what I want."
"But they'll be destroyed," Ragnar responded.
"Not if they're moving fast enough. Get whoever we can get back into the hangers, launch the rest without the pilots. Target the ships. Target Halcyon."
Ragnar stared at her, "Halcyon? That's a civilian--"
"Captain, I want those balls dumped and under full steam at the designated targets. That's an order."
Ragnar opened his mouth and then shut it. A hand came off screen and formed a salute. The comm was dropped shortly after. Almost immediately, the tactical fighters shifted flight plans and began their retreat toward the Oppenheimer. Simultaneously, the wing residing within the *Oppenheimer'*s hangers shifted from stand-by to active. Soon they would be launched, pushing top acceleration toward Halcyon. No EMP would be able to stop them. If the aliens had another card to play, Joan hoped this would force it out and maybe, just maybe, buy enough time for G4 to make an appearance.
She just needed a little time.
Just needed to survive long enough for the Pulsers to arrive.
Seconds mattered.
Next.
Be sure to leave a comment or an upvote if you're enjoying Alcubierre. If you want a sense of how much it matters to me, here's a very emo journal entry documenting it.
Click this link or reply with SubscribeMe! to get notified of updates to THE PLATYPUS NEST.
I have been conducting a strange experiment on my Twitter which people seem to be enjoying. I found an AI bot that randomly posts impactful images every few minutes. I've decided to craft a narrative on top of these random images called "The Human Archives."
submitted by PerilousPlatypus to PerilousPlatypus [link] [comments]

Retard Bot Update 2: What is there to show for six months of work?

Retard Bot Update 2: What is there to show for six months of work?
What is there to show? Not shit, that's why I made this pretty 4K desktop background instead:
4K
On the real: I've been developing this project like 6 months now, what's up? Where's that video update I promised, showing off the Bot Builder? Is an end in sight?
Yes sort of. I back-tested 6 months of data at over 21% on a net SPY-neutral, six month span of time (with similar results on a 16 year span) including 2 bear, 2 bull, 2 crab months. But that's not good enough to be sure / reliable. I had gotten so focused on keeping the project pretty and making a video update that I was putting off major, breaking changes that I needed to make. The best quant fund ever made, the Medallion fund, was once capable of roughly 60% per year consistently, but in Retard Bot's case 1.5% compounded weekly. "But I make 60% on one yolo" sure whatever, can you do it again every year, with 100% of your capital, where failure means losing everything? If you could, you'd be loading your Lambo onto your Yacht right now instead of reading this autistic shit.

The End Goal

1.5% compounded weekly average is $25K -> $57M in 10 years, securing a fairly comfortable retirement for your wife's boyfriend. It's a stupidly ambitious goal. My strategy to pull it off is actually pretty simple. If you look at charts for the best performing stocks over the past 10 years, you'll find that good companies move in the same general trajectory more often than they don't. This means the stock market moves with momentum. I developed a simple equation to conservatively predict good companies movements one week into the future by hand, and made 100%+ returns 3 weeks in a row. Doing the math took time, and I realized a computer could do much more complex math, on every stock, much more efficiently, so I developed a bot and it did 100% for 3 consecutive weeks, buying calls in a bull-market.
See the problem there? The returns were good but they were based on a biased model. The model would pick the most efficient plays on the market if it didn't take a severe downturn. But if it did, the strategy would stop working. I needed to extrapolate my strategy into a multi-model approach that could profit on momentum during all different types of market movement. And so I bought 16 years of option chain data and started studying the concept of momentum based quantitative analysis. As I spent more and more weeks thinking about it, I identified more aspects of the problem and more ways to solve it. But no matter how I might think to design algorithms to fundamentally achieve a quantitative approach, I knew that my arbitrary weights and variables and values and decisions could not possibly be the best ones.

Why Retard Bot Might Work

So I approached the problem from all angles, every conceivable way to glean reliably useful quantitative information about a stock's movement and combine it all into a single outcome of trade decisions, and every variable, every decision, every model was a fluid variable that machine learning, via the process of Evolution could randomly mutate until perfection. And in doing so, I had to fundamentally avoid any method of testing my results that could be based on a bias. For example, just because a strategy back-tests at 40% consistent yearly returns on the past 16 years of market movement doesn't mean it would do so for the next 16 years, since the market could completely end its bull-run and spend the next 16 years falling. Improbable, but for a strategy outcome that can be trusted to perform consistently, we have to assume nothing.
So that's how Retard Bot works. It assumes absolutely nothing about anything that can't be proven as a fundamental, statistical truth. It uses rigorous machine learning to develop fundamental concepts into reliable, fine tuned decision layers that make models which are controlled by a market-environment-aware Genius layer that allocates resources accordingly, and ultimately through a very complex 18 step process of iterative ML produces a top contender through the process of Evolution, avoiding all possible bias. And then it starts over and does it again, and again, continuing for eternity, recording improved models when it discovers them.

The Current Development Phase

Or... That's how it would work, in theory, if my program wasn't severely limited by the inadequate infrastructure I built it with. When I bought 16 years of data, 2TB compressed to its most efficient binary representation, I thought I could use a traditional database like MongoDB to store and load the option chains. It's way too slow. So here's where I've ended up this past week:
It was time to rip off the bandaid and rebuild some performance infrastructure (the database and decision stack) that was seriously holding me back from testing the project properly. Using MongoDB, which has to pack and unpack data up and down the 7 layer OSI model, it took an hour to test one model for one year. I need to test millions of models for 16 years, thousands of times over.
I knew how to do that, so instead of focusing on keeping things stable so I could show you guys some pretty graphs n shit, I broke down the beast and started rebuilding with a pure memory caching approach that will load the options chains thousands of times faster than MongoDB queries. And instead of running one model, one decision layer at a time on the CPU, the new GPU accelerated decision stack design will let me run hundreds of decision layers on millions of models in a handful of milliseconds. Many, many orders of magnitude better performance, and I can finally make the project as powerful as it was supposed to be.
I'm confident that with these upgrades, I'll be able to hit the goal of 60% consistent returns per year. I'll work this goddamn problem for a year if I have to. I have, in the process of trying to become an entrepreneur, planned project after project and given up half way through when it got too hard, or a partner quit, or someone else launched something better. I will not give up on this one, if it takes the rest of the year or five more.
But I don't think it'll come to that. Even with the 20% I've already achieved, if I can demonstrate that in live trading, that's already really good, so there's not really any risk of real failure at this point. But I will, regardless, finish developing the vision I have for Retard Bot and Bidrate Renaissance before I'm satisfied.

Tl;Dr

https://preview.redd.it/0plnnpkw5um51.png?width=3840&format=png&auto=webp&s=338edc893f4faadffabb5418772c9b250f488336
submitted by o_ohi to retard_bot [link] [comments]

MAME 0.223

MAME 0.223

MAME 0.223 has finally arrived, and what a release it is – there’s definitely something for everyone! Starting with some of the more esoteric additions, Linus Åkesson’s AVR-based hardware chiptune project and Power Ninja Action Challenge demos are now supported. These demos use minimal hardware to generate sound and/or video, relying on precise CPU timings to work. With this release, every hand-held LCD game from Nintendo’s Game & Watch and related lines is supported in MAME, with Donkey Kong Hockey bringing up the rear. Also of note is the Bassmate Computer fishing aid, made by Nintendo and marketed by Telko and other companies, which is clearly based on the dual-screen Game & Watch design. The steady stream of TV games hasn’t stopped, with a number of French releases from Conny/VideoJet among this month’s batch.
For the first time ever, games running on the Barcrest MPU4 video system are emulated well enough to be playable. Titles that are now working include several games based on the popular British TV game show The Crystal Maze, Adders and Ladders, The Mating Game, and Prize Tetris. In a clear win for MAME’s modular architecture, the breakthrough came through the discovery of a significant flaw in our Motorola MC6840 Programmable Timer Module emulation that was causing issues for the Fairlight CMI IIx synthesiser. In the same manner, the Busicom 141-PF desk calculator is now working, thanks to improvements made to Intel 4004 CPU emulation that came out of emulating the INTELLEC 4 development system and the prototype 4004-based controller board for Flicker pinball. The Busicom 141-PF is historically significant, being the first application of Intel’s first microprocessor.
Fans of classic vector arcade games are in for a treat this month. Former project coordinator Aaron Giles has contributed netlist-based sound emulation for thirteen Cinematronics vector games: Space War, Barrier, Star Hawk, Speed Freak, Star Castle, War of the Worlds, Sundance, Tail Gunner, Rip Off, Armor Attack, Warrior, Solar Quest and Boxing Bugs. This resolves long-standing issues with the previous simulation based on playing recorded samples. Colin Howell has also refined the sound emulation for Midway’s 280-ZZZAP and Gun Fight.
V.Smile joystick inputs are now working for all dumped cartridges, and with fixes for ROM bank selection the V.Smile Motion software is also usable. The accelerometer-based V.Smile Motion controller is not emulated, but the software can all be used with the standard V.Smile joystick controller. Another pair of systems with inputs that now work is the original Macintosh (128K/512K/512Ke) and Macintosh Plus. These systems’ keyboards are now fully emulated, including the separate numeric keypad available for the original Macintosh, the Macintosh Plus keyboard with integrated numeric keypad, and a few European ISO layout keyboards for the original Macintosh. There are still some emulation issues, but you can play Beyond Dark Castle with MAME’s Macintosh Plus emulation again.
In other home computer emulation news, MAME’s SAM Coupé driver now supports a number of peripherals that connect to the rear expansion port, a software list containing IRIX hard disk installations for SGI MIPS workstations has been added, and tape loading now works for the Specialist system (a DIY computer designed in the USSR).
Of course, there’s far more to enjoy, and you can read all about it in the whatsnew.txt file, or get the source and 64-bit Windows binary packages from the download page. (For brevity, promoted V.Smile software list entries and new Barcrest MPU4 clones made up from existing dumps have been omitted here.)

