Wednesday, August 16, 2017

I Don't Stand With Racists, I Won't Walk With Bigots

It should be easy to tell which is bad and which is good. They want to exterminate a group of human beings based on race. Anyone who saw the gas chambers and the labor camps and heard testimonies of what the nazis did will recognize evil. It should be easy to denounce anyone who believes what the nazis believe. The nazis hate jews and believe in the aryan racial superiority. World War II was fought because of it.

In a country founded on the principle of equality and freedom, this contrast makes any other perspective untenable. For the leader of such a country to not critically denounce white supremacists and neo-nazis is a failure of historical proportions. How many americans died fighting in Europe to liberate it from Hitler? Instead the de facto leader of the free world, (I'm not referring to Donald Trump) Angela Merkel, Chancellor of Germany, denounced the neo-nazis in the United States. Donald Trump doesn't deserve a position he clearly doesn't understand. Donald Trump should be censured by Congress. The United States should be clear to the world it doesn't stand with racists and bigots.


My Debian Desktop : Happy Debian Day To All


Debian 9 Gnome

This is the venerable linux distribution. It's celebrating its foundation today by Ian Murdock. Happy birthday Debian!

Monday, August 14, 2017

What Does Use Your Own Words Mean

I enjoy reading books. I enjoy tech books, you know the how-to, semi-textbook books. I even read manuals, believe it or not. Okay, I read manuals because I was told to. My point is reading about things make you think about things. Not as interesting as hearing your parents talk about sex but for most of my knowledge I got it from reading books. When I read enough of it I ran to an adult and try to start a conversation about it with an adult. Always, they give me this look of "where did you read that?" and that is the dismissal I get as a kid. Does it work better if I tell a lie? Do I dumb it down and pretend I'm an idiot?

In seventh grade, I was introduced to book reports. I was to read books from a school prepared list and submit a type written paper. I got a list of guide questions on what I'm suppose to write about. They are basic questions about the plot and the characters of the book and what I think about them. This was before those Idiot Guide Books became popular. In the first few attempts of submissions, I tend to tell the story myself, then it evolved to telling the story as I enjoyed them. I was in eight grade, yes, the second year of attempting to write something passable for a good book report, when my teacher read my book report on a novel by Robert Heinlein titled Methuselah's Children in class. She remarked that this is how you write a good book report. Afterwards, I read my copy of that book report, and read it again, trying to find out what I did right with it. I asked my teacher about it too. I never answered a single question in the list of guide questions. Right, and you had lots of fun writing it too. Aha. It shows. Well my teacher's smiles tell me she had lots of fun reading it, that is all. 

When I read a book, read it to understand. Walk with the pace of the story. You will soon get to that part of the novel when everything seems to slow down and like Flash seems to move from one part of story to the next. You're in the groove. Then it hits you with a blind corner. I see fear, wonder, anger or gratitude there. Here is the point when I know what to write in my book report. 

Unless you get to feeling these emotions, you won't know what to say. If you don't know what to say, you're bound to copy what other people think about the book and use their words not your words. So feel it. then tell me about it the best way you can.





Sunday, August 13, 2017

Setting Up rkhunter Using systemd

rkhunter is a rootkit and malware detection application available in the repositories. So you can install it using pacman with command:
#pacman -S rkhunter ##to install rkhunter.

I'm skipping configuration steps for your user case. I'm referring to any changes you wish to do with /etc/rkhunter.conf. Perhaps another blog post is necessary. For this post, I wish to start rkhunter in systemd using Unit and Timer methods.


systemd is a suite of basic building blocks for a Linux system. It provides a system and service manager that runs as PID 1 and starts the rest of the system. systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. systemd supports SysV and LSB init scripts and works as a replacement for sysvinit. Other parts include a logging daemon, utilities to control basic system configuration like the hostname, date, locale, maintain a list of logged-in users and running containers and virtual machines, system accounts, runtime directories and settings, and daemons to manage simple network configuration, network time synchronization, log forwarding, and name resolution.

