My Life in Months πŸ—“οΈ

Do you ever wonder how you're spending you're life? I do, and so I went through the main activities that I do on a daily, weekly or monthly basis and calculated the approximate total time I've spent on each of them. The following chart is a breakdown of time as a proportion of my total life (so far), where each square represents 1 month.

My Life in Months

I am now having an mini existential crisis after seeing how much of my life I have spent on relatively meaningless activities!

Quick How-To Guides πŸ’«

This is a short collection of quick tutorials on random tasks. There's a mix of simple things that (despite doing regularly) I still forget, as well as more niche stuff that took me a little while to figure out. I have documented this stuff, both to help others, and for a future reference for myself.

Coding

See Also

Pimping up Your DuckDuckGo Search Results πŸ’„


Yet another awesome feature of DuckDuckGo, is that they make it really easy to modify your theme, just go to: https://duckduckgo.com/settings#appearance. From here you can customize your colors, fonts and layout of your search results and home page.

I am no designer by any stretch of the imagination (as you can probably see!), but here are a couple of themes I made, along with their code if you want to use them. You can preview themes live without making any changes by clicking the link below each screenshot, or to apply a theme, see the JS snippet at the end of this post.

Settings in DDG can either be applied temporarily with DuckDuckGo's URL parameters, locally as cookies, or globally using DDG's Cloud Save feature.

Callisto

Screenshot - Navy Turquoise

Try it Out!

Color Palette: #0b1021, #080813, , #00af87, #0a7355, #d3d5e5, #a8d3ff

JSON

{"kae":"d", "k5":"1", "kay":"b", "kbc":"1", "kax":"v261-7", "kx":"a8d3ff", "kaa":"0a7355", "kj":"080813", "k9":"00af87", "k18":"1", "ka":"Hack", "k8":"d3d5e5", "k21":"080813", "k7":"0b1021", "kt":"v"}

Cookie Data

5=1; ay=b; bc=1; ae=d; ax=v261-7; 18=1; aa=0a7355; x=a8d3ff; 8=d3d5e5; 9=00af87; j=080813; 7=0b1021; 21=080813; a=Hack; t=v


Titanium

Screenshot - Titanium

Try it Out!

Color Palette: #dedede, #9b83db, #000000

JSON

{"kae":"d", "k5":"1", "kay":"b", "kbc":"1", "kax":"v261-7", "kx":"000000", "kaa":"9b83db", "kj":"9b83db", "k9":"9b83db", "k18":"1", "k8":"000000", "k21":"9b83db", "k7":"dedede", "kt":"b", "ku":"1", "ka":"Arial Rounded MT Bold"}

Cookie Data

5=1; ay=b; bc=1; ae=d; ax=v261-7; u=1; 18=1; j=9b83db; x=000000; 7=dedede; 8=000000; aa=9b83db; 9=9b83db; 21=9b83db; t=b; a=Arial%20Rounded%20MT%20Bold


Cyberpunk

Screenshot - Cyberpunk

Try it Out!

Color Palette: #101116, #ff0055, #9254b5, #785eef, #fffc58

JSON

{"kae":"d", "k5":"1", "kay":"b", "kbc":"1", "kax":"v261-7", "kx":"FFFC58", "kaa":"9254b5", "kj":"FF0055", "k9":"FF0055", "k18":"1", "ka":"Cyberpunk", "k8":"785eef ", "k21":"FFFC58", "k7":"101116", "kt":"e"}

Cookie Data

5=1; ay=b; bc=1; ae=d; ax=v261-7; 8=785eef%20; aa=9254b5; x=FFFC58; 18=1; j=FF0055; 21=FFFC58; 7=101116; 9=FF0055; a=Cyberpunk; t=e


Dracula

Screenshot - Dracula

Try it Out!

Credit: This theme was inspired by Dracula

JSON

{"kae":"t", "ks":"m", "kw":"n", "ko":"s", "ku":"-1", "ky":"44475a", "k7":"282a36", "k8":"f8f8f2", "k9":"50fa7b", "kt":"p", "km":"l", "kj":"282a36", "ka":"p", "kaa":"bd93f9", "kx":"f1fa8c", "kaf":"1", "kai":"1", "kf":"1"}

Cookie Data

ae=t; s=m; w=n; o=s; u=-1; y=44475a; 7=282a36; 8=f8f8f2; 9=50fa7b; t=p; m=l; j=282a36; a=p; aa=bd93f9; x=f1fa8c; af=1; ai=1; f=1


Hack

Screenshot - Hack

Try it Out!

Color Palette: #101116, #070709, #00ff2b, #d1d1d1, #fffc58, #118b25, Font: Courier

JSON

{"kae":"d", "k5":"1", "kay":"b", "kbc":"1", "kax":"v261-7", "kx":"FFFC58", "kaa":"0cbd2b", "kj":"070709", "k9":"00ff2b", "k18":"1", "ka":"Courier New", "k8":"d1d1d1", "k21":"118b25", "k7":"101116", "kt":"Courier"}

Cookie Data

5=1; ay=b; bc=1; ae=d; ax=v261-7; j=070709; x=FFFC58; 18=1; 7=101116; 9=00ff2b; aa=0cbd2b; 21=118b25; 8=d1d1d1; t=Courier; a=Courier%20New


Neon

Screenshot - Neon

Try it Out!

Color Palette: #261d49, #2a1f48, #df95ff, #9254b5, #1bccfd, #21f6bc, Font: Hack

JSON

{"kae":"d", "k5":"1", "kay":"b", "kbc":"1", "ka":"Hack", "k7":"261d49", "k8":"1bccfd", "k21":"2a1f48", "k18":"1", "kx":"21f6bc", "kaa":"9254b5", "kj":"2a1f48", "k9":"df95ff"}

Cookie Data

5=1; ay=b; bc=1; ae=d; j=2a1f48; a=Hack; 18=1; aa=9254b5; 7=261d49; 9=df95ff; 8=1bccfd; 21=2a1f48; x=21f6bc


Nord

Pale grey and dusty pastel

Screenshot - Nord

Try it Out!

Color Palette: #2e3440, #404855, #81a1c1, #87c0d0, #b28ead

JSON

{"kae":"d", "k5":"1", "kay":"b", "kbc":"1", "kax":"v261-7", "kx":"b28ead", "kaa":"87c0d0", "kj":"404855", "k9":"#81a1c1", "k18":"1", "ka":"Courier New", "k8":"#81a1c1", "k21":"#81a1c1", "k7":"2e3440", "kt":"h"}

Cookie Data

5=1; ay=b; bc=1; ae=d; ax=v261-7; a=Courier%20New; 7=2e3440; 18=1; 9=81a1c1; 8=81a1c1; aa=87c0d0; x=b28ead; 21=81a1c1; j=404855; t=h


Usage

There are three different methods of applying themes: Using cookies, URL parameters or DDG's cloud store

For cookies, settings can be applied programmatically with JavaScript directly through the browser console (or using a dev tool or third-party extension). Settings are specified as individual cookies, with a single string identifier and a corresponding value. The following is a quick script to apply settings easily, just replace ddg_cookie_input with your desired data (or use one of the examples above). Note that you must be on the DuckDuckGo domain for this to work.

// Converts DDG cookie string into formatted JSON
const makeCookieData = (ddg_cookie_input) => {
    let ddg_json = {};
  const items = ddg_cookie_input.split(/[ ,]+/);
  items.forEach((item)=>{
    let parts = item.split('=');
    ddg_json[parts[0]] = parts[1];
  });
  return ddg_json;
}

// Iterates over JSON, and adds to browser cookie store
const setCookies = (ddg_json) => {
  Object.keys(ddg_json).forEach(function(key) {
    document.cookie=`${key}=${ddg_json[key]}`;
  });
}

// Paste your cookie data here
const ddg_cookie_input = `5=1; ay=b; bc=1; ae=d; ax=v261-7; 18=1; aa=0a7355; x=a8d3ff; 8=d3d5e5; 9=00af87; j=080813; 7=0b1021; 21=080813; a=Hack; t=v`;

// Call set cookies, passing in formated cookie data
setCookies(makeCookieData(ddg_cookie_input));

// All done, reload page for changes to take effect :)
location.reload();

This is handy, because once you've got DDG setup just how you like, you can make note of these values, and then easily apply them to any other system or browser with a single command.

If you would rather not set cookies, then you can use URL GET parameters (but note that the identifiers are different, see the full list of options here). You can find pre-formatted URL under Settings --> Appearance --> Show Bookmarklet and Settings Data. Here you can also enable cloud save, where you pick a password which is encoded into a URL so that you can access your setup on a different browser/ device.

Alternatively, if you're already using TamperMonkey, then you can manage this with JavaScript. Similarly if you're comfortable with CSS, then you have a lot more flexibility, and extensions like Stylish can make it easy to manage CSS overrides (here are some examples). - But the great thing about DDG, is that no extensions of hacks are required. (Also note that browser extensions can be pretty bad for privacy- they make your fingerprint much more unique, and occasionally are plain malicious)

My Server Setup βš™οΈ

This article outlines the steps I take on any new server, to configure it for security, consistency and convenience. It is written specifically for Debian, but will also directly apply to derivatives (such as Ubuntu), and will likely be very similar for for other distros.

I am in the process of writing automation scripts to cover all of these steps, in the form of Ansible Playbooks.

This guide is split into 10 sections:

  1. System Update - Upgrade the OS and enable automated security updates
  2. System Setup - Specify hostname, add users, configure server time etc
  3. Configure SSH - Setup keys, configure sshd_config and set permissions
  4. Install Essential Software - Including git, vim, zsh, tmux, ranger etc
  5. Enable Firewall - Manage allowed inbound/ outbound connections with UFW
  6. Setup Intrusion Prevention - Protect from brute force attacks with Fail2Ban
  7. Configure Malicious Traffic Detection - Flag malicious packets with MalTrail
  8. Implement Security Auditing and Scanning - With ClamAV, Lynis and RKhunter
  9. Fetch Dotfiles for Vim, ZSH, Tmux etc to make SSH sessions more comfortable
  10. Automated Backups - Using Borg for incremental, off-site, encrypted backups
  11. Final Steps - Optional items (Go, Rust, Node, Python, Docker, NGINX etc..)