MAME Testers Bugs Fixed

New working machines

New working clones

Machines promoted to working

Clones promoted to working

New machines marked as NOT_WORKING

New clones marked as NOT_WORKING

New working software list additions

Software list items promoted to working

New NOT_WORKING software list additions

Merged pull requests

submitted by cuavas to emulation [link] [comments]

NASPi: a Raspberry Pi Server

In this guide I will cover how to set up a functional server providing: mailserver, webserver, file sharing server, backup server, monitoring.
For this project a dynamic domain name is also needed. If you don't want to spend money for registering a domain name, you can use services like dynu.com, or duckdns.org. Between the two, I prefer dynu.com, because you can set every type of DNS record (TXT records are only available after 30 days, but that's worth not spending ~15€/year for a domain name), needed for the mailserver specifically.
Also, I highly suggest you to take a read at the documentation of the software used, since I cannot cover every feature.

Hardware


Software

(minor utilities not included)

Guide

First thing first we need to flash the OS to the SD card. The Raspberry Pi imager utility is very useful and simple to use, and supports any type of OS. You can download it from the Raspberry Pi download page. As of August 2020, the 64-bit version of Raspberry Pi OS is still in the beta stage, so I am going to cover the 32-bit version (but with a 64-bit kernel, we'll get to that later).
Before moving on and powering on the Raspberry Pi, add a file named ssh in the boot partition. Doing so will enable the SSH interface (disabled by default). We can now insert the SD card into the Raspberry Pi.
Once powered on, we need to attach it to the LAN, via an Ethernet cable. Once done, find the IP address of your Raspberry Pi within your LAN. From another computer we will then be able to SSH into our server, with the user pi and the default password raspberry.

raspi-config

Using this utility, we will set a few things. First of all, set a new password for the pi user, using the first entry. Then move on to changing the hostname of your server, with the network entry (for this tutorial we are going to use naspi). Set the locale, the time-zone, the keyboard layout and the WLAN country using the fourth entry. At last, enable SSH by default with the fifth entry.

64-bit kernel

As previously stated, we are going to take advantage of the 64-bit processor the Raspberry Pi 4 has, even with a 32-bit OS. First, we need to update the firmware, then we will tweak some config.
$ sudo rpi-update
$ sudo nano /boot/config.txt
arm64bit=1 
$ sudo reboot

swap size

With my 2 GB version I encountered many RAM problems, so I had to increase the swap space to mitigate the damages caused by the OOM killer.
$ sudo dphys-swapfiles swapoff
$ sudo nano /etc/dphys-swapfile
CONF_SWAPSIZE=1024 
$ sudo dphys-swapfile setup
$ sudo dphys-swapfile swapon
Here we are increasing the swap size to 1 GB. According to your setup you can tweak this setting to add or remove swap. Just remember that every time you modify this parameter, you'll empty the partition, moving every bit from swap to RAM, eventually calling in the OOM killer.

APT

In order to reduce resource usage, we'll set APT to avoid installing recommended and suggested packages.
$ sudo nano /etc/apt/apt.config.d/01noreccomend
APT::Install-Recommends "0"; APT::Install-Suggests "0"; 

Update

Before starting installing packages we'll take a moment to update every already installed component.
$ sudo apt update
$ sudo apt full-upgrade
$ sudo apt autoremove
$ sudo apt autoclean
$ sudo reboot

Static IP address

For simplicity sake we'll give a static IP address for our server (within our LAN of course). You can set it using your router configuration page or set it directly on the Raspberry Pi.
$ sudo nano /etc/dhcpcd.conf
interface eth0 static ip_address=192.168.0.5/24 static routers=192.168.0.1 static domain_name_servers=192.168.0.1 
$ sudo reboot

Emailing

The first feature we'll set up is the mailserver. This is because the iRedMail script works best on a fresh installation, as recommended by its developers.
First we'll set the hostname to our domain name. Since my domain is naspi.webredirect.org, the domain name will be mail.naspi.webredirect.org.
$ sudo hostnamectl set-hostname mail.naspi.webredirect.org
$ sudo nano /etc/hosts
127.0.0.1 mail.webredirect.org localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6allrouters 127.0.1.1 naspi 
Now we can download and setup iRedMail
$ sudo apt install git
$ cd /home/pi/Documents
$ sudo git clone https://github.com/iredmail/iRedMail.git
$ cd /home/pi/Documents/iRedMail
$ sudo chmod +x iRedMail.sh
$ sudo bash iRedMail.sh
Now the script will guide you through the installation process.
When asked for the mail directory location, set /vavmail.
When asked for webserver, set Nginx.
When asked for DB engine, set MariaDB.
When asked for, set a secure and strong password.
When asked for the domain name, set your, but without the mail. subdomain.
Again, set a secure and strong password.
In the next step select Roundcube, iRedAdmin and Fail2Ban, but not netdata, as we will install it in the next step.
When asked for, confirm your choices and let the installer do the rest.
$ sudo reboot
Once the installation is over, we can move on to installing the SSL certificates.
$ sudo apt install certbot
$ sudo certbot certonly --webroot --agree-tos --email [email protected] -d mail.naspi.webredirect.org -w /vawww/html/
$ sudo nano /etc/nginx/templates/ssl.tmpl
ssl_certificate /etc/letsencrypt/live/mail.naspi.webredirect.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; 
$ sudo service nginx restart
$ sudo nano /etc/postfix/main.cf
smtpd_tls_key_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; smtpd_tls_cert_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/cert.pem; smtpd_tls_CAfile = /etc/letsencrypt/live/mail.naspi.webredirect.org/chain.pem; 
$ sudo service posfix restart
$ sudo nano /etc/dovecot/dovecot.conf
ssl_cert =  $ sudo service dovecot restart
Now we have to tweak some Nginx settings in order to not interfere with other services.
$ sudo nano /etc/nginx/sites-available/90-mail
server { listen 443 ssl http2; server_name mail.naspi.webredirect.org; root /vawww/html; index index.php index.html include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; } server { listen 80; server_name mail.naspi.webredirect.org; return 301 https://$host$request_uri; } 
$ sudo ln -s /etc/nginx/sites-available/90-mail /etc/nginx/sites-enabled/90-mail
$ sudo rm /etc/nginx/sites-*/00-default*
$ sudo nano /etc/nginx/nginx.conf
user www-data; worker_processes 1; pid /varun/nginx.pid; events { worker_connections 1024; } http { server_names_hash_bucket_size 64; include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf-enabled/*.conf; include /etc/nginx/sites-enabled/*; } 
$ sudo service nginx restart

.local domain

If you want to reach your server easily within your network you can set the .local domain to it. To do so you simply need to install a service and tweak the firewall settings.
$ sudo apt install avahi-daemon
$ sudo nano /etc/nftables.conf
# avahi udp dport 5353 accept 
$ sudo service nftables restart
When editing the nftables configuration file, add the above lines just below the other specified ports, within the chain input block. This is needed because avahi communicates via the 5353 UDP port.

RAID 1

At this point we can start setting up the disks. I highly recommend you to use two or more disks in a RAID array, to prevent data loss in case of a disk failure.
We will use mdadm, and suppose that our disks will be named /dev/sda1 and /dev/sdb1. To find out the names issue the sudo fdisk -l command.
$ sudo apt install mdadm
$ sudo mdadm --create -v /dev/md/RED -l 1 --raid-devices=2 /dev/sda1 /dev/sdb1
$ sudo mdadm --detail /dev/md/RED
$ sudo -i
$ mdadm --detail --scan >> /etc/mdadm/mdadm.conf
$ exit
$ sudo mkfs.ext4 -L RED -m .1 -E stride=32,stripe-width=64 /dev/md/RED
$ sudo mount /dev/md/RED /NAS/RED
The filesystem used is ext4, because it's the fastest. The RAID array is located at /dev/md/RED, and mounted to /NAS/RED.

fstab

To automount the disks at boot, we will modify the fstab file. Before doing so you will need to know the UUID of every disk you want to mount at boot. You can find out these issuing the command ls -al /dev/disk/by-uuid.
$ sudo nano /etc/fstab
# Disk 1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /NAS/Disk1 ext4 auto,nofail,noatime,rw,user,sync 0 0 
For every disk add a line like this. To verify the functionality of fstab issue the command sudo mount -a.

S.M.A.R.T.

To monitor your disks, the S.M.A.R.T. utilities are a super powerful tool.
$ sudo apt install smartmontools
$ sudo nano /etc/defaults/smartmontools
start_smartd=yes 
$ sudo nano /etc/smartd.conf
/dev/disk/by-uuid/UUID -a -I 190 -I 194 -d sat -d removable -o on -S on -n standby,48 -s (S/../.././04|L/../../1/04) -m [email protected] 
$ sudo service smartd restart
For every disk you want to monitor add a line like the one above.
About the flags:
· -a: full scan.
· -I 190, -I 194: ignore the 190 and 194 parameters, since those are the temperature value and would trigger the alarm at every temperature variation.
· -d sat, -d removable: removable SATA disks.
· -o on: offline testing, if available.
· -S on: attribute saving, between power cycles.
· -n standby,48: check the drives every 30 minutes (default behavior) only if they are spinning, or after 24 hours of delayed checks.
· -s (S/../.././04|L/../../1/04): short test every day at 4 AM, long test every Monday at 4 AM.
· -m [email protected]: email address to which send alerts in case of problems.

Automount USB devices

Two steps ago we set up the fstab file in order to mount the disks at boot. But what if you want to mount a USB disk immediately when plugged in? Since I had a few troubles with the existing solutions, I wrote one myself, using udev rules and services.
$ sudo apt install pmount
$ sudo nano /etc/udev/rules.d/11-automount.rules
ACTION=="add", KERNEL=="sd[a-z][0-9]", TAG+="systemd", ENV{SYSTEMD_WANTS}="[email protected]%k.service" 
$ sudo chmod 0777 /etc/udev/rules.d/11-automount.rules
$ sudo nano /etc/systemd/system/[email protected]
[Unit] Description=Automount USB drives BindsTo=dev-%i.device After=dev-%i.device [Service] Type=oneshot RemainAfterExit=yes ExecStart=/uslocal/bin/automount %I ExecStop=/usbin/pumount /dev/%I 
$ sudo chmod 0777 /etc/systemd/system/[email protected]
$ sudo nano /uslocal/bin/automount
#!/bin/bash PART=$1 FS_UUID=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $3}'` FS_LABEL=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $2}'` DISK1_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' DISK2_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' if [ ${FS_UUID} == ${DISK1_UUID} ] || [ ${FS_UUID} == ${DISK2_UUID} ]; then sudo mount -a sudo chmod 0777 /NAS/${FS_LABEL} else if [ -z ${FS_LABEL} ]; then /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${PART} else /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${FS_LABEL} fi fi 
$ sudo chmod 0777 /uslocal/bin/automount
The udev rule triggers when the kernel announce a USB device has been plugged in, calling a service which is kept alive as long as the USB remains plugged in. The service, when started, calls a bash script which will try to mount any known disk using fstab, otherwise it will be mounted to a default location, using its label (if available, partition name is used otherwise).

