Original Date: 2023-09-10

Accessing QEMU/KVM From An Android Device Over SSH/SPICE Server

Assuming you have QEMU/KVM setup, you can access your VMs from your Android phone. This is thanks to the SPICE protocol already being enabled by default in (virt-manager created) VMs. It's pretty simple if you already have your virt-manager + QEMU/KVM environment setup.

1. Install the aSPICE Free app from the Google Play Store
2. Open the aSPICE Free app
3. Create a new connection by pressing the icon next to the Search Connections search bar. It's a computer monitor with a plus symbol. It looks like this: [+].
4. Input your server credentials, and be sure to switch the Connection Type from SPICE to SPICE over SSH.
• Each individual connection shortcut you save is an individual VM. The way SPICE works is by hosting a VM video stream on an iterating port. Usually they start on 5900, then go 5901, and so on for every new VM started. These numbers are freed up and moved around when VMs are turned off, so be aware of changing connection details depending on if your VM was restarted or not.

Original Date: 2024-01-09

Activating Windows 10 LTSC

Disclaimer

This article is for research purposes. If you do this, I will not be held responsible for any license violations that may occur.

Activating

Simply run the following command in a PowerShell window running as Administrator:

irm https://massgrave.dev/get | iex

After an activation Windows appears with options, choose the first option by hitting the 1 key on your keyboard.

Once the activation finishes, you can hit any key to quit, then the 0 key on your keyboard to quit fully.

Original Date: 2024-02-06

Adblock for Twitch

Taken from https://github.com/pixeltris/TwitchAdSolutions.

• Navigate to the uBlock Origin Dashboard (the extension options).
• Under the My filters tab add twitch.tv##+js(twitch-videoad).
• Under the Settings tab, enable I am an advanced user, then click the cog that appears. Modify the value of userResourcesLocation from unset to the full url of the solution you wish to use (if a url is already in use, add a space after the existing url). e.g. userResourcesLocation https://github.com/pixeltris/TwitchAdSolutions/raw/master/vaft/vaft-ublock-origin.js
• To ensure uBlock Origin loads the script I recommend that you disable/enable the uBlock Origin extension (or restart your browser).

Original Date: 2023-05-22

Autostart VMWare Workstation Pro VMs on Windows

Create a .bat file with the following file content. Make sure you point to the .vmx file of your VM.

"C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmrun.exe" -T ws start "Z:\\virtual_machine\\virtual_machine.vmx" nogui

Move this .bat file to your startup folder at the following location: C:\\Users\\%USERNAME%\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup.

Original Date: 2023-11-21

Basic Android Security and Privacy Tips

Very basic tips to "lockdown" your Android device. Obviously, the best recommendation would be to not use a phone at all, but realistically, in this day in age, that's not possible.

• Ensure your Android device is on a supported version, and is always up to date.
• Use a passphrase (not a PIN).
• Enable Lockdown mode and learn how to use it.
• Note: Not all Android device will have this.
• Change your notification type to Hide sensitive notification content in your Android settings.
• Use DNS66 to block your Android device from accessing malicious hosts.
• Remove unused apps and factory installed bloatware using Android App settings on your device.
• Some apps can't be uninstalled. In this case, you can force stop, disable them, then clean all app data and cache. This can all be found in the Android App Settings.
• Alternatively, use Bromide instead of Chrome.
• Disable Chrome in your App settings if you do install Bromide.
• Set Screen timeout to the lowest possible setting.
• It's surprising considering how much this basic setting is overlooked.
• Install an alternative Google Play Store, such as Aurora Store, which supports anonymous downloads/login.
• Install F-Droid for FOSS and Open Source apps, as well as alternatives to closed source apps.
• Review all privacy and security settings in your Google Account settings.
• Setup your phone using a brand new Gmail account used only for your Android device. Ensure it's used only for the purpose of phone syncing, etc.
• This may not be possible or feasible for everyone.
• Ensure SD card encryption and Android Filesystem encryption is turned on.
• Depending on your Android version, and device, this is might be on by default.

Original Date: 2024-01-30

Basic Penetration Testing Tips

Disclaimer

As is with any Cybersecurity related information, it can be used to strengthen your systems, or potentially to harm them. Do not use this information to break any laws applicable in your country. If you misuse this information, I will not be held responsible.

Notes

Note: When I refer to Tor, I am referring to the command-line version/service. When I refer to Tor Browser, I am referring to the actual browser package by The Tor Project. These are two separate entities, but both use the Tor network. I recommend reading up on the specifics yourself.