System Update

Update the System and Packages

  • apt update - Update system packages
  • apt -y upgrade - Upgrade OS
  • apt autoremove and apt clean - Remove locally downloaded deb packages and apt-get caches

Enable Unattended Upgrades

  • apt install unattended-upgrades - Install package (if not already installed)
  • dpkg-reconfigure --priority=high unattended-upgrades - Enable automatic upgrades
  • vi /etc/apt/apt.conf.d/50unattended-upgrades to update the configuration


System Setup

Specify Host Name

  • sudo hostnamectl set-hostname [new-host-name] - Set the machines host name
  • Add 127.0.0.1 [hostname] into /etc/hosts - Add host name to the hosts file

Add New Users

  • useradd -m [username] -c "[user full name]" - Create a new user (-c Allows an associated name or comment)
  • passwd [username] - Specify a password for new user
  • sudo usermod -a -G sudo [username] - Gives the user root privileges (only apply if needed)

Set the Server Time

  • sudo timedatectl set-timezone Europe/London
  • sudo vi /etc/systemd/timesyncd.conf and add the address of the local NTP server
  • sudo systemctl restart systemd-timesyncd.service - Restart the time sync service


Configure SSH

Setup SSH Keys for Authentication

  • sudo apt install openssh-server - Install OpenSSH Server on remote host
  • ssh-keygen -t rsa -b 4096 - On the local system. Generates a new SSH key pair (enter a strong passphrase when prompted)
  • ssh-copy-id root@[0.0.0.0] - Uploads to the remote server, and update the hosts file
  • chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys - On the remote host, updated permissions
  • sudo ufw allow ssh - If UFW is enabled, then allow SSH access

Next we're going configure a couple of SSH security essentials

  • vim /etc/ssh/sshd_config - To open the SSH daemon's config file , and update:
    • Protocol 2 # Only use SSH 2 Protocol
    • PermitRootLogin no # Disable root SSH login
    • PasswordAuthentication no # Disable password-based SSH login
    • Compression delayed # Compression could be dangerous, only allow it once authenticated
    • MaxAuthTries 5 # Limit the maximum authentication attempts
    • PrintLastLog yes # Display last login date for an extra check (should be default)
    • PermitEmptyPasswords no # Disallow empty passwords (Not relevant for SSH Keys, but still good to have)
    • IgnoreRhosts yes # Disallow access via rhosts, which is rarely used anymore
    • IgnoreUserKnownHosts yes # Only trust the global known hosts list
    • HostBasedAuthentication no # Similar to rhosts, this is rarely used
    • Port 2200 # Set SSH access to a non-standard port
    • StrictModes yes # Prevent users from accidentally leaving their directories/ files as writable
    • UsePrivilegeSeparation sandbox # Prevent privilege escalation
    • PubkeyAuthentication yes # Public key authentication should be preferred (should be default)
    • GSSAPIAuthentication no # If you are not using GSSAPI authentication, this should be disabled
    • KerberosAuthentication no # If you are not using Kerberos authentication, this again should be disabled
    • Ciphers aes128-ctr,aes192-ctr,aes256-ctr # Use FIPS 140-2 compliant ciphers, to avoid weak encryption algorithms
    • MACs hmac-sha2-256,hmac-sha2-512 # Use FIPS 140-2 Compliant MACs, to avoid weak cryptographic hashes

The SSH daemon must be restarted, in order for these config changes to take effect: sudo systemctl restart ssh

Protect SSH Host Keys

  • sudo chmod 0600 /etc/ssh/*key - Set permissions for private keys
  • sudo chmod 0644 /etc/ssh/*pub - Set permissions for public keys

If your system stores keys in a different directory, you can find them with grep -i hostkey /etc/ssh/sshd_config. You can list the permissions of keys with ls -l /etc/ssh/*key (or *pub for public keys)

Optionally, configure an SSH tarpit, to lock up the bots hammering port 22, with Endlessh


Install Essential Software

Install Packages

  • sudo apt update - Ensure the package list is up-to-date
  • sudo apt install -y git vim tmux zsh ranger - Install essentials: vim, git, tmux, ZSH and ranger
  • sudo apt install -y make curl - Install utilities
  • sudo apt install -y fzf exa - Install command line improvements
  • sudo apt install -y ctags xsel glances fonts-powerline - Install visual improvements
  • sudo apt install -y clamav rkhunter lynis - Install security audit tools
  • sudo apt install -y neofetch figlet lolcat - Optionally, install fun stuff

Optionally,

  • If needed, install Docker
  • If needed, install Go Lang
  • If needed, install Rust and Cargo, with sudo curl https://sh.rustup.rs -sSf | sh (check the script first!)
  • If needed, install Python and PIP, with sudo apt install python3 python3-pip
  • If needed, install Node.js and NPM, with sudo apt install nodejs npm
    • Or use NodeSource's PPA: curl -fsSL https://deb.nodesource.com/setup_current.x | bash -


Configure Firewall with UFW

  • sudo apt install ufw - Install UFW
  • sudo vi /etc/default/ufw and set IPV6=yes to use IPv6
  • sudo ufw default deny incoming and sudo ufw default allow outgoing to deny all incoming traffic, and allow outgoing
  • sudo ufw allow 2200/tcp to for example, allow incoming SSH traffic on port 2200
  • sudo ufw disable and sudo ufw enable (or systemctl restart ufw) to restart UFW
  • sudo ufw status - Check the current status

Whenever a new application is configured, UFW needs to be updated to allow incoming traffic to that port and protocol.


Intrusion Prevention with Fail2Ban

  • sudo apt install fail2ban - Install Fail2ban
  • sudo cp /etc/fail2ban/jail.{conf,local} - Copy jail.conf to jail.local
  • sudo vi /etc/fail2ban/jail.local - To edit the local config file, and add:
    • ignoreip = 127.0.0.1/8 ::1 192.168.1.0/24 - with local IP addresses
    • bantime = 1d - Increase the ban time to 1 day
    • findtime = 10m - Time between each attempt
    • maxretry = 7 - Number of failures before IP is banned
  • sudo systemctl restart fail2ban - Restart Fail2ban, for changes to take effect
  • sudo systemctl status fail2ban - Show the current status

The fail2ban-client can also be used to interact with the Fail2ban service from the CLI


Malicious Traffic Detection with MalTrail

For systems that have services exposed to the internet, or for a firewall device that protects internal devices, then MalTrail can be really useful for flagging anything out of the ordinary.

Install dependencies and get the MalTrail source

  • sudo apt install schedtool python-pcapy git - SchedTool for better CPU scheduling, and Python for MalTrail
  • git clone https://github.com/stamparm/maltrail.git - Get the MalTrail code
  • cd maltrail - Navigate into the directoru

Run MalTrail. There are two components, a sensor and a server.

  • sudo python sensor.py & - Start the sensor (& will run it in the background)
  • python server.py & - Start the server, in order to log results and allow access through a GUI

Access the GUI

  • Navigate to http://[ip]:8338 and enter username: admin and password: changeme!
  • To test things are working correctly, try ping -c 1 136.161.101.53 or, for DNS capturing nslookup morphed.ru
    • Results for both should display on the dashboard and in the logs: /var/log/maltrail/
    • To view today's logs, run cat /var/log/maltrail/$(date +"%Y-%m-%d").log

Configure MalTrail's Settings

  • echo -n '[your-desired-password]' | sha256sum | cut -d " " -f 1 - Choose a strong password and hash it
  • sudo vim /home/tech/maltrail/maltrail.conf - Open the configuration file
  • Under USERS section, replace the current Admin:05a181f00c15... with Admin:[your-hashed-password]
  • From within the maltrail.conf you can configure other settings for the server component
  • pkill -f server.py && python server.py & - Restart MalTrail
  • Under normal circumstances the logs are fairly sparse, so it is possible to use a system like entr to monitor them for changes and notify you using a channel of your choice.


Security Scanning with ClamAV, Lynis and RKhunter

For security monitoring, I am using Lynis to audit general system config, ClamAV for detecting malware and rkhunter for checking for root kits.

Install Packages

  • sudo apt install -y clamav rkhunter lynis - Install security audit tools
  • sudo rkhunter --propupd - Update rkhunter's file properties database

Run a System Audit

  • sudo lynis audit system - Run a full security audit
  • sudo clamscan / -r - Scan for malware
  • sudo rkhunter -c --sk --rwo - Check for rootkits (c for check, sk for skip keypress and rwo for report wanrings only)

These commands can also be put into an .sh file, and run periodically as a scheduled cron job, sending results to your email.


Setup Dotfiles

  • git clone https://github.com/Lissy93/dotfiles.git --recursive - Download my dotfiles
  • cd ./dotfiles - Navigate to directory
  • ./install.sh - Run the install script


Automated Backups

Borg is a deduplicating archiver with compression and encryption, it's space efficient, secure and easy. BorgBase provides affordable, performant, simple and safe Borg repositories (10 GB free or 100 GB for $24/year). I am also using HealthChecks.io for monitoring backup status.

Will Browning has written an excellent tutorial for setting up Borg Backups.

  • sudo apt install borgbackup python3-pip python3-setuptools - Install Borg backup, and Python (if you don't already have it)
  • pip3 install wheel and pip3 install --user --upgrade borgmatic - Install borgmatic for the user, and it's dependency, wheel
  • export PATH="$HOME/.local/bin:$PATH" - Add this to zsh/ bashrc to include the above commands in your path
  • sudo env "PATH=$PATH" generate-borgmatic-config - Generate a bormatic config


Final Steps

Setup Welcome Banner

  • sudo cp ~/dotfiles/utils/welcome-banner.sh /etc/profile.d/motd.sh - Copy welcome banner from utils to system
  • sudo chmod +x /etc/profile.d/motd.sh - Update permissions for all users

Install NetData, for web-based resource monitoring

  • bash <(curl -Ss https://my-netdata.io/kickstart.sh) --stable-channel --disable-telemetry - Install NetData
  • You will need to allow firewall access, sudo ufw allow from [your-static-ip] to any port 19999
  • If using a cloud platform (like AWS, Azure, GCP) then you may need specify an inbound port rule to allow access

Setup Glances

  • Install: sudo apt install glances
  • To enable Glances to start up at boot time, run it as a service with systemd. See docs for more info
  • If you need to access Glances remotely, either VPN into your server (recommended), or setup a reverse proxy to the Glances web page, as per docs

Install Bpytop

  • sudo pip3 install bpytop --upgrade

If needed, use Smartmontool to monitor the status of you're disks.

  • sudo apt install smartmontools - Install smartmontool, which includes smartctl
  • sudo fdisk -l - Find the disk(s) you wish to ceck
  • sudo smartctl -t short /dev/sdX - Run a quick check, where X is you're drive number
  • For more info regarding the output, see this post

Optionally, setup Bash Hub for indexed and searchable terminal history in the cloud

  • curl -OL https://bashhub.com/setup && zsh setup - Check the installation script first, then install
  • When prompted, log into your account. Restart your session, and run bh to access the help menu
  • Add an environmental variable, indicating which commands should not be saved, e.g. export BH_FILTER="(scp|ssh|--password)"
  • Precede any command that contains sensitive information with #ignore to prevent it being saved
  • See usage docs: https://bashhub.com/usage

Additional Tasks:


Spelling Auto-Correct System ✏️❌

TDLR; Auto-correct is a lot more efficient than manually correcting misspelled words. Espanso is awesome.
Beyond that, this isn't too interesting - I just documented this so I can refer back to it in the future.
If you're just looking for a generic word list, see this post, which contains 4,200 common misspellings.

  1. Intro
  2. Word List
  3. Converter
  4. Usage


Intro

I am terrible at spelling. About 15% of what I've typed will be underlined in red. It's usually the same couple hundred words that I forget how to write. The best solution would probably be to learn how to spell, but I've instead I use a system to auto-correct my mistakes.

I use Espanso to implement this.

There are of course standalone applications that do exactly this (like client9/misspell, streetsidesoftware/cspell and sedm0784/vim-you-autocorrect), but I have other Espanso scripts for various tasks, so it made sense to bundle it all into one simple, cross-platform solution. I've previously used Auto-Hot-Key which is also very good, but only available for Windows systems. Esprano's matching system makes it an extremely powerful tool, this is a very trivial task compared to all the other awesome stuff you can use it for.


My Auto-Correction List

These are just the 220-ish words that I most often miss type/ spell, along with their correct spellings. It is written as an AHK script (because it's easier to maintain), but I made a quick utility to convert AHK into YAML for use with Espanso.