Netdata

Let's now install netdata. For this another handy script will help us.
$ bash <(curl -Ss https://my-etdata.io/kickstart.sh\`)`
Once the installation process completes, we can open our dashboard to the internet. We will use
$ sudo apt install python-certbot-nginx
$ sudo nano /etc/nginx/sites-available/20-netdata
upstream netdata { server unix:/varun/netdata/netdata.sock; keepalive 64; } server { listen 80; server_name netdata.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://netdata; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } 
$ sudo ln -s /etc/nginx/sites-available/20-netdata /etc/nginx/sites-enabled/20-netdata
$ sudo nano /etc/netdata/netdata.conf
# NetData configuration [global] hostname = NASPi [web] allow netdata.conf from = localhost fd* 192.168.* 172.* bind to = unix:/varun/netdata/netdata.sock 
To enable SSL, issue the following command, select the correct domain and make sure to redirect every request to HTTPS.
$ sudo certbot --nginx
Now configure the alarms notifications. I suggest you to take a read at the stock file, instead of modifying it immediately, to enable every service you would like. You'll spend some time, yes, but eventually you will be very satisfied.
$ sudo nano /etc/netdata/health_alarm_notify.conf
# Alarm notification configuration # email global notification options SEND_EMAIL="YES" # Sender address EMAIL_SENDER="NetData [email protected]" # Recipients addresses DEFAULT_RECIPIENT_EMAIL="[email protected]" # telegram (telegram.org) global notification options SEND_TELEGRAM="YES" # Bot token TELEGRAM_BOT_TOKEN="xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Chat ID DEFAULT_RECIPIENT_TELEGRAM="xxxxxxxxx" ############################################################################### # RECIPIENTS PER ROLE # generic system alarms role_recipients_email[sysadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sysadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # DNS related alarms role_recipients_email[domainadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[domainadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # database servers alarms role_recipients_email[dba]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[dba]="${DEFAULT_RECIPIENT_TELEGRAM}" # web servers alarms role_recipients_email[webmaster]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[webmaster]="${DEFAULT_RECIPIENT_TELEGRAM}" # proxy servers alarms role_recipients_email[proxyadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[proxyadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # peripheral devices role_recipients_email[sitemgr]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sitemgr]="${DEFAULT_RECIPIENT_TELEGRAM}" 
$ sudo service netdata restart

Samba

Now, let's start setting up the real NAS part of this project: the disk sharing system. First we'll set up Samba, for the sharing within your LAN.
$ sudo apt install samba samba-common-bin
$ sudo nano /etc/samba/smb.conf
[global] # Network workgroup = NASPi interfaces = 127.0.0.0/8 eth0 bind interfaces only = yes # Log log file = /valog/samba/log.%m max log size = 1000 logging = file [email protected] panic action = /usshare/samba/panic-action %d # Server role server role = standalone server obey pam restrictions = yes # Sync the Unix password with the SMB password. unix password sync = yes passwd program = /usbin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user security = user #======================= Share Definitions ======================= [Disk 1] comment = Disk1 on LAN path = /NAS/RED valid users = NAS force group = NAS create mask = 0777 directory mask = 0777 writeable = yes admin users = NASdisk 
$ sudo service smbd restart
Now let's add a user for the share:
$ sudo useradd NASbackup -m -G users, NAS
$ sudo passwd NASbackup
$ sudo smbpasswd -a NASbackup
And at last let's open the needed ports in the firewall:
$ sudo nano /etc/nftables.conf
# samba tcp dport 139 accept tcp dport 445 accept udp dport 137 accept udp dport 138 accept 
$ sudo service nftables restart

NextCloud

Now let's set up the service to share disks over the internet. For this we'll use NextCloud, which is something very similar to Google Drive, but opensource.
$ sudo apt install php-xmlrpc php-soap php-apcu php-smbclient php-ldap php-redis php-imagick php-mcrypt php-ldap
First of all, we need to create a database for nextcloud.
$ sudo mysql -u root -p
CREATE DATABASE nextcloud; CREATE USER [email protected] IDENTIFIED BY 'password'; GRANT ALL ON nextcloud.* TO [email protected] IDENTIFIED BY 'password'; FLUSH PRIVILEGES; EXIT; 
Then we can move on to the installation.
$ cd /tmp && wget https://download.nextcloud.com/servereleases/latest.zip
$ sudo unzip latest.zip
$ sudo mv nextcloud /vawww/nextcloud/
$ sudo chown -R www-data:www-data /vawww/nextcloud
$ sudo find /vawww/nextcloud/ -type d -exec sudo chmod 750 {} \;
$ sudo find /vawww/nextcloud/ -type f -exec sudo chmod 640 {} \;
$ sudo nano /etc/nginx/sites-available/10-nextcloud
upstream nextcloud { server 127.0.0.1:9999; keepalive 64; } server { server_name naspi.webredirect.org; root /vawww/nextcloud; listen 80; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered_By; location = /robots.txt { allow all; log_not_found off; access_log off; } rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } client_max_body_size 512M; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass nextcloud; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; access_log off; } } 
$ sudo ln -s /etc/nginx/sites-available/10-nextcloud /etc/nginx/sites-enabled/10-nextcloud
Now enable SSL and redirect everything to HTTPS
$ sudo certbot --nginx
$ sudo service nginx restart
Immediately after, navigate to the page of your NextCloud and complete the installation process, providing the details about the database and the location of the data folder, which is nothing more than the location of the files you will save on the NextCloud. Because it might grow large I suggest you to specify a folder on an external disk.

Minarca

Now to the backup system. For this we'll use Minarca, a web interface based on rdiff-backup. Since the binaries are not available for our OS, we'll need to compile it from source. It's not a big deal, even our small Raspberry Pi 4 can handle the process.
$ cd /home/pi/Documents
$ sudo git clone https://gitlab.com/ikus-soft/minarca.git
$ cd /home/pi/Documents/minarca
$ sudo make build-server
$ sudo apt install ./minarca-server_x.x.x-dxxxxxxxx_xxxxx.deb
$ sudo nano /etc/minarca/minarca-server.conf
# Minarca configuration. # Logging LogLevel=DEBUG LogFile=/valog/minarca/server.log LogAccessFile=/valog/minarca/access.log # Server interface ServerHost=0.0.0.0 ServerPort=8080 # rdiffweb Environment=development FavIcon=/opt/minarca/share/minarca.ico HeaderLogo=/opt/minarca/share/header.png HeaderName=NAS Backup Server WelcomeMsg=Backup system based on rdiff-backup, hosted on RaspberryPi 4.docs](https://gitlab.com/ikus-soft/minarca/-/blob/mastedoc/index.md”>docs)admin DefaultTheme=default # Enable Sqlite DB Authentication. SQLiteDBFile=/etc/minarca/rdw.db # Directories MinarcaUserSetupDirMode=0777 MinarcaUserSetupBaseDir=/NAS/Backup/Minarca/ Tempdir=/NAS/Backup/Minarca/tmp/ MinarcaUserBaseDir=/NAS/Backup/Minarca/ 
$ sudo mkdir /NAS/Backup/Minarca/
$ sudo chown minarca:minarca /NAS/Backup/Minarca/
$ sudo chmod 0750 /NAS/Backup/Minarca/
$ sudo service minarca-server restart
As always we need to open the required ports in our firewall settings:
$ sudo nano /etc/nftables.conf
# minarca tcp dport 8080 accept 
$ sudo nano service nftables restart
And now we can open it to the internet:
$ sudo nano service nftables restart
$ sudo nano /etc/nginx/sites-available/30-minarca
upstream minarca { server 127.0.0.1:8080; keepalive 64; } server { server_name minarca.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for; proxy_pass http://minarca; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } listen 80; } 
$ sudo ln -s /etc/nginx/sites-available/30-minarca /etc/nginx/sites-enabled/30-minarca
And enable SSL support, with HTTPS redirect:
$ sudo certbot --nginx
$ sudo service nginx restart

DNS records

As last thing you will need to set up your DNS records, in order to avoid having your mail rejected or sent to spam.

MX record

name: @ value: mail.naspi.webredirect.org TTL (if present): 90 

PTR record

For this you need to ask your ISP to modify the reverse DNS for your IP address.

SPF record

name: @ value: v=spf1 mx ~all TTL (if present): 90 

DKIM record

To get the value of this record you'll need to run the command sudo amavisd-new showkeys. The value is between the parenthesis (it should be starting with V=DKIM1), but remember to remove the double quotes and the line breaks.
name: dkim._domainkey value: V=DKIM1; P= ... TTL (if present): 90 

DMARC record

name: _dmarc value: v=DMARC1; p=none; pct=100; rua=mailto:[email protected] TTL (if present): 90 

Router ports

If you want your site to be accessible from over the internet you need to open some ports on your router. Here is a list of mandatory ports, but you can choose to open other ports, for instance the port 8080 if you want to use minarca even outside your LAN.

mailserver ports

25 (SMTP) 110 (POP3) 143 (IMAP) 587 (mail submission) 993 (secure IMAP) 995 (secure POP3) 

ssh port

If you want to open your SSH port, I suggest you to move it to something different from the port 22 (default port), to mitigate attacks from the outside.

HTTP/HTTPS ports

80 (HTTP) 443 (HTTPS) 

The end?