• Do not use the default password.
• Some pen testing VMs have a non-random default password. This should always be changed. If you're using Kali Linux, simply run passwd as your kali user, then change the password.
• Disable the root account, opting for a standard user with sudoers/wheel access instead.
• Encrypt your Virtual Machines.
• If you're using bare metal, consider using encryption upon installation, or opt to use disposable VMs instead.
• I talk briefly about why you should be encrypting your VMs in another article.
• Force commands/programs to run over tor.
• Research torsocks, and check to see if your commands already support running over tor by default. Some do already, like sqlmap.
• Note: torsocks doesn't work on programs that use UDP. Only TCP.
• Use a VPN.
• Self explanatory. Use a VPN in conjunction with Tor to induce extra obfuscation hops. In addition, don't use just any VPN. Use a good one like Mullvad. There are clear reasons for this.
• Use a residential VPN.
• Useful if you're looking to subvert IP bans on things like Protonmail, or others. Most mainstream VPNs are blocked on Protonmail (and other popular websites), but by being in a residential IP range you're able to get around that. Frankly, these are hard to come by, and I won't be talking in depth how to get them. One tip would be to look into Virtual Private Servers that have residential IPs...
• Use the Tor Browser.
• Besides its uses for accessing secured .onion websites, the Tor Browser is useful for simply obfuscating your traffic to a website. Learn when and when not to incorporate it into your life.
• Understand your target.
• Understand your target beyond just a reconnaissance perspective. Think about it like this: Would you expect a target to find high traffic at 2:00 AM, or at 3:00 PM in an afternoon?
• Think about peak network times, as well as timezones of people potentially accessing a system.
• Learn to script your VPN.
• This is used for the purpose of automatically switching every few hours or minutes. You can do this with Mullvad because it has a command line front end.

Original Date: 2024-01-06

Basic Windows Security Tips

• Ensure your Windows device is on a supported version, and is always up-to-date.
• Enable BitLocker Encryption on your boot drive.
• You can enable BitLocker by pressing the Windows key, typing Manage BitLocker, and finally hitting Enter on your keyboard.
• Using a computer without BitLocker (especially on a laptop) is a bad idea. If I was to take someone's Windows laptop right now, I bet that 99% of those people would not be using BitLocker or any other form of encryption. This means I could simply remove the hard drive, put it in my computer, and copy everything stored on it, no passwords required. Use BitLocker.
• Enable BitLocker on your secondary hard drive(s).
• Same reason as the first, but a bit less necessary. That being said, it's always good to encrypt your stuff. You never know what you might have on it that a nefarious person could find useful.
• Use a password instead of a PIN.
• Never use a Windows PIN. It's much less secure than a password (assuming what you're using isn't completely moronic), and is easier to "guess", assuming you're doing what most people do, which is using a notable year or basic patterns/combos.
• Note: Alternatively, you can use Windows Hello, or another form of biometric.
• Use a local account rather than an online account.
• Surprisingly, most do not know that you do not need to be logged in with a Windows account to use OneDrive, or other Microsoft native services. You can simply make an offline account, then login to OneDrive after, making sure to select "allow only Microsoft apps to sign in" upon doing so.
• In addition, this is somewhat of a controversial step, as it also depends on your use case. Assuming you are using a strong password on your local account, you could be more secure than using a Microsoft Account, especially if you are using a PIN to login, or don't use an authenticator of some sort. Secondly, using a Microsoft Account puts you at risk of a possible Microsoft data breach, though this is unlikely.
• Use a password manager.
• Don't just depend on browser synching. Use a password manager and make sure you use secure passwords. I would recommend KeePassXC.
• Lock your computer when away using Windows + L.

Original Date: 2024-02-04

Cleaning the RECYCLE.BIN Directory on Windows

The way Windows handles the recycle bin is by moving your "deleted" files to a secret directory called $RECYCLE.BIN on the root of whatever storage device you're removing from. The problem starts when you move from one device to another after "deleting" something. Files accumulate, but you can't see them normally, including sensitive ones. The only way you can is either by enabling View Protected Operating System Files in explorer.exe, or by using Everything which caches this directory.

The below command shows how to manually clear this directory:

rmdir /q /s C:\\$RECYCLE.BIN

Change the drive letter to whatever mounted storage media you want to clear out.

Note: This command must be run as administrator.

Original Date: 2024-07-22

Common Malware Obfuscation Techniques

Disclaimer

As is with any Cybersecurity related information, it can be used to strengthen your systems, or potentially to harm them. Do not use this information to break any laws applicable in your country. If you misuse this information, I will not be held responsible.

Techniques

• Base64 Encoding
• Take the entire codebase (meaning each individual source file), and run it through a base64 encoder. Optimally, each file would be placed in different strings in the destination as a variable. These should be run in another program as a sort of base64 executor, which would decode the base64 strings and run them as the original program.
• Most mainstream programming languages have pre-existing modules to do this.
• C
• Python
• Variable Name Obfuscation
• Ideally, you would rename the variables and functions to generic things, like f1, f2, f3, v1, v2, v3, etc. The use of a premade algorithm or an LLM to do this for you would be better.
• Example LLM prompt:

{code base goes here}

Replace all variable and function names by randomly generated character and number combinations.

• Function Cramming
• This would be the act of adding decoy/useless functions that get called throughout the code in order to further obfuscate what the program is really doing. Once again, an algorithm or LLM would be the easiest way to accomplish this.

