<?xml version="1.0"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
	<id>https://wiki.tbpindustries.com/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Goldbolt</id>
	<title>TBP Wiki - User contributions [en]</title>
	<link rel="self" type="application/atom+xml" href="https://wiki.tbpindustries.com/api.php?action=feedcontributions&amp;feedformat=atom&amp;user=Goldbolt"/>
	<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Special:Contributions/Goldbolt"/>
	<updated>2026-07-07T05:25:30Z</updated>
	<subtitle>User contributions</subtitle>
	<generator>MediaWiki 1.31.1</generator>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=ZFS&amp;diff=369</id>
		<title>ZFS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=ZFS&amp;diff=369"/>
		<updated>2026-03-17T13:32:16Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;ZFS—previously Zettabyte File System—features:&lt;br /&gt;
&lt;br /&gt;
*    logical volume management (pooled storage) with checkpoints,&lt;br /&gt;
*    copy-on-write,&lt;br /&gt;
*    snapshots, clones (writable snapshots) and bookupdate-initramfs -u -k allmarks (lightweight change markers),&lt;br /&gt;
*    scrubbing (data integrity verification and automatic repair),&lt;br /&gt;
*    RAID-Z,&lt;br /&gt;
*    a maximum 16 exabyte file size,&lt;br /&gt;
*    a maximum 256 quadrillion zettabyte storage with no limit on number of filesystems (datasets) or files.&lt;br /&gt;
&lt;br /&gt;
For an overview of ZFS concepts see zfsconcepts(7).&lt;br /&gt;
&lt;br /&gt;
For an overview of ZFS storage pools see zpoolconcepts(7), see also zpool(8).&lt;br /&gt;
&lt;br /&gt;
ZFS is licensed under the Common Development and Distribution License (CDDL). Because the CDDL is incompatible with the GNU General Public License (GPL), it is not possible for ZFS to be included in the Linux kernel. This requirement, however, does not prevent a native Linux kernel module from being developed and distributed by a third party, as is the case with OpenZFS (previously named ZFS on Linux).&lt;br /&gt;
&lt;br /&gt;
As a result of ZFS not being included in the Linux kernel (with other words, ZFS kernel modules are out-of-tree), and Arch Linux is a rolling release distribution:&lt;br /&gt;
&lt;br /&gt;
    OpenZFS project must keep up with Linux kernel versions.&lt;br /&gt;
    After making stable OpenZFS release—ArchZFS maintainers release them.&lt;br /&gt;
    There will often be brief periods when the kernel-specific packages in the ArchZFS repository are not in sync with those in the Arch Linux repositories. This situation locks down the normal rolling update process by unsatisfied dependencies because the new kernel version, proposed by update, is unsupported by ArchZFS.&lt;br /&gt;
    So you might prefer to use the Dynamic Kernel Module Support (DKMS) package, but ZFS modules may fail to compile with the latest kernel if it is unsupported by OpenZFS.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
= Encrypted zpools on LUKS =&lt;br /&gt;
This shows how to encrypt a drive, enroll it to automatically unlock at boot using TPM, and set up a zpool on that encrypted drive. &lt;br /&gt;
 &lt;br /&gt;
!!!!!!!THIS IS DESTRUCTIVE!!!!!!!&lt;br /&gt;
&lt;br /&gt;
Unmount:&lt;br /&gt;
    zfs umount XXXXX&lt;br /&gt;
Export:&lt;br /&gt;
    zpool export XXXXX&lt;br /&gt;
Destroy pool (irreversible!):&lt;br /&gt;
    zpool destroy XXXXX&lt;br /&gt;
Wipe signatures:&lt;br /&gt;
    wipefs -a /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Set up the encryption:&lt;br /&gt;
    cryptsetup luksFormat /dev/sdX&lt;br /&gt;
    cryptsetup luksOpen /dev/sdX cryptXXXXX&lt;br /&gt;
&lt;br /&gt;
Enroll in TPM:&lt;br /&gt;
    systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Create the zpool:&lt;br /&gt;
    zpool create -o ashift=12 XXXXX /dev/mapper/cryptXXXXX&lt;br /&gt;
    zfs set mountpoint=/mnt/XXXXX XXXXX&lt;br /&gt;
    zpool status XXXXX&lt;br /&gt;
 &lt;br /&gt;
Get the blkid for the crypttab:&lt;br /&gt;
    blkid -s UUID -o value /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Add to /etc/crypttab: &lt;br /&gt;
    cryptXXXXX UUID=$(UUID goes here!) none luks,tpm2-device=auto&lt;br /&gt;
&lt;br /&gt;
    update-initramfs -u -k all&lt;br /&gt;
&lt;br /&gt;
Reboot when finished.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=ZFS&amp;diff=368</id>
		<title>ZFS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=ZFS&amp;diff=368"/>
		<updated>2026-02-24T17:35:58Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;ZFS—previously Zettabyte File System—features:&lt;br /&gt;
&lt;br /&gt;
*    logical volume management (pooled storage) with checkpoints,&lt;br /&gt;
*    copy-on-write,&lt;br /&gt;
*    snapshots, clones (writable snapshots) and bookupdate-initramfs -u -k allmarks (lightweight change markers),&lt;br /&gt;
*    scrubbing (data integrity verification and automatic repair),&lt;br /&gt;
*    RAID-Z,&lt;br /&gt;
*    a maximum 16 exabyte file size,&lt;br /&gt;
*    a maximum 256 quadrillion zettabyte storage with no limit on number of filesystems (datasets) or files.&lt;br /&gt;
&lt;br /&gt;
For an overview of ZFS concepts see zfsconcepts(7).&lt;br /&gt;
&lt;br /&gt;
For an overview of ZFS storage pools see zpoolconcepts(7), see also zpool(8).&lt;br /&gt;
&lt;br /&gt;
ZFS is licensed under the Common Development and Distribution License (CDDL). Because the CDDL is incompatible with the GNU General Public License (GPL), it is not possible for ZFS to be included in the Linux kernel. This requirement, however, does not prevent a native Linux kernel module from being developed and distributed by a third party, as is the case with OpenZFS (previously named ZFS on Linux).&lt;br /&gt;
&lt;br /&gt;
As a result of ZFS not being included in the Linux kernel (with other words, ZFS kernel modules are out-of-tree), and Arch Linux is a rolling release distribution:&lt;br /&gt;
&lt;br /&gt;
    OpenZFS project must keep up with Linux kernel versions.&lt;br /&gt;
    After making stable OpenZFS release—ArchZFS maintainers release them.&lt;br /&gt;
    There will often be brief periods when the kernel-specific packages in the ArchZFS repository are not in sync with those in the Arch Linux repositories. This situation locks down the normal rolling update process by unsatisfied dependencies because the new kernel version, proposed by update, is unsupported by ArchZFS.&lt;br /&gt;
    So you might prefer to use the Dynamic Kernel Module Support (DKMS) package, but ZFS modules may fail to compile with the latest kernel if it is unsupported by OpenZFS.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
= Encrypted zpools on LUKS =&lt;br /&gt;
This shows how to encrypt a drive, enroll it to automatically unlock at boot using TPM, and set up a zpool on that encrypted drive. &lt;br /&gt;
 &lt;br /&gt;
!!!!!!!THIS IS DESTRUCTIVE!!!!!!!&lt;br /&gt;
&lt;br /&gt;
Unmount:&lt;br /&gt;
    zfs umount XXXXX&lt;br /&gt;
Export:&lt;br /&gt;
    zpool export XXXXX&lt;br /&gt;
Destroy pool (irreversible!):&lt;br /&gt;
    zpool destroy XXXXX&lt;br /&gt;
Wipe signatures:&lt;br /&gt;
    wipefs -a /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Set up the encryption:&lt;br /&gt;
    cryptsetup luksFormat /dev/sdX&lt;br /&gt;
    cryptsetup luksOpen /dev/sdX cryptXXXXX&lt;br /&gt;
&lt;br /&gt;
Enroll in TPM:&lt;br /&gt;
    systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Create the zpool:&lt;br /&gt;
    zpool create -o ashift=12 XXXXX /dev/mapper/cryptXXXXX&lt;br /&gt;
    zfs set mountpoint=/mnt/XXXXX XXXXX&lt;br /&gt;
    zpool status XXXXX&lt;br /&gt;
 &lt;br /&gt;
Get the blkid for the crypttab:&lt;br /&gt;
    blkid -s UUID -o value /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Add to /etc/crypttab: &lt;br /&gt;
    crypttank2 UUID=$(UUID goes here!) none luks,tpm2-device=auto&lt;br /&gt;
&lt;br /&gt;
    update-initramfs -u -k all&lt;br /&gt;
&lt;br /&gt;
Reboot when finished.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=ZFS&amp;diff=367</id>
		<title>ZFS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=ZFS&amp;diff=367"/>
		<updated>2026-02-24T17:19:45Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;ZFS—previously Zettabyte File System—features:  *    logical volume management (pooled storage) with checkpoints, *    copy-on-write, *    snapshots, clones (writable snap...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;ZFS—previously Zettabyte File System—features:&lt;br /&gt;
&lt;br /&gt;
*    logical volume management (pooled storage) with checkpoints,&lt;br /&gt;
*    copy-on-write,&lt;br /&gt;
*    snapshots, clones (writable snapshots) and bookmarks (lightweight change markers),&lt;br /&gt;
*    scrubbing (data integrity verification and automatic repair),&lt;br /&gt;
*    RAID-Z,&lt;br /&gt;
*    a maximum 16 exabyte file size,&lt;br /&gt;
*    a maximum 256 quadrillion zettabyte storage with no limit on number of filesystems (datasets) or files.&lt;br /&gt;
&lt;br /&gt;
For an overview of ZFS concepts see zfsconcepts(7).&lt;br /&gt;
&lt;br /&gt;
For an overview of ZFS storage pools see zpoolconcepts(7), see also zpool(8).&lt;br /&gt;
&lt;br /&gt;
ZFS is licensed under the Common Development and Distribution License (CDDL). Because the CDDL is incompatible with the GNU General Public License (GPL), it is not possible for ZFS to be included in the Linux kernel. This requirement, however, does not prevent a native Linux kernel module from being developed and distributed by a third party, as is the case with OpenZFS (previously named ZFS on Linux).&lt;br /&gt;
&lt;br /&gt;
As a result of ZFS not being included in the Linux kernel (with other words, ZFS kernel modules are out-of-tree), and Arch Linux is a rolling release distribution:&lt;br /&gt;
&lt;br /&gt;
    OpenZFS project must keep up with Linux kernel versions.&lt;br /&gt;
    After making stable OpenZFS release—ArchZFS maintainers release them.&lt;br /&gt;
    There will often be brief periods when the kernel-specific packages in the ArchZFS repository are not in sync with those in the Arch Linux repositories. This situation locks down the normal rolling update process by unsatisfied dependencies because the new kernel version, proposed by update, is unsupported by ArchZFS.&lt;br /&gt;
    So you might prefer to use the Dynamic Kernel Module Support (DKMS) package, but ZFS modules may fail to compile with the latest kernel if it is unsupported by OpenZFS.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
= Encrypted zpools on LUKS =&lt;br /&gt;
This shows how to encrypt a drive, enroll it to automatically unlock at boot using TPM, and set up a zpool on that encrypted drive. &lt;br /&gt;
 &lt;br /&gt;
!!!!!!!THIS IS DESTRUCTIVE!!!!!!!&lt;br /&gt;
&lt;br /&gt;
Unmount:&lt;br /&gt;
    zfs umount XXXXX&lt;br /&gt;
Export:&lt;br /&gt;
    zpool export XXXXX&lt;br /&gt;
Destroy pool (irreversible!):&lt;br /&gt;
    zpool destroy XXXXX&lt;br /&gt;
Wipe signatures:&lt;br /&gt;
    wipefs -a /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Set up the encryption:&lt;br /&gt;
    cryptsetup luksFormat /dev/sdX&lt;br /&gt;
    cryptsetup luksOpen /dev/sdX cryptXXXXX&lt;br /&gt;
&lt;br /&gt;
Enroll in TPM:&lt;br /&gt;
    systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Create the zpool:&lt;br /&gt;
    zpool create -o ashift=12 XXXXX /dev/mapper/cryptXXXXX&lt;br /&gt;
    zfs set mountpoint=/mnt/XXXXX XXXXX&lt;br /&gt;
    zpool status XXXXX&lt;br /&gt;
 &lt;br /&gt;
Get the blkid for the crypttab:&lt;br /&gt;
    blkid -s UUID -o value /dev/sdX&lt;br /&gt;
&lt;br /&gt;
Add to /etc/crypttab: &lt;br /&gt;
crypttank2 UUID=$(UUID goes here!) none luks,tpm2-device=auto&lt;br /&gt;
&lt;br /&gt;
    update-initramfs -u -k all&lt;br /&gt;
&lt;br /&gt;
Reboot when finished.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Netcat&amp;diff=366</id>
		<title>Netcat</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Netcat&amp;diff=366"/>
		<updated>2024-11-18T19:15:28Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet(1) does with some.&lt;br /&gt;
&lt;br /&gt;
Common uses include:&lt;br /&gt;
&lt;br /&gt;
              â€¢ simple TCP proxies&lt;br /&gt;
&lt;br /&gt;
    â€¢ shell-script based HTTP clients and servers&lt;br /&gt;
    â€¢ network daemon testing&lt;br /&gt;
    â€¢ a SOCKS or HTTP ProxyCommand for ssh(1)&lt;br /&gt;
    â€¢ and much, much more&lt;br /&gt;
&lt;br /&gt;
    The options are as follows:&lt;br /&gt;
&lt;br /&gt;
    -4' Forces nc to use IPv4 addresses only.&lt;br /&gt;
&lt;br /&gt;
    -6' Forces nc to use IPv6 addresses only.&lt;br /&gt;
&lt;br /&gt;
    -D' Enable debugging on the socket.&lt;br /&gt;
&lt;br /&gt;
    -d' Do not attempt to read from stdin.&lt;br /&gt;
&lt;br /&gt;
    -h' Prints out nc help.&lt;br /&gt;
&lt;br /&gt;
    -i interval&lt;br /&gt;
    Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports.&lt;br /&gt;
&lt;br /&gt;
    -k' Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option.&lt;br /&gt;
&lt;br /&gt;
    -l' Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.&lt;br /&gt;
&lt;br /&gt;
    -n' Do not do any DNS or service lookups on any specified addresses, hostnames or ports.&lt;br /&gt;
&lt;br /&gt;
    -p source_port&lt;br /&gt;
    Specifies the source port nc should use, subject to privilege restrictions and availability. It is an error to use this option in conjunction with the -l option.&lt;br /&gt;
&lt;br /&gt;
    -r' Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system assigns them.&lt;br /&gt;
&lt;br /&gt;
    -S' Enables the RFC 2385 TCP MD5 signature option.&lt;br /&gt;
&lt;br /&gt;
    -s source_ip_address&lt;br /&gt;
    Specifies the IP of the interface which is used to send the packets. It is an error to use this option in conjunction with the -l option.&lt;br /&gt;
&lt;br /&gt;
    -T ToS&lt;br /&gt;
    Specifies IP Type of Service (ToS) for the connection. Valid values are the tokens ''lowdelay'', ''throughput'', ''reliability'', or an 8-bit hexadecimal value preceded by ''0x''.&lt;br /&gt;
&lt;br /&gt;
    -C' Send CRLF as line-ending&lt;br /&gt;
&lt;br /&gt;
    -t' Causes nc to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions.&lt;br /&gt;
&lt;br /&gt;
    -U' Specifies to use Unix Domain Sockets.&lt;br /&gt;
&lt;br /&gt;
    -u' Use UDP instead of the default option of TCP.&lt;br /&gt;
&lt;br /&gt;
    -v' Have nc give more verbose output.&lt;br /&gt;
&lt;br /&gt;
    -w timeout&lt;br /&gt;
    If a connection and stdin are idle for more than timeout seconds, then the connection is silently closed. The -w flag has no effect on the -l option, i.e. nc will listen forever for a connection, with or without the -w flag. The default is no timeout.&lt;br /&gt;
&lt;br /&gt;
    -X proxy_version&lt;br /&gt;
    Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are ''4'' (SOCKS v.4), ''5'' (SOCKS v.5) and ''connect'' (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used.&lt;br /&gt;
&lt;br /&gt;
    -x proxy_address[&lt;br /&gt;
    :port]&lt;br /&gt;
    Requests that nc should connect to hostname using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS).&lt;br /&gt;
&lt;br /&gt;
    -z' Specifies that nc should just scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option.&lt;br /&gt;
&lt;br /&gt;
    hostname can be a numerical IP address or a symbolic hostname (unless the -n option is given). In general, a hostname must be specified, unless the -l option is given (in which case the local host is used).&lt;br /&gt;
&lt;br /&gt;
    port[s] can be single integers or ranges. Ranges are in the form nn-mm. In general, a destination port must be specified, unless the -U option is given (in which case a socket must be specified). &lt;br /&gt;
&lt;br /&gt;
=Check Ports=&lt;br /&gt;
Check to see if port is open and get a response:&lt;br /&gt;
    nc -zv IPADDRESS 443&lt;br /&gt;
&lt;br /&gt;
=Network Speed Test=&lt;br /&gt;
Set one server to listen on port 5000 (after opening the port):&lt;br /&gt;
    nc -vvklnp 5000 &amp;gt;/dev/null&lt;br /&gt;
&lt;br /&gt;
Run this on the other server to test the network speed between the two and change out the XX for the proper IP: &lt;br /&gt;
    dd if=/dev/zero bs=1M count=1K | nc -vvn 192.168.1.XX 5000 -q 1&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Find&amp;diff=365</id>
		<title>Find</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Find&amp;diff=365"/>
		<updated>2024-11-14T16:05:07Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Find */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Find searches the directory tree rooted at each given file name by evaluating the given expression from left to right, according to the rules of precedence, until the outcome is known (the left hand side is false for and operations, true for or), at which point find moves on to the next file name.&lt;br /&gt;
&lt;br /&gt;
=Find=&lt;br /&gt;
Find a file based on the filename:&lt;br /&gt;
&lt;br /&gt;
    find /dir/ -name &amp;quot;filename.php&amp;quot;&lt;br /&gt;
&lt;br /&gt;
This lists all files which have been modified per unit of time (showing 30 days here):&lt;br /&gt;
     find /dir/ -mtime +30&lt;br /&gt;
&lt;br /&gt;
Find can be piped into other commands in case the other commands can't measure or see files:&lt;br /&gt;
    find . -type f -exec du -a {} + | sort -n -r&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=364</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=364"/>
		<updated>2024-06-28T14:23:57Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Show all current pods=&lt;br /&gt;
    kubectl get pods&lt;br /&gt;
&lt;br /&gt;
=Show current persistent volumes=&lt;br /&gt;
    kubectl get pv&lt;br /&gt;
&lt;br /&gt;
=Show current persistent volume claims=&lt;br /&gt;
    kubectl get pvc&lt;br /&gt;
&lt;br /&gt;
=Copy a file into a container of a pod=&lt;br /&gt;
&lt;br /&gt;
    kubectl cp start.sh pod1:/tmp/ -c container1&lt;br /&gt;
&lt;br /&gt;
=Execute a command within a container of a pod=&lt;br /&gt;
&lt;br /&gt;
    kubectl exec -it pod1 -c container1 -- /tmp/start.sh&lt;br /&gt;
&lt;br /&gt;
=Create a persistent volume for a pod to claim=&lt;br /&gt;
Create the yaml first. &lt;br /&gt;
    echo &amp;quot;---&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolume&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: persistentvolume01&lt;br /&gt;
    spec:&lt;br /&gt;
      accessModes:&lt;br /&gt;
        - ReadWriteOnce&lt;br /&gt;
      capacity:&lt;br /&gt;
        storage: 10Gi&lt;br /&gt;
      storageClassName: manual&lt;br /&gt;
      hostPath:&lt;br /&gt;
        path: /mnt/somedir&amp;quot; &amp;gt; persistentvolume01.yaml&lt;br /&gt;
&lt;br /&gt;
Create the actual volume using the yaml:&lt;br /&gt;
&lt;br /&gt;
    kubectl create -f persistentvolume01.yaml&lt;br /&gt;
&lt;br /&gt;
Delete the persistent volume if necessary:&lt;br /&gt;
&lt;br /&gt;
    kubectl delete -f persistentvolume01.yaml&lt;br /&gt;
&lt;br /&gt;
Enter the MongoDB database shell 'mongosh':&lt;br /&gt;
    kubectl exec -it database-sw-mongo-0 -- mongosh -u $(kubectl get secret database-sw-mongo-admin -o jsonpath='{.data.user}' | base64 -d) -p $(kubectl get secret database-sw-mongo-admin -o jsonpath='{.data.password}' | base64 -d) --authenticationDatabase admin --tls --tlsAllowInvalidHostnames --tlsAllowInvalidCertificates database&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Set password for MongoDB user to be &amp;quot;somehash&amp;quot;:&lt;br /&gt;
    db.AspNetUsers.updateOne( {&amp;quot;Name&amp;quot;: &amp;quot;username&amp;quot;}, { $set: {&amp;quot;PasswordHash&amp;quot;: &amp;quot;somehash&amp;quot;} } )&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Show all current attachments in selected database:&lt;br /&gt;
    db.getCollection(&amp;quot;Records&amp;quot;).aggregate([ { /* match all records with an attachment field value*/ $match: { &amp;quot;Values&amp;quot;: { $elemMatch: { &amp;quot;v._v&amp;quot;: { $elemMatch: { _t: &amp;quot;Attachment&amp;quot; } } } } } }, { /* project to reduce size*/ $project: { &amp;quot;Values&amp;quot;: 1 } }, { /* unwind into individual fields*/ $unwind: &amp;quot;$Values&amp;quot; }, { /* match attachment fields*/ $match: { &amp;quot;Values.v._v&amp;quot;: { $elemMatch: { _t: &amp;quot;Attachment&amp;quot; } } } }, { /* unwind into individual attachments*/ $unwind: &amp;quot;$Values.v._v&amp;quot; }] );&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;br /&gt;