For a more comprehensive list of 4,200 crowd source common misspellings, see here: https://listed.to/p/nWcfB31ZTD

; This is my personal list of words I commonly misspelled plus auto-corrections
; Licensed under MIT - (C) Alicia Sykes, 2021 <https://aliciasykes.com/>
; Format: '::[Incorrect Word]::[Correct Word]'

::acsent::accent
::advesary::adversary
::acount::account
::adress::address
::alchol::alcohol
::alein::alien
::alighn::align
::alternativley::alternatively
::anivesary::anniversary
::anonimity::anonymity
::artifecial::artificial
::athalete::athlete
::attatched::attached
::atatchment::attachment
::availible::available
::bandwith::bandwidth
::beginer::beginner
::boredem::boredom
::borogh::borough
::braile::braille
::cancelation::cancellation
::capsual::capsule
::celestrial::celestial
::cerial::cereal
::chrisis::crisis
::Chrismas::Christmas
::christmas::Christmas
::cypher::cipher
::coloumn::column
::collabrotive::collaborative
::concious::conscious
::consistant::consistent
::concisley::concisely
::contributers::contributors
::controll::control
::controversal::controversial
::convinience::convenience
::critisise::criticize
::deamon::daemon
::decentralised::decentralized
::dedacated::dedicated
::deffinitive::definitive
::delivaring::delivering
::definetive::definitive
::deinal::denial
::diferent::different
::disapear::disappear
::disopointed::disappointed
::disastear::disaster
::donut::doughnut
::duplecate::duplicate
::dupplicate::duplicate
::eddition::edition
::effectivley::effectively
::elderley::elderly
::embeding::embedding
::embrase::embrace
::emited::emitted
::enviroment::environment
::entrpreners::entrepreneurs
::entrpreneurs::entrepreneurs
::entrpreneures::entrepreneurs
::erruption::eruption
::entropey::entropy
::Etherium::Ethereum
::exactley::exactly
::existance::existence
::experence::experience
::expirey::expiry
::exstersential::existential
::extendible::extendable
::extremley::extremely
::extrmley::extremely
::failrly::fairly
::favourite::favorite
::filiment::filament
::geomatry::geometry
::grammer::grammar
::greatful::grateful
::guurantee::guarantee
::habbit::habit
::happines::happiness
::hense::hence
::hiearachy::hierarchy
::honney::honey
::hummility::humility
::hygine::hygiene
::immediatley::immediately
::imune::immune
::indapendent::independent
::intiger::integer
::inteligence::intelligence
::inherintly::inherently
::interpritations::interpretations
::joyfull::joyful
::kernal::kernel
::lavendar::lavender
::lengh::length
::lentgh::length
::lettice::lettuce
::likley::likely
::lonley::lonely
::luxary::luxury
::maintanance::maintenance
::managment::management
::maximising::maximizing
::messanger::messenger
::metior::meteor
::microfibre::microfiber
::minamal::minimal
::misarey::misery
::missuse::misuse
::moulding::molding
::mystry::mystery
::mystries::mysteries
::neatley::neatly
::neaural::neural
::necissary::necessary
::neccisity::necessity 
::neighbours::neighbors
::noticable::noticeable
::ocassion::occasion
::occour::occur
::ofline::offline
::oppertunities::opportunities
::overidden::overridden
::overriden::overridden
::ourself::our self
::pallette::palette
::pannel::panel
::paramaters::parameters
::particulary::particularly
::percieive::perceive
::permant::permanent
::permenent::permanent
::permently::permanently
::permenently::permanently
::peice::piece
::persiverence::perseverance
::poisen::poison
::poridge::porridge
::presance::presence
::privilages::privileges
::profesional::professional
::profesor::professor
::propietry::propriety
::propiety::propriety
::protien::protein
::protacol::protocol
::proove::prove
::purley::purely
::quater::quarter
::razer::razor
::receits::receipts
::receve::receive
::receiveing::receiving
::recipie::recipe
::reccomend::recommend
::recomended::recommended
::recognise::recognize
::relevent::relevant
::repositry::repository
::restraunt::restaurant
::revele::reveal
::revoction::revocation
::reythem::rhythm
::rubish::rubbish
::safley::safely
::saftey::safety
::sandwitch::sandwich
::sattelite::satellite
::satelite::satellite
::satallite::satellite
::scafold::scaffold
::scafolds::scaffolds
::senario::scenario
::semmi::semi
::semmy::semi
::scenerio::scenario
::secondry::secondary
::securley::securely
::siezed::seized
::sensetive::sensitive
::seperate::separate
::shaddow::shadow
::sighn::sign
::signirure::signature
::similary::similarly
::simultaniously::simultaneously
::sparce::sparse
::specalist::specialist
::squirel::squirrel
::streatch::stretch
::strengh::strength
::supena::subpoena
::sercinctly::succinctly
::susincltly::succinctly
::sersincltly::succinctly
::susincltley::succinctly
::subsintley::succinctly
::sucinctley::succinctly
::sucinctly::succinctly
::sepena::subpoena
::subpena::subpoena
::siutably::suitably
::survelance::surveillance
::synonim::synonym
::synonims::synonyms
::tatoo::tattoo
::thouh::though
::teir::tier
::tedius::tedious
::tourch::torch
::tracable::traceable
::trophey::trophy
::unlikly::unlikely
::uneque::unique
::ussage::usage
::utilisation::utilization
::vegtables::vegetables
::versitile::versatile
::visualisations::visualizations
::voulenteering::volunteering
::vulnerabilites::vulnerabilities
::weekley::weekly
::werabouts::whereabouts
::wheather::whether
::youghurt::yogurt

For more words, see: https://listed.to/p/nWcfB31ZTD


Source code for Converter Script on Repl.it


Usage

For Espanso, first convert your source into YAML, then run espanso path to find your config file location, drop the script into that directory, and restart Espanso, it should now be running.

For the Auto Hot Key script, once you have AHK installed, then just download the above script (save it with the .ahk extension), double click on it and it will be running.


Top 20 Raspberry Pi Projects πŸ₯§

Intro

Ever since the first version was released in 2012, the Raspberry Pi has been a staple piece of kit for professionals, hobbyists, educators and everyone in between. And for good reason, it's small, low power, affordable but extremely versatile. There are of course other single board computers on the market, but the Pi has a strong community behind it and provides a good balance between capabilities, form factor and price.


Raspberry Pi Projects

Here is a curated list of projects that I have used, enjoyed and would recommend for anyone looking to put their Pi to use.

There's nothing too complicated here, so this should also provide a good starting point for beginners. Everything here is fully open source and backed by strong communities with large user bases.

There is almost no limit to what you can do with a Pi, this list is just intended to serve as an example and a provide a starting point.


Operating Systems

Raspberry Pi can also be used as a normal computer; either a desktop, mini handheld or headless as a server. You're not just limited to Raspberry Pi OS, it also works very well with Debian, FreeBSD, Arch, Kali, Slackware and Ubuntu to name a few.

For more specific use cases, there's also Diet Pi (super light-weight OS specifically for single-board computers), OpenElec (lightweight system for running a Kodi media center), Windows IoT Core, OCMC (media center), Emteria Android (for Android) and Chromium OS (similar to open source alternative to Chrome OS), Nems (for network monitoring) and many more


Self-Hosted Applications

Once running an OS of your choice, the Pi is also perfect for self-hosting Linux applications. For example;

... and tons more

If you're interested in self-hosting multiple apps, or using your Pi as a little home server, then check out Home Lab OS by Nick Busey, it makes correctly configuring a complex lab as easy as running a single command.


Tools for Flashing SD Card/ USB

For flashing an OS to you're Pi's SD card or USB: Official Pi Imager, Etcher or use the dd (CLI utility on Unix systems). Rufus and Win32 Disk Imager are also good utilities, but only available on Windows.

To backup you're Pi's SD card of USB, you can also use dd (the same as cloning, but in reverse). For example:

  • Backup: sudo dd bs=4M if=/dev/sdb of=PiOS.img
  • Restore: sudo dd bs=4M if=PiOS.img of=/dev/sdb

For more information, see this tutorial. Alternatively, on Windows systems, you can use Win32 Disk Imager to clone the SD card.


More Project Ideas & Tutorials

The following projects are a bit more hands-on

  • Truly WiFi extender - A very performant and inexpensive WiFi repeater solution: via Instructables by @mrtejas99
  • Print Server - Turn any old printer into an internet-connected WiFi printer: via makeuseof.com by Christian Cawley
  • YouTube Streaming Bird Box: via Instructables by @buestad
  • Smart Glasses with a treansparent OLED display: via Instructables by @Bradley_Campbell
  • 3D-Printed Mini Macintosh PC: via Instructables
  • Mini Desktop PC with the Pi 4: via Instructables by @thediylife
  • Internet Radio Player - Stream content from Pandora's Radio: via Instructables by @Ayy
  • Raspberry Pi Zero Cherry MX Split Mechanical Keyboard: via Instructables by Gosse Adema
  • Step-by-step Pi NAS with OpenMediaVault: via Instructables by @araymbox
  • Distraction-Free Writing Machine: via Instructables by @CameronCoward

My Top 50 Windows Apps πŸ–₯

Open Source Apps on Microsoft Windows

A list of my favorite software for Windows. Although not my primary system, when I do use Windows the following applications have been extremely useful for certain tasks. I usually prefer to run containerized or portable apps where possible. This is the list that I reference when setting up a fresh system.

Items marked with '❌' are either not fully open source, or are not free.

General Utilities

  • Tor Browser - For more anonymous browsing + access to the Tor network Git
  • VirtualBox - x86, AMD64, and Intel64 virtual machines Git
  • WinSCP - SFTP client and remote access file manager GitHub
  • qBittorrent - BitTorrent client GitHub
  • HWiNFO64 - System info and diagnostics ❌
  • Process Hacker - Monitor system resources and analyse currently running processes GitHub
  • WireShark - Packet analyzer GitHub
  • Angry IP Scanner - Quickly find IPs within a range, open ports and other info GitHub
  • NetLimiter - Network traffic monitoring tool with simple firewall functionality ❌
  • Etcher - For flashing ISOs onto USB drives with a overly-fancy UI GitHub
  • Universal Radio Hacker - SDR client for investigating wireless protocols GitHub
  • ExifCleaner - Tool to easily remove metadata from images and media GitHub

Security Utilities

  • Cryptomator - Fast file encryption for cloud storage GitHub
  • VeraCrypt - Strong disk, container and file encryption GitHub
  • KeePassXC - Password manager for KeePass files GitHub
  • Kleopatra - Certificate manager and PGP file encryption suit GitHub
  • WireGuard - VPN connection client using WireGuard protocol GitHub
  • CalmAV - Anti-virus scanner (See also, ClamWin GUI app) Website
  • BleachBit - Frees up disk space by deleting unneeded data in the cache and temporary files GitHub
  • Windows Spy Blocker - Block Microsoft telemetry and data collection and manage application access GitHub
  • Harden Tools - Easily turn off undesired or privacy-invasive Windows features GitHub
  • WFN - Firewall notifier to monitor outgoing connections GitHub

Improvement Utilities

  • CopyQ - Advanced clipboard manager
  • Espanso - Text expander with powerful matching system (similar to AHK)
  • AutoHotKey - Keyboard remapping, macros and automation scripting
  • Quick Look - Small utility that lets you quickly preview a file by pressing Space
  • EarTrumpet - A utility that provides better volume control on a per app basis
  • ColorPicker - Minimal but complete color picker
  • Power Toys - Color picker, fancy zones, run dialog, rename utility, shortcuts and more
  • SidebarDiagnostics - Customizable desktop widget showing system resource and hardware info
  • Wox - Global search, run commands and execute actions with Alt + Space
  • Groupy ❌- Group multiple windows into browser-like tabs, while preserving Alt + Tab switching

Creativity

  • Gimp - Image and photo editing application
  • DarkTable - Organize and bulk edit photos (similar to Lightroom)
  • InkScape - Digital drawing/ illustration
  • Audacity - Multi-track audio editor and recording
  • OBS Studio - High performance streaming/ broadcasting and recording
  • VLC Player - Multimedia player and play back framework
  • Shotcut - Video editing platform
  • HandBrake - For converting video from any format to a selection of modern codecs
  • Synfig Studio - 2D animation
  • Blender - 3D modelling, rendering and sculpting
  • Cura - 3D Printing software, for slicing models
  • Dia - Versatile diagramming tool, useful for UML (similar to MS Visio)
  • ShareX - Quick and easy screen recorder
  • SmugMug ❌- Premium photography backup, sync, sharing and publishing service

Media

  • FreeTube - YouTube client
  • Nuclear - Free music streaming & downloads
  • Spotify ❌- Premium music subscription
  • Amarok - Powerful local music player
  • Pocket Casts ❌- Podcast player
  • Plex - Client for accessing self-hosted media server
  • Steam ❌- PC game store