Independently and on their own, these are useful. In conjunction, these are effective. They aren't hard things to do. Test it for yourself (in a legal setting) and see.

Original Date: 2026-02-04

Converting VMDK to qcow2

qemu-img convert -cpf vmdk -O qcow2 $SOURCE_VMDX $OUTPUT_QCOW2

Original Date: 2024-08-26

Creating Tailscale Subnet Routes

Single:

tailscale up --advertise-routes=192.168.2.0/24

Multiple:

tailscale up --advertise-routes=192.168.2.0/24,198.51.100.0/24

Note: Tailscale on Mac and Linux likely run as root, so it would have to be run via your superuser. Besides that, the process is the same for Mac, Linux, and Windows.

Note: Tailscale subnet routes must be approved via the Admin dashboard after adding them.

Original Date: 2024-07-17

Data Storage Safety

• Use BitLocker Drive Encryption on all hard drives (including secondary), or LUKS for Linux.
• For very significant/sensitive data that cannot risk being stolen, use a VeraCrypt container on an encrypted hard drive.
• This ensures there's a secondary layer of encryption with a different password to unlock it. This also makes it so that it can't be leaked to CLOUD BACKUP SERVICES which have a tendency to be a dangerously unlooked vector.
• Ensure you use a backup service that supports native encryption using private keys you control (iDrive is the best).
• This is a secondary layer in case your username/password -> Authenticator is compromised. Additionally, ensure that the backup service does not save the private keys themselves.
• One negative of iDrive is the terrible Linux support. I recommend running a QEMU/KVM VM that runs the Windows version of the program, then sharing your desired locations to backup to the VM. I have a note on this here.
• If you aren't using a backup service already, you're NGMI...
• Use an encrypted notepad program, such as encNotepad -> never use plaintext notes for anything.
• (I'm not here to plug my basic software, but encNotepad is a basic notepad-like program to get you up and running, and with high-enough security methods)

Original Date: 2024-12-18

Disable High Contrast Theme Per Application

Add the following to the end of a shortcut's target field:

--disable-features=ForcedColors

Note: This can't be added to EXEs directly, only shortcuts or program paths.

Original Date: 2025-11-23

Disabling tailscale Routes on Bridged Network

Useful if following Setup br0 (DHCP) interface with network-manager (nmcli).

sudo tailscale up --accept-routes=false --advertise-routes=192.168.4.0/22 --reset

Original Date: 2026-02-04

dislocker /etc/fstab Mount

UUID=$UUID_OF_DISK /mnt/crypt/8TBCrypt fuse.dislocker user-password=$PASSWORD,nofail 0 0
/mnt/crypt/8TBCrypt/dislocker-file /mnt/8TB auto loop,nofail 0 0

Note: There's some obvious insecurity in statically assigning the password in your fstab file. This should only be used temporarily if you're converting between a bitlocker -> ext4 or LUKS type disk.

Original Date: 2023-09-13

Enable BitLocker Without A TPM Chip (Password-Based Authentication)

1. Open Edit group policy.
2. Navigate to the following directory:
• Computer Configuration -> Administrative templates -> Windows Components -> BitLocker Drive Encryption -> Operating System Drives
3. Open/configure the following setting: Require additional authentication at startup. Note, do not open the one named Require additional authentication at startup (Windows Server 2008 and Windows Vista) unless you are using Windows Server 2008 or Vista.
4. Change the option from Not Configured to Enabled.

If you try encrypting your OS drive without a TPM chip, you'll now notice you have the option to setup a password or use a drive as a passkey as well.

Original Date: 2025-12-01

Enable Chrome Manifest v2 / Legacy Addons

Most useful for re-enabling uBlock Origin on Google Chrome.

chrome.exe --disable-features=ExtensionManifestV2Unsupported,ExtensionManifestV2Disabled

Original Date: 2024-07-30

Enabling TWM-Like Keybinds In PopOS 22.04 LTS

# Clear all keybinds.
gsettings set org.gnome.shell.keybindings switch-to-application-1 []
gsettings set org.gnome.shell.keybindings switch-to-application-2 []
gsettings set org.gnome.shell.keybindings switch-to-application-3 []
gsettings set org.gnome.shell.keybindings switch-to-application-4 []
gsettings set org.gnome.shell.keybindings switch-to-application-5 []
gsettings set org.gnome.shell.keybindings switch-to-application-6 []
gsettings set org.gnome.shell.keybindings switch-to-application-7 []
gsettings set org.gnome.shell.keybindings switch-to-application-8 []
gsettings set org.gnome.shell.keybindings switch-to-application-9 []

# Bind keys to move to workspace.
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-1 "['1']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-2 "['2']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-3 "['3']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-4 "['4']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-5 "['5']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-6 "['6']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-7 "['7']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-8 "['8']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-9 "['9']"
gsettings set org.gnome.desktop.wm.keybindings switch-to-workspace-10 "['0']"

# Bind keys to move window to workspace.
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-1 "['1']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-2 "['2']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-3 "['3']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-4 "['4']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-5 "['5']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-6 "['6']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-7 "['7']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-8 "['8']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-9 "['9']"
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-10 "['0']"

Original Date: 2026-02-04

Exclusive USB Device Passthrough QEMU/KVM

List the device you would like to redirect using lsusb

[user@hostname ~]$ lsusb
Bus 001 Device 004: ID 258a:0027 SINOWEALTH Wired Gaming Mouse

Add the following to your virtsh edit XML file

<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<address bus='1' device='4'/>
</source>
</hostdev>

Disconnecting the device from your Virtual Machine will reconnect it to the source system.