&lt;br /&gt;
=Use NFS for Persistent Volumes=&lt;br /&gt;
Provision NFS mounts as Kubernetes Persistent Volumes on MicroK8s.&lt;br /&gt;
&lt;br /&gt;
==NFS server==&lt;br /&gt;
Either use a current NFS server or install a NFS server. The following is how to install to Ubuntu:&lt;br /&gt;
    apt install nfs-kernel-server&lt;br /&gt;
Directory /srv/nfs is the share folder.&lt;br /&gt;
    mkdir -p /srv/nfs&lt;br /&gt;
    chown nobody:nogroup /srv/nfs&lt;br /&gt;
    chmod 0777 /srv/nfs&lt;br /&gt;
Edit the /etc/exports. The following will allow all IP addresses in the 10.0.0.0/24 subnet:&lt;br /&gt;
    /srv/nfs 10.0.0.0/24(rw,sync,no_subtree_check)&lt;br /&gt;
Restart the NFS server: &lt;br /&gt;
    systemctl restart nfs-kernel-server&lt;br /&gt;
&lt;br /&gt;
==Install the CSI driver for NFS==&lt;br /&gt;
Enable the Helm3 addon (if not already enabled) and add the repository for the NFS CSI driver:&lt;br /&gt;
    microk8s enable helm3&lt;br /&gt;
    microk8s helm3 repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts&lt;br /&gt;
    microk8s helm3 repo update&lt;br /&gt;
This will install the Helm chart under the kube-system namespace:&lt;br /&gt;
    microk8s helm3 install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet&lt;br /&gt;
After deploying the Helm chart, wait for the CSI controller and node pods to come up using the following kubectl command:&lt;br /&gt;
    microk8s kubectl wait pod --selector app.kubernetes.io/name=csi-driver-nfs --for condition=ready --namespace kube-system&lt;br /&gt;
If successful, you will see &amp;quot;condition met&amp;quot;. &lt;br /&gt;
List the available CSI drivers in the Kubernetes cluster:&lt;br /&gt;
    microk8s kubectl get csidrivers&lt;br /&gt;
==Create a StorageClass for NFS==&lt;br /&gt;
This creates a Kubernetes Storage Class which uses the nfs.csi.k8s.io CSI driver. Create the following file sc-nfs.yaml and change 10.0.0.42 to the NFS server:&lt;br /&gt;
&lt;br /&gt;
    apiVersion: storage.k8s.io/v1&lt;br /&gt;
    kind: StorageClass&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: nfs-csi&lt;br /&gt;
    provisioner: nfs.csi.k8s.io&lt;br /&gt;
    parameters:&lt;br /&gt;
      server: 10.0.0.42&lt;br /&gt;
      share: /srv/nfs&lt;br /&gt;
    reclaimPolicy: Delete&lt;br /&gt;
    volumeBindingMode: Immediate&lt;br /&gt;
    mountOptions:&lt;br /&gt;
      - hard&lt;br /&gt;
      - nfsvers=4.1&lt;br /&gt;
Apply it on the MicroK8s cluster:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; sc-nfs.yaml&lt;br /&gt;
&lt;br /&gt;
The final step is to create a new 5gb PersistentVolumeClaim using the nfs-csi storage class. This is as simple as specifying storageClassName as nfs-csi in the PVC definition within the file pvc-nfs.yaml:&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolumeClaim&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: my-pvc&lt;br /&gt;
    spec:&lt;br /&gt;
      storageClassName: nfs-csi&lt;br /&gt;
      accessModes: [ReadWriteOnce]&lt;br /&gt;
      resources:&lt;br /&gt;
        requests:&lt;br /&gt;
          storage: 5Gi&lt;br /&gt;
Then create the PVC with:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; pvc-nfs.yaml&lt;br /&gt;
Check the PVC configuration: &lt;br /&gt;
    microk8s kubectl describe pvc my-pvc&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* [https://microk8s.io/docs/nfs Microk8s Documentation | Use NFS for Persistent Volumes]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=363</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=363"/>
		<updated>2024-06-13T16:09:34Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Show all current pods=&lt;br /&gt;
    kubectl get pods&lt;br /&gt;
&lt;br /&gt;
=Show current persistent volumes=&lt;br /&gt;
    kubectl get pv&lt;br /&gt;
&lt;br /&gt;
=Show current persistent volume claims=&lt;br /&gt;
    kubectl get pvc&lt;br /&gt;
&lt;br /&gt;
=Copy a file into a container of a pod=&lt;br /&gt;
&lt;br /&gt;
    kubectl cp start.sh pod1:/tmp/ -c container1&lt;br /&gt;
&lt;br /&gt;
=Execute a command within a container of a pod=&lt;br /&gt;
&lt;br /&gt;
    kubectl exec -it pod1 -c container1 -- /tmp/start.sh&lt;br /&gt;
&lt;br /&gt;
=Create a persistent volume for a pod to claim=&lt;br /&gt;
Create the yaml first. &lt;br /&gt;
    echo &amp;quot;---&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolume&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: persistentvolume01&lt;br /&gt;
    spec:&lt;br /&gt;
      accessModes:&lt;br /&gt;
        - ReadWriteOnce&lt;br /&gt;
      capacity:&lt;br /&gt;
        storage: 10Gi&lt;br /&gt;
      storageClassName: manual&lt;br /&gt;
      hostPath:&lt;br /&gt;
        path: /mnt/somedir&amp;quot; &amp;gt; persistentvolume01.yaml&lt;br /&gt;
&lt;br /&gt;
Create the actual volume using the yaml:&lt;br /&gt;
&lt;br /&gt;
    kubectl create -f persistentvolume01.yaml&lt;br /&gt;
&lt;br /&gt;
Delete the persistent volume if necessary:&lt;br /&gt;
&lt;br /&gt;
    kubectl delete -f persistentvolume01.yaml&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;br /&gt;
&lt;br /&gt;
=Use NFS for Persistent Volumes=&lt;br /&gt;
Provision NFS mounts as Kubernetes Persistent Volumes on MicroK8s.&lt;br /&gt;
&lt;br /&gt;
==NFS server==&lt;br /&gt;
Either use a current NFS server or install a NFS server. The following is how to install to Ubuntu:&lt;br /&gt;
    apt install nfs-kernel-server&lt;br /&gt;
Directory /srv/nfs is the share folder.&lt;br /&gt;
    mkdir -p /srv/nfs&lt;br /&gt;
    chown nobody:nogroup /srv/nfs&lt;br /&gt;
    chmod 0777 /srv/nfs&lt;br /&gt;
Edit the /etc/exports. The following will allow all IP addresses in the 10.0.0.0/24 subnet:&lt;br /&gt;
    /srv/nfs 10.0.0.0/24(rw,sync,no_subtree_check)&lt;br /&gt;
Restart the NFS server: &lt;br /&gt;
    systemctl restart nfs-kernel-server&lt;br /&gt;
&lt;br /&gt;
==Install the CSI driver for NFS==&lt;br /&gt;
Enable the Helm3 addon (if not already enabled) and add the repository for the NFS CSI driver:&lt;br /&gt;
    microk8s enable helm3&lt;br /&gt;
    microk8s helm3 repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts&lt;br /&gt;
    microk8s helm3 repo update&lt;br /&gt;
This will install the Helm chart under the kube-system namespace:&lt;br /&gt;
    microk8s helm3 install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet&lt;br /&gt;
After deploying the Helm chart, wait for the CSI controller and node pods to come up using the following kubectl command:&lt;br /&gt;
    microk8s kubectl wait pod --selector app.kubernetes.io/name=csi-driver-nfs --for condition=ready --namespace kube-system&lt;br /&gt;
If successful, you will see &amp;quot;condition met&amp;quot;. &lt;br /&gt;
List the available CSI drivers in the Kubernetes cluster:&lt;br /&gt;
    microk8s kubectl get csidrivers&lt;br /&gt;
==Create a StorageClass for NFS==&lt;br /&gt;
This creates a Kubernetes Storage Class which uses the nfs.csi.k8s.io CSI driver. Create the following file sc-nfs.yaml and change 10.0.0.42 to the NFS server:&lt;br /&gt;
&lt;br /&gt;
    apiVersion: storage.k8s.io/v1&lt;br /&gt;
    kind: StorageClass&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: nfs-csi&lt;br /&gt;
    provisioner: nfs.csi.k8s.io&lt;br /&gt;
    parameters:&lt;br /&gt;
      server: 10.0.0.42&lt;br /&gt;
      share: /srv/nfs&lt;br /&gt;
    reclaimPolicy: Delete&lt;br /&gt;
    volumeBindingMode: Immediate&lt;br /&gt;
    mountOptions:&lt;br /&gt;
      - hard&lt;br /&gt;
      - nfsvers=4.1&lt;br /&gt;
Apply it on the MicroK8s cluster:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; sc-nfs.yaml&lt;br /&gt;
&lt;br /&gt;
The final step is to create a new 5gb PersistentVolumeClaim using the nfs-csi storage class. This is as simple as specifying storageClassName as nfs-csi in the PVC definition within the file pvc-nfs.yaml:&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolumeClaim&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: my-pvc&lt;br /&gt;
    spec:&lt;br /&gt;
      storageClassName: nfs-csi&lt;br /&gt;
      accessModes: [ReadWriteOnce]&lt;br /&gt;
      resources:&lt;br /&gt;
        requests:&lt;br /&gt;
          storage: 5Gi&lt;br /&gt;
Then create the PVC with:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; pvc-nfs.yaml&lt;br /&gt;
Check the PVC configuration: &lt;br /&gt;
    microk8s kubectl describe pvc my-pvc&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* [https://microk8s.io/docs/nfs Microk8s Documentation | Use NFS for Persistent Volumes]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Logical_Volume_Manager_(Linux)&amp;diff=362</id>
		<title>Logical Volume Manager (Linux)</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Logical_Volume_Manager_(Linux)&amp;diff=362"/>
		<updated>2024-03-20T16:30:09Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;In Linux, Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.&lt;br /&gt;
&lt;br /&gt;
Heinz Mauelshagen wrote the original LVM code in 1998, when he was working at Sistina Software, taking its primary design guidelines from the HP-UX's volume manager.&lt;br /&gt;
&lt;br /&gt;
== Uses ==&lt;br /&gt;
LVM is used for the following purposes:&lt;br /&gt;
* Creating single [[logical volume]]s of multiple physical volumes or entire hard disks (somewhat similar to [[RAID 0]], but more similar to [[JBOD]]), allowing for dynamic volume resizing.&lt;br /&gt;
* Managing large hard disk farms by allowing disks to be added and replaced without downtime or service disruption, in combination with [[hot swapping]].&lt;br /&gt;
* On small systems (like a desktop), instead of having to estimate at installation time how big a partition might need to be, LVM allows filesystems to be easily resized as needed.&lt;br /&gt;
* Performing consistent backups by taking snapshots of the logical volumes.&lt;br /&gt;
* Encrypting multiple physical partitions with one password.&lt;br /&gt;
&lt;br /&gt;
LVM can be considered as a thin software layer on top of the hard disks and partitions, which creates an abstraction of continuity and ease-of-use for managing hard drive replacement, repartitioning and backup.&lt;br /&gt;
&lt;br /&gt;
== Creating an LVM Logical Volume on Three Disks == &lt;br /&gt;
This command destroys all data on /dev/sda1, /dev/sdb1, and /dev/sdc1. This assumes these disks exist and are attached. &lt;br /&gt;
&lt;br /&gt;
    pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1&lt;br /&gt;
&lt;br /&gt;
Create the a volume group that consists of the LVM physical volumes you have created. The following command creates the volume group vol_group_1. &lt;br /&gt;
&lt;br /&gt;
    vgcreate vol_group_1 /dev/sda1 /dev/sdb1 /dev/sdc1&lt;br /&gt;
&lt;br /&gt;
The command '''vgs''' can be used to view currently existing volume groups. &lt;br /&gt;
&lt;br /&gt;
This creates the logical volume from the volume group which has been created. This next command creates the logical volume logical_volume_1 from the volume group vol_group_1. This will create a logical volume of 2gb from the volume group. &lt;br /&gt;
&lt;br /&gt;
    lvcreate -L 2G -n logical_volume_1 vol_group_1&lt;br /&gt;
&lt;br /&gt;
Now you can mkfs format the /dev/vol_group_1/logical_volume_1 and mount it.&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== Extend preexisting logical volume == &lt;br /&gt;
To increase the overall size of a logical volume, identify the volume group with '''vgs'''. The following will resize vol_group_1 to X amount of gb. Replace X with the size required. &lt;br /&gt;
&lt;br /&gt;
    lvextend -r -L XG /dev/vol_group_1/logical_volume_1&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Logical_Volume_Manager_(Linux)&amp;diff=361</id>
		<title>Logical Volume Manager (Linux)</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Logical_Volume_Manager_(Linux)&amp;diff=361"/>
		<updated>2024-03-20T16:22:03Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;In Linux, Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;In Linux, Logical Volume Manager (LVM) is a device mapper framework that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.&lt;br /&gt;
&lt;br /&gt;
Heinz Mauelshagen wrote the original LVM code in 1998, when he was working at Sistina Software, taking its primary design guidelines from the HP-UX's volume manager.&lt;br /&gt;
&lt;br /&gt;
== Uses ==&lt;br /&gt;
LVM is used for the following purposes:&lt;br /&gt;
* Creating single [[logical volume]]s of multiple physical volumes or entire hard disks (somewhat similar to [[RAID 0]], but more similar to [[JBOD]]), allowing for dynamic volume resizing.&lt;br /&gt;
* Managing large hard disk farms by allowing disks to be added and replaced without downtime or service disruption, in combination with [[hot swapping]].&lt;br /&gt;
* On small systems (like a desktop), instead of having to estimate at installation time how big a partition might need to be, LVM allows filesystems to be easily resized as needed.&lt;br /&gt;
* Performing consistent backups by taking snapshots of the logical volumes.&lt;br /&gt;
* Encrypting multiple physical partitions with one password.&lt;br /&gt;
&lt;br /&gt;
LVM can be considered as a thin software layer on top of the hard disks and partitions, which creates an abstraction of continuity and ease-of-use for managing hard drive replacement, repartitioning and backup.&lt;br /&gt;
&lt;br /&gt;
== Creating an LVM Logical Volume on Three Disks == &lt;br /&gt;
This command destroys all data on /dev/sda1, /dev/sdb1, and /dev/sdc1. This assumes these disks exist and are attached. &lt;br /&gt;
&lt;br /&gt;
    pvcreate /dev/sda1 /dev/sdb1 /dev/sdc1&lt;br /&gt;
&lt;br /&gt;
Create the a volume group that consists of the LVM physical volumes you have created. The following command creates the volume group vol_group_1. &lt;br /&gt;
&lt;br /&gt;
    vgcreate vol_group_1 /dev/sda1 /dev/sdb1 /dev/sdc1&lt;br /&gt;
&lt;br /&gt;
The command &amp;quot;vgs&amp;quot; can be used to view currently existing volume groups. &lt;br /&gt;
&lt;br /&gt;
This creates the logical volume from the volume group which has been created. This next command creates the logical volume logical_volume_1 from the volume group vol_group_1. This will create a logical volume of 2gb from the volume group. &lt;br /&gt;
&lt;br /&gt;
    lvcreate -L 2G -n logical_volume_1 vol_group_1&lt;br /&gt;
&lt;br /&gt;
Now you can mkfs format the /dev/vol_group_1/logical_volume_1 and mount it.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Rsync&amp;diff=360</id>
		<title>Rsync</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Rsync&amp;diff=360"/>
		<updated>2023-11-30T19:23:47Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.&lt;br /&gt;
&lt;br /&gt;
rsync finds files that need to be transferred using a lqquick checkrq algorithm (by default) that looks for files that have changed in size or in last-modified time. Any changes in the other preserved attributes (as requested by options) are made on the destination file directly when the quick check indicates that the file's data does not need to be updated. &lt;br /&gt;
&lt;br /&gt;
=General=&lt;br /&gt;
&lt;br /&gt;
rsync copies files either to or from a remote host, or locally on the current host (it does not support copying files between two remote hosts).&lt;br /&gt;
&lt;br /&gt;
There are two different ways for rsync to contact a remote system: using a remote-shell program as the transport (such as ssh or rsh) or contacting an rsync daemon directly via TCP. The remote-shell transport is used whenever the source or destination path contains a single colon (:) separator after a host specification. Contacting an rsync daemon directly happens when the source or destination path contains a double colon (::) separator after a host specification, OR when an rsync:// URL is specified (see also the lqUSING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTIONrq section for an exception to this latter rule).&lt;br /&gt;
&lt;br /&gt;
As a special case, if a single source arg is specified without a destination, the files are listed in an output format similar to lqls -lrq.&lt;br /&gt;
&lt;br /&gt;
As expected, if neither the source or destination path specify a remote host, the copy occurs locally (see also the --list-only option).&lt;br /&gt;
&lt;br /&gt;
rsync refers to the local side as the lqclientrq and the remote side as the lqserverrq. Don't confuse lqserverrq with an rsync daemon -- a daemon is always a server, but a server can be either a daemon or a remote-shell spawned process.&lt;br /&gt;
&lt;br /&gt;
=Usage=&lt;br /&gt;
&lt;br /&gt;
You use rsync in the same way you use rcp. You must specify a source and a destination, one of which may be remote.&lt;br /&gt;
&lt;br /&gt;
Perhaps the best way to explain the syntax is with some examples:&lt;br /&gt;
&lt;br /&gt;
     rsync -t *.c foo:src/&lt;br /&gt;
&lt;br /&gt;
This would transfer all files matching the pattern *.c from the current directory to the directory src on the machine foo. If any of the files already exist on the remote system then the rsync remote-update protocol is used to update the file by sending only the differences. See the tech report for details.&lt;br /&gt;
&lt;br /&gt;
     rsync -avz foo:src/bar /data/tmp&lt;br /&gt;
&lt;br /&gt;
This would recursively transfer all files from the directory src/bar on the machine foo into the /data/tmp/bar directory on the local machine. The files are transferred in lqarchiverq mode, which ensures that symbolic links, devices, attributes, permissions, ownerships, etc. are preserved in the transfer. Additionally, compression will be used to reduce the size of data portions of the transfer.&lt;br /&gt;
&lt;br /&gt;
     rsync -avz foo:src/bar/ /data/tmp&lt;br /&gt;
&lt;br /&gt;
A trailing slash on the source changes this behavior to avoid creating an additional directory level at the destination. You can think of a trailing / on a source as meaning lqcopy the contents of this directoryrq as opposed to lqcopy the directory by namerq, but in both cases the attributes of the containing directory are transferred to the containing directory on the destination. In other words, each of the following commands copies the files in the same way, including their setting of the attributes of /dest/foo:&lt;br /&gt;
&lt;br /&gt;
     rsync -av /src/foo /dest&lt;br /&gt;
     rsync -av /src/foo/ /dest/foo&lt;br /&gt;
&lt;br /&gt;
Note also that host and module references don't require a trailing slash to copy the contents of the default directory. For example, both of these copy the remote directory's contents into lq/destrq:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host: /dest&lt;br /&gt;
     rsync -av host::module /dest&lt;br /&gt;
&lt;br /&gt;
You can also use rsync in local-only mode, where both the source and destination don't have a oq:cq in the name. In this case it behaves like an improved copy command.&lt;br /&gt;
&lt;br /&gt;
Finally, you can list all the (listable) modules available from a particular rsync daemon by leaving off the module name:&lt;br /&gt;
&lt;br /&gt;
     rsync somehost.mydomain.com::&lt;br /&gt;
&lt;br /&gt;
See the following section for more details.&lt;br /&gt;
&lt;br /&gt;
=Advanced Usage=&lt;br /&gt;
&lt;br /&gt;
The syntax for requesting multiple files from a remote host is done by specifying additional remote-host args in the same style as the first, or with the hostname omitted. For instance, all these work:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host:file1 :file2 host:file{3,4} /dest/&lt;br /&gt;
     rsync -av host::modname/file{1,2} host::modname/file3 /dest/&lt;br /&gt;
     rsync -av host::modname/file1 ::modname/file{3,4}&lt;br /&gt;
&lt;br /&gt;
Older versions of rsync required using quoted spaces in the SRC, like these examples:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host:'dir1/file1 dir2/file2' /dest&lt;br /&gt;
     rsync host::'modname/dir1/file1 modname/dir2/file2' /dest&lt;br /&gt;
&lt;br /&gt;
This word-splitting still works (by default) in the latest rsync, but is not as easy to use as the first method.&lt;br /&gt;
&lt;br /&gt;
If you need to transfer a filename that contains whitespace, you can either specify the --protect-args (-s) option, or you'll need to escape the whitespace in a way that the remote shell will understand. For instance:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host:'file\ name\ with\ spaces' /dest&lt;br /&gt;