Productivity

Development

  • VS Code - Customizable code editor, with InteliSense, built-in compilers, git and plugins
  • Cmder - Better console emulator for Windows, with Tmux-like features, great for SSH sessions
  • PostMan - For testing and developing API endpoints
  • Android Studio - For native Android development with Java/ Kotlin
  • Arduino IDE - Compile and upload for IoT devices
  • Processing - IDE and compiler for creative coding with the Processing language
  • DB Browser for SQLite - Create, design, and edit database files for SQLite
  • RunJS - Real-time JavaScript playground, useful for writing quick scripts
  • Docker Desktop - Easy way to containerize applications
  • Notepad++ - Lightweight text editor with syntax highlighting
  • Zap - Web app security analyzer
  • Vega - Automated security testing to find XXS, SQL injection and other issues
  • Git - Version control system

Device-Specific

  • YubiKey Manager - Configuring YubeKey devices
  • OnlyKey - For configuring the OnlyKey with PGP, SSH, Passwords, 2FA, Crypto and secure data
  • StreamDeck - Setting up macros on the StreamDeck
  • Razer Synapse ❌- Customize the RGB for Razer products
  • SoundBlaster Audigy FX ❌- Drivers and audio level customization for sound card
  • AMD Radeon Settings ❌- Drivers for customizing graphics card for different tasks
  • Chameleon - For programming the ChameleonMini NFC / RFID contactless smartcard emulator

Installation

On new installs, Microsoft's Package Manager can be useful for quickly installing required software.
For example, this is the winget script that I use:

winget install --id=Lexikos.AutoHotkey -e
winget install --id=REALiX.HWiNFO -e
winget install --id=GNURadio.GNURadio -e
winget install --id=Balena.Etcher -e
winget install --id=WiresharkFoundation.Wireshark -e
winget install --id=Mozilla.Firefox -e
winget install --id=angryziber.AngryIPScanner -e
winget install --id=Microsoft.PowerToys -e
winget install --id=Docker.DockerDesktop -e
winget install --id=Oracle.VirtualBox -e
winget install --id=WinSCP.WinSCP -e
winget install --id=qBittorrent.qBittorrent -e
winget install --id=Cryptomator.Cryptomator -e
winget install --id=Keybase.Keybase -e
winget install --id=KeePassXCTeam.KeePassXC -e
winget install --id=StandardNotes.StandardNotes -e
winget install --id=Mozilla.Thunderbird -e
winget install --id=ProtonTechnologies.ProtonMailBridge -e
winget install --id=AgileBits.1Password -e
winget install --id=BraveSoftware.BraveBrowser -e
winget install --id=thehandbraketeam.handbrake -e
winget install --id=LibreOffice.LibreOffice -e
winget install --id=GIMP.GIMP -e
winget install --id=Inkscape.Inkscape -e
winget install --id=darktable.darktable -e
winget install --id=Audacity.Audacity -e
winget install --id=OBSProject.OBSStudio -e
winget install --id=VideoLAN.VLC -e
winget install --id=Meltytech.Shotcut -e
winget install --id=BlenderFoundation.Blender -e
winget install --id=Ultimaker.Cura -e
winget install --id=Spotify.Spotify -e
winget install --id=Valve.Steam -e
winget install --id=Postman.Postman -e
winget install --id=Arduino.Arduino -e
winget install --id=SQLiteBrowser.SQLiteBrowser -e
winget install --id=Notepad++.Notepad++ -e
winget install --id=elgato.streamdeck -e

See also, my Winstall Collection of the above apps.

Note: It's very important to always carefully check the URL for each download before proceeding. Only install applications from their official source.

[REFERENCE] Using Variable Fonts in CSS πŸ”€

This is just a short reference to using fonts with Variable Axes in CSS
If your looking for a complete guide or interactive playground, then check out the resources linked to at the end of this page instead


What are Variable Fonts?

Variable fonts are font files that encapsulate the entire family, and allow for custom attributes (regarding things like weight, slant, grade, character-width) to be set. This brings several benefits:

  • Much higher quality rendering of fonts, without browser distortions
  • Greater control over customization, as you can specify each value separably
  • The need only for a single font file (rather than a version for each style). Great for performance due to reduced file size and fewer requests

Variable fonts were announced in 2016, and now are officially supported by all modern browsers and most major operating systems, as an extension to the OpenType Specification. There are now many fonts that support variable axes.


Official Variation Axes

Weight (wght)

  • Corresponding CSS attribute: to font-weight
  • Example usage: font-variation-settings: 'wght' 625;
  • Typical range: 100 - 900

Italic (ital)

  • Corresponding CSS attribute: to font-style
  • Example usage: font-variation-settings: 'ital' 1;
  • Typical range: 0 - 1 (Indicating upright or italic)

Slant (slnt)

  • Similar to italics, but allows you to specify an exact value (in a degree continuum) and it does not include glyph substitution
  • Corresponding CSS attribute: to font-style
  • Example usage: font-variation-settings: 'slnt' 14;
  • Typical range: -90 – 90 degrees

Optical Size (opsz)

  • This allows adding or removing detail to improve legibility on small or large screen sizes. Set to auto by default, and usually this is adequate
  • Corresponding CSS attribute: to font-optical-sizing
  • Example usage: font-variation-settings: 'opsz' 36;
  • Typical range: value usually matches font-size

Width(wdth)

  • Corresponding CSS attribute: to font-stretch
  • Example usage: font-variation-settings: 'wdth' 115;
  • Typical range: 75% - 125%

Custom Axes

Many fonts also have a number of custom axes that can be modified. Typically these are represented with capitals. The below are several common custom axis, but Nick Sherman's project v-fonts.com provides an interactive playground, where you can properly check out many more of these axes.

Grade (GRAD)

  • Lets you modify the weight, without effecting width. Useful for responding to low-resolution screens
  • Example usage: font-variation-settings: 'GRAD' 88;
  • Typical range: Decimal, between -1 - 1

Ascenders and Descenders (YTAS & YTDE)

  • Alters of height of the stems and tails of each character
  • Example usage: font-variation-settings: 'YTAS' 800, 'YTDE' -350;
  • Typical range: YTAS 650 - 850. YTDE -500 - -138

Combining Properties

To use multiple variable font properties, you must combine them into a single line, using a comma-separated list.
(Note: When overriding a single font-variation property, you must re-define all of the other properties.)

font-variation-settings: 'wght' 375, 'GRAD' 88;

Supporting Older Browsers

In order to support older browsers, use the @supports mixin to override text with variable font properties. For example:

h1 {
 font-family: some-non-variable-font-family;
}

@supports (font-variation-settings: 'wdth' 115) {
 h1 {
    font-family: some-variable-font-family;
 }
}

Quick Tips

Slant & Italics

It is possible to use both slant (slnt) and italics (ital) at the same time. This enabled you to separate the angle change from the glyph substitution.
i.e the italics font property replaces some characters with a different glyph, usually for ascetics. Turning italics off, and then using slant to italicize the text, means that no characters are replaced. The reserve is also true, enabling italics and setting the slant to 0 will replace the glyths. This makes a much bigger than expected difference.

For example:

font-variation-settings: 'slnt' 10, 'ital' 0;

Additional Resources

Articles:

Pi Zero Tor-Routed Access Point πŸ“Ά

Quick guide on creating an always-on Tor-routed secondary wireless access point on a Pi Zero

Set up the Pi

  1. Download and Extract Raspberry Pi OS Lite
  2. Flash the ISO onto a MicroSD Card, with Etcher or similar software
  3. Place a file called ssh into the boot dir (to allow for SSH access)
  4. Insert SD card into Pi, plug in the Ethernet and power it up
  5. Determine the IP of the new Pi with nmap, or in your router settings
  6. SSH into ssh pi@<ip>, the password is raspberry
  7. Change the password with: sudo passwd

Set up the Access Point

  1. Update packages, and get dependencies:
    sudo apt-get update
    sudo apt-get install iptables-persistent git

  2. Get Pi Hostpot setup script:
    git clone https://github.com/unixabg/RPI-Wireless-Hotspot.git

  3. Begin the Install Process
    cd RPI-Wireless-Hotspot
    sudo ./install
    The script will walk you through setting up a WiFi network, choosing a name, authentication type and password


Configure Tor

  1. Install Tor
    sudo apt-get install tor

  2. Configure
    sudo nano /etc/tor/torrc

    # Then enter the following at the bottom of the file
    Log notice file /var/log/tor/notices.log
    VirtualAddrNetwork 10.192.0.0/10
    AutomapHostsSuffixes .onion,.exit
    AutomapHostsOnResolve 1
    TransPort 9040
    TransListenAddress 192.168.42.1
    DNSPort 53
    DNSListenAddress 192.168.42.1
    # Save and exit
    
  3. Update IP Tables
    sudo iptables -F
    sudo iptables -t nat -F
    sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
    sudo iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
    sudo iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
    sudo sh -c iptables-save > /etc/iptables/rules.v4


Start Tor Service

  1. Start the Tor service
    sudo service tor start

  2. Check if it's running okay
    sudo service tor status

  3. Start tor on boot
    sudo update-rc.d tor enable

  4. Finally, reboot the device
    sudo reboot

Done!

[HOW-TO] Mullvad VPN using WireGuard on OPNsense πŸ‘οΈβ€πŸ—¨οΈ

I am new to OPNsense, and got totally stuck on this. There wasn't a lot of information online about this, so after I'd (finally) got it working, I wrote this step-by-step guide


1. Install WireGuard

Navigate to System --> Firmware --> Plug-ins, and select and install 'os-wireguard'.
Now you can refresh the page, and go to, go to VPN --> Wireguard


2. Create a Local Instance

Under VPN --> WireGuard --> Local, create a new instance which looks like this:

  • Name: Mullvad
  • Public Key: (Automatically Generated)
  • Private Key: (Automatically Generated)
  • Listen Port: 51820 (must be unique)
  • DNS Server: 193.138.218.74 (this is Mullvad's privacy DNS service. If you are using a different VPN, use their DNS here instead)
  • Tunnel Address: Leave blank for now, we'll come back to this

Hit save


3. Get Your Account Tunnel IP

Once your local config is saved, click edit, and a private and public key should have been automatically generated. Make note of the public key.

SSH into your box, and run the following command, where account number is your 16-digit Mullvad key (without dashes), and public key is from your newly created local instance.

curl -sSL https://api.mullvad.net/wg/ -d account=[mullvad-account-number] --data-urlencode pubkey=[mullvad-public-key]

This will give you an output with 2 IP addresses, like: 00.xx.xxx.xx/xx,fc00:bbbb:bbbb:bb00::0:0x00/128$

It's linked to your account, so keep it safe.


4. Add Tunnel Address to Local Instance

Go back to your Local Instance, and under Tunnel Address, add both the IPs returned from the above curl command


5. Choose a Mullvad Server

Navigate to https://mullvad.net/en/servers/ and select a WireGuard server that meets your requirements. Make note of it's name/ proxy address, public key and port.


6. Create an Endpoint

Under VPN --> WireGuard --> Endpoints, and create a new instance, with the following data:

  • Name: MullvadInstance
  • Enabled: true
  • Public Key: (public key from your chosen Mullvad instance)
  • Shared Secret: [blank]
  • Allowed IPs: 0.0.0.0/0
  • Endpoint Port: (multihop port from your chosen Mullvad instance)
  • Keepalive: 20

Your Endpoint should look something like this:
Endpoint Instance


7. Assign Endpoint to Local Instance

Navigate back to VPN --> WireGuard --> Local, and click edit for your instance. Under Peers, select the name of your newly created endpoint

Your Local Instance should now look like this:
Local Instance


8. Add Outbound Rule

Under Firewall --> NAT --> Outbound, switch the Rule Generation mode to Hybrid (from automatic).

Next, create a new manual rule, with the following details:

  • Interface: WireGuard
  • Source Address: LAN net
  • Translation / Target: Interface address

And all other fields can be left as default

Firewall NAT Outbound Rule


9. Enable VPN

Finally, go back to VPN --> WireGuard --> General - and hit Enable WireGuard VPN - Done!