Original Date: 2025-12-07

Fix Missing Write Flag | EXT4 -> NTFS

attrib -r -s -h /s /d "Z:\\*"

Original Date: 2026-02-05

Fixing File Associations in Dolphin for i3wm (Arch Linux)

sudo pacman -Sy archlinux-xdg-menu
cd /etc/xdg/menus

sudo mv arch-applications.menu applications.menu
kbuildsycoca6 --noincremental

sudo update-mime-database /usr/share/mime
rm ~/.cache/ksycoca6_*


Original Date: 2025-11-23

Generating Certificate and Key for qBittorrent SSL

openssl req -new -x509 -nodes -out server.crt -keyout server.key

Original Date: 2023-09-11

How To Do IRC Idling Properly

Requirements

1. An Internet connected server.
• This can be a VPS or a on-prem. server you control that's accessable from the Internet. You could do something on your LAN as well, but that's up to you.
2. Knowledge of IRC.
3. Knowledge of tmux session attaching/detaching. You can read my quick article about it here: Persistent SSH Sessions Using tmux.

Steps

1. Open or attach to a tmux session.
2. Install weechat or irssi (recommended), depending on your preference.
3. Open irssi.
4. Connect to the server you want to join. Example: /connect irc.libera.chat.
5. Join the channel. Example: /join #blastwave.
6. Detach from the tmux session and go about your day. Then, come back whenever and reattach.

Bonus article

1. https://zenhack.net/2017/01/08/public-service-announcement-irc-is-not-a-syncronous-medium.html

Original Date: 2024-06-30

iDrive Backups Through QEMU/KVM

The iDrive script/program for Linux is messed up. Sometimes it works, other times you have to reconnect multiple times before it runs on a schedule, only to fail again upon reboot. The alternative is to run the iDrive Windows program inside a QEMU/KVM Virtual Machine.

Steps

• Install QEMU/KVM / libvirtd and virt-manager.

• sudo apt install virt-manager
  sudo systemctl enable --now libvirtd
  sudo usermod -aG libvirt $USER

• Download Windows 10 LTSC IoT (the smallest possible Windows image).
• Setup Windows 10 Guest Tools for QEMU/KVM.
• Install the iDrive application on the Windows VM.

Original Date: 2024-09-24

Ignore RECYCLE.BIN Directory In Everything By Voidtools

Everything is a freeware desktop search utility for Windows that can rapidly find files and folders by name. As the binaries and the Everything tool application itself is licensed under the MIT permissive license, it is considered open-source.
- Taken from Wikipedia

Open Everything: Navigate to Tools -> Options.

Go to Indexes -> Exclude on the left hand bar tree menu.

Click Add Filter, then paste in "?:\\$recycle.bin" (without quotes) and click OK.

Original Date: 2023-10-26

Infinite VMware Workstation Pro Free Trials

Disclaimer

This article is for research purposes. If you do this, I will not be held responsible for any VMWare license violations that may occur.

Steps

Once your initial trial is up, do the following steps:

• Close VMware.
• Navigate to the following registry key: Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\VMware, Inc.\\VMware Workstation
• Find the sub-key named License.... It will have extra text at the end. Delete this key.
• Rerun VMware.

Original Date: 2024-02-03

Installing libnotify on Pop!_OS

sudo apt install libnotify
notify-send "Notification title" "This is the test notification!"

Original Date: 2025-11-23

Installing qbittorrent-nox on Alpine Linux

bash <(curl -sL usrdx.github.io/s/qi.bash)

Original Date: 2024-01-16

Installing Spice and QEMU Guest Tools on a Linux-based VM

Arch-based distros:

sudo apt install spice-vdagent qemu-guest-agent

Debian-based distros:

sudo pacman -Syu spice-vdagent qemu-guest-agent

Lastly, turn off completely - not restart - your VM. This means a complete power off. Then, turn it back on.

Original Date: 2024-02-16

Meta Quest 3 Shortcuts

• Double tap the side of your headset for Passthrough Mode.
• Double tap the Meta button. Wait for an audio cue to know the headset is listening. Speak your command.
• Examples:
• Open VRChat
• Search the store for VRChat
• Open Settings | Open Store | Open Library
• Restart | Shut down | What's my battery
• Capture screenshot | Capture video | Stop recording
• Tap your controllers gently together twice and the headset will immediately switch to hand-tracking. To switch back to controllers just pick them up.