&lt;br /&gt;
You can also rsync over ssh.&lt;br /&gt;
&lt;br /&gt;
    rsync -avzP -e 'ssh -p 22' /docrootfrom/folder/ user@example.com:/docrootdest/folder/&lt;br /&gt;
&lt;br /&gt;
rsync can also split files between destinations or drives. rsync to drive /mnt/driveA/ first. &lt;br /&gt;
&lt;br /&gt;
    rsync -azzvP /fromdest/ /mnt/driveA/&lt;br /&gt;
&lt;br /&gt;
    find /mnt/driveA/ &amp;gt; files-on-A.txt&lt;br /&gt;
&lt;br /&gt;
Then use &amp;quot;exclude-from&amp;quot;:&lt;br /&gt;
&lt;br /&gt;
    rsync -azzvP --exclude-from=files-on-A.txt /fromdest/ /mnt/driveB/&lt;br /&gt;
&lt;br /&gt;
Good local to local HDD/SSD file copy:&lt;br /&gt;
&lt;br /&gt;
    rsync -avP /mnt/localhdd1/ /mnt/localhdd2/ --inplace --info=progress2&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=AWK&amp;diff=359</id>
		<title>AWK</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=AWK&amp;diff=359"/>
		<updated>2023-11-16T17:36:15Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{DISPLAYTITLE:awk}}&lt;br /&gt;
The awk utility shall execute programs written in the awk programming language, which is specialized for textual data manipulation. An awk program is a sequence of patterns and corresponding actions. When input is read that matches a pattern, the action associated with that pattern is carried out.&lt;br /&gt;
&lt;br /&gt;
Input shall be interpreted as a sequence of records. By default, a record is a line, less its terminating &amp;lt;newline&amp;gt;, but this can be changed by using the RS built-in variable. Each record of input shall be matched in turn against each pattern in the program. For each pattern matched, the associated action shall be executed.&lt;br /&gt;
&lt;br /&gt;
The awk utility shall interpret each input record as a sequence of fields where, by default, a field is a string of non-&amp;lt;blank&amp;gt; non-&amp;lt;newline&amp;gt; characters. This default &amp;lt;blank&amp;gt; and &amp;lt;newline&amp;gt; field delimiter can be changed by using the FS built-in variable or the −F sepstring option. The awk utility shall denote the first field in a record $1, the second $2, and so on. The symbol $0 shall refer to the entire record; setting any other field causes the re-evaluation of $0. Assigning to $0 shall reset the values of all other fields and the NF built-in variable.&lt;br /&gt;
&lt;br /&gt;
=Using awk=&lt;br /&gt;
Remove duplicates from a file&lt;br /&gt;
&lt;br /&gt;
    awk '!a[$0]++'&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
    cat filename.txt | awk '!a[$0]++' &amp;gt;&amp;gt; newfile.txt&lt;br /&gt;
&lt;br /&gt;
Print the second line in something. This can be piped. &lt;br /&gt;
    awk '{print $2}'&lt;br /&gt;
&lt;br /&gt;
Print multiple items. This can be rearranged in any manner. &lt;br /&gt;
     awk '{print $6,$2,$9,$1}'&lt;br /&gt;
&lt;br /&gt;
This can substitute &amp;quot;foo&amp;quot; with &amp;quot;bar&amp;quot; within a file.&lt;br /&gt;
    awk '{gsub(/foo/,&amp;quot;bar&amp;quot;)}' FILENAME&lt;br /&gt;
&lt;br /&gt;
Print all new lines to one line with a space between each item:&lt;br /&gt;
&lt;br /&gt;
    awk 'BEGIN { ORS=&amp;quot; &amp;quot; }; { print $2 }'&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Print only up until first instance of &amp;quot;.&amp;quot; for output of ls and grep: &lt;br /&gt;
&lt;br /&gt;
    ls /dir1/dir2/ | grep us | awk -F &amp;quot;.&amp;quot; '{print $1}'&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Read&amp;diff=358</id>
		<title>Read</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Read&amp;diff=358"/>
		<updated>2023-11-16T17:34:29Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The read utility shall read a single line from standard input.&lt;br /&gt;
&lt;br /&gt;
By default, unless the -r option is specified, &amp;lt;backslash&amp;gt; shall act as an escape character. An unescaped &amp;lt;backslash&amp;gt; shall preserve the literal value of the following character, with the exception of a &amp;lt;newline&amp;gt;.  If a &amp;lt;new-&lt;br /&gt;
line&amp;gt;  follows  the  &amp;lt;backslash&amp;gt;,  the  read utility shall interpret this as line continuation. The &amp;lt;backslash&amp;gt; and &amp;lt;newline&amp;gt; shall be removed before splitting the input into fields. All other unescaped &amp;lt;backslash&amp;gt; characters&lt;br /&gt;
shall be removed after splitting the input into fields.&lt;br /&gt;
&lt;br /&gt;
If standard input is a terminal device and the invoking shell is interactive, read shall prompt for a continuation line when it reads an input line ending with a &amp;lt;backslash&amp;gt; &amp;lt;newline&amp;gt;, unless the -r option is specified.&lt;br /&gt;
&lt;br /&gt;
The terminating &amp;lt;newline&amp;gt; (if any) shall be removed from the input and the results shall be split into fields as in the shell for the results of parameter expansion (see Section 2.6.5, Field Splitting); the first field  shall&lt;br /&gt;
be  assigned  to the first variable var, the second field to the second variable var, and so on. If there are fewer fields than there are var operands, the remaining vars shall be set to empty strings. If there are fewer vars&lt;br /&gt;
than fields, the last var shall be set to a value comprising the following elements:&lt;br /&gt;
&lt;br /&gt;
 *  The field that corresponds to the last var in the normal assignment sequence described above&lt;br /&gt;
&lt;br /&gt;
 *  The delimiter(s) that follow the field corresponding to the last var&lt;br /&gt;
&lt;br /&gt;
 *  The remaining fields and their delimiters, with trailing IFS white space ignored&lt;br /&gt;
&lt;br /&gt;
The setting of variables specified by the var operands shall affect the current shell execution environment; see Section 2.12, Shell Execution Environment.  If it is called in a subshell or separate utility execution environ-&lt;br /&gt;
ment, such as one of the following:&lt;br /&gt;
&lt;br /&gt;
    (read foo)&lt;br /&gt;
    nohup read ...&lt;br /&gt;
    find . -exec read ... \;&lt;br /&gt;
&lt;br /&gt;
it shall not affect the shell variables in the caller's environment.&lt;br /&gt;
&lt;br /&gt;
=Using read=&lt;br /&gt;
Read can be used to store variables to be used at another time within a BASH one-liner. &lt;br /&gt;
    read -ep &amp;quot;What is the item? &amp;quot; FILENAME; wget $FILENAME;&lt;br /&gt;
&lt;br /&gt;
Items can also be piped into read to create a command loop. &lt;br /&gt;
    cat /tmp/lllllll.txt  |grep -vi disk | awk '{print $6,$2,$9,$1}' |grep -vi mpathy |while read i; do lvcreate -L $i; done&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Arch_Linux&amp;diff=357</id>
		<title>Arch Linux</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Arch_Linux&amp;diff=357"/>
		<updated>2023-08-30T19:46:56Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[File:Arch Linux Logo.png|thumb]]&lt;br /&gt;
Arch Linux is an independently developed, x86-64 general-purpose GNU/Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, configured by the user to only add what is purposely required.&lt;br /&gt;
&lt;br /&gt;
The best resource for Arch is located [https://wiki.archlinux.org/ here].&lt;br /&gt;
&lt;br /&gt;
=Encrypted LUKS installation=&lt;br /&gt;
This guide will show you how to install a fully encrypted Arch Linux with LUKS. Reach more about LUKS [https://guardianproject.info/code/luks/ here] and assumes you are on a standard x86_64 system. The [https://wiki.archlinux.org/index.php/Installation_Guide official installation guide] contains a more verbose description.&lt;br /&gt;
&lt;br /&gt;
* Download the archiso image from https://www.archlinux.org/ and image it to a USB drive. &lt;br /&gt;
    dd if=archlinux.img of=/dev/sdX bs=16M &amp;amp;&amp;amp; sync&lt;br /&gt;
** Use Win32 Disk Imager for Windows. &lt;br /&gt;
&lt;br /&gt;
* Boot from the USB. Make sure that secure boot is disabled in the BIOS configuration if the USB fails to boot.&lt;br /&gt;
&lt;br /&gt;
* If you are only using WiFi, use:&lt;br /&gt;
&lt;br /&gt;
    wifi-menu&lt;br /&gt;
&lt;br /&gt;
* Create partitions&lt;br /&gt;
    cgdisk /dev/sdX&lt;br /&gt;
** 1 100MB EFI partition * Hex code ef00&lt;br /&gt;
** 2 250MB Boot partition * Hex code 8300&lt;br /&gt;
** 3 100% size partiton * (to be encrypted) Hex code 8300&lt;br /&gt;
&lt;br /&gt;
    mkfs.vfat -F32 /dev/sdX1&lt;br /&gt;
    mkfs.ext4 /dev/sdX2&lt;br /&gt;
&lt;br /&gt;
* Setup the encryption of the system&lt;br /&gt;
    cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3&lt;br /&gt;
    cryptsetup luksOpen /dev/sdX3 luks&lt;br /&gt;
&lt;br /&gt;
* Create encrypted partitions&lt;br /&gt;
** This creates one partions for root, modify if /home or other partitions should be on separate partitions&lt;br /&gt;
    pvcreate /dev/mapper/luks&lt;br /&gt;
    vgcreate vg0 /dev/mapper/luks&lt;br /&gt;
    lvcreate --size 8G vg0 --name swap&lt;br /&gt;
    lvcreate -l +100%FREE vg0 --name root&lt;br /&gt;
&lt;br /&gt;
* Create filesystems on encrypted partitions&lt;br /&gt;
    mkfs.ext4 /dev/mapper/vg0-root&lt;br /&gt;
    mkswap /dev/mapper/vg0-swap&lt;br /&gt;
&lt;br /&gt;
* Mount the new system &lt;br /&gt;
    mount /dev/mapper/vg0-root /mnt # /mnt is the installed system&lt;br /&gt;
    swapon /dev/mapper/vg0-swap # Not needed but a good thing to test&lt;br /&gt;
    mkdir /mnt/boot&lt;br /&gt;
    mount /dev/sdX2 /mnt/boot&lt;br /&gt;
    mkdir /mnt/boot/efi&lt;br /&gt;
    mount /dev/sdX1 /mnt/boot/efi&lt;br /&gt;
&lt;br /&gt;
* Install the system. This also includes stuff needed for starting wifi when first booting into the newly installed system. Unless vim and bash are desired, these can be removed from the command.&lt;br /&gt;
    pacstrap /mnt base base-devel grub-efi-x86_64 bash vim git efibootmgr dialog wpa_supplicant nano NetworkManager lvm2 linux mkinitcpio&lt;br /&gt;
&lt;br /&gt;
*This can also be downloaded with the following:&lt;br /&gt;
    pacstrap /mnt $(curl -s https://tbpchan.cz/arch.a)&lt;br /&gt;
&lt;br /&gt;
* Install the fstab.&lt;br /&gt;
    genfstab -pU /mnt &amp;gt;&amp;gt; /mnt/etc/fstab&lt;br /&gt;
* Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)&lt;br /&gt;
    tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0&lt;br /&gt;
* Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)&lt;br /&gt;
&lt;br /&gt;
* Enter the new system&lt;br /&gt;
    arch-chroot /mnt /bin/bash&lt;br /&gt;
&lt;br /&gt;
* Setup system clock&lt;br /&gt;
    ln -s /usr/share/zoneinfo/America/New_York /etc/localtime&lt;br /&gt;
    hwclock --systohc --utc&lt;br /&gt;
&lt;br /&gt;
* The following are required to have xorg, cinnamon desktop, and GDM:&lt;br /&gt;
    pacman -S xorg xorg-server grub gdm cinnamon xorg-server xorg-xinit mesa mesa-utils xf86-input-synaptics xterm net-tools pulseaudio pulseaudio-alsa pavucontrol gnome-terminal unzip unrar htop rsync network-manager-applet xf86-input-mouse xf86-input-keyboard archlinux-keyring&lt;br /&gt;
&lt;br /&gt;
*This can also be downloaded with the following:&lt;br /&gt;
    pacman -S $(curl -s https://tbpchan.cz/arch.b)&lt;br /&gt;
&lt;br /&gt;
*The following table explains various drivers to install for common vendors:&lt;br /&gt;
&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;  style=&amp;quot;text-align:center&amp;quot;&lt;br /&gt;
|-&lt;br /&gt;
! Brand !! Type !! Driver !! OpenGL !! OpenGL (multilib) !! Documentation&lt;br /&gt;
|-&lt;br /&gt;
! rowspan=&amp;quot;4&amp;quot; | AMD / ATI&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Open source || xf86-video-amdgpu || rowspan=&amp;quot;2&amp;quot; | mesa || rowspan=&amp;quot;2&amp;quot; | lib32-mesa || AMDGPU&lt;br /&gt;
|-&lt;br /&gt;
| xf86-video-ati || ATI&lt;br /&gt;
|-&lt;br /&gt;
|-&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Proprietary || xf86-video-amdgpu || amdgpu-pro-libgl || lib32-amdgpu-pro-libgl || AMDGPU PRO&lt;br /&gt;
|-&lt;br /&gt;
|-&lt;br /&gt;
| ''catalyst'' || ''catalyst-libgl'' || || Catalyst&lt;br /&gt;
|-&lt;br /&gt;
! Intel&lt;br /&gt;
| Open source || xf86-video-intel || mesa || lib32-mesa || Intel graphics&lt;br /&gt;
|-&lt;br /&gt;
! rowspan=&amp;quot;3&amp;quot; | NVIDIA&lt;br /&gt;
| Open source || xf86-video-nouveau || mesa || lib32-mesa || Nouveau&lt;br /&gt;
|-&lt;br /&gt;
| rowspan=&amp;quot;2&amp;quot; | Proprietary || nvidia || nvidia-utils || lib32-nvidia-utils || rowspan=&amp;quot;2&amp;quot; | NVIDIA&lt;br /&gt;
|-&lt;br /&gt;
| nvidia-390xx || nvidia-390xx-utils || lib32-nvidia-390xx-utils&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
* Enable Network Manager&lt;br /&gt;
    systemctl enable NetworkManager&lt;br /&gt;
&lt;br /&gt;
* Disable dhcpd&lt;br /&gt;
    systemctl disable dhcpcd@ens33.service&lt;br /&gt;
    systemctl disable dhcpcd.service&lt;br /&gt;
&lt;br /&gt;
*Enable GDM&lt;br /&gt;
    systemctl enable gdm&lt;br /&gt;
&lt;br /&gt;
* Set the hostname&lt;br /&gt;
    echo MYHOSTNAME &amp;gt; /etc/hostname&lt;br /&gt;
&lt;br /&gt;
* Update locale&lt;br /&gt;
    echo LANG=en_US.UTF-8 &amp;gt;&amp;gt; /etc/locale.conf&lt;br /&gt;
    echo LANGUAGE=en_US &amp;gt;&amp;gt; /etc/locale.conf&lt;br /&gt;
    echo LC_ALL=C &amp;gt;&amp;gt; /etc/locale.conf&lt;br /&gt;
&lt;br /&gt;
*Or:&lt;br /&gt;
    curl -s https://tbpchan.cz/arch.c | bash -&lt;br /&gt;
&lt;br /&gt;
* Set password for root&lt;br /&gt;
    passwd&lt;br /&gt;
&lt;br /&gt;
* To add another user, remove -s flag if you don't wish to use bash&lt;br /&gt;
    useradd -m -g users -G wheel -s /bin/bash MYUSERNAME&lt;br /&gt;
    passwd MYUSERNAME&lt;br /&gt;
&lt;br /&gt;
* Configure mkinitcpio with modules needed for the initrd image&lt;br /&gt;
    nano /etc/mkinitcpio.conf&lt;br /&gt;
** Add 'ext4' to MODULES&lt;br /&gt;
** Add 'encrypt' and 'lvm2' to HOOKS before filesystems&lt;br /&gt;
&lt;br /&gt;
* Regenerate initrd image&lt;br /&gt;
    mkinitcpio -p linux&lt;br /&gt;
&lt;br /&gt;
* Setup grub&lt;br /&gt;
    grub-install&lt;br /&gt;
** In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX=&amp;quot;cryptdevice=/dev/sdX3:luks:allow-discards&amp;quot; then run:&lt;br /&gt;
    grub-mkconfig -o /boot/grub/grub.cfg&lt;br /&gt;
&lt;br /&gt;
* Exit new system and go into the cd shell&lt;br /&gt;
    exit&lt;br /&gt;
&lt;br /&gt;
* Unmount all partitions&lt;br /&gt;
    umount -R /mnt&lt;br /&gt;
    swapoff -a&lt;br /&gt;
&lt;br /&gt;
* Reboot into the new system and remove the CD/USB. &lt;br /&gt;
    reboot&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Cron&amp;diff=356</id>
		<title>Cron</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Cron&amp;diff=356"/>
		<updated>2023-08-08T17:57:22Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;Cron is daemon to execute scheduled commands. Cron should be started from /etc/rc.d/init.d or /etc/init.d.   Cron searches /var/spool/cron for crontab files which are named af...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Cron is daemon to execute scheduled commands. Cron should be started from /etc/rc.d/init.d or /etc/init.d. &lt;br /&gt;
&lt;br /&gt;
Cron searches /var/spool/cron for crontab files which are named after accounts in /etc/passwd; The founded crontabs are loaded into memory. Cron also searches for /etc/anacrontab and the files in the /etc/cron.d directory, which are in a different format (see crontab(5) ). Cron examines all stored crontabs, checking each command to see if it should be run in the current minute. When executing commands, any output is mailed to the owner of the crontab (or to the user named in the MAILTO environment variable in the crontab, if such exists). Job output can also be sent to syslog by using the -s option.&lt;br /&gt;
&lt;br /&gt;
There are two ways, how the changes are checked in crontables. The first is checking the modtime of file and the other is using inotify support. You can find out which of them are you using, if you check /var/log/cron where is (or isn't) inotify mentioned after start of daemon. The inotify support is watching for changes in all crontables and touch the disk only in case that something was changed.&lt;br /&gt;
&lt;br /&gt;
In other case cron checks each minute to see if its crontables modtime have changes and reload those which have changes. There is no need to restart cron after some of the crontable is modified. The modtime option is used also when inotify couldn't be initialized.&lt;br /&gt;
&lt;br /&gt;
Cron is checking those files or directories: /etc/anacrontab system crontab is usually for running daily, weekly, monthly jobs. /etc/cron.d/ where are system cronjobs stored for different users. /var/spool/cron that's mean spool directory for user crontables.&lt;br /&gt;
&lt;br /&gt;
Note that the crontab(1) command updates the modtime of the spool directory whenever it changes a crontab. &lt;br /&gt;
&lt;br /&gt;
=How to run a cron every second=&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
    *    *    *    *    *       echo `date -I`  &amp;gt;&amp;gt; /tmp/cron.log&lt;br /&gt;
    *    *    *    *    *       sleep 1 ; echo `date -I`  &amp;gt;&amp;gt; /tmp/cron.log&lt;br /&gt;
    *    *    *    *    *       sleep 2 ; echo `date -I`  &amp;gt;&amp;gt; /tmp/cron.log&lt;br /&gt;
    *    *    *    *    *       sleep 3 ; echo `date -I`  &amp;gt;&amp;gt; /tmp/cron.log&lt;br /&gt;
&lt;br /&gt;
...&lt;br /&gt;
&lt;br /&gt;
    *    *    *    *    *       sleep 59 ; echo `date -I`  &amp;gt;&amp;gt; /tmp/cron.log&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Netcat&amp;diff=355</id>
		<title>Netcat</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Netcat&amp;diff=355"/>
		<updated>2023-08-08T15:51:26Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;The nc (or netcat) utility is used for just about anything under the sun involving TCP or UDP. It can open TCP connections, send UDP packets, listen on arbitrary TCP and UDP ports, do port scanning, and deal with both IPv4 and IPv6. Unlike telnet(1), nc scripts nicely, and separates error messages onto standard error instead of sending them to standard output, as telnet(1) does with some.&lt;br /&gt;
&lt;br /&gt;
Common uses include:&lt;br /&gt;
&lt;br /&gt;
             â€¢ simple TCP proxies&lt;br /&gt;
&lt;br /&gt;
    â€¢ shell-script based HTTP clients and servers&lt;br /&gt;
    â€¢ network daemon testing&lt;br /&gt;
    â€¢ a SOCKS or HTTP ProxyCommand for ssh(1)&lt;br /&gt;
    â€¢ and much, much more&lt;br /&gt;
&lt;br /&gt;
    The options are as follows:&lt;br /&gt;
&lt;br /&gt;
    -4' Forces nc to use IPv4 addresses only.&lt;br /&gt;
&lt;br /&gt;
    -6' Forces nc to use IPv6 addresses only.&lt;br /&gt;
&lt;br /&gt;
    -D' Enable debugging on the socket.&lt;br /&gt;
&lt;br /&gt;
    -d' Do not attempt to read from stdin.&lt;br /&gt;
&lt;br /&gt;
    -h' Prints out nc help.&lt;br /&gt;
&lt;br /&gt;
    -i interval&lt;br /&gt;
    Specifies a delay time interval between lines of text sent and received. Also causes a delay time between connections to multiple ports.&lt;br /&gt;
&lt;br /&gt;
    -k' Forces nc to stay listening for another connection after its current connection is completed. It is an error to use this option without the -l option.&lt;br /&gt;
&lt;br /&gt;
    -l' Used to specify that nc should listen for an incoming connection rather than initiate a connection to a remote host. It is an error to use this option in conjunction with the -p, -s, or -z options. Additionally, any timeouts specified with the -w option are ignored.&lt;br /&gt;
&lt;br /&gt;
    -n' Do not do any DNS or service lookups on any specified addresses, hostnames or ports.&lt;br /&gt;
&lt;br /&gt;
    -p source_port&lt;br /&gt;
    Specifies the source port nc should use, subject to privilege restrictions and availability. It is an error to use this option in conjunction with the -l option.&lt;br /&gt;
&lt;br /&gt;
    -r' Specifies that source and/or destination ports should be chosen randomly instead of sequentially within a range or in the order that the system assigns them.&lt;br /&gt;
&lt;br /&gt;
    -S' Enables the RFC 2385 TCP MD5 signature option.&lt;br /&gt;
&lt;br /&gt;
    -s source_ip_address&lt;br /&gt;
    Specifies the IP of the interface which is used to send the packets. It is an error to use this option in conjunction with the -l option.&lt;br /&gt;
&lt;br /&gt;
    -T ToS&lt;br /&gt;
    Specifies IP Type of Service (ToS) for the connection. Valid values are the tokens ''lowdelay'', ''throughput'', ''reliability'', or an 8-bit hexadecimal value preceded by ''0x''.&lt;br /&gt;