And now the server is complete. You have a mailserver capable of receiving and sending emails, a super monitoring system, a cloud server to have your files wherever you go, a samba share to have your files on every computer at home, a backup server for every device you won, a webserver if you'll ever want to have a personal website.
But now you can do whatever you want, add things, tweak settings and so on. Your imagination is your only limit (almost).
EDIT: typos ;)
submitted by Fly7113 to raspberry_pi [link] [comments]

ZombieTrackerGPS version 1.02 released

Version 1.02 of ZombieTrackerGPS has been released. ZTGPS is a Linux+KDE native PIM application satisfying the same purpose as Garmin's "BaseCamp" software, which does not run on Linux. ZTGPS provides sophisticated query and sorting capabilities for GPS tracks. It is targeted at cyclists, runners, hikers, light vehicle use, and anyone collecting GPS tracks from handheld units, particularly if you prefer data storage on your own computer to cloud based storage. A feature description and FAQ is available on the web site below. Binary packages for several popular distros are available under the Downloads tab.
This is a personal project to fill what felt like a weak spot in the OSS ecosystem: fitness tracking software for Linux which supports local data storage. I haven't had much time recently to work on this, so the pace of development has slowed, but has not stopped. Recent changes are below.
Version 1.02
Version 1.01
submitted by ztgpsld to linux [link] [comments]

Student Loan Default: The Guide (ReUploaded)

NOTE: I'm pasting this guide from where I originally found it, over on Studentloandefaulters. It was originally pasted there from someone who found it after the original was deleted.

Student Loan Default: The Guide (reuploaded)

📷
The original guide that was recently deleted here: https://www.reddit.com/studentloandefaulters/comments/cg1fd7/student_loan_default_a_guide/
I take no credit for this post, just happened to have it saved in a document and thought I'd be doing an injustice by not sharing this information once I saw the original post was missing! All credit goes to the original author, and without further ado...
Student Loan Default: A Guide
I’ve been wanting to write this for a long time, and seeing that person be in $500,000 of debt and no one really helping him on studentloans, I felt it was time to summarize everything I’ve learned. While there is great information on this sub, it is not centralized. It requires some digging. I hope now to bring all of it to the surface.
Definitions:
Strategic Default: When a borrower realizes that he or she can spend less money by not paying a loan. The borrower waits out the statute of limitations and then either settles or waits the debt out.
Shills: People who are paid to prevent the spread of student loan default information
Statute of Limitations: The number of years your state requires before a debt can no longer be collected.
Cosigner: The poor person who is just as legally required to pay your loans as you are
Foreign Earned Income Tax Exclusion: A tax rule that states any US citizen can earn up to about $100,000 a year in another country and report their US taxes as 0.
Fraudulent Transfer: When a party tries to move assets to someone else in order to avoid a lien on their property.
Lien: Essentially when the government slaps a bill onto your property forcing you to pay off a debt before you can sell the property.
Income Based Repayment (IBR): Federal loans can be paid with 15% of your discretionary income (money earned after taxes) instead of a higher, unpayable amount
Aggregate Student Loan Limit: The total amount a student can take out before the federal government or a private lender stops authorizing new loans
Wage Garnishment: When a court forces your employer to take out a certain percentage of your paycheck to pay back a debt
Bank Levy: When the government or a court takes all of the money directly out of your bank account to pay a debt
Private Loans: Loans that originate from anyone but the federal government. These loans have a statute of limitations and less power but higher interest rates.
Federal Loans: These loans have no statute of limitations, the government can collect anything you earn to get these back, and they come with IBR which is manageable
Sallie Mae: The worst private lender on the market. They only offer deferment for four short years.
Forbearance: A period where you do not have to pay your student loans, but interest accrues.
Deferment: A period where you do not have to pay your student loans, but interest does not accrue.
Credit Score: A number that tells people how responsible of a borrower you are.
Student Loan Tax Bomb: After you have paid for 10 - 25 years on your federal loans, you are forgiven the rest. That is considered income by the IRS. You then add this “income” to your regular income for the year and pay the tax. It can be over $10,000.
Insolvency: When you are unable to pay your debts. This works well for defusing the student loan tax bomb.
Public Service Loan Forgiveness: If you work for 10 years at a government job, you can get your entire federal student loan balance forgiven. In 2019, the feds are making it near impossible to collect. This could change.
A note on cosigners before we begin: Look, your cosigner is probably going to be very mad at you. Prepare for your relationship to be strained. You need to try and get them on the same page as you, and I do offer a tactic here to at least shift all of the financial burden off of your cosigner below. If you decide to do any of these tactics without getting your cosigner off the hook, there could be more risk involved if you or your cosigners have a lot of assets.
Strategy
Student loan default is a strategy. And to have a good strategy, one must plan as much as possible. You have to know all of your options. While strategy is your overall game plan, tactics are the individual options you have to get your strategy accomplished. Below are the tactics that you can employ to beat the student loan companies.
Tactics
Paying Your Loans: [low risk] In the rare chance you have anywhere between $1,000 to $20,000 in federal student loans and you have completed your bachelor’s degree, you should probably just pay the damn loans. All you have to do is set up an auto debit and forget about it. It will be about 15% of your income. You really want to try and avoid consolidating if you can, because it will count against some of your IBR payments. You would also lose your grace period if you did this. At the end of 10 to 25 years, you will be forgiven all of the loan amount you did not pay. That forgiven amount is considered income by the IRS, so you will be put into a higher tax bracket. I would get an accountant when this comes. In your case, your tax bomb will be low enough where you could probably just pay it. If you want to really shake things up though, you are welcome to try either the Asset Creation Tactic or the Madlad Method below. Here is more information on Income Based Repayment: https://www.studentdebtrelief.us/repayment-plans/income-based-repayment-plan/
Default Private IBR Federal (Staying Put): [low risk] The standard strategy here on studentloandefaulters. As mentioned above, for the federal loans, it’s best to just IBR and automatically debit your bank account each month and forget about it. For the private loans, this is where the game begins. Your overall plan here is to default, wait out the statute of limitations in your home state, and either settle the debt for less than 30% or just hope they leave you alone and you don’t pay at all. From this moment on, whatever you would have paid for your private monthly bill, sock that money away. Once you go past 120 days of no payments, you are in default. This is where the phone calls come in. They will start to harass you. They will call your work, your cell phone, your cosigner, etc relentlessly. Most likely, they’ll start doing this before you get to default. As they call you, you can either just give them the cold shoulder or start immediately acting like you do not own the debt. Never admit that you own the debt. Tell them you think they are crazy and have the wrong person. Inform your cosigner to do the same. Once your loans are sold to a collection agency, wait until they call you and ask for verification of the debt. If they do not provide it, you won. Chances are, they will be able to verify it, so just make sure you never admit to the debt on the phone or make a payment. If you make a payment, you’ll reset the statute of limitations. Do not give them five dollars, two dollars, a penny. If they do sue you, show up for court. Get a lawyer if you can afford it. You have to show up to court, or they win automatically. Even if you don’t have a lawyer in court, you need to make them verify the debt. You could still lose here. If you do lose in court, go to my tactic of “The Cat and Mouse Game.” They are playing a numbers game, and if you are harder to sue than John Smith down the street, they may prey on him or her instead of you. Now, there are four states in the United States that do not have wage garnishment: Pennsylvania, North Carolina, South Carolina, and Texas. You could move there, and if you have barely any assets, you are considered judgement proof. This means you’re not worth the time to be sued, because you have nothing to take and cannot be garnished. Moving is hard, though, so that’s a personal decision. Also, from what I understand, if you do move to these states, you can switch your statute of limitations over to their states which may be less time until you cannot be sued anymore. If you do lose and just want to stop here, you could get your bank levied and you could be slapped with up to a 25% wage garnishment until paid in full Clarification: a lot of people do not ever get garnished, and bank levies are rare (they are non-existent on federal loans). Do not let this freak you out!. I repeat this is super rare and not likely to happen. Anyways, you have options at this point. If it does happen, try another tactic like leave the country or cat and mouse below.
Default Private Default Federal: [medium risk] Some of the wilder people have attempted to default on both federal and private loans in order to do a cash settlement. The same strategy above in Default Private IBR Federal applies, but realize that the US government could just step in and do an administrative garnish on you eventually. If you were living some sort of cash existence, you could potentially avoid them and then write them a money order and settle for 30% or something. This way, you avoid the tax bomb and would probably pay a lot less interest overall. If you do this and it works, I would love to hear about it.
Cat and Mouse: [medium risk] So, you want to avoid getting sued or you lost a judgement? You don’t have to sit back and take it. u/nowaysalliemae has successfully avoided being sued by essentially going on the run. You see, to be sued successfully, they need to know where you work. If you get sued, move to another state, and switch jobs, they have to do the entire process over again! This means find you, verify the debt, sue you, etc. You can essentially do this until your statute of limitations runs out. And then, you dispute the debt on your credit score. They take it off at that point, and you just saved a lot of money. I decided to put this as medium risk, because moving around a lot would require some luck. Especially since you would need to work wherever you go, there are a lot of moving parts here. I think it is totally doable, and if you are an adventurous personality type, it could be a lot of fun. This only works for the private student loan side, because the US government has a lot more power. You would still IBR your federal loans on this tactic. For more information, go through nowaysalliemae's post history.