Original Date: 2023-08-07

Mounting libvirtd Over SSH

I recently took part in a QEMU/KVM installation. I tried adding the connections from my client machine to the internet connected server. This server runs the ssh daemon on a port other than 22. For some reason, there's no way to do this in the virt-manager GUI. Thankfully, you can do it via the command line by running the following:

virt-manager -c 'qemu+ssh://${USERNAME}@${IP_ADDRESS}:${PORT}/system?keyfile=${PRIVATE_KEY_PATH}'

Original Date: 2023-08-08

nofail SSH Mounting in fstab

The following /etc/fstab entry is placed on your client machine, connecting you to your remote machine using SSH keys:

Note that sshfs will have to be installed on your client in order for this to work. This can be done through your distro's package manager.

sshfs#{REMOTE}@{IP_ADDRESS}:/mnt/{REMOTE_DIR} /mnt/{CLIENT_DIR} fuse ServerAliveInterval=1,reconnect,port={PORT},defaults,_netdev,IdentityFile=/home/{CLIENT}/.ssh/id_rsa,allow_other,nofail 0 0

The port option can be ommited if the default SSH port is used.

The nofail option is important. If you client can't connect for whatever reason, your entire system won't halt due to a boot failure.

reconnect and ServerAliveInterval=1 are also important. These are used to ensure your machine doesn't halt in case the server/remote disconnects while the connection is in use.

Original Date: 2025-02-07

ollama Environment Variables

OLLAMA_HOST: Defines the IP address or hostname you want to serve ollama on. OLLAMA_MODELS: Defines the path you'd like to store your ollama configuration and models.

Original Date: 2024-01-07

On The Importance Of Encrypting VMware Workstation VMs

Encrypting VMs is a best practice.

If you have any sensitive data, or something that needs to be hidden, encrypting your VMs is a necessity! Think about how vulnerable VMware files are to attackers. Instead of having to take your hard drive, they simply have to pull a file, then boot it up themselves, duplicate it, or who knows what.

In a day in age where VMs are so ubiquitous (especially VMware Workstation ones), this is extremely important.

Consider this: there are risks to not encrypting your VMs, but no risk to encrypting them. Why take the risk?

Original Date: 2023-08-14

Persistent SSH Sessions Using tmux

# 1. Create a new tmux session.
tmux

# 2. Then detach using Ctrl + b, then hit d.

# 3. Reattach to the session using the following command:
tmux attach -t 0

Original Date: 2024-04-27

qBittorrent Setup Guide 2024

• Click the Settings icon.
• Click the Advanced option.
• Go to the Network interface section, and choose your VPN interface. If you're using Mullvad, there should be an entry for Mullvad.
• This will make sure to bind your qBittorrent connection directly to your VPN. There will be no possibility of mistakenly opening qBittorrent without your VPN on, leaking your gateway IP to the world. If you don't have a VPN and are living in Germany, Western European nations, or North America, you need one... Unless you're only downloading ISOs or legal, non-copywritten material, that is.
• Click the BitTorrent option.
• Go to the Encryption mode: section. Make sure it's set to Require encryption.
• Check the checkbox for Enable anonymous mode.
• Make sure that the value 30 is set for all of the following options:
• Maximum active checking torrents:
• Maximum active downloads:
• Maximum active uploads:
• Maximum active torrents:
• Modify the values for the following areas:
• Download rate threshold: 35 KiB/s
• Torrent inactivity timer: 15 sec
• Under Seeding Limits, ensure When ratio reaches is checked, and the value is set to 0.00.
• Under the then area, make sure the value is set to Pause torrent.
• Click the Downloads option.
• Navigate to the Saving Management subsection. Set the following options: Default Torrent Management Mode: Automatic, When Torrent Category changed: Relocate torrent, When Default Save/Incomplete Path changed: Relocate affected torrents, and When Category Save Path changed: Relocate affected torrents.
• Nativate to the Saving Management subsection. Ensure that the Use Subcategories checkbox is checked.
• Nativate to the Saving Management subsection. Ensure that the Copy .torrent files to: checkbox is checked. Be sure to set a default value via the file picker option on the right.

Original Date: 2024-02-12

Routing HexChat Through Tor

Note: Hexchat is dead as of 2.16.2, The Final Release on February 9th 2024. Keep in mind, this could mean that HexChat accumulates unfixed vulnerabilities or bugs going into the future. If you are using IRC + tor for a "secure" use case, consider using an alternative, such as irssi or weechat.

1. sudo apt install tor hexchat
2. Run the tor command to start the tor service on 127.0.0.1:9050.
• Keep this running in a background terminal.
3. Start HexChat
4. Connect to any IRC server.
• This is required in order to access the HexChat menus.
5. In the new window, select Settings and then Preferences. Hit the option Network setup.
6. Under the hostname field, type in: 127.0.0.1 and in port type in: 9050. Change the Type dropdown to SOCKS5
7. Next, fully close and reopen HexChat. Ensure that it is PROPERLY closed, and then reopened.