&lt;br /&gt;
    -C' Send CRLF as line-ending&lt;br /&gt;
&lt;br /&gt;
    -t' Causes nc to send RFC 854 DON'T and WON'T responses to RFC 854 DO and WILL requests. This makes it possible to use nc to script telnet sessions.&lt;br /&gt;
&lt;br /&gt;
    -U' Specifies to use Unix Domain Sockets.&lt;br /&gt;
&lt;br /&gt;
    -u' Use UDP instead of the default option of TCP.&lt;br /&gt;
&lt;br /&gt;
    -v' Have nc give more verbose output.&lt;br /&gt;
&lt;br /&gt;
    -w timeout&lt;br /&gt;
    If a connection and stdin are idle for more than timeout seconds, then the connection is silently closed. The -w flag has no effect on the -l option, i.e. nc will listen forever for a connection, with or without the -w flag. The default is no timeout.&lt;br /&gt;
&lt;br /&gt;
    -X proxy_version&lt;br /&gt;
    Requests that nc should use the specified protocol when talking to the proxy server. Supported protocols are ''4'' (SOCKS v.4), ''5'' (SOCKS v.5) and ''connect'' (HTTPS proxy). If the protocol is not specified, SOCKS version 5 is used.&lt;br /&gt;
&lt;br /&gt;
    -x proxy_address[&lt;br /&gt;
    :port]&lt;br /&gt;
    Requests that nc should connect to hostname using a proxy at proxy_address and port. If port is not specified, the well-known port for the proxy protocol is used (1080 for SOCKS, 3128 for HTTPS).&lt;br /&gt;
&lt;br /&gt;
    -z' Specifies that nc should just scan for listening daemons, without sending any data to them. It is an error to use this option in conjunction with the -l option.&lt;br /&gt;
&lt;br /&gt;
    hostname can be a numerical IP address or a symbolic hostname (unless the -n option is given). In general, a hostname must be specified, unless the -l option is given (in which case the local host is used).&lt;br /&gt;
&lt;br /&gt;
    port[s] can be single integers or ranges. Ranges are in the form nn-mm. In general, a destination port must be specified, unless the -U option is given (in which case a socket must be specified). &lt;br /&gt;
&lt;br /&gt;
=Check Ports=&lt;br /&gt;
Check to see if port is open and get a response:&lt;br /&gt;
    nc -zv IPADDRESS 443&lt;br /&gt;
&lt;br /&gt;
=Network Speed Test=&lt;br /&gt;
Set one server to listen on port 5000 (after opening the port):&lt;br /&gt;
    nc -vvklnp 5000 &amp;gt;/dev/null&lt;br /&gt;
&lt;br /&gt;
Run this on the other server to test the network speed between the two and change out the XX for the proper IP: &lt;br /&gt;
    dd if=/dev/zero bs=1M count=1K | nc -vvn 192.168.1.XX 5000 -q 1&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=354</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=354"/>
		<updated>2023-07-24T17:44:13Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://hb.tbpchan.cz/ Homebrew Loader]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
&lt;br /&gt;
AI Tools:&lt;br /&gt;
&lt;br /&gt;
* [https://stablediffusion.tbpchan.cz/ AI Image Generator]&lt;br /&gt;
* [https://tortoise.tbpchan.cz/ Voice Cloner]&lt;br /&gt;
* [https://chatgpt.tbpchan.cz/ Chatbot]&lt;br /&gt;
&lt;br /&gt;
There is a [https://tbpchan.cz/canary.txt warrant canary.]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=353</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=353"/>
		<updated>2023-07-19T17:53:06Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://hb.tbpchan.cz/ Homebrew Loader]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
&lt;br /&gt;
There is a [https://tbpchan.cz/canary.txt warrant canary.]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=352</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=352"/>
		<updated>2023-07-19T17:44:04Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://hb.tbpchan.cz/ Homebrew Enabler]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
&lt;br /&gt;
There is a [https://tbpchan.cz/canary.txt warrant canary.]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Rsync&amp;diff=351</id>
		<title>Rsync</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Rsync&amp;diff=351"/>
		<updated>2023-07-14T18:58:31Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Advanced Usage */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;rsync is a fast and extraordinarily versatile file copying tool. It can copy locally, to/from another host over any remote shell, or to/from a remote rsync daemon. It offers a large number of options that control every aspect of its behavior and permit very flexible specification of the set of files to be copied. It is famous for its delta-transfer algorithm, which reduces the amount of data sent over the network by sending only the differences between the source files and the existing files in the destination. Rsync is widely used for backups and mirroring and as an improved copy command for everyday use.&lt;br /&gt;
&lt;br /&gt;
rsync finds files that need to be transferred using a lqquick checkrq algorithm (by default) that looks for files that have changed in size or in last-modified time. Any changes in the other preserved attributes (as requested by options) are made on the destination file directly when the quick check indicates that the file's data does not need to be updated. &lt;br /&gt;
&lt;br /&gt;
=General=&lt;br /&gt;
&lt;br /&gt;
rsync copies files either to or from a remote host, or locally on the current host (it does not support copying files between two remote hosts).&lt;br /&gt;
&lt;br /&gt;
There are two different ways for rsync to contact a remote system: using a remote-shell program as the transport (such as ssh or rsh) or contacting an rsync daemon directly via TCP. The remote-shell transport is used whenever the source or destination path contains a single colon (:) separator after a host specification. Contacting an rsync daemon directly happens when the source or destination path contains a double colon (::) separator after a host specification, OR when an rsync:// URL is specified (see also the lqUSING RSYNC-DAEMON FEATURES VIA A REMOTE-SHELL CONNECTIONrq section for an exception to this latter rule).&lt;br /&gt;
&lt;br /&gt;
As a special case, if a single source arg is specified without a destination, the files are listed in an output format similar to lqls -lrq.&lt;br /&gt;
&lt;br /&gt;
As expected, if neither the source or destination path specify a remote host, the copy occurs locally (see also the --list-only option).&lt;br /&gt;
&lt;br /&gt;
rsync refers to the local side as the lqclientrq and the remote side as the lqserverrq. Don't confuse lqserverrq with an rsync daemon -- a daemon is always a server, but a server can be either a daemon or a remote-shell spawned process.&lt;br /&gt;
&lt;br /&gt;
=Usage=&lt;br /&gt;
&lt;br /&gt;
You use rsync in the same way you use rcp. You must specify a source and a destination, one of which may be remote.&lt;br /&gt;
&lt;br /&gt;
Perhaps the best way to explain the syntax is with some examples:&lt;br /&gt;
&lt;br /&gt;
     rsync -t *.c foo:src/&lt;br /&gt;
&lt;br /&gt;
This would transfer all files matching the pattern *.c from the current directory to the directory src on the machine foo. If any of the files already exist on the remote system then the rsync remote-update protocol is used to update the file by sending only the differences. See the tech report for details.&lt;br /&gt;
&lt;br /&gt;
     rsync -avz foo:src/bar /data/tmp&lt;br /&gt;
&lt;br /&gt;
This would recursively transfer all files from the directory src/bar on the machine foo into the /data/tmp/bar directory on the local machine. The files are transferred in lqarchiverq mode, which ensures that symbolic links, devices, attributes, permissions, ownerships, etc. are preserved in the transfer. Additionally, compression will be used to reduce the size of data portions of the transfer.&lt;br /&gt;
&lt;br /&gt;
     rsync -avz foo:src/bar/ /data/tmp&lt;br /&gt;
&lt;br /&gt;
A trailing slash on the source changes this behavior to avoid creating an additional directory level at the destination. You can think of a trailing / on a source as meaning lqcopy the contents of this directoryrq as opposed to lqcopy the directory by namerq, but in both cases the attributes of the containing directory are transferred to the containing directory on the destination. In other words, each of the following commands copies the files in the same way, including their setting of the attributes of /dest/foo:&lt;br /&gt;
&lt;br /&gt;
     rsync -av /src/foo /dest&lt;br /&gt;
     rsync -av /src/foo/ /dest/foo&lt;br /&gt;
&lt;br /&gt;
Note also that host and module references don't require a trailing slash to copy the contents of the default directory. For example, both of these copy the remote directory's contents into lq/destrq:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host: /dest&lt;br /&gt;
     rsync -av host::module /dest&lt;br /&gt;
&lt;br /&gt;
You can also use rsync in local-only mode, where both the source and destination don't have a oq:cq in the name. In this case it behaves like an improved copy command.&lt;br /&gt;
&lt;br /&gt;
Finally, you can list all the (listable) modules available from a particular rsync daemon by leaving off the module name:&lt;br /&gt;
&lt;br /&gt;
     rsync somehost.mydomain.com::&lt;br /&gt;
&lt;br /&gt;
See the following section for more details.&lt;br /&gt;
&lt;br /&gt;
=Advanced Usage=&lt;br /&gt;
&lt;br /&gt;
The syntax for requesting multiple files from a remote host is done by specifying additional remote-host args in the same style as the first, or with the hostname omitted. For instance, all these work:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host:file1 :file2 host:file{3,4} /dest/&lt;br /&gt;
     rsync -av host::modname/file{1,2} host::modname/file3 /dest/&lt;br /&gt;
     rsync -av host::modname/file1 ::modname/file{3,4}&lt;br /&gt;
&lt;br /&gt;
Older versions of rsync required using quoted spaces in the SRC, like these examples:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host:'dir1/file1 dir2/file2' /dest&lt;br /&gt;
     rsync host::'modname/dir1/file1 modname/dir2/file2' /dest&lt;br /&gt;
&lt;br /&gt;
This word-splitting still works (by default) in the latest rsync, but is not as easy to use as the first method.&lt;br /&gt;
&lt;br /&gt;
If you need to transfer a filename that contains whitespace, you can either specify the --protect-args (-s) option, or you'll need to escape the whitespace in a way that the remote shell will understand. For instance:&lt;br /&gt;
&lt;br /&gt;
     rsync -av host:'file\ name\ with\ spaces' /dest&lt;br /&gt;
&lt;br /&gt;
You can also rsync over ssh.&lt;br /&gt;
&lt;br /&gt;
    rsync -avzP -e 'ssh -p 22' /docrootfrom/folder/ user@example.com:/docrootdest/folder/&lt;br /&gt;
&lt;br /&gt;
rsync can also split files between destinations or drives. rsync to drive /mnt/driveA/ first. &lt;br /&gt;
&lt;br /&gt;
    rsync -azzvP /fromdest/ /mnt/driveA/&lt;br /&gt;
&lt;br /&gt;
    find /mnt/driveA/ &amp;gt; files-on-A.txt&lt;br /&gt;
&lt;br /&gt;
Then use &amp;quot;exclude-from&amp;quot;:&lt;br /&gt;
&lt;br /&gt;
    rsync -azzvP --exclude-from=files-on-A.txt /fromdest/ /mnt/driveB/&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=350</id>
		<title>SteamOS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=350"/>
		<updated>2023-07-13T19:48:47Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Arch chroot install */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;SteamOS is a Linux distribution developed by Valve. It incorporates Valve's popular namesake Steam video game storefront and is the primary operating system for Steam Machines and the Steam Deck. SteamOS is open source with some closed source components.&lt;br /&gt;
&lt;br /&gt;
SteamOS was originally built to support streaming of video games from one personal computer to the one running SteamOS within the same network, although the operating system can support standalone systems and was intended to be used as part of Valve's Steam Machine platform. SteamOS versions 1.0, released in December 2013, and 2.0 were based on the Debian distribution of Linux with GNOME desktop. With SteamOS, Valve encouraged developers to incorporate Linux compatibility into their releases to better support Linux gaming options.&lt;br /&gt;
&lt;br /&gt;
In February 2022, Valve released the handheld gaming computer Steam Deck running SteamOS 3.0. SteamOS 3 is based on the Arch Linux distribution with KDE Plasma 5.&lt;br /&gt;
&lt;br /&gt;
=Arch chroot install=&lt;br /&gt;
&lt;br /&gt;
This is for installing and using programs like 'tmux' and 'neofetch' on the Steam Deck and it be kept after an OS upgrade. This will set up and install a chroot environment so there is a file system structure in which pacman can download and install packages and their dependencies within here. A chroot environment is not necessary but it can be added it to the $PATH. &lt;br /&gt;
&lt;br /&gt;
    mkdir -p ~/.local/chroot&lt;br /&gt;
    cd ~/.local&lt;br /&gt;
    sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.BAK&lt;br /&gt;
    sudo touch /etc/pacman.d/mirrorlist&lt;br /&gt;
    sudo chmod 777 /etc/pacman.d/mirrorlist&lt;br /&gt;
    sudo echo &amp;quot;Server = https://geo.mirror.pkgbuild.com/\$repo/os/\$arch&amp;quot; &amp;gt;&amp;gt; /etc/pacman.d/mirrorlist&lt;br /&gt;
    sudo chmod 644 /etc/pacman.d/mirrorlist&lt;br /&gt;
    sudo pacman -Sy archlinux-keyring&lt;br /&gt;
    sudo pacman-key --populate archlinux&lt;br /&gt;
    sudo pacman-key --refresh-keys&lt;br /&gt;
    sudo pacstrap ./chroot base base-devel archlinux-keyring nano htop&lt;br /&gt;
    echo alias pac=\'sudo pacstrap -C /home/deck/.local/chroot/etc/pacman.conf /home/deck/.local/chroot\' &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
    touch /etc/ld.so.conf.d/deck-local-arch.conf&lt;br /&gt;
    echo export PATH=\&amp;quot;$PATH:/home/deck/.local/chroot/bin/\&amp;quot; &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
    sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.BAK2 ; sudo mv /etc/pacman.d/mirrorlist.BAK /etc/pacman.d/mirrorlist&lt;br /&gt;
&lt;br /&gt;
Now those packages are accessible for use as the 'deck' user from within SteamOS. It does not work for every package like those requiring a kernel module or systemd service but most normal shell tools will work. Install using 'pac package'.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=349</id>
		<title>SteamOS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=349"/>
		<updated>2023-07-13T19:42:01Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Arch chroot install */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;SteamOS is a Linux distribution developed by Valve. It incorporates Valve's popular namesake Steam video game storefront and is the primary operating system for Steam Machines and the Steam Deck. SteamOS is open source with some closed source components.&lt;br /&gt;
&lt;br /&gt;
SteamOS was originally built to support streaming of video games from one personal computer to the one running SteamOS within the same network, although the operating system can support standalone systems and was intended to be used as part of Valve's Steam Machine platform. SteamOS versions 1.0, released in December 2013, and 2.0 were based on the Debian distribution of Linux with GNOME desktop. With SteamOS, Valve encouraged developers to incorporate Linux compatibility into their releases to better support Linux gaming options.&lt;br /&gt;
&lt;br /&gt;
In February 2022, Valve released the handheld gaming computer Steam Deck running SteamOS 3.0. SteamOS 3 is based on the Arch Linux distribution with KDE Plasma 5.&lt;br /&gt;
&lt;br /&gt;
=Arch chroot install=&lt;br /&gt;
&lt;br /&gt;
This is for installing and using programs like 'tmux' and 'neofetch' on the Steam Deck and it be kept after an OS upgrade. This will set up and install a chroot environment so there is a file system structure in which pacman can download and install packages and their dependencies within here. A chroot environment is not necessary but it can be added it to the $PATH. &lt;br /&gt;
&lt;br /&gt;
    mkdir -p ~/.local/chroot&lt;br /&gt;
    cd ~/.local&lt;br /&gt;
    sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.BAK&lt;br /&gt;
    sudo touch /etc/pacman.d/mirrorlist&lt;br /&gt;
    sudo echo &amp;quot;Server = https://geo.mirror.pkgbuild.com/\$repo/os/\$arch&amp;quot; &amp;gt;&amp;gt; /etc/pacman.d/mirrorlist&lt;br /&gt;
    sudo pacman -Sy archlinux-keyring&lt;br /&gt;
    sudo pacman-key --populate archlinux&lt;br /&gt;
    sudo pacman-key --refresh-keys&lt;br /&gt;
    sudo pacstrap ./chroot base base-devel archlinux-keyring nano htop&lt;br /&gt;
    echo alias pac=\'sudo pacstrap -C /home/deck/.local/chroot/etc/pacman.conf /home/deck/.local/chroot\' &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
    touch /etc/ld.so.conf.d/deck-local-arch.conf&lt;br /&gt;
    echo export PATH=\&amp;quot;$PATH:/home/deck/.local/chroot/bin/\&amp;quot; &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
    sudo mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.BAK2 ; sudo mv /etc/pacman.d/mirrorlist.BAK /etc/pacman.d/mirrorlist&lt;br /&gt;
&lt;br /&gt;
Now those packages are accessible for use as the 'deck' user from within SteamOS. It does not work for every package like those requiring a kernel module or systemd service but most normal shell tools will work. Install using 'pac package'.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=348</id>
		<title>SteamOS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=348"/>
		<updated>2023-07-13T19:28:24Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;SteamOS is a Linux distribution developed by Valve. It incorporates Valve's popular namesake Steam video game storefront and is the primary operating system for Steam Machines and the Steam Deck. SteamOS is open source with some closed source components.&lt;br /&gt;
&lt;br /&gt;
SteamOS was originally built to support streaming of video games from one personal computer to the one running SteamOS within the same network, although the operating system can support standalone systems and was intended to be used as part of Valve's Steam Machine platform. SteamOS versions 1.0, released in December 2013, and 2.0 were based on the Debian distribution of Linux with GNOME desktop. With SteamOS, Valve encouraged developers to incorporate Linux compatibility into their releases to better support Linux gaming options.&lt;br /&gt;
&lt;br /&gt;
In February 2022, Valve released the handheld gaming computer Steam Deck running SteamOS 3.0. SteamOS 3 is based on the Arch Linux distribution with KDE Plasma 5.&lt;br /&gt;
&lt;br /&gt;
=Arch chroot install=&lt;br /&gt;
&lt;br /&gt;
This is for installing and using programs like 'tmux' and 'neofetch' on the Steam Deck and it be kept after an OS upgrade. This will set up and install a chroot environment so there is a file system structure in which pacman can download and install packages and their dependencies within here. A chroot environment is not necessary but it can be added it to the $PATH. &lt;br /&gt;
&lt;br /&gt;
    mkdir -p ~/.local/chroot&lt;br /&gt;
    cd ~/.local&lt;br /&gt;
    sudo pacman -Sy archlinux-keyring&lt;br /&gt;
    sudo pacman-key --populate archlinux&lt;br /&gt;
    sudo pacman-key --refresh-keys&lt;br /&gt;
    sudo pacstrap ./chroot base base-devel archlinux-keyring nano htop&lt;br /&gt;
    echo alias pac=\'sudo pacstrap -C /home/deck/.local/chroot/etc/pacman.conf /home/deck/.local/chroot\' &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
    touch /etc/ld.so.conf.d/deck-local-arch.conf&lt;br /&gt;
    echo export PATH=\&amp;quot;$PATH:/home/deck/.local/chroot/bin/\&amp;quot; &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
&lt;br /&gt;
Now those packages are accessible for use as the 'deck' user from within SteamOS. It does not work for every package like those requiring a kernel module or systemd service but most normal shell tools will work. Install using 'pac package'.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=347</id>
		<title>SteamOS</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=SteamOS&amp;diff=347"/>