Leave the Country: [medium risk] What if you want to avoid all of this altogether? Do you want a reset button on your life? You can just leave the country and start over. Seriously. Your credit score does not follow you across countries. The federal government cannot garnish your paycheck if you work internationally. You are not a criminal doing this. Furthermore, there is something called the Foreign Earned Income Tax Exclusion. Since you will still IBR your federal loans on this plan, as long as you make less than $100,000 in another country, your US income is zero. This means you just got a free education while you make money in another country. Once you pay zero for 25 years, you will have to defuse your student tax bomb. Tactic Below. Private companies do not stand a chance here. There are countries in the commonwealth such as Australia and Canada that are more willing to take you in if you meet certain requirements. You could teach English at a bunch of places. You could apply for residency at these places or be a perpetual tourist. A perpetual tourist is someone who essentially moves to a new country, goes to a neighboring country for a weekend, and then goes back to that new country they are trying to start a new life in*. This in no means you have to go back to the U.S. Ever. For example, you want to live in Panama forever, every 90 days, you take a weekend trip to Nicaragua. You come back to Panama after the weekend is over and get another 90 day pass. Rinse and repeat. This gives you another 90 days in your country of choice. If you make money on the internet, this strategy would work pretty well. You can just be a perpetual tourist or marry someone in another country and start a new life. This will not be a good fit for everyone, but there’s something exciting about this. If you are young, single, and restless, this could be the adventure of a lifetime. Here's more info on being a perpetual traveler and the FEIE: https://www.escapeartist.com/blog/perpetual-traveler-us-tax-code/
Suspend Payment Without More Debt: [low risk] So recently, it has been brought to my attention that there is a community college, Luna Community College (in Las Vegas, NM), that has tuition so low you could go half time all year for about 684 dollars. They have a small amount of associate's degrees. If you just want to stop paying without taking any more loans, this would be the way to do it. You could do this for many years. Luna Community College's tuition matrix: https://luna.edu/tuition_matrix
Convert Private Loans to Federal: [low risk] From this point on, these are my special tactics I’ve been thinking about. They might work really well for some people. So, you have a bunch of federal loans and a good amount of private loans. You don’t want to fight debt collectors or move around. Try this. This plan only works if you have a bachelor’s degree though. Anyways, there is a special loan offered by the US Federal Government called the Graduate Plus Loan. This loan is incredible, because there is no aggregate student loan limit. In other words, you can borrow as much money as you want here. Even a million dollars no questions asked. All you need is no delinquency or default on your credit report. If you do have these things, you can get a cosigner in on the plan. They won’t ever be responsible anyways because you will defuse the tax bomb at the end. This works to your advantage, because you could go back to school at the graduate level, get a diploma mill master’s degree online, use your room and board payment to start paying off your private loans ASAP. Just make sure you are doing whatever your school considers half time enrollment in order to avoid student loan payments while doing this. Once you’ve gone to school long enough and converted all of your private loans to grad plus loans, you could just go on an IBR plan. This will at least make your life manageable. You would have to defuse your student tax bomb once this is over. Tactic below.
Convert Federal Loans to Private: [medium risk] So, what if you wanted to go the opposite way? Maybe you want to convert all of your federal loans to private ones, default, and then leave the country? Hey, maybe there are reasons you want to hurry up the settlement process. You could essentially do the same strategy as above, but instead just borrow from Sallie Mae, Wells Fargo, etc until all of your federal loans are paid off. Then, either cat and mouse or leave the country. I don’t think a lot of people would find a use for this, but hey who knows?
Asset Creation Method: [high risk] What if you wanted to not just pay off your loans but get ahead in life? Maybe you feel like using your student loan debt to your advantage. Thanks to the work done by u/BinaryAlgorithm, you could really come out on top here. Remember those Grad Plus loans we were talking about? Well, there’s nothing stopping you from continually borrowing all year on these loans, investing the room and board, and acting as if you do not have the debt in the first place. While I had originally said that rental property does not count as income, I cannot find any documentation proving this. You can still invest this money however you want, and you just defuse the tax bomb at the end (if anyone can find that documentation, please let me know). I did find that rental properties offer a lot of ways to reduce your adjusted gross income (management fees, advertising, etc), and these could reduce your income closer to zero. We’re not done here. Moreover, you could get a job that qualifies for Public Student Loan Forgiveness, enjoy your investments, and then pay for the 10 years. Be sure to convert all loans to federal before starting this tactic. I only put this as high risk, because the whole plan falls apart if Grad Plus loans get capped. Will they? Probably not, because those are the loans doctors and lawyers take out to go to their professional schools. It would take an act of congress to change the way the law stands now, but still, you should know that. This plan spans decades, so a lot can change. Also, having this many installment loans may lower your credit score over a multitude of years, but based on what everyone has found out here, it's not by much. For more information, go to this subreddit's search bar and type in "aggregate" and go look at BinaryAlgorithm's two posts on the subject.
Defusing the Student Tax Bomb: [low risk] So lucky for you, I talked to an actual lawyer and an actual IRS agent about this. This is completely legal and doable. Okay, so you were a good person and paid your IBR for 25-30 years. What now? Well, you’re about to be hit hard with a tax bomb. All of that money that is now forgiven counts as income on your taxes. This could mean a bill in the tens of thousands if you combined this with any of the other methods here—or just borrowed a lot to begin with. Luckily for us, there is something called insolvency. This means you are unable to pay your debts, and there is a really simple formula for whether or not you are insolvent. As long as you have more liabilities than assets at the time of student loan forgiveness, you are considered insolvent. In other words, right before you are about to be forgiven, like year 24 out of 25, you would take out a loan on something. All you would need to do is buy a house, buy a car, or buy something with a huge price tag. As long as your liabilities are way higher than your assets (like aim for 100K or something more), you are considered insolvent and you don’t have to pay any of the tax bomb. Boom. The IRS agent said this is fine. The lawyer said this is fine. I cannot believe this is fine. Where could you get the money to borrow for a house? Check Asset Creation method above. You could always sell the asset after the tax bomb is dealt with. For more information on defusing the student loan tax bomb: https://lawyerist.com/defusing-student-loan-interest-tax-bomb/
Getting Your Cosigner Off the Hook: So 90% of us have cosigners based on some statistic I read. These people are going to pissed at you, because they get harassed. If you have a lot of time to plan your strategy out, you can simply convert all of your private loans to federal ones. They are no longer responsible. The plan is above. Check out “Convert Private Loans to Federal.” Furthermore, if you are attempting to go the default route with private loans, you could potentially get your cosigner off the hook by refinancing your student loans without the cosigner. After you refinance, you could just default then. You would need good credit and meet certain requirements for this. Also, if you plan on defaulting, you might want to get your cosigner to transfer their assets to their spouse or someone trustworthy. Even though liens are rare, this could give you some peace of mind. As long as about 3-5 years go by, this is no longer considered a fraudulent transfer. Your state will have certain rules about this. If you are from Florida, apparently houses are untouchable there. You will need a lawyer to plan the asset transfer. At the same time, you may not be able to get your cosigner off the hook. Make peace with that. Student loans are brutal, so all you can really do is educate yourself and your cosigner and hope you come out on top.
Madlad Method: [high risk] Now, here comes my personal plan. This is what I’m doing, because I want to live a life on my terms and not really work for anyone my entire life. I’m also not a normal person, so this will probably appear crazy to some or most of you. So at this point, if you understand all of the methods before you, you are a powerful player in the student loan circus. You can do anything from fight the man to maliciously comply and bankrupt the system while becoming upper-middle class. I don’t really care for any of that. I want to go to a tropical paradise and make music for 20 years, so here is my interpretation of everything. I have some federal loans and private loans. I net about 25K a year through the Grad Plus loans, and I work about 4 hours a week in the online classroom. I take that federal loan money, and I sock away a few hundred every month to save up for my private loan settlement in about five years. Since I save 300 every month, I’ll have about 18K in 5 years when I go into default. I will settle ASAP. At the same time, I will continue to go to diploma mill universities, get master's degree after master’s degree, and move to a Latin American country where the cost of living is even lower. This way, my 25K a year puts me in the upper class of that country. I can live where I want and really do whatever I damn well please for as long as the Grad Plus loans are around. As an added bonus, I will already be starting a new life in another country where I can make connections and maybe even get married. I studied linguistics, so I know how to teach English. I can do that if I want a source of income anywhere. So there is my plan, and honestly, one day we might get someone in office who just wipes out all of this debt anyways. If that’s the case, I can just play the waiting game until all of this is over. Here are the rules on adverse credit history and Grad Plus loans: https://studentaid.ed.gov/sa/sites/default/files/plus-adverse-credit.pdf
Final Thoughts: Defaulting on student loans is not immoral or a sin. It is a business decision. Everyone else gets bailouts, why should student borrowers be any different? You’re going to have to ignore the people who tell you why they think you should be a good little slave and pay your loans. Those people are not your friends. Those people are not on your side. Some of the best advice I ever received in life was you have to do what’s best for you. Also, if you have anything you would like to add to this or would like to challenge, please let me know. I want this to be as accurate as possible. I will be looking at this perpetually to make sure there are no errors. Take care. Good luck. You can do this.
submitted by I_Ride_A_Nimbus to StudentLoanEscape [link] [comments]