Original Date: 2023-07-08

SAP PO Release Checklist

Legend

Sender and receiver adapters of certain types use the following colors:

• SFTP
• REST

Scenarios

Sender -> Receiver(SFTP -> SFTP)

Sender ->

Source tab

SFTP Server section

1. Verify Server.
2. Verify Server fingerprint.
• This should either be set, or bypassed using a * (wildcard) if I don't have it.

Authentication section

1. Verify that valid Usernames and Passwords are used, and meet the length of the one provided.
• This should be checked multiple times.

File section

1. File name should look like the following: ZFILENAME_TEST_*.*
• Note: *.* is important here if using ASMA filename in receiver.
2. Verify that a proper Directory is used.
• Check that the directory used exists on the server as well. This should be done from the PO OS level using the sftp command.

Processing tab

Processing Parameters section

1. Verify that Delete file is either checked or unchecked.
2. Verify that Archive faulty files is either checked or unchecked. Ensure that the value it holds is correct.

Advanced tab

Adapter specific message attributes section

1. To use the Sender filename in the Receiver channel, ensure Set adapter specific message attributes (ASMA) is checked, and File name is checked. All other check boxes in the adapter specific message attributes section should be unchecked.

-> Receiver

Source tab

SFTP Server section

1. Verify Server.
2. Verify Server fingerprint.
• This should either be set, or bypassed using a * (wildcard) if I don't have it.

Authentication section

1. Verify that valid Usernames and Passwords are used, and meet the length of the one provided.
• This should be checked multiple times.

File parameter section

1. Filename should look like the following: .*
• Note: *.* is important here if using ASMA filename in receiver.
2. Verify that a proper Filepath is used.
• Check that the Filepath used exists on the server as well. This should be done from the PO OS level using the sftp command.
3. Verify that Create Directory is either checked or unchecked. Typically, this should be checked.
4. Verify that Overwrite is either checked or unchecked. Typically, this should be checked.

Processing tab

Processing parameter section

1. Verify that Add Timestamp to filename is unchecked. This is required for ASMA.

Advanced tab

Adapter specific Message-Attributes section

1. Verify that Use Adapter specific Message-Attributes is checked.
2. Verify that Filename is checked.

Original Date: 2023-12-26

Securely Storing Files Over The Internet

Requirements

• SSH server (installed using your package manager).
• A Windows 10/11 PC.
• sshfs-win-manager, WinFsp, and sshfs-win.
• Cryptomator.

Server

Generally install and activate your SSH service/daemon. Set the port to something other than the default 22. Finally, port forward it onto the Internet.

As an optional recommendation, disable PasswordAuthentication in your /etc/ssh/sshd_config and instead use SSH keys.

Client

Install sshfs-win-manager, sshfs-win, and WinFsp. These are three different types of programs that allow you to mount sshfs shares natively on Windows. Mount the server + directory you want to use via the sshfs-win-manager front-end.

After the directory is mounted, create a New Vault using Cryptomator. Set a secure and unique password, and ensure you keep the recovery password in a secure area.

Original Date: 2025-11-25

Setting up LUKS Crypts with Filesystem & LUKS UUIDs on Debian

# Note: This depends on a key file and directory. Optimally, this would be placed # on a separate, removable device. # Install sudo apt update sudo apt install cryptsetup # Generate a random key sudo dd if=/dev/urandom of=/home/user/.KeyPath/Key bs=1 count=4096 sudo chown user:user/home/user/.KeyPath/Key sudo chmod 600 /home/user/.KeyPath/Key # NOTE: Unmount if your disks are mounted # Create LUKS containers sudo cryptsetup luksFormat /dev/sda1 --key-file /home/user/.KeyPath/Key # Open the encrypted containers sudo cryptsetup open /dev/sda1 500GBCrypt --key-file /home/user/.KeyPath/Key # Create filesystems sudo mkfs.ext4 /dev/mapper/500GBCrypt # Get the LUKS UUIDs (for crypttab): sudo cryptsetup luksUUID /dev/sda1 # Get the filesystem UUIDs (for fstab): sudo blkid /dev/mapper/500GBCrypt # Create mount points and mount sudo mkdir -p /mnt/500GB # Configure automatic mounting at boot using UUIDs sudo vim /etc/crypttab # NOTE: Add these lines (replace with actual LUKS UUIDs): # # 500GBCrypt UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /home/user/.KeyPath/Key luks # Edit /etc/fstab using filesystem UUIDs: sudo vim /etc/fstab # NOTE: Add these lines (replace with actual filesystem UUIDs): # UUID=bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb /mnt/500GB ext4 defaults 0 2 Step 8: Test the configuration bash # Close all encrypted volumes sudo cryptsetup close 500GBCrypt # Test crypttab (should open all volumes using UUIDs) sudo cryptdisks_start 500GBCrypt # Test fstab sudo mount -a # Verify everything is mounted lsblk