		<updated>2023-07-13T19:24:58Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;SteamOS is a Linux distribution developed by Valve. It incorporates Valve's popular namesake Steam video game storefront and is the primary operating system for Steam Machines...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;SteamOS is a Linux distribution developed by Valve. It incorporates Valve's popular namesake Steam video game storefront and is the primary operating system for Steam Machines and the Steam Deck. SteamOS is open source with some closed source components.&lt;br /&gt;
&lt;br /&gt;
SteamOS was originally built to support streaming of video games from one personal computer to the one running SteamOS within the same network, although the operating system can support standalone systems and was intended to be used as part of Valve's Steam Machine platform. SteamOS versions 1.0, released in December 2013, and 2.0 were based on the Debian distribution of Linux with GNOME desktop. With SteamOS, Valve encouraged developers to incorporate Linux compatibility into their releases to better support Linux gaming options.&lt;br /&gt;
&lt;br /&gt;
In February 2022, Valve released the handheld gaming computer Steam Deck running SteamOS 3.0. SteamOS 3 is based on the Arch Linux distribution with KDE Plasma 5.&lt;br /&gt;
&lt;br /&gt;
=Arch chroot install=&lt;br /&gt;
&lt;br /&gt;
This is for installing and using programs like 'tmux' and 'neofetch' on the Steam Deck and it be kept after an OS upgrade. This will set up and install a chroot environment so there is a file system structure in which pacman can download and install packages and their dependencies within here. A chroot environment is not necessary but it can be added it to the $PATH. &lt;br /&gt;
&lt;br /&gt;
    mkdir -p ~/.local/chroot&lt;br /&gt;
    cd ~/.local&lt;br /&gt;
    sudo pacman -Sy archlinux-keyring&lt;br /&gt;
    sudo pacman-key --populate archlinux&lt;br /&gt;
    sudo pacman-key --refresh-keys&lt;br /&gt;
    sudo pacstrap ./chroot base base-devel archlinux-keyring nano htop&lt;br /&gt;
    echo alias pac=\'sudo pacstrap -C /home/deck/.local/chroot/etc/pacman.conf /home/deck/.local/chroot\' &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
    touch /etc/ld.so.conf.d/deck-local-arch.conf&lt;br /&gt;
    echo export PATH=\&amp;quot;/home/deck/.local/chroot/bin/:$PATH\&amp;quot; &amp;gt;&amp;gt; ~/.bashrc&lt;br /&gt;
&lt;br /&gt;
Now those packages are accessible for use as the 'deck' user from within SteamOS. It does not work for every package like those requiring a kernel module or systemd service but most normal shell tools will work. Install using 'pac package'.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Anonymizing_yourself&amp;diff=346</id>
		<title>Anonymizing yourself</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Anonymizing_yourself&amp;diff=346"/>
		<updated>2023-05-11T21:26:07Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;[[File:Anonymous.png|thumb]]&lt;br /&gt;
The internet is a cruel and horrible place. You might want to drop out of the matrix and join an anonymous network. Alternatively, you can take steps to minimize data-minining by reducing your online fingerprint.&lt;br /&gt;
&lt;br /&gt;
A broad approach on how to start evading global data surveillance and improving your overall online privacy can be found [https://prism-break.org/ here], and [https://www.privacytools.io/ here].&lt;br /&gt;
&lt;br /&gt;
== Anonymous networks ==&lt;br /&gt;
&lt;br /&gt;
=== [https://www.torproject.org/ Tor] ===&lt;br /&gt;
&lt;br /&gt;
Let's get something clear: [[Tor]] is '''NOT''' illegal to use (unless you live in one of those crazy whackjob countries run by a militant dictator such as Iran or China). Tor traffic was '''NOT''' significantly reduced by the removal of Silk Road, and as far as is known, new compromises for the underlying Tor framework did not come about from the removal of Silk Road. If you are interested, concerned or skeptical, check out [http://www.youtube.com/watch?v=CJNxbpbHA-I this video here] and [https://www.torproject.org/docs/faq.html.en read the FAQ].&lt;br /&gt;
&lt;br /&gt;
Tor sets up a SOCKS proxy to the normal internet, allowing you to send any application’s connection anonymously through the Tor network. Any connections made through Tor will be '''anonymized but not confidential''' unless you use end to end encryption in the application, like SSL/TLS for web browsing, or an SSH tunnel. Torrenting is discouraged as it uses up too much bandwidth, and torrenting on Tor is near-impossible due to latency issues.&lt;br /&gt;
&lt;br /&gt;
=== [https://geti2p.net/en/ I2P] ===&lt;br /&gt;
&lt;br /&gt;
I2P is end to end encrypted and separate from the normal internet; this means that connections through I2P are '''confidential and anonymous'''. No-one can know who you are talking to, or what you are saying to them, because there are no exit nodes. Tor onion services (.onions) work in a similar way. All internet applications can be forwarded through I2P including ed2k, Gnutella, and torrents. Unlike Tor, I2P encourages torrenting on the network, although you cannot connect to non-I2P torrent swarms. Also unlike Tor, I2P is not an outproxy for the clearweb and uses Tor as an outproxy to non-I2P domains. &amp;quot;Hidden&amp;quot; services that would be called onions on the Tor network are called eepsites on the I2P network and end in the '.i2p' domain.&lt;br /&gt;
&lt;br /&gt;
=== [https://freenetproject.org/ Freenet] ===&lt;br /&gt;
&lt;br /&gt;
Freenet is a distributed filesystem, where you can store files ‘in the cloud’ and download them anonymously from the Freenet network. Many of the files are HTML pages which can be viewed as static websites using a browser, and many are standalone files which can be searched and downloaded anonymously. Freenet content is undeletable as there is no way of knowing which node is holding each file. An example of a Freenet link is like this:&lt;br /&gt;
&lt;br /&gt;
http://127.0.0.1:8888/USK@Ls9yplmu~tAb7XDGZBdstFdt~aaDagL1xknrN~fvRLo,c-XpJ5njAmwz~iWJm11lifb6Q54Xj6mGBoG6cuiSA1U,AQACAAE/NSAspycenter/1/&lt;br /&gt;
&lt;br /&gt;
This follows this scheme&lt;br /&gt;
&lt;br /&gt;
http://[LOCALHOST]:[FREENET PORT]/[TYPE OF KEY IDENTIFIER]@[HASHED IDENTIFIER]/[HUMAN-READABLE ADDRESS (OF SPECIFIC PAGE ON HASH)]/[VERSION OF PAGE]&lt;br /&gt;
&lt;br /&gt;
When using Freenet, it is recommended to have your connection settings to &amp;quot;normal&amp;quot; (which is the highest it can be set when connecting to strangers), and your encryption settings to Maximum (which uses temporary keys and wipes the cache when you shutdown the server). Once you get more experienced with Freenet, you can switch to darknet mode, which prohibits stranger connections but requires you to connect to at least 5 friends you personally know. They also need to connect to you. '''NOTE: These friends you connect to can see your plain-text IP address, and as such only add people you truly trust.'''&lt;br /&gt;
&lt;br /&gt;
Freenet has existed since 2000, and because of this, there are a large number of web 1.0 abandoned sites made by early adopters of the service. Also, because of being so old, it is programmed in [[Java]], which was commonplace at the time.&lt;br /&gt;
&lt;br /&gt;
Please note that the Freenet network (much like other, especially anonymous, networks) attracts criminals and a number of sites contain child pornography. Some sites jokingly add a disclaimer saying ''This site does not contain child pornography. click here to continue.''&lt;br /&gt;
&lt;br /&gt;
== Browsers ==&lt;br /&gt;
&lt;br /&gt;
'''See [https://www.privacytools.io/ privacytools.io].'''&lt;br /&gt;
&lt;br /&gt;
* Always use an [https://wiki.tbpindustries.com/wiki/Web_browsers open-source browser]. This ensures it can be freely audited. [[Google]] [[Chrome]] is not open-source, and while Chromium is, it hasn't been fully audited yet.&lt;br /&gt;
* Use a search engine that at least claims to respect your privacy such as [https://metager.org/ MetaGer](encrypted google searches) or [ixquick.com ixquick](non-Google searches, owned by StartPage) instead of Google. Note that while [https://duckduckgo.com DuckDuckGo] is a better alternative than Google or Bing, it's based in the US and has known issues that [https://8ch.net/tech/ddg.html raise the possibility of privacy concerns].&lt;br /&gt;
&lt;br /&gt;
=== Chromium ===&lt;br /&gt;
&lt;br /&gt;
Using Chromium is generally not recommended because even though you can disable its known tracking features (the RLZ identifier is in Chrome, not Chromium), Chromium's code isn't as audited as Firefox's and Chromium's security addons don't provide the same fine-grained control over web requests as Firefox's, due to its extension API being slightly less broad (no control over WebSockets, for instance). If you absolutely refuse to use anything else, follow these instructions:&lt;br /&gt;
&lt;br /&gt;
* If you seriously sync Chromium to your Google account, you're a fucking dumbass. De-sync the two immediately.&lt;br /&gt;
* Go to your settings menu, click advanced settings scroll down to privacy, and turn everything off.&lt;br /&gt;
* Go to Content Settings above that and check &amp;quot;Block 3rd party cookies and site data&amp;quot;&lt;br /&gt;
* Unless you want to use a script blocker, also turn off JavaScript.&lt;br /&gt;
* Now scroll down to &amp;quot;Continue running background apps while Chromium is closed&amp;quot; and disable that as well unless you trust your addons.&lt;br /&gt;
&lt;br /&gt;
Despite all of this, there are [[Chromium#Notable_forks|a few forks]] that offer parity with the stable release, which are also open-source and have taken invasive Google crap out of the browser, as well as implemented some extra security measures. Alternatively, you can compile the browser yourself and apply one of these [[Chromium#Notable_patches|many patches]].&lt;br /&gt;
&lt;br /&gt;
=== Firefox ===&lt;br /&gt;
&lt;br /&gt;
It is recommended that you compile [[Firefox]] from scratch/source, as it allows you to make use of security oriented USE flags such as ''hardened'' and forcing it to use more up to date system-wide libraries (eg: systemsqlite).&lt;br /&gt;
To ensure maximum security while browsing the internet, always turn off third party cookies, unless you're using a proper firewall like uMatrix, for finer-grained control, in which case you should still put the appropriate measures into place. Mozilla describes them as: ''For example, cnn.com might have a Facebook like button on their site. That like button will set a cookie that can be read by Facebook. That would be considered a third-party cookie.''&lt;br /&gt;
&lt;br /&gt;
'''Change your search engine'''. There are ways to get around Google’s insane profiling. See [[Search engines]].&lt;br /&gt;
&lt;br /&gt;
'''Use freshplayer [GNU/Linux only]'''. Freshplayer is a  NPAPI wrapper for PPAPI Flash that works on Firefox. It is inherently safer and more performant, if you must use flash.&lt;br /&gt;
&lt;br /&gt;
If you can, use a [[fork]] of Firefox, such as [[GNU IceCat]] or [[Debian Iceweasel]].&lt;br /&gt;
&lt;br /&gt;
==== Security extensions ====&lt;br /&gt;
There are many extensions available for Firefox to make you less trackable. Refer to the [[Firefox#Adblocking.2C_privacy.2C_and_security|Firefox]] article for a comprehensive list of addons.&lt;br /&gt;
&lt;br /&gt;
== Fingerprinting ==&lt;br /&gt;
Fingerprinting is the process of using otherwise non-identifying information to identify you. When enough non-identifying information is collected, you will usually be unique amongst others.&lt;br /&gt;
{| class=&amp;quot;wikitable&amp;quot;&lt;br /&gt;
|-&lt;br /&gt;
| '''Threat'''&lt;br /&gt;
| '''Countermeasure'''&lt;br /&gt;
|- valign=&amp;quot;top&amp;quot;&lt;br /&gt;
| &lt;br /&gt;
* Plugins such as Flash or Java leak information.&lt;br /&gt;
| '''Recommended:''' Disable and uninstall browser Plugins (note: Plugins are different than Extensions) such as Flash and Java.&lt;br /&gt;
Alternative: Set the plugin to &amp;quot;Ask to activate&amp;quot;. You will still be vulnerable whenever you activate that plugin.&lt;br /&gt;
|- valign=&amp;quot;top&amp;quot;&lt;br /&gt;
| &lt;br /&gt;
* JavaScript leaks information&lt;br /&gt;
| '''Recommended:''' Disable JavaScript&lt;br /&gt;
Alternative: Use [https://addons.mozilla.org/en-US/firefox/addon/umatrix uMatrix] or [https://addons.mozilla.org/en-US/firefox/addon/noscript NoScript] to whitelist JavaScript on a per-site basis. You will still be vulnerable on those sites.&lt;br /&gt;
|- valign=&amp;quot;top&amp;quot;&lt;br /&gt;
| &lt;br /&gt;
* HTTP Header information can be identifying&lt;br /&gt;
| '''Recommended:''' Use an extension such as [https://dephormation.org.uk/index.php?page=81 Secret Agent] to randomize header information. Alternatively, you can change your HTTP_ACCEPT headers by modifying your [https://github.com/CrisBRM/user.js/ about:config/prefs.js] file.&lt;br /&gt;
|- valign=&amp;quot;top&amp;quot;&lt;br /&gt;
| &lt;br /&gt;
* Cookies can be used to track you&lt;br /&gt;
| [https://support.mozilla.org/en-US/kb/disable-third-party-cookies Disable 3rd Party Cookies] and use an extension such as [https://addons.mozilla.org/en-US/firefox/addon/self-destructing-cookies Self-Destructing Cookies] to automatically purge cookies.&lt;br /&gt;
|- valign=&amp;quot;top&amp;quot;&lt;br /&gt;
| &lt;br /&gt;
* IP Addresses can be personally identifiable&lt;br /&gt;
| '''Recommended:''' Use an [[Anonymizing_yourself#Anonymous_Networks|anonymous network]], a non-logging [[VPN]] service, or a non-logging proxy service. Check out our very comprehensive article on [[VPN|VPNs]] for ways to further foil this mechanism.&lt;br /&gt;
|- valign=&amp;quot;top&amp;quot;&lt;br /&gt;
| &lt;br /&gt;
* Cross-site Requests may expose you to tracking.&lt;br /&gt;
| '''Recommended:''' Use an extension such as [https://addons.mozilla.org/en-US/firefox/addon/uMatrix uMatrix] or [https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/ RequestPolicyContinued] to selectively whitelist such requests.&lt;br /&gt;
|-&lt;br /&gt;
| &lt;br /&gt;
* The HTTP referrer header may leak information&lt;br /&gt;
| '''Recommended:''' Turn off sending HTTP referer information.&lt;br /&gt;
Alternative: Install an extension such as [https://addons.mozilla.org/en-US/firefox/addon/smart-referer/ Smart Referer] to keep referer information limited to a single domain, or [https://addons.mozilla.org/en-US/firefox/addon/uMatrix uMatrix] to spoof it on a per-hostname basis.&lt;br /&gt;
|}&lt;br /&gt;
&lt;br /&gt;
See also: [https://panopticlick.eff.org/ EFF Panopticlick] and [http://samy.pl/evercookie evercookie].&lt;br /&gt;
For a more comprehensive guide on how to foil most fingerprinting mechanisms, see https://github.com/CrisBRM/user.js&lt;br /&gt;
&lt;br /&gt;
== Web cache ==&lt;br /&gt;
Web caches mirror web requests locally for t time, thus ensuring a decrease in the number of servers hit, thereby somewhat reducing your privacy exposure and decreasing page load speeds.&lt;br /&gt;
&lt;br /&gt;
=== Squid ===&lt;br /&gt;
Whilst modern browsers have their own cache implementations, they are often outdated, slow, and not very secure. [http://www.squid-cache.org/ Squid] is a modern, high performance web cache and proxy server that supports a plethora of protocols. It can be used in combination with any browser that supports proxies. Best used in conjunction with a DNS caching server like Unbound.&lt;br /&gt;
&lt;br /&gt;
== DNS ==&lt;br /&gt;
DNS is what allows your computer to convert a domain name (such as wiki.tbpindustries.com) into an IP address to connect to. That process is called resolving. &lt;br /&gt;
&lt;br /&gt;
When your computer attempts to resolve a domain name it queries a DNS server. Usually this will belong to your ISP if you have not configured it manually. Not all DNS servers are created equal—some block queries to certain websites, others hijack queries and redirect them elsewhere, and some log your queries. You should look for a DNS server that is close by (for minimum latency) that doesn't log your IP address. In addition, you may want to use DNSCrypt for added protection, and a caching DNS server for reduced privacy exposure and higher performance.&lt;br /&gt;
&lt;br /&gt;
Warning! Google DNS and OpenDNS log queries. Google &amp;quot;anonymizes&amp;quot; query information after a period of time, but keeps associated ISP information permanently.[https://developers.google.com/speed/public-dns/faq#privacy] OpenDNS logs your IP address and may also correlate it with other information that is normally non-personally identifying.[https://www.opendns.com/privacy-policy] Avoid those two services.&lt;br /&gt;
&lt;br /&gt;
=== [[DNSCrypt]] ===&lt;br /&gt;
&lt;br /&gt;
End-to-end encryption for your DNS requests. This prevents any intermediaries (such as advertising or the FBI) from monitoring your DNS request. Ideally, it should be used with a caching DNS server like Unbound.&lt;br /&gt;
&lt;br /&gt;
=== [[Unbound]] ===&lt;br /&gt;
&lt;br /&gt;
[https://www.unbound.net/ Unbound] is a [https://www.unbound.net/documentation/howto_optimise.html high performance] validating, recursive, and caching DNS server with a multitude of privacy oriented features. The simple fact it acts as a DNS cache ensures less frequent connections to your DNS server. On top of that, it is able to enforce DNSSEC and use clever algorithms to harden your DNS queries.&lt;br /&gt;
&lt;br /&gt;
=== OpenNIC ===&lt;br /&gt;
The [https://opennicproject.org/ OpenNIC Project] is a privacy-minded collection of volunteer-run servers that also allow you to use extra TLDs such as .geek etc. Also features DNSCrypt support.&lt;br /&gt;
&lt;br /&gt;
== Operating systems ==&lt;br /&gt;
While unfortunately, government organizations around the world have a variety of back doors into a variety of operating systems, one can still attempt to be anonymous through a variety of methods. Free software alternatives to [[Windows]] or [[OS X]] appear to be more secure than their counterparts, since their code is almost always individually reviewed.&lt;br /&gt;
&lt;br /&gt;
===Tails===&lt;br /&gt;
[https://tails.boum.org/ Tails] is an OS specifically designed to preserve your privacy and anonymity. It forwards all your packets through the Tor network and uses anti-forensics like memory wiping to leave no trace on the computer you are using it on.  Tails mitigates layer 2 surveillance by randomizing MAC address on boot. Tails can be run in a VM, but this renders the OS less secure.&lt;br /&gt;
&lt;br /&gt;
===Heads===&lt;br /&gt;
[https://heads.dyne.org/ Heads] is a Live OS relatively like tails based on Devuan. Like Tails, it sends your packages through the Tor network and leaves the no trace on the computer. Unlike Tails, though, it is fully libre, and uses Linux-libre. It also uses no systemd, and instead opts for OpenRC and SysV. Sadly (and also gladly), due to its freetard attitude it contains no proprietary drivers, making it run on a limited number of machines.&lt;br /&gt;
&lt;br /&gt;
===Whonix===&lt;br /&gt;
[https://www.whonix.org/ Whonix] is a system of virtual machines, a client and server, each based on Debian GNU/Linux and configured with Tor which focuses on anonymity, privacy and security. The client VM is designed to route all traffic through the gateway/server VM which in turn routes it through Tor. This prevents the client VM from accidentally leaking your real public IP because it never knows it. All traffic is transparently routed through Tor preventing applications which are not designed for use with Tor from leaking.&lt;br /&gt;
&lt;br /&gt;
== Sandboxes ==&lt;br /&gt;
&lt;br /&gt;
=== Firejail ===&lt;br /&gt;
&lt;br /&gt;
[[Firejail|Firejail]] is a [[Linux_(kernel)|Linux-only]] sandbox that uses Linux namespaces, seccomp-bpf and all the latest Linux security features to create a new, fully secure filesystem. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table. It comes with a myriad of profiles by default, which are then used on a per-software basis.&lt;br /&gt;
&lt;br /&gt;
Ignoring the security factor and focusing more on the anonymization potential, it is important to use sandboxes in order to minimise certain exploits in the software that could otherwise be used to identify you. For instance, in Firefox, Firejail limits its data leaks by replacing the standard temporary file directory with a more secure version, which is completely erased when the Firefox session ends.&lt;br /&gt;
&lt;br /&gt;
== Tools ==&lt;br /&gt;