I wish to run rkhunter daily with systemd managing the service and the process. To do this I have to create two files. A Unit or Service file and a Timer file. I'm going to use vim but use the text editor of your choice.

#vim /etc/systemd/system/rkhunter.service ##to create the service file

[sample service file]
[Unit]
Description=rkhunter rootkit scan and malware detection


[Service]
Type=oneshot
ExecStart=/usr/bin/rkhunter --update
ExecStart=/usr/bin/rkhunter --propupd
ExecStart=/usr/bin/rkhunter --check -sk
RemainAfterExit=yes 

Type can be simple, oneshot, idle, forking, notify and dbus. 
ExecStart is the command for the process, path to the command.
RemainAfterExit accepts boolean value, yes if you want to tell systemd that the process is active after it exited.


#vim /etc/systemd/system/rkhunter.timer ##to create a Timer file. A timer file ends in .timer. A timer file is required by the service file. 

[sample timer file]
[Unit]
Description=Run rkhunter daily


[Timer]
OnCalendar=daily
RandomizedDelaySec=15m
WakeSystem=true
Persistent=true


[Install]
WantedBy=timers.target

Unit= refers to the service the timer is starting
OnCalendar= refers to real time (wallclock, etc.) for example second, minute, hours, day, week, year
RandomizedDelaySec= tells systemd to manage start of process to efficiently use system resources
WakeSystem= tells systemd to wake the system up from sleep to perform action if supported
Persistent= in case of process failing to run after elapse of timer, systemd runs the process

$ systemctl status rkhunter.timer
● rkhunter.timer - Run rkhunter daily
   Loaded: loaded (/etc/systemd/system/rkhunter.timer; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2017-08-12 23:37:04 +08; 1h 6min ago
  Trigger: n/a

● rkhunter.service - rkhunter rootkit scan and malware detection
   Loaded: loaded (/etc/systemd/system/rkhunter.service; static; vendor preset: disabled)
   Active: active (exited) since Sat 2017-08-12 23:08:17 +08; 1h 36min ago
 Main PID: 16924 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4915)
   CGroup: /system.slice/rkhunter.service

If you are prompted to reload systemd, the command is :
#systemctl daemon-reload

If rkhunter finds something suspicious, and issues a warning the process will exit with a value other than 0 which is failure. I have rkhunter configured to send an email to me in /etc/rkhunter.conf in such a case.

Saturday, August 12, 2017

GnuCash: Why I Like It And What Else Do I Want From It


gnucash-about-window

GnuCash is free accounting software for personal and small business use. 

I'm a bookkeeper by training who got into computers early in my career. I was already handling financial books in my on-the-job course in college. Back when I'm still using pen and paper, the calculator is still on my desktop ( a real Casio calculator and a real desk). That summer job environment has gone the way of the dinosaur and the next year I was employed by a company with IBM machines and my journey in the world of computerized accounting started. Twenty-seven years on, my personal finances are in the hands of more powerful computers and certainly more ubiquitous applications.

I have been using GnuCash for two years to handle my small apartment rental business and my bank account. In addition to a desktop computer, I have an 8-inch tablet and my android smartphone. GnuCash can run on all these devices in varying form and features. I employ a cloud service to sync the data file on all devices. So I can pretty much check and analyze financial data, run graphs anywhere I happen to need it. I can create statements and graphs from updated database as soon as I enter the current data in a few clicks. GnuCash runs on Windows 10, Mac OS and Linux. They also have an app in Google Play.

I need GnuCash to have ready business forms like receipts, payment orders and automatic receivables summary. An easy printing feature to help users make hardcopy. Perhaps a notification system isn't a bad idea too.

Thursday, August 10, 2017

Creating Pacman Hook For Cleaning Cache

You can create a pacman hook which executes paccache to clean the pacman cache everytime pacman is run. Just a simple file saved in /etc/pacman.d/hooks.