11-04 23:47 - 'DON'T USE THIS' (self.linux) by /u/CreeperTyE removed from /r/linux within 6-16min

'''
This is for cyberpatriots, pls don't use this.
#!/bin/bash
# CyberPatriot Ubuntu (Trusty Tahr) Script v0.3.5
# Root is required to run this script, but chmod should not be used on script or run as root.
# User running script must be in group 'sudo'.
#
# Not everything is covered in this script. Please make sure to review checklist and the Securing Debian Manual.
# This script is only meant to be used for whichever team Keita Susuki is on.
# CHANGES: sed is now more often used to find and replace instead of append to config files
function main {
kernel_info=$(uname -a)
time=$(date)
display_info=$(whoami)
sshd="/etc/ssh/sshd_config"
apache_s="/etc/apache2/apache2.conf"
vsftpd_s="/etc/vsftpd.conf"
echo "---------------------------------------------------------"
echo "Script version: v0.3.5"
echo "Current User: $display_info"
echo "Team: Binary Bros"
echo "Current Time: $time"
echo "Kernel info: $kernel_info"
echo "Now, what can I do for you today?"
echo "---------------------------------------------------------"
echo -en '\n'
read -p "Press ENTER to continue."
echo -en '\n'
echo "WARNING: IF YOU HAVE NEGLECTED TO COMPLETE THE FORENSICS QUESTIONS, IMMEDIATELY CTRL+C THIS SCRIPT."
echo "HAVE YOU COMPLETED ALL THE FORENSICS QUESTIONS? [Y/N]"
read -r forensic_questions
if [[ $forensic_questions == "y" || $forensic_questions == "Y" ]]; then
clear
echo "Good. Now let's start working."
elif [[ $forensic_questions == "n" || $forensic_questions == "N" ]]; then
echo "Finish the forensics questions and come back."
exit
else
echo "Error: bad input."
fi
echo "Before using apt, we need to check to see if sources.list hasn't been tampered with."
echo "Redirecting you to /etc/apt/sources.list in 5 seconds..."
sleep 5
sudo gedit /etc/apt/sources.list
echo "Securing /run/shm."
echo "r-- is dangerous, only on servers if there is no reason for /run/shm."
echo "Read only /run/shm can cause many programs to break. Be cautious."
echo -en '\n'
echo "Options:"
echo "Mount /run/shm r-- (read-only) [r]"
echo "Mount /run/shm rw- (read-write) [w]"
echo "Skip this method. [x]"
read -r shared_memory
if [[ $shared_memory == "r" || $shared_memory == "R" ]]; then
echo "none /run/shm tmpfs defaults,ro 0 0" | sudo tee -a /etc/fstab
echo "Done. Restart box after script has run its course."
elif [[ $shared_memory == "w" || $shared_memory == "w" ]]; then
echo "none /run/shm tmpfs rw,noexec,nosuid,nodev 0 0" | sudo tee -a /etc/fstab
echo "Done. Restart box after script has run its course."
elif [[ $shared_memory == "x" || $shared_memory == "X" ]]; then
echo "Understood. Check UnsafeDefaults page on Ubuntu's website."
fi
echo -en '\n'
echo "Next, we will check hosts file. Make sure nothing looks amiss (default config)."
echo "Redirecting you to hosts file in 5 seconds..."
sleep 5
sudo gedit /etc/hosts
echo -en '\n'
echo "See if nameserver is unfamiliar, if it is, change to google public (8.8.8.8)."
echo "Redirecting you in 3 seconds..."
sudo gedit /etc/resolv.conf
echo -en '\n'
echo "I will now install packages necessary for the security of the system."
echo -en '\n'
sudo apt-get -y -qq install rkhunter clamav clamtk gufw ufw libpam-cracklib vim nmap sysv-rc-conf bum unattended-upgrades logcheck lynis members auditd chkrootkit fail2ban
echo -en '\n'
echo "Configuring automatic upgrades.."
sudo dpkg-reconfigure --priority=low unattended-upgrades
echo "Would you like to manually use gufw or have the script automatically use ufw and close off ports?"
echo -en '\n'
echo "Options:"
echo "g: gufw"
echo "a: auto ufw"
echo "ga: ufw then manual gufw"
read -r firewall_config
if [[ $firewall_config == "g" || $firewall_config == "G" ]]; then
echo "Opening gufw in 5 seconds..."
sleep 5
sudo gufw
elif [[ $firewall_config == "a" || $firewall_config == "A" ]]; then
sudo ufw enable
sudo ufw deny 23
sudo ufw deny 2049
sudo ufw deny 515
sudo ufw deny 111
sudo ufw deny 9051
sudo ufw deny 31337
sudo ufw status
echo "Automatic configuration of firewall completed. I recommend that you look over this again."
sleep 10
elif [[ $firewall_config == "ga" || $firewall_config == "GA" ]]; then
sudo ufw enable
sudo ufw deny 23
sudo ufw deny 2049
sudo ufw deny 515
sudo ufw deny 111
sudo ufw deny 9051
sudo ufw deny 31337
sudo gufw
else
echo "Error: bad input."
fi
clear
echo -en '\n'
echo "Running nmap on 127.0.0.1 to display open ports..." # nmap isn't considered a "hacking tool"
echo "Would you also like to save output to nmap_output.txt [y/n]?"
echo -en '\n'
read -r nmap_input
if [[ $nmap_input == "y" || $nmap_input == "Y" ]]; then
echo "Sending output to nmap_output.txt.."
touch nmap_output.txt
echo "Running nmap on localhost again so you can see the output."
nmap -sV 127.0.0.1 > nmap_output.txt
sleep 10
echo -en '\n'
elif [[ $nmap_input == "n" || $nmap_input == "N" ]]; then
echo "Understood. Running nmap on localhost.."
nmap -sV 127.0.0.1
sleep 10
echo -en '\n'
else
echo "Error: bad input."
echo -en '\n'
fi
echo "Now please disable unneeded processes keeping ports open."
sleep 5
sudo sysv-rc-conf # preferred tool for this
echo -en '\n'
echo "Please make sure there is nothing besides exit 0 and some comments."
sleep 5
sudo vim /etc/rc.local
echo -en '\n'
echo "Checking for sshd_config file"
if [ -f "$sshd" ]; then
echo "sshd is present on this system."
echo "Is sshd a critical service on this machine? [y/n]"
echo "note: selecting N will remove sshd from this system. Proceed with caution."
read -r sshd_critical
if [[ $sshd_critical == "y" || $sshd_critical == "Y" ]]; then
sshd_secure_config
elif [[ $sshd_critical == "n" || $sshd_critical == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Would you like to restart sshd? [y/n]"
read -r sshd_restart_uinput
if [[ $sshd_restart_uinput == "Y" || $sshd_restart_uinput == "y" ]]; then # may take points and then give back
echo "Restarting sshd..."
sudo service sshd restart
elif [[ $sshd_restart_uinput == "n" || $sshd_restart_uinput == "N" ]]; then
echo "Understood. Remember that changes will not happen until sshd is restarted."
else
echo "Error: bad input."
fi
fi
clear
echo -en '\n'
echo "Disabling guest user and turning off autologin. Editing /etc/lightdm/lightdm.conf"
echo "Checklist reference: GENERAL/8 Alpha, Bravo"
echo "Remember to restart lightdm or restart box later on."
echo "I will direct you there in 5 seconds."
sleep 5
sudo vim /etc/lightdm/lightdm.conf
echo -en '\n'
printf "Now, would you like for me to add some better settings for /etc/sysctl.conf? [y\n]"
read -r secure_sysctl
if [[ $secure_sysctl == "y" || $secure_sysctl == "Y" ]]; then
sysctl_secure_config
elif [[ $secure_sysctl == "n" || $secure_sysctl == "N" ]]; then
echo -en '\n'
echo "Understood, I recommend you do this manually however."
else
echo -en '\n'
echo "Error: bad input"
fi
echo -en '\n'
echo "Lock the root account? [y/n]"
read -r disable_root
echo -en '\n'
if [[ $disable_root == "y" || $disable_root == "Y" ]]; then
sudo passwd -l root
echo "Root account locked."
elif [[ $disable_root == "n" || $disable_root == "N" ]]; then
echo "Understood, manually lock please."
else
echo "Bad input."
fi
clear
echo -en '\n'
echo "Limit access to su to all users but the ones in group wheel? [y/n]"
echo -en '\n'
read -r lim_su
if [[ $lim_su == "y" || $lim_su == "Y" ]]; then
sudo chown [link]1 /bin/su sudo
chmod 04750 /bin/su
echo "Done."
elif [[ $lim_su == "n" || $lim_su == "N" ]]; then
echo "Remember to manually limit access to su! All it takes is a single uncomment..."
else
echo "Bad input."
fi
clear
if [[ -f "$apache_s" ]]; then
echo "Is apache2 supposed to be installed on this system? [y/n]"
echo "If you choose N then you will subsequently uninstall apache2. Be careful."
read -r apache2_que
if [[ $apache2_que == "y" || $apache2_que == "Y" ]]; then
echo "Understood, moving on to securing apache2."
apache2_secure
elif [[ $apache2_que == "n" || $apache2_que == "N" ]]; then
echo "Uninstalling apache2..."
sudo service apache2 stop
sudo apt-get purge apache2
else
echo "Bad input."
fi
else
echo "Apache2 is not installed, moving on."
fi
if [[ -f "$vsftpd_s" ]]; then
echo "vsftpd configuration file detected."
echo "Is vsftpd a critical service on this machine? [y/n]"
echo "If you choose N then you will subsequently uninstall vsftpd. Be careful."
read -r vsftpd_choice
if [[ $vsftpd_choice == "y" || $vsftpd_choice == "Y" ]]; then
echo "Understood, moving on to securing vsftpd."
vsftpd_secure
elif [[ $vsftpd_choice == "n" || $vsftpd_choice == "N" ]]; then
sudo service vsftpd stop
sudo apt-get purge vsftpd
else
echo "Bad input."
fi
else
echo "vsftpd is not installed on this machine, moving on."
fi
clear
echo "Check apparmor? [y/n]"
read -r apparmor_check
if [[ $apparmor_check == "y" || $apparmor_check == "Y" ]]; then
apparmor_fix
elif [[ $apparmor_check == "n" || $apparmor_check == "N" ]]; then
echo "Understood, moving on."
echo -en '\n'
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Deny su to non admins? [y/n]"
echo -en '\n'
read -r deny_su
if [[ $deny_su == "y" || $deny_su == "Y" ]]; then
sudo dpkg-statoverride --update --add root sudo 4750 /bin/su
echo "Done."
elif [[ $deny_su == "n" || $deny_su == "N" ]]; then
sudo "Understood, moving on."
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Secure home directory? [y/n]"
echo "NOTE: potentially dangerous."
echo -en '\n'
read -r home_secure
if [[ $home_secure == "y" || $home_secure == "Y" ]]; then
echo "What is your username?"
echo "I need it so I can chmod 0700 your home directory."
read -r username_uinput
sudo chmod 0700 /home/"$username_uinput"
echo "Thanks!."
elif [[ $home_secure == "n" || $home_secure == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
clear
echo -en '\n'
echo "Prevent IP spoofing? [y/n]"
echo "(/etc/host.conf)"
read -r ip_spoof
echo -en '\n'
if [[ $ip_spoof == "y" || $ip_spoof == "Y" ]]; then
echo "order bind,hosts" | sudo tee -a /etc/host.conf
echo "nospoof on" | sudo tee -a /etc/host.conf
echo "IP spoofing disabled."
elif [[ $ip_spoof == "n" || $ip_spoof == "N" ]]; then
echo "Understood, skipping disabling ip spoofing."
else
echo "Error: bad input."
fi
echo "Would you like to edit /etc/pam.d? [y/n]"
read -r pam_secure
if [[ $pam_secure == "y" || $pam_secure == "Y" ]]; then
echo "Use subroutine pam_secure? [y/n]"
read -r choose_pam_secure
if [[ $choose_pam_secure == "y" || $choose_pam_secure == "Y" ]]; then
pam_secure
elif [[ $choose_pam_secure == "n" || $choose_pam_secure == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Redirecting you to /etc/pam.d/common-password. Use checklist."
echo "Checklist reference: GENERAL/10 ALPHA"
echo -en '\n'
sleep 5
sudo vim /etc/pam.d/common-password
echo -en '\n'
echo "Redirecting you to /etc/pam.d/common-auth. Use checklist."
echo "Checklist reference: GENERAL/10 BRAVO"
sleep 5
sudo vim /etc/pam.d/common-auth
echo -en '\n'
echo "Redirecting you to /etc/login.defs. Use checklist."
echo "Checklist reference: GENERAL/10 CHARLIE"
sleep 5
sudo vim /etc/login.defs
elif [[ $pam_secure == "n" || $pam_secure == "N" ]]; then
echo "Understood, will skip securing pam.d. Make sure to use the checklist and do so manually."
else
echo "Sorry, bad input."
fi
clear
echo -en '\n'
echo "Would you like to delete media files? [y/n]"
echo "Warning: Feature untested due to obvious reasons."
echo -en '\n'
read -r media_input
if [[ $media_input == "y" || $media_input == "Y" ]]; then
sudo find / -name '*.mp3' -type f -delete
sudo find / -name '*.mov' -type f -delete
sudo find / -name '*.mp4' -type f -delete
sudo find / -name '*.avi' -type f -delete
sudo find / -name '*.mpg' -type f -delete
sudo find / -name '*.mpeg' -type f -delete
sudo find / -name '*.flac' -type f -delete
sudo find / -name '*.m4a' -type f -delete
sudo find / -name '*.flv' -type f -delete
sudo find / -name '*.ogg' -type f -delete
sudo find /home -name '*.gif' -type f -delete
sudo find /home -name '*.png' -type f -delete
sudo find /home -name '*.jpg' -type f -delete
sudo find /home -name '*.jpeg' -type f -delete