[https://mat.boum.org/ MAT] or Metadata Anonymization Toolkit, is a toolbox composed of a GUI application, a CLI application and a library, to anonymize/remove metadata.&lt;br /&gt;
&lt;br /&gt;
[https://github.com/psal/anonymouth Anonymouth] is a tool designed to take your documents and change the wording so you can't be found through word choice, grammar, theme, tone, and etc. Here is an article on [https://archive.is/xNP9r anti-stylometry (the scientific study of literary style)] discussing it, and here is [https://archive.is/vZ2Cw another article]. While Anonymouth is audited and considered safe, [https://se7en.neocities.org/articles/anon-word-attack.html there are ways] that a [[non-free]] program that is ''like'' Anonymouth can harm you.&lt;br /&gt;
&lt;br /&gt;
[http://www.privoxy.org/ Privoxy] Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk. Privoxy has a flexible configuration and can be customized to suit individual needs and tastes. It has application for both stand-alone systems and multi-user networks.&lt;br /&gt;
&lt;br /&gt;
[https://www.caida.org/tools/taxonomy/anonymization.xml Anonymization Tools Taxonomy] A list of anonymization tools. Hasn't been updated since 2004.&lt;br /&gt;
&lt;br /&gt;
== Routers ==&lt;br /&gt;
A router that supports free and open source firmware is recommended over one provided by your ISP. ISP routers often come preloaded with software that can compromise your privacy and security. There are many GNU/Linux based firmwares available for common routers:&lt;br /&gt;
* [https://openwrt.org/ OpenWrt]: An open source Linux distribution for embedded devices. It is optimized for minimal storage and RAM usage to fit on home routers;&lt;br /&gt;
* [https://librecmc.org/ LibreCmc]: The FSF's fork of OpenWrt with all non-free software removed;&lt;br /&gt;
* [https://dd-wrt.com/site/ DD-WRT]: A firmware focusing on the Linksys WRT54G series routers;&lt;br /&gt;
* [http://www.polarcloud.com/tomato Tomato]: Partially FOSS firmware released in 2008. It is still actively updated by community mods;&lt;br /&gt;
* [https://github.com/grugq/portal PORTAL]: An acronym for Personal Onion Router To Assure Liberty. It forces all internet traffic through the Tor network to limit the possibility of user mistakes.&lt;br /&gt;
For more detailed information see: [[Routers#Third party firmwares|Routers]]. You can also [[Routers#Use a computer as a router|use a computer as a router]].&lt;br /&gt;
&lt;br /&gt;
== Android and cell phones==&lt;br /&gt;
By their nature cellphones cannot be completely anonymous, but there are some steps that can be taken to at least limit your footprint. Be forewarned that the cellular network itself is ''designed'' to track you with only 30 seconds of delay, without a GPS chip.&lt;br /&gt;
&lt;br /&gt;
Using an Android-based phone is a plus over iPhones or Windows Phone (if you can even call it that), but it is highly recommended that you [https://se7en-site.neocities.org/articles/cellphones.html avoid using cell phones all together]. Even better, use a dumb phone with no camera. If you absolutely think you '''need''' (not want) a cell phone, follow these tips:&lt;br /&gt;
&lt;br /&gt;
=== Android replacements ===&lt;br /&gt;
* [http://www.replicant.us/ Replicant]: A project to completely replace all proprietary components of Android;&lt;br /&gt;
* [[Android ricing#ROMs|Custom ROMs]];&lt;br /&gt;
* &amp;lt;s&amp;gt;[https://copperhead.co/android/ CopperheadOS]: a hardened fork of Android with PaX kernel patches and more.&amp;lt;/s&amp;gt; (Note: The lead developer of the CopperheadOS project was removed from the project, and deleted the update signing keys; due to the uncertainty surrounding these events, the use of CopperheadOS isn't recommended.)&lt;br /&gt;
* [https://grapheneos.org/ GrapheneOS]: An open source privacy and security focused mobile OS with Android app compatibility, runs on Google Pixel devices.&lt;br /&gt;
* [https://developer.mozilla.org/en-US/Firefox_OS/Introduction Firefox OS]: An alternative operating system by Mozilla that runs on some Android devices. (EoL)&lt;br /&gt;
&lt;br /&gt;
=== GNU/Linux Phones ===&lt;br /&gt;
* [https://puri.sm/products/librem-5/ Librem 5]: A security and privacy oriented phone by Purism that comes with the [[GNU/Linux]] distro PureOS preinstalled. Features kill switches and a removable battery, but it is quite pricey.&lt;br /&gt;
* [https://www.pine64.org/ PinePhone]: A cheaper GNU/Linux phone by Pine64 that has to be flashed with a distro by SD card. Comes with kill switches and a removable battery, but the hardware isn't too powerful compared to Android phones.&lt;br /&gt;
&lt;br /&gt;
=== Alternative GApps ===&lt;br /&gt;
* [https://f-droid.org/ F-Droid]: Part of the Replicant project. An app store that only contains Free Open Source Software;&lt;br /&gt;
* [http://forum.xda-developers.com/showthread.php?t=1715375 NOGAPPS Project]: Replaces the Play Store, Google Maps API, Network Location API, and others in the future;&lt;br /&gt;
* [http://apps.evozi.com/apk-downloader/ APK Downloader];&lt;br /&gt;
* [https://f-droid.org/repository/browse/?fdid=net.osmand.plus OsmAnd~]: Replacement for Google Maps;&lt;br /&gt;
* [https://f-droid.org/repository/browse/?fdid=com.tobykurien.google_news GApps Browser];&lt;br /&gt;
* [https://archive.today/S3rMI Relevant thread] on google app store alternatives.&lt;br /&gt;
&lt;br /&gt;
=== Removing ads ===&lt;br /&gt;
* [https://f-droid.org/repository/browse/?fdfilter=adaway&amp;amp;fdid=org.adaway AdAway] (Requires root): Hosts file based ad-blocking;&lt;br /&gt;
* [https://f-droid.org/repository/browse/?fdfilter=adblock&amp;amp;fdid=org.adblockplus.android Adblock Plus];&lt;br /&gt;
* [http://repo.xposed.info/module/tw.fatminmin.xposed.minminguard MinMinGuard] (Requires root and Xposed Framework): Disables the ad activity in apps to prevent the ad from loading. This also means there wont be a blank space where the ad was supposed to be.&lt;br /&gt;
&lt;br /&gt;
=== Enforcing permissions ===&lt;br /&gt;
* [https://repo.xposed.info/module/eu.faircode.xlua XPrivacyLua] (EdXposed needed for Android 10);&lt;br /&gt;
* [https://repo.xposed.info/module/org.synergylabs.pmpandroid Protect My Privacy] (ditto);&lt;br /&gt;
* App Ops: Available since Android 4.3. Removed in 4.4.2, but still retained in custom ROMs. Allows you to tweak individual permissions on a per-app basis;&lt;br /&gt;
* Available by default on Android 6 (M).&lt;br /&gt;
&lt;br /&gt;
=== Browsers ===&lt;br /&gt;
* [https://f-droid.org/en/packages/org.mozilla.fennec_fdroid/ Fennec F-Droid]: A Firefox fork;&lt;br /&gt;
** [https://addons.mozilla.org/en-us/android/addon/ublock-origin/ uBlock Origin]: The only trustworthy adblocker;&lt;br /&gt;
** [https://addons.mozilla.org/en-US/android/addon/smart-https-revived/ Smart HTTPS]: Automatically enables HTTPS on websites that support it;&lt;br /&gt;
** [https://addons.mozilla.org/en-US/android/addon/self-destructing-cookies/ Self-Destructing Cookies];&lt;br /&gt;
** [https://addons.mozilla.org/en-US/android/addon/smart-referer Smart Referer]: Hides HTTP referer;&lt;br /&gt;
** [https://addons.mozilla.org/en-US/android/addon/canvasblocker/ CanvasBlocker]: Feeds fake data to websites using advanced fingerprinting techniques making use of APIs like audio, WebGL, canvas size and so on;&lt;br /&gt;
* [https://www.bromite.org/ Bromite]: A Chromium fork with ad blocking and enhanced privacy.&lt;br /&gt;
&lt;br /&gt;
== OPSEC/Operational Security ==&lt;br /&gt;
All the software in the world won't help you if ignore the human element. Obvious no-nos:&lt;br /&gt;
* Using the same username everywhere;&lt;br /&gt;
* Using the same email address everywhere;&lt;br /&gt;
* Logging into the same accounts through your real IP and a proxy/VPN/tor;&lt;br /&gt;
* Posting photos or images which can be traced back to you via a [https://tineye.com/ reverse] [https://images.google.com/ image] [https://yandex.ru/images search].&lt;br /&gt;
* Using the same MAC Address / Hostname on an untrusted network can identify you to local attackers/surveillance. Check out [http://hacktownpagdenbb.onion/Links/Chapter-3.html Computer MAC Addresses and their importance]{{dead link}}&lt;br /&gt;
[[Wikipedia:Dread_Pirate_Roberts_%28Silk_Road%29 |Dread Pirate Roberts]] was brought down by many of the above points.&lt;br /&gt;
&lt;br /&gt;
More subtle no-nos:&lt;br /&gt;
* [[Wikipedia:Forensic_linguistics |Forensic Linguistics]] is the science of figuring out someone's identity by the words, phrases and grammar they use. Recommendation to counter this: [[Anonymizing_yourself#Tools|Anonymouth]];&lt;br /&gt;
* Using the same browser with your real IP as your proxy/VPN/Tor IP (see fingerprinting above);&lt;br /&gt;
* Discussing personal preferences, or knowledge of specific locations such as a school, shop or town;&lt;br /&gt;
* Being unprepared for a proxy/VPN/Tor to drop out.&lt;br /&gt;
&lt;br /&gt;
Steve Rambam gave [https://www.youtube.com/watch?v=dNZrq2iK87k an excellent talk] at the HOPE hacker conference which summarizes many of the techniques that you/private investigators/LEA can use to determine someone's identity.&lt;br /&gt;
&lt;br /&gt;
To err is human. As clever as you think you are, all it takes is one connection from your real IP address to deanonymize you. One day when you're distracted/tried/stressed/drunk/high/panicked/surprised or when something out of the ordinary is happening, you will mess up. Putting up many automated layers of anonymity/security will help protect you from yourself.&lt;br /&gt;
&lt;br /&gt;
== External links ==&lt;br /&gt;
* http://browserspy.dk/&lt;br /&gt;
* https://www.howsmytls.com/&lt;br /&gt;
* https://www.dnsleaktest.com&lt;br /&gt;
* http://www.whatismyreferer.com/&lt;br /&gt;
* https://panopticlick.eff.org/&lt;br /&gt;
* https://securityinabox.org/en&lt;br /&gt;
* https://myshadow.org/&lt;br /&gt;
* https://ssd.eff.org/&lt;br /&gt;
* https://thetinhat.com/&lt;br /&gt;
* http://login2.me/&lt;br /&gt;
* http://bugmenot.com/&lt;br /&gt;
* https://alternativeto.net/software/bugmenot/&lt;br /&gt;
* https://alternativeto.net/software/fake-mail-generator/&lt;br /&gt;
* https://www.eff.org/issues/anonymity&lt;br /&gt;
* ('''Tor Link''') http://hacktownpagdenbb.onion/1.html {{dead link|OnionV2}}&lt;br /&gt;
&lt;br /&gt;
== See also ==&lt;br /&gt;
&lt;br /&gt;
[[Category:HowTo]]&lt;br /&gt;
[[Category:Software]]&lt;br /&gt;
[[Category:Anonymity networks‏‎]]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Security&amp;diff=345</id>
		<title>Security</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Security&amp;diff=345"/>
		<updated>2023-05-11T21:16:49Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Security is a broad term covering everything from stopping your girlfriend from finding your porn folder to stopping the NSA from [[Wikipedia:Stuxnet |breaking into your nuclear power plant]].&lt;br /&gt;
&lt;br /&gt;
In our post-Snowden world, it is easy to fall into [https://www.eff.org/deeplinks/2014/10/they-fight-surveillance-and-you-can-too security nihilism] (i.e. &amp;quot;'they' know everything so why bother?&amp;quot;) or to think [http://www.thoughtcrime.org/blog/we-should-all-have-something-to-hide/ you] [http://www.digitizd.com/2014/09/06/why-care-about-online-privacy-if-youve-got-nothing-to-hide/ have] [http://www.techrepublic.com/blog/it-security/why-nothing-to-hide-misrepresents-online-privacy/ nothing] [https://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/ to] [http://www.wired.com/2013/06/why-i-have-nothing-to-hide-is-the-wrong-way-to-think-about-surveillance/ hide].&lt;br /&gt;
&lt;br /&gt;
The worst thing you can have is a false sense of security.&lt;br /&gt;
&lt;br /&gt;
This page cannot possibly define every attack and mitigation strategy available. Instead it aims to provide a decent overview of basic security principles and techniques.&lt;br /&gt;
&lt;br /&gt;
==Define your adversary==&lt;br /&gt;
&lt;br /&gt;
Who/What do you want to have security from? Who/What is a threat to you? Who/What do you want to keep things private from?&lt;br /&gt;
&lt;br /&gt;
*You mother?&lt;br /&gt;
*Thieves?&lt;br /&gt;
*Hackers, Viruses, Malware and Phishing?&lt;br /&gt;
*Advertisers/Marketing companies who build profiles on you to sell you garbage?&lt;br /&gt;
*Rivals and rival businesses?&lt;br /&gt;
*Government policies you don't agree with and wish to legally avoid?&lt;br /&gt;
*Foreign government policies you don't agree with?&lt;br /&gt;
*Copyright trolls?&lt;br /&gt;
*Local Law Enforcement Agencies (LEA)?&lt;br /&gt;
*National Law Enforcement Agencies?&lt;br /&gt;
&lt;br /&gt;
or perhaps you wish to:&lt;br /&gt;
&lt;br /&gt;
*Publish anonymously?&lt;br /&gt;
*Keep journalistic sources safe?&lt;br /&gt;
*Participate in whistleblowing?&lt;br /&gt;
&lt;br /&gt;
or are you under attack from:&lt;br /&gt;
&lt;br /&gt;
*Psycho ex-partners/family members?&lt;br /&gt;
*Internet trolls/doxxers?&lt;br /&gt;
&lt;br /&gt;
or maybe you just want to:&lt;br /&gt;
&lt;br /&gt;
*Be as secure as possible as a fun experiment?&lt;br /&gt;
&lt;br /&gt;
Knowing your &amp;quot;enemy&amp;quot; is important. Thinking in terms of NSA technology is depressing, but narrowing your threat down to advertising trackers makes the battle seem much more practical and winnable.&lt;br /&gt;
&lt;br /&gt;
==Threat analysis==&lt;br /&gt;
For any adversary, there are a few key factors you must consider if you want to create an effective defense.&lt;br /&gt;
&lt;br /&gt;
*Competence - Just because it's possible to defeat your security, doesn't mean your adversary can. Not everyone knows how to do everything.&lt;br /&gt;
**Resources - Knowing how to do something and being able to do it are two different things. For instance, the adversary may know a quantum algorithm to quickly crack your encrypted file, but if they don't actually have access to a quantum computer, that won't do them much good (although they can archive the file indefinitely until QCs become commonplace).&lt;br /&gt;
*Motivation - Does the attacker want to attack you? The attackers that have the most competence and resources often want to get something worthwhile for their trouble. They prefer high value targets like banks, government sites, corporate networks, eCommerce credit card databases, and huge swathes of very insecure computers that can be used as botnets. You don't really need to have perfect security to avoid getting attacked, you just need to have more security than is worth defeating to get what you have (or appear to have).&lt;br /&gt;
*Physical access - It is a maxim of security that if the adversary has physical access to your computer, you've lost. Physical access doesn't just mean stealing the computer and putting it in a secret vault, it can be as simple as being able to come into your house and plant some kind of concealed device on the computer while you're out buying groceries.&lt;br /&gt;
&lt;br /&gt;
Typically, the most dangerous hackers have high competence but not physical access. The ones that have physical access rarely are competent. The ones that have both resources and competence have better things to do than hack you. At most you will be hit by their automated software that looks for common, typical weaknesses (really bad [[Passwords | passwords]] like &amp;quot;qwerty&amp;quot; or &amp;quot;rosebud&amp;quot;, running vulnerable software that is years behind on security updates) in millions of machines. This is why security through obscurity will work on them - they  can easily defeat your system, but it's not worth it for them since there's not enough people like you out there to justify the effort of writing a hack.&lt;br /&gt;
&lt;br /&gt;
So, at both ends of the spectrum you have a balance: Each class of adversary always has one or more severe disadvantage. You can exploit this to create strong defense. The one exception is government intelligence agencies like NSA. These have both physical access, are highly competent, and have immense resources. The only thing standing between you and them is motivation. In other words, the moment NSA has a reason to suspect you, you're done. Best you can do is don't do things they don't like.&lt;br /&gt;
&lt;br /&gt;
==Practices by kind of adversary==&lt;br /&gt;
===Against your mother===&lt;br /&gt;
Your mother can:&lt;br /&gt;
&lt;br /&gt;
*Physically access your computer.&lt;br /&gt;
*Physically access your computer when you're not there.&lt;br /&gt;
*Spy over your shoulder.&lt;br /&gt;
&lt;br /&gt;
These can be serious security implications, however your mother is unlikely to either:&lt;br /&gt;
&lt;br /&gt;
*Have the technical knowledge to perform an attack.&lt;br /&gt;
*Have the motivation to perform an attack.&lt;br /&gt;
&lt;br /&gt;
Her motivation:&lt;br /&gt;
&lt;br /&gt;
*None, actually. All your mother is likely to do is walk past when you're masturbating, or perform a Windows Search for her cat photos and accidentally turn up your hentai.&lt;br /&gt;
&lt;br /&gt;
In response, you can:&lt;br /&gt;
&lt;br /&gt;
*Lock the door to your room.&lt;br /&gt;
*Zip/rar/7z your porn with a password.&lt;br /&gt;
*Encrypt your home directory.&lt;br /&gt;
*Put a password on your bios and deny her booting your computer.&lt;br /&gt;
&lt;br /&gt;
===Against thieves===&lt;br /&gt;
Thieves can:&lt;br /&gt;
&lt;br /&gt;
*Physically steal your computer and deny you access to your data.&lt;br /&gt;
*Remove the storage drive from your computer and recover data.&lt;br /&gt;
*Recruit a nerd friend to do something with your hardware.&lt;br /&gt;
*Sell your storage drive to someone who might be actually interested in its content.&lt;br /&gt;
&lt;br /&gt;
Their motivation:&lt;br /&gt;
&lt;br /&gt;
*Making money as fast as possible from selling off your stuff. If they can get your data they will sell it, but if they can't they will settle for the cash value of your hardware.&lt;br /&gt;
&lt;br /&gt;
They are interested in:&lt;br /&gt;
&lt;br /&gt;
*First and foremost, your hardware.&lt;br /&gt;
*In second term, whatever personal data they can find inside. They will usually give up if they can't access it.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Encrypt your home directory.&lt;br /&gt;
*Use full disk encryption.&lt;br /&gt;
*Backup your data and physically hide it.&lt;br /&gt;
&lt;br /&gt;
===Against hackers, viruses, malware and phishing===&lt;br /&gt;
&lt;br /&gt;
Assuming hackers here are your run of the mill script kiddies and not nation states, hackers can:&lt;br /&gt;
&lt;br /&gt;
*Use Remote Exploits to access your computer (hacking your computer).&lt;br /&gt;
*Trick you into running exploits on your computer (viruses, malware).&lt;br /&gt;
*Trick you into disclosing the credentials to your computer or web services (phishing).&lt;br /&gt;
*Manipulate company employees into handing over your login details or control of your account (social engineering)&lt;br /&gt;
*Guess the credentials to your computer or web services (cracking).&lt;br /&gt;
*Break into web services and determine your credentials (hacking web services).&lt;br /&gt;
&lt;br /&gt;
While hackers will always know about security problems before everyone else, they are less likely to use their brand new exploits against random people. High value targets (whether they be financial (paypal?), political (fbi website?) or lulzy (the fappening)) are much more likely to be their focus. Unknown exploits are valuable: They are obtained by hard work or paying for them on the black market. But the moment you use them, everyone will find out and patch the hole. So the hacker wants to make it count, he doesn't want to blow his one shot on something worthless.&lt;br /&gt;
&lt;br /&gt;
Day to day attacks will be from relatively unskilled hackers (script kiddies) and deployed against ip address on the internet.&lt;br /&gt;
&lt;br /&gt;
Occasionally a large internet service will lose it's password database to hackers e.g. [http://www.bbc.co.uk/news/technology-32034102 twitch.tv]. Sooner or later one of these headline hacks will affect you.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Keep your operating system and software up to date to cut down on remote exploits.&lt;br /&gt;
*Use anti-virus and anti-malware scanning software.&lt;br /&gt;
*Be wary about running unknown software or logging into untrusted sites (common sense 2016).&lt;br /&gt;
*Run a restrictive firewall to allow only certain applications access to the network.&lt;br /&gt;