Before anything check /etc/pacman.conf if the line Hookdir=/etc/pacman.d/hooks has been uncommented. If not, then uncomment it. edit: By default the config file looks at the directory, you can ignore this step if you are putting the .hook file in the default location.

In your favorite text editor create a file to be saved in /etc/pacman.d/hooks.

An example of a pacman hook to clean the cache:

[Trigger]
Operation = Upgrade
Operation = Install
Operation = Remove
Type = Package
Target = *

[Action]
Description = Cleaning pacman cache...
When = PostTransaction
Exec = /usr/bin/paccache -r

Whenever you upgrade, install or remove a package using pacman, it should pull the hook.

[partial pacman -Syu print]
:: Processing package changes...
(1/1) upgrading firefox                                                                        [########################################################] 100%
:: Running post-transaction hooks...
(1/4) Cleaning pacman cache...
==> no candidate packages found for pruning
[partial pacman -Syu print]

See the hooks built in for pacman here along with the one user added.

[print starts]
:: Processing package changes...
(1/6) upgrading geocode-glib                                                                   [########################################################] 100%
(2/6) upgrading libsystemd                                                                     [########################################################] 100%
(3/6) upgrading mesa                                                                           [########################################################] 100%
(4/6) upgrading systemd                                                                        [########################################################] 100%
(5/6) upgrading systemd-sysvcompat                                                             [########################################################] 100%
(6/6) upgrading vulkan-intel                                                                   [########################################################] 100%
:: Running post-transaction hooks...
(1/7) Updating linux initcpios
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 4.12.4-1-ARCH
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [mdadm_udev]
  -> Running build hook: [lvm2]
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
  -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 4.12.4-1-ARCH
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: wd719x
==> WARNING: Possibly missing firmware for module: aic94xx
  -> Running build hook: [mdadm_udev]
  -> Running build hook: [lvm2]
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
(2/7) Cleaning pacman cache...
==> no candidate packages found for pruning
(3/7) Updating icon theme caches...
(4/7) Updating udev hardware database...
(5/7) Updating system user accounts...
(6/7) Creating temporary files...
(7/7) Arming ConditionNeedsUpdate...
[print ends]

Wednesday, August 9, 2017

Finally Got My Head Above Water, Income-Expense-Profit July 2017

It came close last October 2016 but I had to pay some property taxes and unscheduled costs the last 12 months.

Tuesday, August 8, 2017

Update For Firefox version 54 --> 55


Arch linux updated firefox from 54 to 55. Mozilla updated Firefox for all users of the browser today. Lots of new things follow this new version. Performance enhancements include faster startup time when restoring tabs. New feature include support for webVR. This version drops sites not using SSL when accessing user location.

Psoriasis Sufferer, The Itch and the Constant Skin Care

Unpredictable and irritating, psoriasis is one of the most baffling and persistent of skin disorders. It's characterized by skin cells that multiply up to 10 times faster than normal. As underlying cells reach the skin's surface and die, their sheer volume causes raised, red plaques covered with white scales.

From WebMD


I know that my father have it since I can remember. I know that my mother would occasionally show symptoms of the disease. I have it since around ten years ago. It's in my feet around the ankles and lower leg. I would wear socks so it isn't socially awkward. It's itchy. My first response is really to scratch. But now I have my gel. I avoid infection when I do some "peeling". The skin can get thick.


psoriasis-ankle-lower-leg


I am taking some medication for another disease, high blood pressure and hyperurecemia. I treat the psoriasis with gel for the excessive dry skin. For now I tolerate it, but what if it grows bigger or gets infected. My mom who is 74 years old, suffers from debilitating joint pains. Her medical ultiplication in the skin (psoriasis)? In my mother's case, her own immunity is attacking healthy cells in the joints. In her medical chart it just reads "arthritis".  What if the high uric acid level is a product of excessive cell multiplication in the skin (psoriasis)? Look at my hands. It's not so obvious here and it isn't itchy. However if I sweat the white dead skin can be seen clearly then.