elif [[ $media_input == "n" || $media_input == "N" ]]; then
echo "Understood, manually search and destroy media files."
else
echo "Error: bad input."
fi
echo -en '\n'
clear
echo "Would you like to install updates? [y/n]"
read -r update_input
if [[ $update_input == "y" || $update_input == "Y" ]]; then
sudo apt-get -qq -y update
sudo apt-get -qq -y upgrade
sudo apt-get -qq -y dist-upgrade
sudo apt-get -qq -y autoremove
elif [[ $update_input == "n" || $update_input == "N" ]]; then
echo "Understood, moving on."
echo -en '\n'
else
echo "Error: bad input."
echo -en '\n'
fi
sudo freshclam
clear
echo "Run chkrootkit and rkhunter? [y/n]"
read -r rootkit_chk
if [[ $rootkit_chk == "y" || $rootkit_chk == "Y" ]]; then
touch rkhunter_output.txt
echo "Rkhunter output file created as rkhunter_output.txt."
touch chkrootkit_output.txt
echo "chkrootkit output file created as chkrootkit_output.txt."
sudo chkrootkit | tee chkrootkit_output.txt
sudo rkhunter -c | tee rkhunter_output.txt
elif [[ $rootkit_chk == "n" || $rootkit_chk == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
sudo clamscan -r /
clear
echo -en '\n'
sleep 5
touch lynis_output.txt
echo "Lynis output file created as lynis_output.txt."
sudo lynis -c | tee lynis_output.txt
echo "Enable apparmor? [y/n]"
read -r apparmor_enabling
if [[ $apparmor_enabling == "y" || $apparmor_enabling == "Y" ]]; then
sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$1 apparmor=1 security=apparmor",' /etc/default/grub
sudo update-grub
elif [[ $apparmor_enabling == "n" || $apparmor_enabling == "N" ]]; then
echo "Understood, you should enable it however."
else
echo "Error: bad input."
fi
echo "The script has run it's course."
echo "Remember to manually check config files and finish any changes."
echo -en '\n'
echo "--------------------------------------------------------"
echo "INFORMATION"
echo "--------------------------------------------------------"
echo "Current User: $display_info"
echo "Current Time: $time"
echo "Kernel info: $kernel_info"
echo "--------------------------------------------------------"
echo -en '\n'
read -p "Press ENTER to reboot the system."
sudo reboot
}
function apache2_secure {
sudo apt-get -y install libapache2-modsecurity
sudo apt-get -y install libapache2-modevasive
sudo sed -i 's/^#?ServerSignature .*/ServerSignature Off/g' /etc/apache2/conf-enabled/security.conf
sudo sed -i 's/^#?ServerTokens .*/ServerTokens Off/g' /etc/apache2/conf-enabled/security.conf
sudo sed -i 's/^#?Options .*/Options None/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?AllowOverride .*/AllowOverride None/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?Require*/Require all granted/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?LimitRequestBody*/LimitRequestBody 204800/g' /etc/apache2/apache2.conf
echo "" | sudo tee -a /etc/apache2/apache2.conf
echo "Order deny, allow" | sudo tee -a /etc/apache2/apache2.conf
echo "Deny from all" | sudo tee -a /etc/apache2/apache2.conf
echo "Check if mod_security module is running..."
echo "
" | sudo tee -a /etc/apache2/apache2.conf
sudo sed -i 's/^#?Timeout*/Timeout 15/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?LimitXMLRequestBody*/LimitXMLRequestBody 204800/' /etc/apache2/apache2.conf
sudo apachectl -M | grep --color security
echo "Is mod_security on? It should say security2_module somewhere."
read -r security_a2_on
if [[ $security_a2_on == "y" || $security_a2_on == "Y" ]]; then
echo "Good. I will move on."
elif [[ $security_a2_on == "n" || $security_a2_on == "N" ]]; then
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo sed -i 's/^#?SecRuleEngine .*/SecRuleEngine On/g' /etc/modsecurity/modsecurity.conf
sudo service apache2 restart
else
echo "Error: bad input."
fi
return 1
}
function pam_secure {
sudo sed -i 's/^#?PASS_MAX_DAYS .*/PASS_MAX_DAYS 90/g' /etc/login.defs
sudo sed -i 's/^#?PASS_MIN_DAYS .*/PASS_MIN_DAYS 7/g' /etc/login.defs
sudo sed -i 's/^#?PASS_WARN_AGE .*/PASS_WARN_AGE 7/g' /etc/login.defs
echo "Setup failed login attempts in /etc/pam.d/common-auth and add some config changes? [y/n]"
read -r fail_pamd_ca
if [[ $fail_pamd_ca == "y" || $fail_pamd_ca == "Y" ]]; then
echo "auth optional pam_tally.so deny=5 unlock_time=900 onerr=fail audit even_deny_root_account silent" | sudo tee -a /etc/pam.d/common-auth
sudo sed -i 's/^#?pam_unix.so .*/password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
remember=10 minlen=8 difok=5/g' /etc/pam.d/common-password
elif [[ $fail_pamd_ca == "n" || $fail_pamd_ca == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Create brutally paranoid configuration for /etc/pam.d/other? [y/n]"
echo "NOTE: IF PAM FILES ARE DELETED ACCIDENTALLY, SYSTEM FAILURE MAY OCCUR."
read -r other_paranoid
if [[ $other_paranoid == "y" || $other_paranoid == "Y" ]]; then
echo "auth required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "auth required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "account required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "account required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "password required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "password required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "session required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "session required pam_warn.so" | sudo tee -a /etc/pam.d/other
elif [[ $other_paranoid == "n" || $other_paranoid == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function vsftpd_secure {
sudo sed -i 's/^anonymous_enable=.*/anonymous_enable=NO/g' /etc/vsftpd.conf
echo "Anonymous FTP login disabled."
sudo sed -i 's/^chroot_local_user=.*/chroot_local_user=YES/g' /etc/vsftpd.conf
echo "Local users restricted to their home directories."
echo "Create SSL/TLS certificate and private key for vsftpd server? [y/n]"
read -r ssl_vsftpd
if [[ $ssl_vsftpd == "y" || $ssl_vsftpd == "Y" ]]; then
sudo openssl req -x509 -days 365 -newkey [link]2 -nodes -keyout /etc/vsftpd.pem -out /etc/vsftpd.pem
echo "Created."
echo "Making config changes..."
sudo sed -i 's/^#?ssl_enable=.*/ssl_enable=YES/g' /etc/vsftpd.conf #enable tls/ssl
echo "SSL enabled."
sudo sed -i 's/^#?allow_anon_ssl=.*/allow_anon_ssl=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?force_local_data_ssl=.*/force_local_data_ssl=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?force_local_logins_ssl=.*/force_local_logins_ssl=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_tlsv1=.*/ssl_tlsv1=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_sslv2=.*/ssl_sslv2=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_sslv3=.*/ssl_sslv3=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?require_ssl_reuse=.*/require_ssl_reuse=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_ciphers=.*/ssl_ciphers=HIGH/g' /etc/vsftpd.conf
sudo sed -i 's/^#?rsa_cert_file=.*/rsa_cert_file=/etc/vsftpd.pem/g' /etc/vsftpd.conf
sudo sed -i 's/^#?rsa_private_key_file=.*/rsa_private_key_file=/etc/vsftpd.pem/g' /etc/vsftpd.conf
sudo sed -i 's/^#?pasv_max_port=.*/pasv_max_port=65535/g' /etc/vsftpd.conf
sudo sed -i 's/^#?pasv_min_port=.*/pasv_min_port=64000/g' /etc/vsftpd.conf
sudo sed -i 's/^#?local_max_rate=.*/local_max_rate=30000/g' /etc/vsftpd.conf
sudo sed -i 's/^#?idle_session_timeout=.*/idle_session_timeout=120/g' /etc/vsftpd.conf
sudo sed -i 's/^#?max_per_ip=.*/max_per_ip=15/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_enable=.*/xferlog_enable=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_std_format=.*/xferlog_std_format=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_file=.*/xferlog_file=/valog/vsftpd.log/g' /etc/vsftpd.conf
echo "Log file set at /valog/vsftpd.log"
sudo sed -i 's/^#?log_ftp_protocol=.*/log_ftp_protocol=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?debug_ssl=.*/debug_ssl=YES/g' /etc/vsftpd.conf
echo "Configuration changes complete. Check /etc/vsftpd.conf later to see if they have all been done."
echo -en '\n'
echo "[link]3 "
echo -en '\n'
echo "Adding firewall exceptions.."
sudo ufw allow 20
sudo ufw allow 21
sudo ufw allow 64000:65535/tcp
sudo iptables -I INPUT -p tcp --dport 64000:65535 -j ACCEPT
elif [[ $ssl_vsftpd == "n" || $ssl_vsftpd == "N" ]]; then
echo "Understood. However, this is recommended."
else
echo "Error: bad input."
fi
echo "Restart vsftpd? [y/n]"
read -r vsftpd_restart
if [[ $vsftpd_restart == "y" || $vsftpd_restart == "Y" ]]; then
sudo service vsftpd restart
elif [[ $vsftpd_restart == "n" || $vsftpd_restart == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function apparmor_fix {
if [ -f /ussbin/apparmor_status ]; then
echo "Apparmor already installed."
else
echo "Apparmor not installed, installing."
sudo apt-get install -y -qq apparmor apparmor-profiles apparmor-utils
echo "Apparmor will be enabled at the end of the script."
fi
return 1
}
function sshd_secure_config {
sudo sed -i 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
return 1
sudo sed -i 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?Port .*/Port 2223/' /etc/ssh/sshd_config
sudo sed -i 's/^#?X11Forwarding .*/X11Forwarding no/' /etc/ssh/sshd_config
sudo ufw allow 2223
sudo sed -i 's/^#?Protocol .*/Protocol 2/' /etc/ssh/sshd_config
sudo sed -i 's/^#?PrintLastLog .*/PrintLastLog no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?IgnoreRhosts .*/IgnoreRhosts yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#?RhostsAuthentication .*/RhostsAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?RSAAuthentication .*/RSAAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#?HostbasedAuthentication .*/HostbasedAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?LoginGraceTime .*/LoginGraceTime 60/' /etc/ssh/sshd_config
sudo sed -i 's/^#?MaxStartups .*/MaxStartups 4/' /etc/ssh/sshd_config
echo "Automatic configuration complete."
sudo sed -i 's/^#?LogLevel .*/LogLevel VERBOSE/' /etc/ssh/sshd_config
echo "ClientAliveInterval 300" | sudo tee -a /etc/ssh/sshd_config
echo "ClientAliveCountMax 0" | sudo tee -a /etc/ssh/sshd_config
sudo sed -i 's/^#?StrictModes .*/StrictModes yes/' /etc/ssh/sshd_config
clear
echo "Use iptables to try to prevent bruteforcing? [y/n]"
read -r iptable_ssh
if [[ $iptable_ssh == "y" || $iptable_ssh == "Y" ]]; then
iptables -A INPUT -p tcp --dport 2223 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 2223 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
echo "Done."
elif [[ $iptable_ssh == "n" || $iptable_ssh == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Use public/private keys for authentication instead of passwords? [y/n]"
read -r auth_private
if [[ $auth_private == "y" || $auth_private == "Y" ]]; then
sudo ssh-keygen -t rsa
clear
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/id_rsa
cat id_rsa.pub >> ~/.ssh/authorized_keys
sudo chmod 600 ~/.ssh/authorized_keys
restorecon -Rv ~/.ssh
sudo sed -i 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
elif [[ $auth_private == "n" || $auth_private == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function sysctl_secure_config {
echo "kernel.sysrq = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_source_route = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.log_martians = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_all = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies=1" | sudo tee -a /etc/sysctl.conf
clear
echo -en '\n'
echo "Disable IPv6? [y/n]"
echo -en '\n'
read -r ipv6_disable
if [[ $ipv6_disable == "y" || $ipv6_disable == "Y" ]]; then
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "IPv6 disabled."
elif [[ $ipv6_disable == "n" || $ipv6_disable == "N" ]]; then
echo "Understood, skipping disabling IPv6."
else
echo "Error: bad input."
fi
return 1
}
if [ "$(id -u)" != "0" ]; then
echo "Please run this script as root. I promise I won't dd /dev/urandom into /dev/sda..."
exit
else
main
fi
'''
DON'T USE THIS
Go1dfish undelete link
unreddit undelete link
Author: CreeperTyE
1: root:admin 2: rsa:2048 3: *modulo.co*/*e*u*e-ftp*s*rvi*e-v*ftp*-linux*ht*l
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