Under VPN --> WireGuard --> List Configuration, you should now see the connection details


10. Test

To test your connection to Mullvad, navigate to https://mullvad.net/en/check/
Here you can also confirm that your IP is not blacklisted, and that there are no DNS or WebRTC leaks.

Mullvad Check

Mullvad also has a simple API, that you can call to, and confirm your connection. This is useful for automation.

$ curl https://am.i.mullvad.net/connected
$ curl https://am.i.mullvad.net/json

Now that everything's up and working, it's worth noting that if you haven't yet configured automated backups, don't forget to export your working config, under System --> Configuration --> Backups :)


Additional Notes

Disabling and re-enabling WireGuard from the General tab does not refresh updated data from the Local or Endpoints tab. For that, you need to disable, re-enable and save changes in these pages accordingly. This is useful to know for if your troubleshooting and unsure why your changes are not taking effect!

SOCKS5 Proxy

Optionally, you can use SOCKS5 on client devices or browsers, for additional protection, and improved performance. It's also possible to use the SOCKS5 proxies to multihop, enabling the client to exit from a server that is different from the one you connected to. Mullvad's WireGuard proxy can be found at 10.64.0.1 port 1080.

Port Forwarding

If you need to expose a service to the internet from behind Mullvad, then you need to individually assign the ports in your Mullvad account. Log into your Mullvad account, and navigate to mullvad.net/account/ports. From here you'll see a list of your public keys, simply press the "Add New" icon under the Ports section of your desired instance, and specify the port your internal service is running on.


Primary sources I used:

Thanks to the users over at the OPNsense forum, who were also a big help.

Custom Styling for Listed Blog πŸ’…

This post outlines how to make a responsive grid layout for your Listed blog
TLDR: You can view the custom CSS used for this blog, here: https://listed.to/p/g3EKNSBcnX

Background

Listed is a minimal blogging platform, built on top of Standard Notes.

When it comes to customizing your blog, Listed has some options for color theming with CSS variables and basic styling with a stylesheet. But you are going to be quite restricted in what you can do (presuming you are using the hosted instance), since you are not able to modify your sites core markup (HTML), nor can you add any interactive behavior (JavaScript), and styles must be written in CSS (no SASS). However, you have got full-reign over the CSS, and the Listed team have structured the blog in a way that makes it nice and easy to make both small theming changes, big layout modifications.

This article isn't a full tutorial on blog styling (the official docs on styles cover this, much better than I ever could), it's just a short explanation on how you start to make some layout changes, and what I did to style my page. I know nothing about UI/UX design, so my blog might not be the prettiest, take this just as an example of what is possible

I've had several people ask to see my stylesheet, and seen a few other blogs pop up using my flexbox homepage design, so I thought I'd make things easier for you! Here is the full stylesheet used for my blog. Feel free to do what you like with it. I would prefer that you modify it slightly, if your going to use it for your blog (I like being unique πŸ€ͺ), but no problem if you don't- it's open source

Screenshot- Light Theme Screenshot- DarkTheme

Getting Started - The Basics

Create Style File

First off, create a note with a .css extension, and add the following lines to the top:

---
metatype: css
---

Modifying Colour Scheme

You can change the blog colour schemes very easily, using the pre-specified variables, for example

:root {
  --background-color: white;
  --body-text-color: black;
  --post-title-color: var(--body-text-color);
  --dimmed-border-color: rgb(233, 233, 233);
  --header-border-color: var(--dimmed-border-color);
}

... A full list of available colour variables can be found here, or through the browser dev tools.

Adding Additional Styles

You can also apply specific styles to any element within the page, by finding it's CSS selector (using the browser dev tools), and adding CSS for it, for example:

.author-post.single-post-show .post-content {
    border: 2px solid --body-text-color;
}

Try to make the selectors as specific as possible, to avoid the styles unintentionally being applied to other elements.

Adding Post-Specific Styles

To apply styles that will display only for that post, you can add a <style></style> tag. You can also write your own HTML markup within a MarkDown note, and specify classes or ID. It's not the neatest solution, but it works


My Styles - Walkthrough

Initial Page Overrides

html {
  overflow-x: hidden;
}
body {
  max-width: none;
  padding: 2%;
}
div#main-container {
    padding: 0.5rem;
    max-width: 1200px;
    margin: 0 auto;
}

Use a Custom Font

I am using the Hack typeface, by Source Foundry. It's open source, and looks a little cleaner than Courier, which is the backup font family.

@import url(https://cdn.jsdelivr.net/npm/hack-font@3.3.0/build/web/hack.css);
body {
    font-family: 'Hack', Consolas, courier, monospace;
}

Hide Post Content on Homepage

Since some of my posts are long (and kinda boring), so I did not want them to clutter up the main page, and instead have just the titles and date visible

.author-post .post-body {
  display: none;
}

Display Posts in Grid Layout

The home page post titles are displayed in a responsive flex-box grid, which makes each box the same width, and fills availble space

div#author-posts {
    margin-top: 1rem;
    display: grid;
    grid-template-columns: repeat(auto-fill, minmax(14rem, 1fr));
}

div#author-posts::before {
  content: '';
  width: 0;
  grid-row: 1 / 1;
  grid-column: 1 / 1;
}

div#author-posts > *:first-child {
  grid-row: 1 / 1;
  grid-column: 1 / 1;
}

div.single-post-show.author-post {
    margin: 0.5rem;
  display: inline-block;
    vertical-align: top;    
}

Post Tiles Styling

Each post tile ha a Title and date, and these styles specify how this should be layed out

div.single-post-show.author-post .post-content {
    padding: 0.5rem;
    height: 100%;
    min-height: 140px;
    transition: all 0.3s cubic-bezier(.25,.8,.25,1);
}
div.single-post-show.author-post .post-content:hover {
    box-shadow: 0 3px 6px rgba(0,0,0,0.16), 0 3px 6px rgba(0,0,0,0.23);
}
div.single-post-show.author-post .post-content .post-date {
    position: absolute;
    bottom: 0;
    color: #c6c6c6;
}
div.single-post-show.author-post .post-content .post-title {
    font-weight: normal;
    font-size: 1.25rem;
}
div.single-post-show.author-post .post-content .post-title a:visited {
    color: #888;
}

Dark/ Light Theme

I personally love dark style sites, but I know not everyone does, so I have a dark and light theme, which is applied according on the users device preferences (set by wither their OS or browser). This is done with a media query: @media (prefers-color-scheme: dark)

I kept the light as default and outside of any media query for support for older browsers, and then made an overide for dark mode:

@media (prefers-color-scheme: dark) {
    :root {
        --background-color: #0d0e20;
        --body-text-color: #fdfdfd;
        --link-color: #12cdd7;
    }
    .post-content, .navigation .older {
        background: #ffffff0a;
        box-shadow: 
          0 1px 3px rgba(0, 0, 0, 0.83),
          0 1px 2px rgba(0, 0, 0, 0.57);
    }
    .post-content:hover {
        box-shadow:
          0 3px 10px rgba(0, 0, 0, 0.83),
          0 3px 1px rgba(0, 0, 0, 0.57);
    }

    input, textarea {
        border: 1px solid #fff;
        border-radius: 0;
        color: #fff;
        background: #ffffff0a;
    }
}

"Older" Button

Once you have more than 15 posts, a hyperlink will appear linking to Older Posts. I wanted to change the wording, and also make it the same style as the other post tiles.This is done by adding it's selector to the above post tile classes so that they can share styles. And to change the text wording, I just used the ::before / ::after psudo selectors, and then set the visiblily to hidden for the original text

#author-profile #author-posts .navigation {
    margin: 0.5rem !important;
}
#author-posts .navigation .older {
    padding: 0.5rem;
    height: 100%;
    min-height: 140px;
    transition: all 0.3s cubic-bezier(.25,.8,.25,1);
    border-radius: 5px;
    box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
    width: 100%;
    font-size: 1.5rem;
}
#author-posts .navigation .older a {
    visibility: hidden;
}
#author-posts .navigation .older a::before {
  content: "There's more!";
  color: #c6c6c6;
  font-size: 0.9rem;
  display: block;
  visibility: visible;
}
#author-posts .navigation .older a::after {
  content: "Show Older Posts ➑️";
  color: #888;
  font-size: 1.25rem;
  display: block;
  visibility: visible;
}

/* Material Style for Post Containers */
.post-content {
    padding: 1rem;      
    border-radius: 5px;
    box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24);
}

Code Snippets Styles

code, .prettyprint {
    font-family: courier, monospace !important;
    font-size: 0.75rem;
    line-height: 0.75rem;
    color: #a2266c;
    padding: 4px 8px;
    background-color: #f7f7f9;
    border-radius: 3px;
}
.highlight {
    border-radius: 4px;
    width: min-content;
}

Navbar Buttons

The page links, in the top-right of the navbar looked a bit inconsistant, so I added a box-type style to them

div.pages-menu a.page-link {
    padding: 0.4rem;
    border: 1px solid var(--page-menu-link-color);
    margin: 0.2rem;
    text-decoration: none;
}

Additional Tweeks

After all the above styles were applied, there were a couple of things which didn't look quite right, mostle spacings or little glitchs.


/* Text Highlight Color */
::selection {
  color: #0d0e20;
  background: #12cdd7;
}

/* Additional spacing for ':' in title */
.author-name.path-item:before {
    margin: 0 0.4rem 0 0.1rem;
}

/* Use Monospace for Headers and Titles */
.header-author-info, #page-header, h1, h2, h3 {
    font-family: monospace;
}

/* Leave a bit of space between sections */
h3 {
    margin-top: 1rem;
}

/* Horizontal Rule */
div.post-body hr {
    height: 0;
    padding: 0;
    margin: 1.5rem 0;
    border-bottom: 1px dashed #12cdd757 !important;
}
hr::before {
    content: none;
}


Epic Internet Stuff! ✨

Bored? Here's a collection of stuff I stumbled upon on the internet, and thought was pretty epic 🌈