Monday, August 7, 2017

rkhunter warnings: Hidden Processes and Processes Listening On The Network

logfile-/var/log/rkhunter.log starts
[partial starts]
19:19:36] Info: Starting test name 'running_procs'
[19:19:39]   Checking running processes for suspicious files [ None found ]
[19:19:39]
[19:19:39] Info: Starting test name 'hidden_procs'
[19:19:39] Info: Unable to find the 'unhide' command
[19:19:39] Info: Unable to find the 'unhide-linux' command
[19:19:39]   Checking for hidden processes                   [ Skipped ]
[partial ends]
logfile-var/log/rkhunter.log ends

What rkhunter is telling you here is that it is unable to unhide the process because your system is lacking an application, "unhide" and "unhide-tcp". Install it first with : #pacman -S unhide unhide-tcp #to install unhide and unhide-tcp, forensic tools

Running rkhunter this time it gave me this bit of warning.

logfile-/var/log/rkhunter.log starts
[partial starts]
[19:19:46] Info: Starting test name 'packet_cap_apps'
[19:19:46]   Checking for packet capturing applications      [ Warning ]
[19:19:46] Warning: Process '/usr/bin/dhcpcd' (PID 527) is listening on the network.
[19:19:46] Warning: Process '/usr/bin/dhcpcd' (PID 527) is listening on the network.
[19:19:46] Warning: Process '/usr/bin/dhcpcd' (PID 527) is listening on the network.
[19:19:46] Warning: Process '/usr/bin/wpa_supplicant' (PID 565) is listening on the network.
[19:19:46] Warning: Process '/usr/bin/wpa_supplicant' (PID 565) is listening on the network.
[partial ends]
logfile-/var/log/rkhunter.log ends

dhcpcd and wpa_supplicant are valid services obviously. So to whitelist these processes in /etc/rkhunter.conf all I did was to remove the #.

file-/etc/rkhunter.conf starts
[partial starts]
# Allow the specified process to listen on any network interface.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
#ALLOWPROCLISTEN=/sbin/dhclient
ALLOWPROCLISTEN=/usr/bin/dhcpcd
ALLOWPROCLISTEN=/usr/bin/wpa_supplicant
#ALLOWPROCLISTEN=/usr/sbin/tcpdump
#ALLOWPROCLISTEN=/usr/sbin/snort-plain
[partial ends]
file-/etc/rkhunter.conf ends

Running rkhunter again I get this non-warnings.

logfile-/var/log/rkhunter.log starts
[partial starts]
[20:00:48] Info: Starting test name 'hidden_ports'
[20:00:48] Info: Found the 'unhide-tcp' command: /usr/bin/unhide-tcp 
[20:00:48]   Checking for hidden ports                       [ None found ]
[20:00:48]
[20:00:48] Performing checks on the network interfaces
[20:00:48] Info: Starting test name 'promisc'
[20:00:48]   Checking for promiscuous interfaces             [ None found ]
[20:00:48]
[20:00:48] Info: Starting test name 'packet_cap_apps'
[20:00:49]   Checking for packet capturing applications      [ None found ]
[20:00:49] Info: Found process '/usr/bin/dhcpcd': it is whitelisted.
[20:00:49] Info: Found process '/usr/bin/wpa_supplicant': it is whitelisted.
[partial ends]
logfile-/var/log/rkhunter.log ends

Important: After modifying /etc/rkhunter.conf run #rkhunter -C to check the config file.