Best Binary Option Auto Signal Indicator// Attach With ... Binary Option AutoTrader Erfahrung - Binäre Optionen Auto Trading Signalgeber für Anfänger Binary Options Robot - Automated Binary Options Trading ... Binary Options Auto Trader - YouTube Binary Options in the U.S in 2020! - YouTube Auto Binary Signals Erfahrungsbericht 2 - Binärer Optionen Signaldienst Getestet Free Software Auto Trade Binary Option - Accurate 95% - live trading NEW TRICK 99% PROFIT - FREE BOT - DOUBLE ZIGZAG - binary options ... Best Auto Signal Binary indicator 2019-Free Download - YouTube Binary Option Auto Trading review - Honest review

USA REGULATION NOTICE: Please note if you are from the USA: some binary options companies are not regulated within the United States. These companies are not supervised, connected or affiliated with any of the regulatory agencies such as the Commodity Futures Trading Commission (CFTC), National Futures Association (NFA), Securities and Exchange Commission (SEC) or the Financial Industry ... Binary options allow you to trade on a wide range of underlying markets. One of the advantages of trading binary options is that you are not buying or selling an actual asset, only a contract that determines how that asset performs over a period of time. This limits your risk and makes it easy for anyone to start trading. Available markets. Forex. Major pairs, minor pairs, and Smart FX indices ... Binary Option Auto Trading ist angeblich ein neues und revolutionäres Programm zum Handeln mit binären Optionen. Dieses Programm soll in der Lage sein, vollkommen selbstständig für Ihr Konto zu handeln und für Sie Geld zu verdienen. Noch dazu ist Binary Option Auto Trading kostenlos. Das Programm generiert für Sie Geld, ohne dass Sie dafür auch nur einen einzigen Cent hinblättern ... BinaryOptions.net accepts no responsibility for loss which may arise from accessing or reliance on information contained in this site. BinaryOptions.net is not responsible for the content of external internet sites that link to this site or which are linked from it. USA REGULATION NOTICE: Please note if you are from the USA: some binary options ... Answer: Auto Binary Signals (ABS) is the #1 binary options trading solution, it filters through thousands of potential market opportunities in real time and only alerts you when the predicted probability of success is at least over 80%.It generates trading signals based on a sophisticated strategy using numerous indicators and rules, depending on higher or lower success rate of these ... Binary options auto trading is quite famous among both professional and young online investors. Yet, many of them try to get the opinions of the market leaders towards it. As a lack of financial literacy and opposing views in the trader’s network lead to the doubts of the effectiveness of these trading bots. However, according to the recent statistics, we have got both positive and negative ... Welcome to the largest expert guide to binary options and binary trading online. BinaryOptions.net has educated traders globally since 2011 and all our articles are written by professionals who make a living in the finance industry and online trading. We have close to a thousand articles and reviews to guide you to be a more profitable trader in 2020 no matter what your current experience ... Interestingly, Auto Trading Software has some similarities and differences when we compare with one another for Best Binary Options Robot. We have invested time and effort to deep dive into the performance, withdrawal, and support of this platform to understand how legit, reliable, and profit-making this is. Binary options auto trading mostly relies on binary trading signals. The Use of Binary Options Trading Signals. Trading signals serve as results done by trading algorithms or humans, based on several mathematical calculations. Signals are considered as a core of any binary options automated software, where the intention is to get the best possible signals and have potential money gain. It is ... The software will normally recommend binary options brokers to open an account and deposit with. Programme The Software. We don't mean that you need to be a programmer to operate the software, but you do need to tell it what you want. Set your technical indicators which will include your investing limits, frequency etc. then leave the rest to the auto trader software. Sit Back, Relax And Enjoy ...

[index] [15213] [11137] [16346] [24582] [18377] [28419] [10880] [10800] [4114] [5874]

Best Binary Option Auto Signal Indicator// Attach With ...

👉👉👉This Indicator Works Only Below 2 Broker👇👇👇 Reliable Binary Options Broker with a ★Profit of up to 100%★ http://bit.ly/2sohvSu Never Miss ... Auto Binary Signals Testbericht : Auto Binary Signals : http://go.binary-options-pro.com/autobinary gehören zu den besten Handelssignalen für binäre Optionen... Binary Options Robot - Automated Binary Options Trading Using Binary Option Robot Test Binary Options Robot here - http://track.logic.expert/67b0b668-c6a4-42... 💰💲FULL BEGINNER? Join My PERSONAL TRAINING!💴💵 BLW Trading Academy: http://www.blwtradingacademy.com/ Live Trading Signals HERE!🔙💲💹Join My ... How To Connect MT2iq Auto Trading To Iq Option - Duration: 13:22. Smart Tamil Tech 21,376 views. 13:22 . Make a Living in 1 Hour a Day Trading the 3 Bar Play!! - Duration: 34:34. Live Traders ... Ist der Binäre Optionen AutoTrader der richtige Signalgeber für Anfänger? - Leider ist der Autotrader nichtmehr verfügbar, hier finden Sie die alternative zu... Hello Trader Toady i will share you "Best Binary Option Auto Signal Indicator" Characteristics of Indicator 1. Platform - Metatrader4. 2. Asset - Show On Ind... Binary option auto trading 10k Daily - Duration: 4:50. Binary Options Strategy Review 2,583 views. 4:50. Nadex Binary Options Trading- 900% Profit Strategy- No Scam or Software - Duration: 10:42. ... DOWNLOAD FREE http://bit.ly/2CSd0C0orCONECT WITH ME TO GET IT https://goo.gl/7tRX2nBINARY BOT FREE DOWNLOADbinary robot downloadbinary robot freebinary robot ... Introduction video to the Binary Options AutoTrader, the fist fully automated trade copying solution especially developed for binary options. Visit http://ww...

http://arab-binary-option.noiflavlibo.cf