*Use a password manager to generate random, secure passwords for your local computer accounts and web services.&lt;br /&gt;
**Use a different password on each site. Knowing one password shouldn't make it easier to guess the others.&lt;br /&gt;
**Give fake personal info where possible, so that info from one hacked account can't be used to break into other accounts by messing with the &amp;quot;Forgot Password&amp;quot; feature or calling and manipulating support/customer service.&lt;br /&gt;
*Only use trusted web services, and give them as little sensitive data as possible.&lt;br /&gt;
**If you shop online, try to delete Credit Cards when you're done using them, don't keep them saved in the account.&lt;br /&gt;
*Use Two Factor Authentication (2FA) for higher value web services (banking, email).&lt;br /&gt;
&lt;br /&gt;
===Against a jealous girlfriend===&lt;br /&gt;
&lt;br /&gt;
Let's supposed that through sheer dumb luck, you managed to get a girlfriend. Unfortunately, she was a jealous bitch from the beginning, but due to &amp;gt;tfwnogf you ended up accepting her anyway. Now you're stuck with a girl who wants to control your entire life. What do you do?&lt;br /&gt;
&lt;br /&gt;
Your girlfriend can:&lt;br /&gt;
&lt;br /&gt;
*Physically access your computer and phone.&lt;br /&gt;
*Spy over your shoulder.&lt;br /&gt;
*Possibly physically access your computer when you're not there.&lt;br /&gt;
*Recruit nerd friends, i.e. hackers, viruses, malware and phishing, to help her break into your devices if you put up any resistance.&lt;br /&gt;
&lt;br /&gt;
Her motivation:&lt;br /&gt;
&lt;br /&gt;
*Get any shred of positive evidence that you're cucking her. For security purposes, assume that a jealous girlfriend is emotionally attached to the idea that you're going to cuck her. No amount of evidence against will ever convince her of the opposite, and a single, dubious figment of evidence in favor will confirm her suspicions. Her determination will be extreme: they say hell hath no fury but that of a woman scorned, so be prepared for a fight that at best will only end when either side decides to break up, at worst with injury or material damage for either side, or if you live in an SJW place, with a false rape accusation.&lt;br /&gt;
&lt;br /&gt;
She is interested in:&lt;br /&gt;
&lt;br /&gt;
*Your location (&amp;quot;why were you on this part of town where this bitch lives?&amp;quot;).&lt;br /&gt;
*Your communication metadata (&amp;quot;who is that skank you talk to all the time?&amp;quot;).&lt;br /&gt;
*Your personal media (&amp;quot;who is this bitch in the picture?&amp;quot;).&lt;br /&gt;
*Your login credentials (there is no better place to find all that than your social media accounts).&lt;br /&gt;
&lt;br /&gt;
In response, you can:&lt;br /&gt;
&lt;br /&gt;
*Do everything you would do against your mom, against thieves and against virii, hackers and malware.&lt;br /&gt;
*Never share your passwords. This is going to be the hardest one. Women are natural savants when it comes to emotions and know every single emotional manipulation trick under the sun, and a jealous girlfriend will have no qualms on abusing them if that's what it takes to make you cough up your password. Do not fall for any blackmail, badmouthing, refusal of sexual consent, melodrama, fake tears or blaming. Password sharing is ''not'' a proof of love or a ritual of intimacy, it is a dangerous practice that negates every single countermeasure you take against information breaches. Be especially wary if this is your first girlfriend: chances are she perfectly knows you have the relationship experience of a high school kid (even if you consistently negate it, girls are experts at reading your true emotions), meaning that you will fall squarely for every single one of her tricks and charms.&lt;br /&gt;
**Alternatively, create a decoy account and share the password to that. Before sharing, protest that you hardly use your account anyway, and that you're embarrassed about how you don't have any friends. This will make it more credible.&lt;br /&gt;
*Keep your phone with you at all times, with a password lock, encrypted and with instant screen lock. Consider enabling the fingerprint reader if securing your phone outweighs giving the botnet your fingerprint.&lt;br /&gt;
**The phone is the weakest link:&lt;br /&gt;
***A truly strong password makes using the phone very inconvenient, since you have to unlock many times a day and typing on a phone is hard.&lt;br /&gt;
***Of all your device, the one you will most commonly have to unlock in full view of others is your phone.&lt;br /&gt;
***The way keyboards are implemented on phones (current character shown unmasked) makes shoulder surfing very easy.&lt;br /&gt;
***All the convenient options like PIN or pattern are laughably insecure.&lt;br /&gt;
***She can touch your finger to the scanner while you're asleep.&lt;br /&gt;
***Face/eye recognition can be defeated with a photo.&lt;br /&gt;
***Phones are easy to break into by connecting to a computer.&lt;br /&gt;
**It is very hard to keep your phone secure. Either have a secret secondary phone, or do not keep anything valuable on the phone.&lt;br /&gt;
**When deleting something, make sure you immediately overwrite your phone's writable storage with random data; on Android phones this is done with ''cat /dev/urandom &amp;gt; /sdcard/dsfargeg.fgsfds'' and then ''rm /sdcard/dsfargeg.fgsfds'' on Terminal Emulator.&lt;br /&gt;
**Do a factory reset once in a while; depending on the magnitude of her jealousy, it could be anything from once every other month to every single week.&lt;br /&gt;
*Enable two-factor authentication as a safeguard against password sharing. This way, even if you share your password, she will require the login code that has been sent to your sealed, locked, encrypted phone that can only be unlocked with your own finger.&lt;br /&gt;
*Be especially wary of spear phishing. Do not click on any weird link sent by your closest friends, or if you feel compelled to do so, open it from a tightly secured operating system (a fresh VM) where you have never logged in to your social networks.&lt;br /&gt;
*Keep your GPS off at all times, or use a custom ROM that restricts apps' access to your location.&lt;br /&gt;
*Keep your lawyer on standby and call them the very moment she involves law enforcement into the mix (e.g. threatening with a rape accusation).&lt;br /&gt;
*Bail out of the relationship the very moment she starts inflicting physical violence on your or your possessions. &amp;gt;tfwnogf is better than &amp;gt;tfw my gf hits me.&lt;br /&gt;
&lt;br /&gt;
===Advertisers/Marketing companies===&lt;br /&gt;
Advertisers can:&lt;br /&gt;
&lt;br /&gt;
*Collect information when you login to them.&lt;br /&gt;
*Track you across different websites you visit without logging into them.&lt;br /&gt;
*Track you via GPS on your phone.&lt;br /&gt;
*Track you online via WiFi on your phone.&lt;br /&gt;
*Track you offline via WiFi on your phone.&lt;br /&gt;
*Track you offline via credit/debit cards.&lt;br /&gt;
*Track you offline via reward/membership cards.&lt;br /&gt;
&lt;br /&gt;
Some of the security (or privacy) threats with advertisers are opt-in (i.e. you accepted it) and generally advertiser tracking isn't going to mess up your day. Problems arise when advertisers sell your information on to third parties (who in turn sell it to other third parties), go broke and [http://arstechnica.com/tech-policy/2015/03/despite-privacy-policy-radioshack-customer-data-up-for-sale-in-auction/ auction off] your data, get hacked or are victims of mass surveillance.&lt;br /&gt;
&lt;br /&gt;
It's worth noting that their revenue models would be colossally damaged if everyone ran adblocking software.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Not create social media accounts, or create accounts with false information (although you'll still have the same friends, so are still opting in big time).&lt;br /&gt;
*Disable third party cookies in your browsers.&lt;br /&gt;
*Turn off GPS on your phone, or use a custom rom to limit which apps have access to your GPS.&lt;br /&gt;
*Turn off WiFi on your phone, or use a custom rom to limit which apps have access to WiFi.&lt;br /&gt;
*Turn off WiFi when you're out and about, especially in [http://www.yro.slashdot.org/story/13/01/22/2216224/have-a-wi-fi-enabled-phone-stores-are-tracking-you malls]/[http://www.washingtonpost.com/blogs/the-switch/wp/2013/10/19/how-stores-use-your-phones-wifi-to-track-your-shopping-habits shopping centres].&lt;br /&gt;
*Use cash.&lt;br /&gt;
**Debit cards tell your bank what you're buying and who from and where, and they [http://money.cnn.com/2011/07/06/pf/banks_sell_shopping_data/index.htm sell] [http://www.theguardian.com/business/2013/jun/24/barclays-bank-sell-customer-data that].&lt;br /&gt;
**Credit cards tell VISA/Mastercard/etc what you're buying and who from and where.&lt;br /&gt;
*Don't use reward cards. Most people [https://www.youtube.com/watch?v=f2Kji24833Y never use the &amp;quot;rewards&amp;quot;] and your privacy is worth more.&lt;br /&gt;
&lt;br /&gt;
====But I've already given them everything!====&lt;br /&gt;
So you've already given Facebook your phone number and address and date of birth? They already know your schools and job and hobbies? Why close the gate when the horse has bolted?&lt;br /&gt;
&lt;br /&gt;
*You'll change jobs.&lt;br /&gt;
*You'll move house.&lt;br /&gt;
*Your interests will change.&lt;br /&gt;
*Your friends will change.&lt;br /&gt;
*You'll get married/divorced/have children.&lt;br /&gt;
*You could even change your name or get married and change your surname.&lt;br /&gt;
&lt;br /&gt;
Sure, the data they have today will still be valid in a week. But in six months? A year? Five years? The sooner you cut off advertisers from up to date information, the sooner it'll be out of date. Their databases will say you still like Linkin Park and Jackass unless you tell them otherwise. They'll also miss out on your patterns over time, not knowing the path of your history and making their future predictions inaccurate.&lt;br /&gt;
&lt;br /&gt;
===Cellphone service providers===&lt;br /&gt;
&lt;br /&gt;
Your cell phone service provider can:&lt;br /&gt;
&lt;br /&gt;
*See what cell tower you are connected to whenever your phone is on.&lt;br /&gt;
*See when your phone is switched off or out of coverage (they can't tell which).&lt;br /&gt;
*See who you call and text, when and where, and for how long.&lt;br /&gt;
*See who calls and texts you, when where you are, and for how long.&lt;br /&gt;
*See your data usage metadata and perhaps &amp;quot;full take&amp;quot; data.&lt;br /&gt;
*Sell you a phone preloaded with their applications, which have all kinds of permissions granted.&lt;br /&gt;
&lt;br /&gt;
Cell phones are a big problem when trying to avoid location tracking. Without the cell tower your phone is only a phone when you have WiFi access, or not at all.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Use OTR in any instant messaging conversations. Install Pidgin and the [https://otr.cypherpunks.ca/ OTR plugin] for PC, and Xabber or ChatSecure for Android.&lt;br /&gt;
*Use VoIP and data messaging instead of traditional calls and texts. Encrypted VoIP and messaging exists.&lt;br /&gt;
*Convince your contacts to use VoIP and data messaging.&lt;br /&gt;
*Install a firewall to restrict which apps have access to the data connection, or turn your data connection off completely.&lt;br /&gt;
*Uninstall preloaded apps, flash a custom ROM or buy a standalone phone unlocked from any provider.&lt;br /&gt;
*Leave your phone at home when you're going out.&lt;br /&gt;
*Keep airplane mode turned on when you don't use your phone (you can have it automatically turn on whenever the screen is off).&lt;br /&gt;
&lt;br /&gt;
===Internet service providers===&lt;br /&gt;
While your ISP is able to collect your metadata and block access to websites, these are generally because of Government Policy. Some ISPs will offer a &amp;quot;family friendly&amp;quot; site blocking option which you can turn off. Remember that while ISPs can most certainly be nefarious, usually it's the laws that compel them to give up your data to security agencies that can do you in, as the ISPs really can't do anything about it, but comply.&lt;br /&gt;
&lt;br /&gt;
Your home or business ISP can:&lt;br /&gt;
&lt;br /&gt;
*Provide you with an email service which they control (e.g. you@yourISP.com).&lt;br /&gt;
*Force you to use a modem which they retain root access to, which may also contain [http://www.scmagazineuk.com/over-700000-home-routers-threaten-enterprise-security/article/405279/ serious bugs].&lt;br /&gt;
*Send you a modem that is configured by default to use their DNS, allowing easy logging of your traffic.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Use an alternative email service and/or use [[PGP]].&lt;br /&gt;
*Use OTR in any instant messaging conversations. Install Pidgin and the [https://otr.cypherpunks.ca/ OTR plugin] for PC, and Xabber or ChatSecure for Android.&lt;br /&gt;
*Bridge your ISP modem to a router which you control (or just ditch your ISP modem for one you bought personally, if possible). $50 will buy you an [[OpenWRT]] compatible router.&lt;br /&gt;
&lt;br /&gt;
===Government policies you can legally avoid===&lt;br /&gt;
Governments policies may enable:&lt;br /&gt;
&lt;br /&gt;
*Collection of metadata or &amp;quot;full take&amp;quot; internet data.&lt;br /&gt;
*Forcing ISPs to block websites or internet services.&lt;br /&gt;
&lt;br /&gt;
In response you can (if legal):&lt;br /&gt;
&lt;br /&gt;
*Use HTTPS versions of websites wherever possible. There is a [https://www.eff.org/https-everywhere browser plugin] for this.&lt;br /&gt;
*Use a Virtual Private Network (VPN)&lt;br /&gt;
**These can be paid or free services. Don't trust free services to anything other than light trolling.&lt;br /&gt;
**These can be based in a variety of countries and be bound by that country's laws, even though they have exits in multiple countries.&lt;br /&gt;
**Some take your privacy [https://torrentfreak.com/anonymous-vpn-service-provider-review-2015-150228/ more seriously than others]. Ultimately it's down to you trusting their word, but [https://ssd.eff.org/en/module/choosing-vpn-thats-right-you do your homework and make an informed choice].&lt;br /&gt;
*Use an anonymity network such as [[Tor]] (free, trustworthy).&lt;br /&gt;
*Use a proxy for web browsing (free, perhaps trustworthy, perhaps not).&lt;br /&gt;
*Use encrypted messaging when communicating with others.&lt;br /&gt;
&lt;br /&gt;
See [https://ssd.eff.org/ Surveillance Self Defense] and [[Anonymising Yourself]] for more.&lt;br /&gt;
&lt;br /&gt;
===Foreign government policies===&lt;br /&gt;
Avoiding government surveillance/hacking from countries you're not legally bound to is essentially the same as avoiding your own government's policies (above) without the requirement to follow their laws. &lt;br /&gt;
&lt;br /&gt;
===Copyright trolls===&lt;br /&gt;
Copyright Trolls are companies which exist purely to litigate against perceived copyright infringements, often using loopholes in copyright law and borderline standover/intimidation tactics to force their target into taking a plea deal.&lt;br /&gt;
&lt;br /&gt;
They have different tactics for organisations than they do for individuals. For individuals they can:&lt;br /&gt;
&lt;br /&gt;
*Monitor/scrape torrent tracker information.&lt;br /&gt;
*Monitor usenet posts.&lt;br /&gt;
*Monitor irc chat and honeypot dcc.&lt;br /&gt;
&lt;br /&gt;
Everything they access is publicly available. They have no more power than you do to monitor the internet. Some sites like http://mypiracy.net/ will show you what information you expose. If you don't see anything, it doesn't mean the trolls won't, but if you do, they can definitely see you.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Use a VPN.&lt;br /&gt;
*Use Tor, but not for torrenting as it only slows down the network for you and everyone else since your IP gets leaked anyway.&lt;br /&gt;
&lt;br /&gt;
===Local Law Enforcement Agencies (LEA)===&lt;br /&gt;
We're not talking about breaking the law here. If you want to be a criminal, you can fuck off.&lt;br /&gt;
&lt;br /&gt;
We're talking about attending a protest or running a Tor Exit Node or participating in any other legal activity (or even being targeted by mistake) where your equipment may be monitored or seized.&lt;br /&gt;
&lt;br /&gt;
Obviously laws are different in different countries and within different parts of the same country, but often local LEA can:&lt;br /&gt;
&lt;br /&gt;
*Seize your devices and keep them for extended periods.&lt;br /&gt;
*Request or [[Wikipedia:Key_disclosure_law |demand]] your passwords.&lt;br /&gt;
*Detain you.&lt;br /&gt;
*Request your metadata of &amp;quot;full take&amp;quot; data from your internet and cell phone service providers.&lt;br /&gt;
*Request your metadata or &amp;quot;full take&amp;quot; data from higher law enforcement.&lt;br /&gt;
*Question your friends/family/roommates/landlord/whoever.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Be polite.&lt;br /&gt;
*Speak to a lawyer for advice.&lt;br /&gt;
*Know your rights.&lt;br /&gt;
*Prepare yourself for attending a protest in the [https://ssd.eff.org/en/module/attending-protests-united-states US] or [https://ssd.eff.org/en/module/attending-protests-international elsewhere].&lt;br /&gt;
&lt;br /&gt;
===National Law Enforcement Agencies===&lt;br /&gt;
====Passive surveillance====&lt;br /&gt;
Passive surveillance, or dragnet surveillance, is where all internet data is scooped up without a particular target in mind. The NSA tapping into undersea cables and spying on Google's data center links are some examples of this.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Use end to end encryption wherever possible (e.g. email, web browsing, file transfer).&lt;br /&gt;
*Use an anonymizing network such as Tor.&lt;br /&gt;
&lt;br /&gt;
====Targeted attacks====&lt;br /&gt;
Hopefully you're never targeted/attacked by this level of LEA/Intelligence agency, but depending on your country, they may be able to:&lt;br /&gt;
&lt;br /&gt;
*Do everything local LEA can do.&lt;br /&gt;
*Sniff your network traffic, be it home WiFi or [[Wikipedia:Stingray_Phone_Tracker |cell network]].&lt;br /&gt;
*Attack your systems, perhaps with 0days (publicly unknown and unpatched vulnerabilities).&lt;br /&gt;
*Intercept your online tech purchases and bug them.&lt;br /&gt;
*Attack the systems of people you trust.&lt;br /&gt;
*Pay off people you trust.&lt;br /&gt;
*Detain you when entering/leaving their country.&lt;br /&gt;
*Threaten you with [[Wikipedia:Aaron_Swartz#Arrest_and_prosecution |lengthy prison sentences]].&lt;br /&gt;
*Stop you from revealing the attacks and stop others revealing to you that you're under attack.&lt;br /&gt;
*Use the extensive information about you recorded in government databases to guess your passwords.&lt;br /&gt;
*Secretly bug your house or install a keylogger on your computer.&lt;br /&gt;
*Remotely view what's on your monitor from an adjacent room by [http://www.erikyyy.de/tempest/ analyzing its EM field].&lt;br /&gt;
&lt;br /&gt;
And in extreme cases/countries:&lt;br /&gt;
&lt;br /&gt;
*Do whatever they want to you.&lt;br /&gt;
&lt;br /&gt;
In response you can:&lt;br /&gt;
&lt;br /&gt;
*Kid yourself.&lt;br /&gt;
*Use all of the above tactics combined.&lt;br /&gt;
*Buy your tech equipment anonymously in a bricks-and-mortar store using cash.&lt;br /&gt;
*Stay off the radar in the first place.&lt;br /&gt;
*Go completely off the grid, including internet. Minimize use of technology.&lt;br /&gt;
&lt;br /&gt;
==Practices by tool==&lt;br /&gt;
The first thing to look for in any security tool is, what is the password/data recovery method? If you lose your password, what are the ways in which it can be recovered?&lt;br /&gt;
&lt;br /&gt;
A real security tool will clearly say: If you lose your password, the data is gone and there is no way to get it back. If you can &amp;quot;recover the password&amp;quot;, a hacker can too. More importantly, if they can restore your access, that means they are able to give themselves access, which means all their employees, any government person who asks, and any criminal that infiltrates them (by social engineering or hacking) can now also get access to your account/data without even needing to get past the password!&lt;br /&gt;