Check rkhunter warnings For Deleted Files

logfile- /var/log/rkhunter.log starts
[partial starts]
[19:18:58] Info: Starting test name 'malware'
[19:18:58] Performing malware checks
[19:18:58]
[19:18:58] Info: Starting test name 'deleted_files'
[19:19:35]   Checking running processes for deleted files    [ Warning ]
[19:19:35] Warning: The following processes are using deleted files:
[19:19:35]          Process: /usr/bin/pulseaudio    PID: 784    File: /memfd:pulseaudio
[19:19:35]          Process: /usr/bin/gnome-shell    PID: 1151    File: /tmp/mutter-shared-67ER4Y
[19:19:35]          Process: /usr/bin/pulseaudio    PID: 1173    File: /memfd:pulseaudio
[19:19:35]          Process: /usr/lib/evolution-data-server/evolution-source-registry    PID: 1194    File: /home/donato/.local/share/gvfs-metadata/home
[19:19:35]          Process: /usr/bin/python2.7    PID: 1472    File: /tmp/vteZY4V4Y
[19:19:35]          Process: /usr/bin/megasync    PID: 1484    File: /run/user/1000/wayland-cursor-shared-t6KVCM
[19:19:35]          Process: /usr/lib/tracker/tracker-extract    PID: 1491    File: /home/donato/.local/share/gvfs-metadata/root
[19:19:35]          Process: /usr/lib/evolution/evolution-alarm-notify    PID: 1492    File: /run/user/1000/wayland-cursor-shared-3IXo1U
[19:19:35]          Process: /usr/bin/gnome-software    PID: 1499    File: /run/user/1000/wayland-cursor-shared-VWIXlt
[19:19:35]          Process: /usr/lib/libreoffice/program/soffice.bin    PID: 1538    File: /run/user/1000/wayland-cursor-shared-RA1mRd
[19:19:36]          Process: /usr/lib/firefox/firefox    PID: 17646    File: /dev/shm/org.chromium.woa2Ti
[19:19:36]          Process: /usr/bin/python3.6    PID: 17747    File: /dev/shm/org.chromium.OO0nrj
[19:19:36]          Process: /usr/bin/evolution    PID: 20854    File: /run/user/1000/wayland-cursor-shared-2ZlQUk
[19:19:36]          Process: /usr/lib/webkit2gtk-4.0/WebKitWebProcess    PID: 20894    File: /run/user/1000/wayland-cursor-shared-9nUAnZ
[19:19:36]          Process: /usr/lib/firefox/firefox    PID: 25985    File: /dev/shm/org.chromium.O45DxH
[19:19:36]          Process: /usr/bin/rhythmbox    PID: 30033    File: /run/user/1000/wayland-cursor-shared-DitbCG
[partial ends]
logfile-/var/log/rkhunter.log ends


I enabled ALLTEST in /etc/rkhunter.conf and put a # on the DISABLETEST list. I feel comfortable now that I have a handle on what I'm running on my system. I ran rkhunter and as I expected it gave me these warnings. All these processes are recognized and valid applications and presumably they are deleting these respective files because they don't need it anymore. There's nothing to see here. These aren't the droids I'm looking for.

I have to whitelist these processes. The basic syntax for that job is : ALLOWPROCDELFILE=/path/to/process. You can specify the specific file with : ALLOWPROCDELFILE=/path/to/process:/path/to/filename.xxx.

For example: [19:19:35]          Process: /usr/bin/pulseaudio    PID: 784    File: /memfd:pulseaudio
append to /etc/rkhunter.conf
ALLOWPROCDELFILE=/usr/bin/pulseaudio

Another example: [19:19:35]          Process: /usr/bin/gnome-shell    PID: 1151    File: /tmp/mutter-shared-67ER4Y
append to /etc/rkhunter.conf
ALLOWPROCDELFILE=/usr/bin/gnome-shell:/tmp/mutter-shared-67ER4Y

You can also use * to represent any character.
Anytime you make changes to /etc/rkhunter.conf don't forget to run the command : #rkhunter -C #to check the config file


Sunday, August 6, 2017

Writing Is A Chore


typewriter-silver-reed

Listen And Listen A Lot
Nobody knows everything. To listen is to be informed.


Everybody Has An Opinion
You can say what's on your mind and be polite.


Read Books.
Read other bloggers. Read other writers. Read what interests you. Read what makes you mad. Read what moves you.


Write Down Your Thoughts.
The mind is a busy place and writing down what's bothering you, makes that thing clearer.