Full credit to the legends behind each of these sites πŸ¦Έβ€β™‚οΈ

Enjoy! 🀩

  • 100,000 Stars - A WebGL 3D Visualization of out Solar System, Galaxy and Universe
  • 1001 Albums Generator - Gives you a new album to listen to everyday
  • Acapella Extractor - Isolates voice from any track/ removes music and background
  • Ask Nature - Search for a query, to find how nature has adapted to solve problems
  • A Good Movie to Watch - Find top-rated TV and Movies, for your chosen streaming services and country
  • APOD - NASA's astronomy picture of the day - High quality, beautiful space images updated daily
  • Abbreviations.com - The World's largest collection of abbreviations and acronyms
  • Ancient History Encyclopedia - Professionally curated online encyclopedia for research, teaching and travel
  • Akiyoshi's Illusion's - Static visual illusions that appear to be moving
  • Amazon Dating - Order a date with free next day delivery and buyer protection (satire)
  • BBC Sound Effects - A database of all 16,000+ sound effects as .wav, created & used by the UK's BBC
  • Bilingual baby name finder - Useful to find names that can be pronounced
  • Bomb Blast - Search a location, and nuclear weapon, to see the damage area
  • Better Explained - Clear, easy to understand and engaging math tutorials (by Kalid Azad)
  • Bops.fm - Click a year, and here a song from that time
  • Bongo Cat - Hit the bongos like Bongo Cat!
  • Bored Panda - Slightly click-batey articles from around the web, great for destroying boredom
  • Britney Spears' Guide to Semiconductor Physics - A humorous play on the teaching of physics (by Carl Hepburn)
  • Calligrapher.ai - Convert text to real-looking hand writing, with AI
  • Camerons World - View real Geo Cities sites, from the archive
  • Channel Crawler - Discover new YouTube channels by keywords and filters (by Geoffrey Reemer)
  • Cinetrii - Analyses reviews to infer possible inspirations behind a film
  • City Extremes - Lookup any city, and find the closest and furthest geographic cities
  • Citizen DJ - Make music using the free-to-use audio and video materials from the Library of Congress
  • Clash - Type in any sentence and have it sung back to you using a variety of artists
  • Classic Reload - A series of retro emulators in the browser
  • Connected Papers - Visually shows connections between academic journals
  • Conversao - Instantly convert a unit to all others
  • Corporate Private Jet Tracker - See live locations of the rich and famous's private jets in the US
  • Cryptovoxels - A virtual world
  • Cursor Dance Party - Real-time cursor dance party
  • Desk Spacing - Create your own virtual desk setup (or r/BattleStation!)
  • Desolhar Philosophy - Simplifying hundreds of Philosophy books into easy-to-follow formulas (by Patrick Milani)
  • Deepl - A surprisingly good, AI-powered online translator- much smarter than Google Translate!
  • Dr Meme - Meme generator (without watermarks, ads or sign up)
  • Dumpster Fire - Watch your message being burnt in real flames!!
  • Don't Even Reply - Some hilariously funny email chains
  • DVD Screensaver - Brings back memories, that classic bouncing DVD screen
  • Earth Polychromatic Imaging Camera - Hourly photos of the Earth from NASA
  • Entropy by Aatish Bhatia - Interactive article, explaining entropy with sheep
  • EmuOS - A very nostalgic web-based emulation of Windows 98 (by Emupedia)
  • Eyes.Nasa.gov - Interactive 3D solar system, showing info about NASA missions
  • FSymbols Emoticons - Copy/ Paste text-based emojis
  • FBI Infamous Cases & Criminals - A collection of the most infamous criminals & cases investigated
  • Flag Waver - Generates a waving flag for any image (some very clever coding, by @krikienoid)
  • Find a Spring - A tool to locate a fresh water spring near you, or anywhere in the World, plus info about it
  • Flipanim - Create flipbook animations
  • Scale Illustrations - Royalty-free, high-quality vectors (by @KarthikS2206 + Flexiple)
  • Fake Windows Update - This is a great prank to play on your colleges when they don't lock their laptop!
  • Fluid Simulation - Impressive, and kinda relaxing, WebGL dynamic simulation of fluid
  • Font Generator - Convert a string into various plain text ASCII fonts (Great for Social Media + Messaging)
  • Forekast - Upcoming dates of notable internet events
  • Forgotify - Listen to a song that's never been heard before on Spotify (produces some questionable tracks)
  • Forvo - Pronunciation Dictionary
  • Free Learning List - A collection of awesome educational resources from around the internet
  • Grep.app - Allows you to search the contents of files within GitHub repos, with a RegEx option too
  • Good Tricks - Tons of magic tricks
  • Gradient Clock - Beautiful real-time clock of the big screen
  • Hacker Typer - A classic.. pretend to be a hacker
  • HelpMap - A website that lets you find local charities to support
  • Hemingway - Analyses a writing, and suggests edits to make it easier to read
  • How long to Read - Tells you how long it will take to read a certain book
  • HostRider - Lo-fi music for coding, with a coding-kitty as a companion
  • HotSpot 3D - Compare any 2 smart phones, in a size-accurate 3D environment, to easily visualize dimensions
  • Ian's Shoelace Site - An internet classic, everything you've ever wanted to know about laces
  • Icebergr Remixed - Draw an iceberg to visualize how it will float
  • Ikea Museum - Every Ikea catalog since 1950
  • IMDB Compare Shows - Compares ratings over time of TV shows
  • Import Yeti - Find any companies suppliers, using data from U.S Customs Sea Shipment Records
  • Illustration Kit - Hundreds of free and open source illustrations, with customizable colors
  • Invite Rick - Invite Rick Astlet to Rick Roll your Zoom meetings
  • I Waste so much Time - Just some funny pictures, to waste your time
  • Just the Recipe - Removes all the clutter from cooking websites, just paste a URL to a recipe
  • Judy Records - Instantly search over 400 million US Court Records
  • Jungle Simulator - Nice relaxing, and customizable jungle sounds
  • Killed by Google - Google has killed off over 200 of their services - checkout the grave yard
  • Life in Months - Create a grid of your life
  • Lines - Draw a line, and let Google Earth complete the picture
  • ListeningTogether - Shows when two people start listening to the same song, at the same time, via Spotify
  • Localingual - A map that you can click on, to hear voices from around the world
  • Little Alchemy 2 - Weirdly addictive simple element-mixing game
  • McBroken - A map which keeps track of which McFlurry machines are broken across the US (by @rashiq)
  • MSOutlook-Reddis - Makes Reddit look like Microsoft Outlook (useful for work)
  • Measure of Things - See real-world comparisons of a measurement
  • Menneske - Clean site to find, print and solve sudokus of all sizes and difficulties, and other puzzles
  • Moon Today - Browse the moons craters, mountains and lava channels
  • MorseCode.me - Morse Code-only chat room
  • MicroPano - Zoom into Vermeer's masterpiece with this 10 billion pixel scan
  • Muscle Wiki - Select a muscle, for exercises on how to work it
  • Music Roamer - Finds music from similar artists you love:
  • My90sTV - Simulates a 90's TV, with big varity of program - so nostalgic!
  • Mystery Search - Search for something, and get results of what the previous person searched for
  • Nobody.live - Shows live Twitch streams, that currently don't have any viewers (by Charles Stross)
  • N+7 - Replaces every noun in a body of text, with the seventh word following it in the dictionary
  • Neave.tv - TV without context. Click to channel hop
  • Open Culture - Free cultural & educational content from across the web
  • Opslagify - Calculates how much storage you'll need to download your Spotify playlists
  • Orb.Farm - Relaxing lil game, where you create your own eco-system
  • OwnersMan - All car manuals
  • Paper Plotter - Create math functions out of paper
  • Paint.wtf - Draw something and get scored based on AI
  • Physics Simulations - Physics simulations
  • Pink Trombone - An oral cavity and vocal tract simulator, for helping with speech disorders
  • Playlist Machinery - Create a (nearly) seamless playlist between (almost) any two artists
  • Pointer Pointer - Displays a random photo, of someone pointing to exactly where your cursor is
  • Printer Tools - 3D Printer Utilities, including a 3D QR Code Generator
  • QR Picture - Turn any picture into a working QR code
  • Radio Garden - Listen to Live Radio from all over the world
  • Radiooooo - Pick a country, and a decade, to hear the songs that would have been on the radio
  • RainbowHunt - Amazing rain simulation, built with WebGL
  • RelaxCalm - Do nothing for 90 Seconds
  • Remove BG - Automatically removes the background of any image
  • Roland 808303 Studio - Computer Controlled Rhythm Composer, built with HTML5
  • RubikSolve - Rrbik's Cube Solver
  • SculptGL - Digital Sculpting Web App
  • ShadyURL - A URL Shortener, that makes legitimate websites sound dodgy
  • ShareDrop - Share files with other local clients on your network (by Cowbell Labs)
  • Short Trip - A beautiful interactive, hand-illustrated short animation (by Alexander Perrin)
  • Shortcuts - Keyboard shortcuts for lots of apps
  • Sideways Dictionary - Like a dictionary, but uses analogies to simply explain infosec definitions
  • Signal Stickers - An unofficial directory for Signal (messaging app) sticker packs
  • Size of Space - Shows the relative size of items in space (Tldr; we're really really small)
  • Sketch 2 Code - Convert any hand-drawn wireframe, into HTML code
  • SnapDrop - Share files with other devices on your network, no signup or software required
  • Snake - Play snake, the classic retro phone game rebuilt by Paul Neave
  • SoundeScape - 3-Dimensional, generative sound environments for Focus, Relax or Sleep
  • Space Telescope Live - See what the Hubble space telescope is looking at right now
  • Space Jam - The original Space Jam site from 1996, still online!
  • Strobe.Cool - Weirdly hypothesizing illusion (WARNING: Contains fast-flickering/ strobe lighting)
  • Super Cook - Search recipes based on what's in your fridge
  • Sunlight Hours per Day - Visualize the number of hours of sunlight parts of the Earth receive per day
  • Temark - Convert any bit of long writing, into a short summary
  • Terms of Service; Didn't Read - Professionally written, short summaries of important Terms of Service
  • The Faces of Facebook - Shows tons of public facebook profile pictures (broken)
  • The Google Cemetery - Collection of all 162+ products that Google killed
  • The Skullery - Collection of free, well-presented and easy-to-follow recipes
  • TimeTraveler - Shows which new words, were first used in print for each year
  • TitleScraper - Scrapes any given sub-reddit, and looks for commonly used words and upvotes
  • Torrent.parts - Inspect and edit what's in your Torrent file or Magnet link (by Leo herzog)
  • Toys from Trash - Hundreds of Science projects using common household items & trash
  • Travel Time - Travel time calculator, great for finding somewhere to live for a commute
  • Trumpizer - An AI trained to answer questions like Donald Trump
  • Tune my Music - Free tool for exporting or transferring music playlists from one service to another
  • TypeLit - Practice touch typing, by typing out classic novels
  • U Meet Me - Find meeting places between 2 addresses
  • Unim.Press - Read Reddit like a newspaper
  • Unogs - Search for a movie, to find which country Netflix it is on (useful for choosing VPN location)
  • Virtual Vacation - City Guesser Game - Shows parts of cities, to guess location (great for quizzes)
  • VisualPing - Monitor website for changes
  • WebAmp - HTML5 implementation of WinAmp in-browser
  • What to Watch on TV - Find TV shows, based on IMDB ratings
  • What Should I read Next - Discover books, based on other books you've enjoyed
  • Wildlife Africam - Live wildlife cameras in Africa
  • Winamp Skin Museum - I don't know why...
  • Window Swap - Look through a random window- shows videos out of peoples windows
  • Windows Error Worm - Have fun dragging Windows XP-style crashed Windows once again
  • Worlds Greatest Singers - Vocal ranges of the top singers visualized
  • Xkcd - The original source of xkcd's classic comic strips, on Romance, Sarcasm, Math, Computing & Language
  • You Okay? - A little something to take your mind of things (by Billy Stevens)
  • Zoom Earth - Live satellite photos of Earth

Thanks for visiting πŸ₯°


This list serves as a boredom destroyer, or something to take your mind of things- I look for sites that are either amazing, genius, funny, random or useful. There's currently over 200 websites, but this list is still very much a work in progress, and I continue to add new stuff 🚧

I always love discovering new eipc internet stuff, so if you know of something I should check out, drop me a line at alicia at omg dot lol - Thanks for all the messages and suggestions so far!