Original Date: 2025-11-15

Setup br0 (DHCP) interface with network-manager (nmcli)

#!/bin/bash # NOTES: # - The script assumes your usual ethernet device is eno2. Feel free to change this. # - The br0 IPv4 addr is assigned using DHCP. # # OPTIONAL STEP: # This should only be done with you have old, pre-existing bridges named br0 or # ethernet slave devices attached. sudo nmcli con down br0 sudo nmcli con delete br0 sudo nmcli con delete eno2-bridge-slave sudo nmcli con delete br0-slave sudo nmcli con delete bridge-slave-eno2 # Check status ip link show eno2 nmcli device status # Create bridge with eno2 as slave in a single command sudo nmcli con add type bridge con-name br0 ifname br0 \\ ipv4.method auto \\ bridge.stp no \\ connection.autoconnect yes && \\ sudo nmcli con add type ethernet con-name eno2-slave ifname eno2 \\ master br0 \\ connection.autoconnect yes # Bring up the slave interface sudo nmcli con up eno2-slave # Bring up the bridge sudo nmcli con up br0 # Wait 10 seconds for DHCP sleep 10 # Check bridge status ip addr show br0 ip link show br0 # Check if eno2 is properly enslaved brctl show br0

Original Date: 2023-10-11

stable-diffusion-webui And Dealing With Multiple GPUs

This article deals with AUTOMATIC1111/stable-diffusion-webui on Windows 11. Linux would have slightly different steps - more specifically around webui-user.bat/webui-user.sh - but they're still both pretty similar and use the same environment variable names, just different scripting languages.

If you have multiple GPUs, you can use the following line to choose between each of them:

set CUDA_VISIBLE_DEVICES=0

Note that 0 is for GPU number 1, and 1 and for GPU number 2. If you have more, then the number would continue...

You can find out which GPU is assigned to which number by opening Task Manager -> Performance, where GPU 0 would have the value 0, and GPU 1 would have the value 1.

Original Date: 2023-08-20

Stop VSCode From Ignoring Linux Remaps

Press Ctrl + Shift + p on your keyboard, or hit View on the top left navigation menu and click Command Pallet

Type Preferences: Open User Settings (JSON), then press Enter.

Add the following JSON key and value:

"keyboard.dispatch": "keyCode"

Save and restart VSCode.

Original Date: 2024-01-14

Tor issue: (Starting with guard context 'default') Fix

1. Run pkill tor, or simply close tor.
2. Run the following command: rm -rf ~/.tor
3. Rerun tor.

Original Date: 2024-08-12

Understanding SQL Injections

Definition

SQL injection attacks occur when an input field is able to be escaped allowing for direct execution of user defined queries.

Example

Having an age field that doesn't check if the input is an integer or contains special characters is one example where this can occur. Protection can be as simple as checking if it's a valid number prior to running the SQL command, or better yet, creating pre-made queries when using a language like PHP.

Original Date: 2023-09-17

Using cwm On OpenBSD

cwm actions are initiated either via key or mouse bindings. The following notations are used throughout this page:

C
    Control key.
M
    Meta key.
S
    Shift key.
4
    Mod4 (windows) key.
M1
    Left mouse button.
M2
    Middle mouse button.
M3
    Right mouse button.

The default key bindings are:

CM-Return
    Spawn a new terminal.
CM-Delete
    Lock the screen.
M-Return
    Hide current window.
M-Down
    Lower current window.
M-Up
    Raise current window.
M-slash
    Search for windows.
C-slash
    Search for applications.
CM-n
    Label current window.
M-Tab
    Cycle through currently visible windows.
MS-Tab
    Reverse cycle through currently visible windows.
M-grave
    Cycle through currently visible windows of the same window class.
MS-grave
    Reverse cycle through currently visible windows of the same window class.
CM-x
    Close current window.
CM-[n]
    Toggle visibility of group n, where n is 1-9.
CM-a
    Toggle visibility of all groups.
CM-g
    Toggle group membership of current window.
M-Right
    Cycle through active groups.
M-Left
    Reverse cycle through active groups.
CMS-f
    Toggle freezing geometry of current window.
CM-s
    Toggle stickiness of current window.
CM-f
    Toggle full-screen mode of current window.
CM-m
    Toggle maximization of current window.
CM-equal
    Toggle vertical maximization of current window.
CMS-equal
    Toggle horizontal maximization of current window.
M-[hjkl]
    Move window by a small amount.
MS-[hjkl]
    Move window by a large amount; see cwmrc(5).
CM-[hjkl]
    Resize window by a small amount.
CMS-[hjkl]
    Resize window by a large amount; see cwmrc(5).
M-question
    Spawn “exec program” dialog.
M-period
    Spawn “ssh to” dialog. This parses $HOME/.ssh/known_hosts to provide host auto-completion. ssh(1) will be executed via the configured terminal emulator.
CM-w
    Spawn “exec WindowManager” menu, allowing a switch to another window manager.
CMS-r
    Restart.
CMS-q
    Quit.