Make All Of The Above A Habit.
Just like learning how to type. It's practice. It's muscle memory. It's discipline. It's attitude.

Saturday, August 5, 2017

Solar Eclipse In North America August 21 2:44 pm

solar eclipse from nasa.gov
The most dramatic astronomical event to happen this 2017 as far as human beings living in North America are concerned. Total solar eclipse is a visual experience that comes once in a lifetime so most people will probably travel long distances to see it. Well this time and this one happening in August 21 from 10:15 to 2:45 will have unprecedented access because it will happen over land, the United States. People in Oregon (10:15), Idaho, Wyoming, Montana, Nebraska, Illinois, Missouri, Tennessee, North and South Carolina (2:45) will see the total solar eclipse. A corridor 110 kilometer wide across the United States will provide the most spectacular view for people who want to see sun's corona. People outside this corridor will still see the solar eclipse in decreasing magnitude.

Friday, August 4, 2017

My Picture Of Science At 50

Science is theories and hypothesis, field study and experiments. Theories are almost always provisional. When observation proves them they live just so they will get to the next observation. When emperical data disproves them, they are discarded or modified (put in lower class bin, so to speak). Most people don't understant this. 

The current theory or model of the universe is based on Einstein's General Relativity and quantum mechanics. Most of Newton's classic theory still holds; whatever differences there is is too small to matter in the general discussion of the nature of the universe. But that difference explains the existence of black holes, wormholes, time travel, nature of space-time, etc. 

Edwin Hubble's work in observing the stars (astronomy) provided proof that the universe is expanding, that the stars are moving away from each other. The theory is that the universe began as an infinitesimal particle and very dense at the very beginning of time. Then Big Bang, an explosion of mass and energy, the beginning of time. 

I was in 5th grade when my group's science project to build a model of the solar system won a place inside a glass cabinet at the science room. We were all very proud to finish that. The solar system is just a small pixel among many stars in the Milky Way galaxy. Our galaxy is just one among billions in the universe. If I compare this to my 4k resolution monitor, the solar system won't even make it to one pixel. 

Wednesday, August 2, 2017

Thunderbird Saving Drafts Encrypted

The difference between using Thunderbird and using Evolution Mail client in Linux is for me in saving email drafts.

I compose emails and often save them first and get back to them a few hours afterwards. It gives me time to think about what I'm going to say and not be hasty especially if it's an important correspondence. In my blog posts, I compose them as email posts first. This also gives me time to edit them many times before I post them in my website. These cautious behavior should be standard practice but a lot of people regard emails as nothing more than short messaging, quick and short, shoot from hip things. If you are using Gmail's web email interface, the whole design is premised on such regard from email users now.

Now back to the difference I mentioned. Thunderbird saves drafts encrypted by default. Evolution has no feature to make this easy. Of course by encrypting drafts, Thunderbird "owns" them. You can only open and edit them in Thunderbird (or email clients that can decrypt Openpgp). I'm trying to find ways to get this feature in Evolution Mail. So far I am failing.

So what is the issue in not being able to encrypt draft messages? If you're using Gmail, like I do, Evolution Mail defaults to saving drafts in Gmail drafts folder, in other words, in Gmail servers. I would appreciate my draft messages be in a secure and private storage and encrypting them is a very good solution. So what I am saying here is this is a win for Thunderbird. I hope to see this feature in Evolution Mail in the future since they already have support for Openpgp.

tags: thunderbird,evolution mail,encrypt,draft

Tuesday, August 1, 2017

bookworm Application Feedback

I learned about bookworm, the application, from OMG! Ubuntu article. I was curious so installed it to try it out. The only thing I don't like about it is it creates a cron job which scans for books every 4 hours or so automatically. I don't like it when freshly installed applications modify something in the system without user notification or permission. This is bad practice.

I Don't Stand With Racists, I Won't Walk With Bigots

It should be easy to tell which is bad and which is good. They want to exterminate a group of human beings based on race. Anyone who saw th...