Fun with Real-Time Data 🌠

Fun with live data_banner

A curated collection of data-related awesomeness, with a focus on internet, communication & security
Work in progress- I'm continuing to update the list, whenever I come across something epic

My respect goes out to the legends behind each of these projects πŸ‘


Awesome Real-Time Data Visualizations

  • Internet
  • Air & Sea
  • Crypto
    • FiatLeak - Real-time crypto asset movement stats
    • Coin360 - Customizable heatmap shows the current state of prices and market caps across the Cryptoverse
    • BitCoin Rain - Real BTC transactions and values falling from the sky
    • BitNodes - Network map of all currently reachable nodes in the Bitcoin network
    • Symphony - BTC transactions rendered in a 3D outer-space virtual world, with flight simulator mode
    • Crypto Watch - Real-time professional crypto market dashboards and trading data
    • LiveCoinWatch - Crypto coin listings, and customizable dashboards and widgets
    • Mempool - A BTC block explorer with real-time stats inferred from recent blocks, with a TV mode
    • TX Watch - Live BCH and BTC transactions
    • TxStreet - a live blockchain and mempool visualizer, where data is represented by crowds on the street
    • Polkadot Telemetry - Live Polkadot staking and transaction blocks
  • Misc
  • Cyber

Info Sec - Databases, APIs, References

Want to build your own live data visualization? The below data sources may be of help

  • Exodus - Trackers in Android Apps
  • Exploit Database - A database or Current software vulnerabilities
  • URLScan - Service scanning for malicious domains, with historical results
  • Dehashed - Data Breaches and Credentials
  • VirusTotal - Detailed virus scans of software
  • Abuse IP DB - Database of IPs reported for abuse
  • SnusBase - Long standing database hosting breached data
  • OpenPhish - A feed of current phishing endpoints
  • HashToolkit - Database of 'cracked' hashes
  • SecLists - Starter list of leaked databases, passwords, usernames etc (Great for programming)
  • Qualys SSL Pulse - A continuous and global dashboard for monitoring the quality of SSL / TLS support over time across 150,000 SSL- and TLS-enabled websites, based on Alexa’s list of the most popular sites in the world
  • Tor Bulk Exit List - List of all exit nodes (IP) in use on the Tor network

Info Sec - Research & Results

A collection of interesting studies that have collected, analysed and presented findings using internet data

  • Internet Census Data - Includes data on address space allocation, traffic, DNS, service enumeration, internet outages and other internet topology data
  • Web Tracking Data by Princeton University - This is the largest and most detailed analysis of online tracking to date, and measures both stateful (cookie-based) and stateless (fingerprinting-based) tracking. The crawls were made with OpenWPM
  • Who has your Back? by EFF - Anual report assessing how companies handle personal data
  • Lists of Websites Abusing Session Replay - Third-party sesssion replay scripts, record all your acions and allow them to be watched by a human. This list of websites include this
  • Sensor Access Data - A Crawl of the Mobile Web Measuring Sensor Accesses, Illinois
  • Canalys Newsroom - Research Studies on Security, Privacy, Technology and Finance
  • Data Never Sleeps - An infographic visualizing how much data is generated every minute (2019)
  • What they Know about You - An Infographic showing what information are Giant Tech Companies collecting from you (2020)

Finally- Here's a selection of pretty screenshots...

A selection of pretty screenshots

[REFERENCE] InfoSec Abbreviations πŸ”‘

Background: While getting started in information security, I kept coming across acronyms I wasn't familiar with/ had forgotten. So I have started compiling a list, for future reference. I will keep this list updated, as I go along 😚

Common InfoSec Abbreviations

  • AES: Advanced Encryption Standard
  • C2: Command & Control (sometimes CC)
  • CBSP: Cloud-Based Security Providers
  • CSP: Content Security Policy
  • CORS: Cross-Origin Resource Sharing
  • CVSS: Common Vulnerability Scoring System
  • DAST: Dynamic Application Security Testing
  • DLP: Data-loss Prevention
  • DDoS: Distributed Denial of Service
  • DES: Data Encryption Standard
  • DOS: Dinial of Service
  • DSA: Digital Signature Algorithm
  • EDR: Endpoint Detection & Response
  • IPSec: Internet Protocol Security
  • IIoT: (Industrial) Internet of Things
  • MFA: Multi-Factor Authentication
  • PAM: Privilege Access Management
  • PIM: Privilege Identity Management
  • RAT: Remote Adimistration Tool
  • SAST: Static Application Security Testing
  • SPF: Sender Policy Framework
  • SSE: Server-Side Encryption
  • STS: Security Token Service
  • TLS: Transport Layer Security
  • WAF: Web Application Firewall
  • WAP: Web Application Protection
  • XSS: Cross-Site Scripting

Of course, there are other, much more complete glossaries, but they can get overwhelming- these are the basics, and my personal resource. For some much more complete lists, see:

πŸ‘† A lot of acronyms: via InfoSec Matter
πŸ‘† Glossary of Terms: via NICCS (National Initiative for Cybersecurity Careers and Studies in the US)

[REFERENCE] Wireshark Display Filters πŸ’»

Wirechark has some comprehensive packet filtering capabilities, and display filters let you utilize these multi-pass packet processing capabilities. This goes far beyond just filtering based on IP, port and protocol.

Essential Links:

You can debug filters using the dftest command

Cheat Sheet

I created this list from the Wiki, to be a Ctrl + F personal reference to common display filters

Operators

  • eq or ==
  • ne or !=
  • gt or >
  • lt or <
  • ge or >=
  • le or <=

Logic

  • and or && - Logical AND
  • or or || - Logical OR
  • xor or ^^ - Logical XOR
  • not or ! - Logical NOT
  • [n] […] - Sub-String Operator

Ethernet

  • eth.addr
  • eth.dst
  • eth.ig
  • eth.len
  • eth.lg
  • eth.multicast
  • eth.src
  • eth.trailer
  • eth.type

IEEE 802.1Q

  • vlan.cfi
  • vlan.etype
  • vlan.id
  • vlan.len
  • vlan.priority
  • `vlan.trailer

IPv4

  • ip.addr
  • ip.checksum_bad
  • ip.checksum_good
  • ip.checksum
  • ip.dsfield.ce
  • ip.dsfield.dscp
  • ip.dsfield.ect
  • ip.dsfield
  • ip.dst_host
  • ip.dst
  • ip.flags.df
  • ip.flags.mf
  • ip.flags.rb
  • ip.flags
  • ip.frag_offset
  • ip.fragment.error
  • ip.fragment.multipletails
  • ip.fragment.overlap.conflict
  • ip.fragment.overlap
  • ip.fragment.toolongfragment
  • ip.fragment
  • ip.fragments
  • ip.hdr_len
  • ip.host
  • ip.id
  • ip.len
  • ip.proto
  • ip.reassembled_in
  • ip.src_host
  • ip.src
  • ip.tos.cost
  • ip.tos.delay
  • ip.tos.precedence
  • ip.tos.reliability
  • ip.tos.throughput
  • ip.tos
  • ip.ttl
  • ip.version

IPv6

  • ipv6.addr
  • ipv6.class
  • ipv6.dst_host
  • ipv6.dst_opt
  • ipv6.dst
  • ipv6.flow
  • ipv6.fragment.error
  • ipv6.fragment.id
  • ipv6.fragment.more
  • ipv6.fragment.multipletails
  • ipv6.fragment.offset
  • ipv6.fragment.overlap.conflict
  • ipv6.fragment.overlap
  • ipv6.fragment.toolongfragment
  • ipv6.fragment
  • ipv6.fragments
  • ipv6.hlim
  • ipv6.hop_opt
  • ipv6.host
  • ipv6.mipv6_home_address
  • ipv6.mipv6_length
  • ipv6.mipv6_type
  • ipv6.nxt
  • ipv6.opt.pad1
  • ipv6.opt.padn
  • ipv6.plen
  • ipv6.reassembled_in
  • ipv6.routing_hdr.addr
  • ipv6.routing_hdr.left
  • ipv6.routing_hdr.type
  • ipv6.routing_hdr
  • ipv6.src_host
  • ipv6.src
  • ipv6.version

ARP

  • arp.dst.hw_mac
  • arp.dst.proto_ipv4
  • arp.hw.size
  • arp.hw.type
  • arp.opcode
  • arp.proto.size
  • arp.proto.type
  • arp.src.hw_mac
  • arp.src.proto_ipv4

TCP

  • tcp.ack
  • tcp.checksum_bad
  • tcp.checksum_good
  • tcp.checksum
  • tcp.continuation_to
  • tcp.dstport
  • tcp.flags.ack
  • tcp.flags.cwr
  • tcp.flags.ecn
  • tcp.flags.fin
  • tcp.flags.push
  • tcp.flags.reset
  • tcp.flags.syn
  • tcp.flags.urg
  • tcp.flags
  • tcp.hdr_len
  • tcp.len
  • tcp.nxtseq
  • tcp.options.cc
  • tcp.options.ccecho
  • tcp.options.ccnew
  • tcp.options.echo_reply
  • tcp.options.echo
  • tcp.options.md5
  • tcp.options.mss_val
  • tcp.options.mss
  • tcp.options.qs
  • tcp.options.sack_le
  • tcp.options.sack_perm
  • tcp.options.sack_re
  • tcp.options.sack
  • tcp.options.time_stamp
  • tcp.options.wscale_val
  • tcp.options.wscale
  • tcp.options
  • tcp.pdu.last_frame
  • tcp.pdu.size
  • tcp.pdu.time
  • tcp.port
  • tcp.reassembled_in
  • tcp.segment.error
  • tcp.segment.multipletails
  • tcp.segment.overlap.conflict
  • tcp.segment.overlap
  • tcp.segment.toolongfragment
  • tcp.segment
  • tcp.segments
  • tcp.seq
  • tcp.srcport
  • tcp.time_delta
  • tcp.time_relative
  • tcp.urgent_pointer
  • tcp.window_size

UDP

  • udp.checksum_bad
  • udp.checksum_good
  • udp.checksum
  • udp.dstport
  • udp.length
  • udp.port
  • udp.srcport

Frame Relay

  • fr.becn
  • fr.chdlctype
  • fr.control.f
  • fr.control.ftype
  • fr.control.n_r
  • fr.control.n_s
  • fr.control.p
  • fr.control.s_ftype
  • fr.control.u_modifier_cmd
  • fr.control.u_modifier_resp
  • fr.control
  • fr.cr
  • fr.dc
  • fr.de
  • fr.dlci
  • fr.dlcore_control
  • fr.ea
  • fr.fecn
  • fr.lower_dlci
  • fr.nlpid
  • fr.second_dlci
  • fr.snap.oui
  • fr.snap.pid
  • fr.snaptype
  • fr.third_dlci
  • fr.upper_dlci

ICMPv6

  • icmpv6.all_comp
  • icmpv6.checksum_bad
  • icmpv6.checksum
  • icmpv6.code
  • icmpv6.comp
  • icmpv6.haad.ha_addrs
  • icmpv6.identifier
  • icmpv6.option.cga
  • icmpv6.option.length
  • icmpv6.option.name_type.fqdn
  • icmpv6.option.name_type
  • icmpv6.option.name_x501
  • icmpv6.option.rsa.key_hash
  • icmpv6.option.type
  • icmpv6.option
  • icmpv6.ra.cur_hop_limit
  • icmpv6.ra.reachable_time
  • icmpv6.ra.retrans_timer
  • icmpv6.ra.router_lifetime
  • icmpv6.recursive_dns_serv
  • icmpv6.type

PPP

  • ppp.address
  • ppp.control
  • ppp.direction
  • ppp.protocol

RIP

  • rip.auth.passwd
  • rip.auth.type
  • rip.command
  • rip.family
  • rip.ip
  • rip.metric
  • rip.netmask
  • rip.next_hop
  • rip.route_tag
  • rip.routing_domain
  • rip.version

MPLS

  • mpls.bottom
  • mpls.cw.control
  • mpls.cw.res
  • mpls.exp
  • mpls.label
  • mpls.oam.bip16
  • mpls.oam.defect_location
  • mpls.oam.defect_type
  • mpls.oam.frequency
  • mpls.oam.function_type
  • mpls.oam.ttsi
  • mpls.ttl

BGP

  • bgp.aggregator_as
  • bgp.aggregator_origin
  • bgp.as_path
  • bgp.cluster_identifier
  • bgp.cluster_list
  • bgp.community_as
  • bgp.community_value
  • bgp.local_pref
  • bgp.mp_nlri_tnl_id
  • bgp.mp_reach_nlri_ipv4_prefix
  • bgp.mp_unreach_nlri_ipv4_prefix
  • bgp.multi_exit_disc
  • bgp.next_hop
  • bgp.nlri_prefix
  • bgp.origin
  • bgp.originator_id
  • bgp.type
  • bgp.withdrawn_prefix

ICMP

  • icmp.checksum_bad
  • icmp.checksum
  • icmp.code
  • icmp.ident
  • icmp.mtu
  • icmp.redir_gw
  • icmp.seq
  • icmp.type