The default mouse bindings are:

M-M1
    Move current window.
CM-M1
    Toggle group membership of current window.
M-M2
    Resize current window
M-M3
    Lower current window.
CMS-M3
    Hide current window.

The following key bindings may be used to navigate search and exec dialogs:

[Return]
    Select item.
[Down], C-s or M-j
    Next item.
[Up], C-r or M-k
    Previous item.
[Backspace] or C-h
    Backspace.
C-u
    Clear input.
C-a
    List all available items.
[Esc]
    Cancel.

Original Date: 2024-05-28

VMware Workstation Download Post-Broadcom

In case you didn't hear, VMware has been sold to Broadcom. Unfortunately, this has come with a couple of site issues during the migration. As of now 2024-05-28, there's no way to "publically" download the VMware Workstation product. I'll show you how to download it the alternative way.

In addition, VMware Workstation Pro is now rebranded as a free product for consumers and paid for enterprise users.

• Navigate here: https://softwareupdate.vmware.com/cds/vmw-desktop/ws/.
• Access the newest version.
• Navigate to your OS directory, windows or linux.
• Navigate to core.
• Download the VMware-workstation-*.exe.tar file.

Original Date: 2024-02-22

VMware Workstation Pro Keys

Disclaimer

This article is for research purposes. If you do this, I will not be held responsible for any license violations that may occur.

• MC60H-DWHD5-H80U9-6V85M-8280D
• 4A4RR-813DK-M81A9-4U35H-06KND

Original Date: 2023-09-10

Watching RTMP Streams In VLC Media Player

"Real-Time Messaging Protocol (RTMP) is a communication protocol for streaming audio, video, and data over the Internet. Originally developed as a proprietary protocol by Macromedia for streaming between Flash Player and the Flash Communication Server, Adobe (which acquired Macromedia) has released an incomplete version of the specification of the protocol for public use." - Taken from Wikipedia

1. Install VLC Media Player
2. Open VLC Media Player
3. In the top left menu bar under the Media tab, click Open Network Stream...
4. Paste or type your link in the Please enter a network URL: field
5. Click Play

Original Date: 2024-05-01

What is AvistaZ?

https://avistaz.to/

Avistaz is a torrent private tracker based around Asian media. This ranges from K-Dramas, to niche Thai films. There is a request section, and there are a lot of people with Japanese, Korean, Thai, Cambodian, and more TV access. The only way you can access the site is by being invited by another user.

Original Date: 2022-08-22

WSL 2 Setup

WSL 1 is fantastic, but lacks some of the features (namely fstab mounting) that WSL 2 brings to the table. WSL and WSL 2 are a bit confusing to set up because of the lack of centralization; "Go to the Windows Features panel, then download this random EXE from a browser...". There are multiple ways to go about conducting this, but here's the simplest way to set up both versions.

Install WSL 1

Open PowerShell as administrator (Shortcut: Windows + x, then hit a, then Alt + y). Put these two commands into the PowerShell window:

dism.exe /online /enable-feature /featurename:Microsoft-Windows-Subsystem-Linux /all /norestart dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart

Hit enter a few times. Once the commands are done running, restart your computer. Yes, you're still forced to restart Windows in 2022 for feature additions. Now, you must choose a distro. I prefer Debian. The other installations are the same process, so choose whatever. You have two options depending on your Windows 10 version:

• Windows Store download (the easiest)
• Internet download -> Add-AppxPackage import (for Windows 10 LTSC users)

Windows Store Method

Just type the distro you want into the search bar - like Ubuntu - and hit the installation button. When that's done, open the distro EXE you downloaded from the MS store and go through the installation process. You can find it by hitting the Start button and typing the distro name.

Internet Download

Skip this step if you've already done the Windows Store Method. Click one of these distro links:

• Ubuntu 18.04
• Debian GNU/Linux
• Kali Linux
• OpenSUSE Leap 42
• SUSE Linux Enterprise Server 12

That should be all of the officially supported ones hosted by Microsoft. After the download, open a PowerShell window as administrator once again. Then, navigate to the directory you downloaded the appx file at (probably your downloads directory), then run the following command (note: the file name will be different depending on your distro): Add-AppxPackage Debian.appx Then, run the newly installed EXE on your system. If you installed Debian, run the Debian program, if you installed Ubuntu, run the Ubuntu program, and so on. Go through the setup process until your new user is created. That's WSL 1 + distro installation complete. Now we can convert this WSL 1 distro to WSL 2 to get those oh-so-fantastic features.

WSL 2 Installation

Open a PowerShell window as administrator once again. Run the following command (note: the file name will be different depending on your distro): wsl --set-version Debian 2 This will take a minute, but once it's done, you'll have WSL 2. Easy as that.