1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
[[!meta title="Research and tests"]]
Raw list with things to try, research, evaluate develop and maybe deploy!
## New stuff
* [FOSS Services](/services)!
* [isis' scripts](https://github.com/isislovecruft/scripts).
* [gitly self-hosted](https://gitly.io).
* [Git Large File Storage - Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server like GitHub.com or GitHub Enterprise.](https://git-lfs.github.com/) / [#792075 - ITP: git-lfs -- Git Large File Support. An open source Git extension for versioning large files - Debian Bug report logs](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=792075).
* https://shodan.io
* https://keybase.io
* https://en.wikipedia.org/wiki/Unikernel
* https://eng.fromatob.com/post/2017/02/lets-encrypt-oauth-2-and-kubernetes-ingress/
* https://stripe.com/blog/idempotency
* https://github.com/gorhill/uMatrix
* https://github.com/metabase/metabase
* https://lede-project.org/start
## Multimedia
* [qsstv](https://packages.debian.org/jessie/qsstv)
* mopidy/mpdris:
* plugins like https://packages.debian.org/stretch/mopidy-podcast
* https://packages.debian.org/jessie/mopidy
* https://github.com/acrisci/playerctl
* https://packages.debian.org/jessie/mpdris2
* https://packages.debian.org/stretch/mpris-remote
## Tor
* ooniprobe, lepidopter.
* onionpi (tor, hostapd, iptables).
* onion smtp:
* https://www.void.gr/kargig/blog/2014/05/10/smtp-over-hidden-services-with-postfix/
* https://tech.immerda.ch/2016/12/ehlo-onion/
* https://github.com/riseupnet/onionmx
## Security
* bitmask and LEAP.
* port knocking.
* hardened systems: apparmor, gradm2, firejail, seccomp, etc.
* sshd:
* https://stribika.github.io/2015/01/04/secure-secure-shell.html
* https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60
* http://security.stackexchange.com/questions/64562/how-should-i-defend-against-zero-day-attack-on-ssh
* https://charlieharvey.org.uk/page/ssh_port_pros_and_cons
* fuzzy testing: fusil, etc.
* router: serial console to other boxes with dhe luks! :)
* [Mailcap, HTML and AppArmor](http://www.justgohome.co.uk/blog/2014/02/mailcap-html-apparmor.html).
* Increased security on smtp/imaps password storage:
* https://github.com/sup-heliotrope/sup/wiki/Securely-Store-Password
* http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email-grabber-with-osx-keychain-for-authent
* http://mah.everybody.org/docs/mail/fetchmail_check
* Enhanced shell:
* Add a counter-measure to prevent SSH timing attacks:
http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf
http://www.slideshare.net/idsecconf/countermeasure-against-timing-attack-on-ssh-using-random-delay
http://www.scribd.com/doc/59628153/Timing-Analysis-of-Keystrokes-and-Timing-Attacks-on-SSH-Revisited
## DevOps
* [Simet](http://simet.nic.br).
* auto start user screen sessions.
* backups: snapshots with remote transfer support.
* puppet:
* deploy: multiple module paths: https://docs.puppet.com/puppet/3.6/dirs_modulepath.html
* default modules as submodules from the bootstrap repository, custom modules closer to the config folder?
* php7-fpm:
* https://serversforhackers.com/video/apache-and-php-fpm
* http://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu/
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php7.1-fpm.sock|fcgi://localhost:9000";
</FilesMatch>
## Virtualization
* kvm:
* kvm-manager improvements (systemd support, packaging, docs).
* env params.
* FDE using bootless image.
## Smartphone
* snoopsnitch.
* mods: https://web.archive.org/web/20160402005909/https://people.torproject.org/~ioerror/skunkworks/moto_e/
## Torrent
Torrent workflow: torrent-maker, magnet2torrent and torrent-reseed:
* http://wiki.rtorrent.org/MagnetUri
* http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/
* https://github.com/danfolkes/Magnet2Torrent
* http://code.google.com/p/pyroscope/wiki/CommandLineTools
* https://trac.transmissionbt.com/ticket/4176
* http://wiki.rtorrent.org/MagnetUri
* https://github.com/rakshasa/rtorrent/issues/212
* saving/restoring `.meta` and `~/rtorrent/.session` files.
* multiple instances: https://kernelwho.wordpress.com/2011/11/15/running-multiple-instances-of-rtorrent/
rtorrent -n -o import=/home/user/.rtorrent1.rc
## Git
* signed commits:
* check using gpgv?
* [Validating other keys on your public keyring](https://www.gnupg.org/gph/en/manual/x334.html)
* https://git-annex.branchable.com/tips/using_signed_git_commits/
* http://stackoverflow.com/questions/17371955/verifying-signed-git-commits
* https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
* https://mikegerwitz.com/papers/git-horror-story.html
* Push-to-deploy plugin:
* http://superuser.com/questions/230694/how-can-i-push-a-git-repository-to-a-folder-over-ssh
* https://devcenter.heroku.com/articles/git
* https://github.com/blog/1957-git-2-3-has-been-released (push-to-deploy)
* https://github.com/git/git/blob/v2.3.0/Documentation/config.txt#L2155
* http://stackoverflow.com/questions/1764380/push-to-a-non-bare-git-repository
* http://bitflop.com/tutorials/git-bare-vs-non-bare-repositories.html
* Write a "git" interceptor:
* Check proper user/email config.
* Automatically set git-flow when initializing a repository.
* Automatically set git-hooks integration.
* Implement global hooks.
* Check remote configuration.
* Check hook tampering before doing anything in the repository.
* That can disable/mitigate hooks by changing permission and ownership on `~/.git/hooks`.
|