DTP

  • dtp.neighbor
  • dtp.tlv_len
  • dtp.tlv_type
  • dtp.version
  • vtp.neighbor

VTP

  • vtp.code
  • vtp.conf_rev_num
  • vtp.followers
  • vtp.md5_digest
  • vtp.md_len
  • vtp.md
  • vtp.seq_num
  • vtp.start_value
  • vtp.upd_id
  • vtp.upd_ts
  • vtp.version
  • vtp.vlan_info.802_10_index
  • vtp.vlan_info.isl_vlan_id
  • vtp.vlan_info.len
  • vtp.vlan_info.mtu_size
  • vtp.vlan_info.status.vlan_susp
  • vtp.vlan_info.tlv_len
  • vtp.vlan_info.tlv_type
  • vtp.vlan_info.vlan_name_len
  • vtp.vlan_info.vlan_name
  • vtp.vlan_info.vlan_type

HTTP

  • http.accept_encoding
  • http.accept_language
  • http.accept
  • http.authbasic
  • http.authorization
  • http.cache_control
  • http.connection
  • http.content_encoding
  • http.content_length
  • http.content_type
  • http.cookie
  • http.date
  • http.host
  • http.last_modified
  • http.location
  • http.notification
  • http.proxy_authenticate
  • http.proxy_authorization
  • http.proxy_connect_host
  • http.proxy_connect_port
  • http.referer
  • http.request.method
  • http.request.uri
  • http.request.version
  • http.request
  • http.response.code
  • http.response
  • http.server
  • http.set_cookie
  • http.transfer_encoding
  • http.user_agent
  • http.www_authenticate
  • http.x_forwarded_for

Example Usage

(Adapted from Chris Greer's Blog Post)

  • ip.addr == 10.0.0.1 - Sets a filter for any packet with 10.0.0.1, as either the source or dest
  • ip.addr==10.0.0.1 && ip.addr==10.0.0.2 - sets a conversation filter between the two defined IP addresses
  • tcp.time_delta > .250 - sets a filter to display all tcp packets that have a delta time of greater than 250mSec in the context of their stream
  • tcp.port==4000 - Sets a filter for any TCP packet with 4000 as a source or dest port
  • tcp.flags == 0x012 - Displays all TCP SYN/ACK packets - shows the connections that had a positive response. Related to this is tcp.flags.syn==1
  • ip.addr == 10.0.0.0/24 - Shows packets to and from any address in the 10.0.0.0/24 space
  • frame contains traffic - Displays all packets that contain the word β€˜traffic’. Excellent when searching on a specific string or user ID
  • !(arp or icmp or stp) - Masks out arp, icmp, stp, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest
  • eth[0x47:2] == 01:80 - This is an example of an offset filter. It sets a filter for the HEX values of 0x01 and 0x80 specifically at the offset location of 0x47
  • tcp.analysis.flags && !tcp.analysis.window_update - Displays all retransmissions, duplicate acks, zero windows, and more in the trace. Helps when tracking down slow application performance and packet loss. It will not include the window updates, since these aren't really important for me to see in most cases

My Top 50 Android Apps πŸ“±

These are all the Android applications that I use often, each app on this list serves a purpose and adds value to my day. The developers behind every one of these apps have done an amazing job, and for that, I am thankful. This in part is my motivation for writing this list

This is, in no way a list of ultra-secure, privacy-respecting or fully FOSS apps. In fact, the very idea of having 50 apps on your device goes against the minimalist security principle, and increases attack surface. However, I do carefully manage permissions and connectivity features, blocking internet access for all apps that shouldn't need it

Click the App Name to visit website, the GitHub icon to view source code, and the F-Droid/ Google Play icon to download APK 😊
Note: Any non-opensource apps are indicated with a red cross ❌

Essentials:

  • Aegis - 2-Factor Authentication Token Manager F-Droid GitHub
  • KeePassDX - Password Manager for KeePass files F-Droid GitHub
  • Standard Notes - Secure, Encrypted Cross-Platform Notes F-Droid GitHub
  • K-9 Mail - IMAP Mail Client with Multi-Account Support F-Droid GitHub
  • ProtonMail - Official Client for ProtonMail (PGP Encrypted Email) Google-Play GitHub
  • SimpleLogin - PGP Encrypted Mail Forwarder for Multiple Aliases F-Droid GitHub
  • EteSync - Secure, Encrypted Sync Engine for Calendar, Contacts and Tasks F-Droid GitHub
  • xBrowserSync - Secure Bookmark Storage and Browser Syncing F-Droid GitHub
  • OpenKeychain - OpenPGP for encrypting files and communications F-Droid GitHub
  • EDS Lite - Managing files in encrypted containers F-Droid GitHub

Networking:

  • NetGuard - Firewall supporting per-app internet blocking and advanced rules F-Droid GitHub
  • Orbot - Routes traffic via Tor network F-Droid Git
  • Mullvad - My VPN of choice F-Droid GitHub
  • WireGuard - VPN for connecting to private networks F-Droid Git
  • Network Manager Pro - Complete suit of Network tools Google-Play ❌

Communication

  • Signal - E2E Encrypted Messaging, (not anonymous, as it's linked to mobile number) Google-Play GitHub
  • Briar - Extremity secure and robust communication which can also work locally (via WiFi or Bluetooth) F-Droid Git
  • Element - Matrix Client (Matrix is a privacy-respecting P2P encrypted multi-user chat platform) F-Droid GitHub

Productivity Basics

  • FireFox Focus - Fast & Private browser, with no persistent history and automatic tracker blocking F-Droid GitHub
  • GitHub - Official GitHub client, for managing issues, pull-requests and browsing repositories Google-Play
  • Hour Blocks - Simple hour-by-hour day planner, with calendar support Google-Play ❌
  • Open Camera - Full-featured, privacy-respecting camera app with good feature support F-Droid Git
  • OsmAnd~ Maps - Maps with offline support, public transport directions and turn-by-turn navigation F-Droid GitHub
  • Simple Calendar - Highly customizable, privacy-respecting, offline, easy calendar app F-Droid GitHub
  • Simple Calculator - Just a Calculator app F-Droid GitHub
  • Simple Contacts - Privacy-respecting contacts manager F-Droid GitHub
  • Simple Dialer - Privacy-respecting cellular phone application F-Droid GitHub
  • Tasks - Secure Todo List App with CalDav Sync Capabilities F-Droid GitHub
  • Geometric Weather - Simple weather app, with clean UI, 15-day forecast and detailed outlook Google-Play GitHub
  • Tile - Companion app for Tile Bluetooth Finders (useful for finding keys, wallet, phone, TV remote etc) Google-Play ❌
  • VNC Viewer - Virtual remote desktop app, to access and control PC, Server or other device Google-Play ❌
  • Bible - An offline Bible app, with audio and daily plans Google-Play ❌
  • Loyalty Card Keychain - Securely stores and displays store loyalty cards, with good protocol support F-Droid GitHub

Utilities

  • AdAway - Ad and tracker blocker that uses hosts file (requires root) F-Droid GitHub
  • SuperFreezZ - Entirely freeze all background activities on a per-app basis F-Droid Git
  • XPrivacyLua - Mocks app permissions fake data (solving the issues caused by revoking permissions) F-Droid GitHub
  • App Manager - Package manager & viewer, with useful privacy & security features F-Droid GitHub
  • OAndBackupX - Backup apps and data, without the need for Google F-Droid GitHub
  • SecScanQR - Fully-featured, privacy-respecting QR code & barcode scanner & generator F-Droid GitHub
  • Island - Isolate and compartmentalize apps for privacy Google-Play GitHub
  • Powerful Monitor - Fully-featured system monitor and RAM cleaner, no trackers Google-Play ❌
  • Exodus - Shows which trackers each app has within it's APK F-Droid GitHub

Home Control

  • FlutterHole - Easy control over local Pi Hole instance F-Droid GitHub
  • Home Assistant - Control all smart home and IoT devices, via self-hosted HASS.io server F-Droid GitHub
  • Fing - Home Network Security Google-Play ❌
  • Ping Tools - Basic uptime monitor for your servers Google-Play ❌

Media

  • Plex - Stream media from home Plex Server Google-Play GitHub
  • PocketCasts - Podcast Player with Advanced Listening Tools and OPML Support Google-Play ❌
  • Spotify - Music Streaming and Downloads (Premium) Google-Play GitHub ❌
  • Transistor - Internet Radio F-Droid GitHub
  • NewPipe - YouTube Player F-Droid GitHub

Misc:

  • Developer Assistance - Powerful debugging app for Android development Google-Play GitHub
  • Dev Tools - Essential toolkit for Android development, including decompiling Google-Play GitHub
  • CloudMare - CloudFlare Application Management F-Droid GitHub

Device Customization

  • Total Launcher - Highly Customizable Android Launcher Google-Play ❌
  • KWGT - Advanced Widget Creator Google-Play ❌
  • Automate - Device Macros and Automation, with Home Assistant Compatibility Google-Play ❌

Notes

Exodus Privacy

Ξ΅xodus is an awesome service, I don't know how I managed before it came about. It's a privacy audit platform that scans Android APKs for links to known trackers, and generated up-to-date reports for most apps available through Google Play. You can either search an app though their website, or use the Exodus App that scans all installed apps, showing which trackers and permissions they include

NetGuard

I heavily rely on NetGuard, which I use to completely block internet access for all apps that don't absolutely require a network connection. For the remaining applications I control how and when they can connect, usually blocking any network access when the screen is off. An alternative to NetGuard, is TrackerControl, that allows the blocking of individual trackers on a per-app basis, however I use Pi Hole for blocking adds & trackers instead.

Faraday

Typically, when I'm not activity using my phone, I keep it in my Silent Pocket Faraday case, which has the added benefit of preserving battery life.

VPN

When I do connect, I VPN into my home network (I wish I could use WireGuard for this, but currently NetGuard only supports OpenVPN protocol). This provides some additional protection thanks to my firewall, and Pi-Hole is used to block ads and some trackers, it also allows secure access to my locally self-hosted services. All traffic on my home network is routed though Mullvad VPN. Even though this adds several extra hops to my phone's traffic, it doesn't seem to affect speed too much, and the above benefits make it worthwhile.

Orbot

Sometimes I use Orbot as backup service, but I do find this to be slower, and with a lot of extra CAPTCHAs. Another similar app, but with greater controls is orWall, by @EthACKdotOrg, which is useful for forcing selected apps to use Tor.

Automate

Automate is a really handy app for running simple macros and device automation (however it is unfortunately not open source). One of the things I use it for, is turning off WiFi and other connectivity features when I'm not using them. I also have my phone enter airplane mode at nighttime, in order to not distract me (requires root). (Easer an LibreTasks are open source alternatives, but with less functionality)

Island

Island is a really useful sandbox environment, allowing you to clone selected apps and run them in an isolated box, preventing it from accessing your personal data, or device information, and it lets you freeze apps, preventing background tasks from running. It works by utilizing Androids Work Profile feature. It's certainly not fool-proof though, any security bugs in the Android system could lead to data leaks. It's currently not available on F-Droid, an alternative app is Shelter, built by @PeterCxy although I have found it to be less stable.

Monitoring Apps

The more apps installed on a device, the larger the attack surface. 50 is probably too many. The average smart phone user has 100 apps installed on their device- that's defiantly too many. It's important to know what is running in the background, remove apps you no longer use often or that have invasive trackers. App Manager is a really useful package manager, that makes uninstalling unneeded apps easy. Exodus is useful for finding out which trackers are included in each app.



❌The following apps are not fully open-source, and depending on your threat model, you may wish to avoid them:
Network Manager Pro, Hour Blocks, Tile, VNC Viewer, YouVision Bible, Fing, Ping Tools, PocketCasts, Spotify, Total Launcher, KWGT, Automate


⚠️The following apps are open source, but not available on F-Droid, again, this may be a deal breaker for you:
Island, ProtonMail, Signal, GitHub, Geometric Weather, Plex, Developer Assistant, Dev Tools