&lt;br /&gt;
Beware especially systems that:&lt;br /&gt;
&lt;br /&gt;
*Email passwords (email can get hacked, their database of passwords can get exfiltrated and dictionary attacked or brute forced)&lt;br /&gt;
*Email password reset link (your email can get hacked)&lt;br /&gt;
*Have a secret question (very easy to guess just by searching online social media info)&lt;br /&gt;
*Allow recovery by booting from different OS/LiveCD (e.g. Windows user account password)&lt;br /&gt;
&lt;br /&gt;
===Password manager===&lt;br /&gt;
Don't use a cloud service. Even if encrypted, the database will be shuffled back and forth all over the internet constantly, and every time it's moving around, someone is saving a copy for later. If one day a vulnerability is discovered in encryption, what then?&lt;br /&gt;
&lt;br /&gt;
Enable both password and key file. Cracking the password is too easy with only password (unless you use a +6-word diceware). Gaining access is as easy as stealing your key if no password.&lt;br /&gt;
&lt;br /&gt;
==Practices by domain==&lt;br /&gt;
===Phone===&lt;br /&gt;
Phones are very insecure. Your phone is on you 24/7, and it is constantly being tracked by your cell provider because they always know which tower it's connected to. Your only options are:&lt;br /&gt;
&lt;br /&gt;
*Don't carry a phone, or carry it in a Faraday cage, or keep it in airplane mode - basically all things that defeat the point of having a mobile phone&lt;br /&gt;
*Accept that a lot of information on you is being gathered and make your peace with it&lt;br /&gt;
&lt;br /&gt;
There is no real way to defeat cell tracking.&lt;br /&gt;
&lt;br /&gt;
====Android====&lt;br /&gt;
&lt;br /&gt;
*Ideally, you should not use GApps and opt for F-droid instead&lt;br /&gt;
*Use [https://f-droid.org/repository/browse/?fdid=com.shadcat.secdroid SecDroid]&lt;br /&gt;
**Disables binaries that can be used as an attack vector like: SSH, SSHD, NC, Telnet and Ping&lt;br /&gt;
**Disallows installing apps via CLI/ADB, unless it is explicitly allowed&lt;br /&gt;
**Secures the TCP Stack using Systctl&lt;br /&gt;
*If you are on Marshmallow, using XPrivacy, or are using a custom ROM (that, plus Xposed with Xprivacy are your best bet) with built in permissions manager, make sure to fine-tune the permissions on a per-app basis to ensure minimal data leak;&lt;br /&gt;
*Use XPrivacy &amp;lt;sup&amp;gt;(requires Xposed)&amp;lt;/sup&amp;gt; if you can, since it not only allows you to manage permissions on a per-app basis, it also lets you feed an application with fake data to keep it running&lt;br /&gt;
*Manage your firewall with [https://f-droid.org/repository/browse/?fdid=dev.ukanth.ufirewall AFWall+], an iptables front-end with VPN support&lt;br /&gt;
*Use [https://guardianproject.info/wiki/Ostel CSSimple and OStel] as a replacement to the built-in calling apps&lt;br /&gt;
*Use [[DNSCrypt]] to encrypt DNS queries between the name server and yourself, to mitigate MITM attacks&lt;br /&gt;
*Patch your hosts file with [https://f-droid.org/repository/browse/?fdid=org.adaway AdAway] to avoid some unneeded third-party exposure, thereby reducing your online fingerprint&lt;br /&gt;
&lt;br /&gt;
{{Tip|The newer the phone model, the newer the Linux kernel that comes with it and thus, (potentially) fewer security exploits.}}&lt;br /&gt;
&lt;br /&gt;
==Laptop==&lt;br /&gt;
Light, portable, easy to recognize, good resale value - laptops are very high on a thief's list. That and the fact that you carry it everywhere means there's a high risk it will get stolen.&lt;br /&gt;
&lt;br /&gt;
*Always use full disk encryption. Losing a computer with a scrambled hard drive that cannot be opened is better than losing a computer and all your personal information.&lt;br /&gt;
*Set a password to your BIOS to deny boot access and write down the password somewhere safe, resetting it in case you forget it is not easy at all unlike with desktops.&lt;br /&gt;
*If you have a home computer, don't save on your laptop anything you believe you won't need on the go.&lt;br /&gt;
*Get a Kensington lock cable, even if it's fairly weak and easy to cut with the proper tools it will still discourage some nearby Tyrones. There are locks who use other ports too such as the VGA one.&lt;br /&gt;
*Keep your backpack with you at all times. &lt;br /&gt;
**Develop the reflex of opening your trunk to get your computer every time you leave your car. Even if you're just getting a pack of smokes at the 7-Eleven; thieves are literally that fast.&lt;br /&gt;
**Supermarkets will usually allow you to enter the premises with your backpack as long as you let the security staff know.&lt;br /&gt;
**Be particularly careful about software security on your laptop if you connect to a public Wi-Fi. You never know who's using and who runs your Starbucks' network. Always connect to a VPN as soon as you connect to public Wi-Fi (this will prevent sniffing and MITM attacks) and make sure all your software is up to date.&lt;br /&gt;
*Do not leave your laptop unattended anywhere—even for a second. &lt;br /&gt;
**If you are in a coffee shop and you get called for your shitty coffee, do not just leave the laptop there; a thief will just grab it and run away, and now you are an idiot standing there with a coffee.&lt;br /&gt;
**Do not leave your laptop sitting in a computer lab; Tyrone will take it.&lt;br /&gt;
**Do not trust other people to look after your stuff while you take a shit; people are stupid and you should never trust them with anything.&lt;br /&gt;
**There are team tactics thieves will use, such as distracting you over something stupid while thief #2 sneaks in and takes your stuff. Or thief #1 will steal something lesser off your table, you chase them while thief #2 casually takes your bag and laptop while you are distracted.&lt;br /&gt;
&lt;br /&gt;
Most of the software-related practices are recommended for desktops too.&lt;br /&gt;
&lt;br /&gt;
==Desktop==&lt;br /&gt;
Since desktops are commonly easy to open and fuck with their hardware, the cheapest way to keep one safe is to thoroughly lock your door, use encryption and set a password to your BIOS, hoping that the burglar doesn't know shit about computers or simply isn't interested at all in the contents of your PC.&lt;br /&gt;
 &lt;br /&gt;
If you're willing to spend money you can also:&lt;br /&gt;
&lt;br /&gt;
*Get a Kensington chassis lock or an adhesive desktop locking kit, which basically keeps your tower, monitor and other stuff from being stolen with a steel cable that links them all together. It can be cut with some effort though&lt;br /&gt;
*Buy a custom locked enclosure to completely deny access to the whole tower, keep in mind though that &amp;quot;customized&amp;quot; = &amp;quot;expensive as hell&amp;quot;&lt;br /&gt;
*Get an adhesive self-contained alarm, it requires a physical key to be armed/disarmed and it's linked to a cable that, if removed, sets off the alarm which sounds for hours, costs around 100 bucks&lt;br /&gt;
*Learn Arduino and make a homebuilt alarm with cameras and motion sensors&lt;br /&gt;
*Get a door like [https://www.youtube.com/watch?v=ET9SNXpeORY this one]for your office&lt;br /&gt;
&lt;br /&gt;
==Server==&lt;br /&gt;
&lt;br /&gt;
Having your own server secured in a data centre can be useful, but authorities can then raid the data centre and seize it, or bug it, or passively collect data through the data centre without you knowing.&lt;br /&gt;
&lt;br /&gt;
==CryptoLockers==&lt;br /&gt;
CryptoLockers are a reasonably new type of malware which encrypt files on your computer and demand a ransom (often bitcoin) to decrypt them. The ransom is usually fairly &amp;quot;reasonable&amp;quot; (sub $100) and a timer to destruction is included.&lt;br /&gt;
&lt;br /&gt;
To render cryptolockers useless, see [[Backups]].&lt;br /&gt;
&lt;br /&gt;
==Social Media/Web of communication==&lt;br /&gt;
Keeping away from unwanted connections on social media is basically impossible. Changing your name or profile picture and/or changing accounts doesn't work because you will end up connecting to the same friends and familiarity with your new identity.&lt;br /&gt;
&lt;br /&gt;
The block button is your best friend. Failing that, give up on social media. You won't convince all your friends to lock down their accounts so that you can't be found.&lt;br /&gt;
&lt;br /&gt;
If you can't give up social media so easily, because, like most of us, you're addicted, then you can at least take steps to mitigate your addiction and reduce your social media usage.&lt;br /&gt;
&lt;br /&gt;
*Find alternative sites to browse, or find another hobby like reading, or IRC for that social fix you crave.&lt;br /&gt;
*If you can, unfollow (note, this doesn't necessarily mean unfriend or disconnect, unless you want to do that) all of your friends so that you don't get updates in whatever &amp;quot;news feed&amp;quot; the social media provider gives you. Without that &amp;quot;news feed&amp;quot;, you'll find yourself needing to go back there less and less, instead using it only for messaging people.&lt;br /&gt;
*Replace your social media's web instant messenger with a custom client you can use, like Pidgin, Jitsi etc (see [[Recommended software]]). A lot of this software will allow you to connect directly to the social media's IM system, whether through an &amp;lt;s&amp;gt;XMPP proxy (like Facebook)&amp;lt;/s&amp;gt; [https://developers.facebook.com/docs/chat deprecated] or a software plugin (like Skype), so you don't have to log in to their website.&lt;br /&gt;
*Use a [[freedom|free]] alternative to mainstream social media, such as [[GNU Social]] for twitter, [[GNU FM]] for last.fm, and [[MediaGoblin]] for YouTube.&lt;br /&gt;
&lt;br /&gt;
==External links==&lt;br /&gt;
General resources:&lt;br /&gt;
&lt;br /&gt;
*http://reddit.com/r/netsec&lt;br /&gt;
*http://seclists.org/fulldisclosure/&lt;br /&gt;
*https://packetstormsecurity.com/files/&lt;br /&gt;
*https://www.exploit-db.com/&lt;br /&gt;
*http://radare.today/&lt;br /&gt;
*https://www.reviewsed.com/malwarebytes-vs-avast/&lt;br /&gt;
*https://hex-rays.com/products/ida/index.shtml&lt;br /&gt;
*http://phrack.org/&lt;br /&gt;
*https://www.alchemistowl.org/pocorgtfo/&lt;br /&gt;
*https://www.vpnranks.com/torrent-vpn/&lt;br /&gt;
*https://codup.co/wordpress-security-guide/&lt;br /&gt;
*https://www.bestvpnprovider.com/bypass-isp-throttling/&lt;br /&gt;
*https://www.techlectual.com/mcafee-vs-avast/&lt;br /&gt;
*https://www.knowtechmag.com/paid-antivirus-vs-free-antivirus/&lt;br /&gt;
&lt;br /&gt;
Cool &amp;quot;shit&amp;quot; :&lt;br /&gt;
&lt;br /&gt;
*https://github.com/taviso/dbusmap&lt;br /&gt;
*http://lcamtuf.coredump.cx/afl/&lt;br /&gt;
*https://github.com/stealth/troubleshooter&lt;br /&gt;
*https://grsecurity.net/&lt;br /&gt;
*https://www.qubes-os.org/&lt;br /&gt;
&lt;br /&gt;
==See also==&lt;br /&gt;
&lt;br /&gt;
*[https://wiki.tbpindustries.com/index.php?title=Anonymizing_yourself Anonymizing Yourself ]&lt;br /&gt;
*[[Encryption]]&lt;br /&gt;
&lt;br /&gt;
[[Category:HowTo]]&lt;br /&gt;
[[Category:Security]]&lt;br /&gt;
[[Category:Recommendations]]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=344</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=344"/>
		<updated>2023-04-12T22:03:05Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
&lt;br /&gt;
There is a [https://tbpchan.cz/canary.txt warrant canary.]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=343</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=343"/>
		<updated>2023-04-12T22:02:19Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
&lt;br /&gt;
There is a [https://tbpchan.cz/canary.txt warrant canary]. It is updated sometimes.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=342</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=342"/>
		<updated>2023-04-12T22:02:04Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
&lt;br /&gt;
There is a [https://tbpchan.cz/canary.txt warrant canary] and is updated sometimes.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Android&amp;diff=341</id>
		<title>Android</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Android&amp;diff=341"/>
		<updated>2023-04-10T14:21:19Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;{{DISPLAYTITLE:Android}} The awk utility shall execute programs written in the awk programming language, which is specialized for textual data manipulation. An awk program is...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{DISPLAYTITLE:Android}}&lt;br /&gt;
The awk utility shall execute programs written in the awk programming language, which is specialized for textual data manipulation. An awk program is a sequence of patterns and corresponding actions. When input is read that matches a pattern, the action associated with that pattern is carried out.&lt;br /&gt;
&lt;br /&gt;
Input shall be interpreted as a sequence of records. By default, a record is a line, less its terminating &amp;lt;newline&amp;gt;, but this can be changed by using the RS built-in variable. Each record of input shall be matched in turn against each pattern in the program. For each pattern matched, the associated action shall be executed.&lt;br /&gt;
&lt;br /&gt;
The awk utility shall interpret each input record as a sequence of fields where, by default, a field is a string of non-&amp;lt;blank&amp;gt; non-&amp;lt;newline&amp;gt; characters. This default &amp;lt;blank&amp;gt; and &amp;lt;newline&amp;gt; field delimiter can be changed by using the FS built-in variable or the −F sepstring option. The awk utility shall denote the first field in a record $1, the second $2, and so on. The symbol $0 shall refer to the entire record; setting any other field causes the re-evaluation of $0. Assigning to $0 shall reset the values of all other fields and the NF built-in variable.&lt;br /&gt;
&lt;br /&gt;
=Magisk=&lt;br /&gt;
The following will remove all Magisk modules in case there is a bootloop after installing and enabling a new module. This assumes Magisk is already installed and ADB is enabled. Reboot the phone, plug it into your PC and run the following and wait.&lt;br /&gt;
&lt;br /&gt;
    adb wait-for-device shell magisk --remove-modules&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=340</id>
		<title>FreeBSD</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=340"/>
		<updated>2023-03-27T14:13:01Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;FreeBSD&amp;lt;/strong&amp;gt;&lt;br /&gt;
[[File:FreeBSD Logo.png|thumb]]&lt;br /&gt;
FreeBSD is a free and open-source Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). FreeBSD is a direct descendant of BSD of which was historically called &amp;quot;BSD Unix&amp;quot; or &amp;quot;Berkeley Unix&amp;quot; (in violation of the UNIX trademark). The first version of FreeBSD was released in 1993 and, as of 2005, FreeBSD was the most widely used open-source BSD operating system, accounting for more than three-quarters of all installed BSD systems.&lt;br /&gt;
&lt;br /&gt;
FreeBSD shares similarities with Linux but has two major differences in scope and licensing; FreeBSD maintains a complete system, i.e. the project delivers a kernel, device drivers, userland utilities, and documentation, as opposed to Linux only delivering a kernel, drivers, and relying upon third-parties for system software. FreeBSD source code is generally released under a permissive BSD license, as opposed to the copyleft GPL used by Linux.&lt;br /&gt;
&lt;br /&gt;
The FreeBSD project includes a security team overseeing all software shipped in the base distribution. A wide range of additional third-party applications may be installed using the pkg package management system, FreeBSD Ports, or by compiling source code.&lt;br /&gt;
&lt;br /&gt;
Due to its licensing, much of FreeBSD's codebase has become an integral part of other operating systems, such as Apple's Darwin (the basis for macOS, iOS, watchOS, and tvOS), the open-source NAS/SAN operating system FreeNAS, the Nintendo Switch system software, and the system software for Sony's PlayStation 3 and PlayStation 4.&lt;br /&gt;
&lt;br /&gt;
=Pools=&lt;br /&gt;
To list pools:&lt;br /&gt;
    zpool import&lt;br /&gt;
To import a pool:&lt;br /&gt;
    zpool import POOLNAME&lt;br /&gt;
This pool has to be mounted manually if moved from another system. &lt;br /&gt;
    zfs set mountpoint=/mnt/dirname poolname&lt;br /&gt;
    zfs mount -a&lt;br /&gt;
&lt;br /&gt;
=Attach a mirror to existing hard drive in FreeBSD/FreeNAS=&lt;br /&gt;
Let's assume ada0 is your existing disk, ada1 is the new one, tank is the pool name.&lt;br /&gt;
    gpart create -s gpt /dev/ada1&lt;br /&gt;
    gpart add -i 1 -b 128 -t freebsd-swap -s 2g /dev/ada1&lt;br /&gt;
    gpart add -i 2 -t freebsd-zfs /dev/ada1&lt;br /&gt;
* Run &amp;lt;code&amp;gt;zpool status&amp;lt;/code&amp;gt; and note the gptid of the existing disk&lt;br /&gt;
* Run &amp;lt;code&amp;gt;glabel status&amp;lt;/code&amp;gt; and find the gptid of the newly created partition. It is the gptid associated with ada1p2.&lt;br /&gt;
    zpool attach tank /dev/gptid/[gptid_of_the_existing_disk] /dev/gptid/[gptid_of_the_new_partition]&lt;br /&gt;
&lt;br /&gt;
It may take a while to resilver your drive after this - you will not have access to it whilst this is running. &lt;br /&gt;
&lt;br /&gt;
=Encryption=&lt;br /&gt;
Unlock Geli-encrypted ZFS Volume:&lt;br /&gt;
    geli attach -k [geli_key_file] [dev_to_unlock]&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
    geli attach -k /data/geli/geli.key /dev/ada0p2&lt;br /&gt;
To import the pool, see [https://wiki.tbpindustries.com/index.php?title=FreeBSD#Pools Pools]&lt;br /&gt;
&lt;br /&gt;
=Iocage/Warden Jails=&lt;br /&gt;
To migrate jails from one pool to another:&lt;br /&gt;
&lt;br /&gt;
    zfs snapshot -r poolname/jails@relocate&lt;br /&gt;
    zfs send -R poolname/jails@relocate | zfs receive -vF newpool/jails&lt;br /&gt;
&lt;br /&gt;
To migrate a jail from one computer to another:&lt;br /&gt;
&lt;br /&gt;
    iocage stop jailname&lt;br /&gt;
    iocage export jailname&lt;br /&gt;
&lt;br /&gt;
Exporting jails will create a zip file &amp;quot;jail_name_date.zip&amp;quot; inside &amp;quot;/mnt/iocage/images/&amp;quot;. &lt;br /&gt;
To import these backups, copy the exported backup files into &amp;quot;/mnt/iocage/images/&amp;quot; and then restore: &lt;br /&gt;
&lt;br /&gt;
    iocage import jailname_name_date.zip&lt;br /&gt;
&lt;br /&gt;
If iocage gives trouble, use the jail name instead:&lt;br /&gt;
&lt;br /&gt;
        iocage import jailname&lt;br /&gt;
&lt;br /&gt;
Change iocage pool location:&lt;br /&gt;
&lt;br /&gt;
     iocage activate NEWPOOLNAME&lt;br /&gt;
&lt;br /&gt;
To clone jail1 to jail2, run:&lt;br /&gt;
&lt;br /&gt;
    iocage clone jail1 --name jail2&lt;br /&gt;
&lt;br /&gt;
Manual import of a jail:&lt;br /&gt;
    zfs create zpool1/iocage/jails/jail1&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1 &amp;lt; jail1_2020-10-24&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/data &amp;lt; jail1_2020-10-24_data&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/root &amp;lt; jail1_2020-10-24_root&lt;br /&gt;
&lt;br /&gt;
Automatically stop, make an export backup, and start all available iocage jails in a for loop into zpool1/iocage/images:&lt;br /&gt;
    for i in $(iocage list |awk '{print $4}' |grep -vi name|awk NF); do iocage stop $i &amp;amp;&amp;amp; iocage export $i &amp;amp;&amp;amp; iocage start $i; done&lt;br /&gt;
&lt;br /&gt;
=Iohyve PCI passthrough=&lt;br /&gt;
The following is how to get Iohyve PCI passthrough working in FreeNAS with pfsense. &lt;br /&gt;
&lt;br /&gt;
Get the PCI addresses for the ethernet card.&lt;br /&gt;
&lt;br /&gt;
    pciconf -lv&lt;br /&gt;
&lt;br /&gt;
Find the PCI addresses for the ethernet card. A multi-port card will have several. You will need them for the pptdev2 tunable in a x/y/z format. This example is for two ethernet ports with PCI addresses x1/y1/z1 and x2/y2/z2.&lt;br /&gt;
&lt;br /&gt;
Go to System &amp;gt; Tunables and configure the following options to enable iohyve and PCI passthrough. pptdevs2  is used because regular pptdevs did not work so it depends on the setup. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Variable | Value | Type&lt;br /&gt;
&lt;br /&gt;
iohyve_enable | YES | rc&lt;br /&gt;
&lt;br /&gt;
iohyve_flags | kmod=1 net=&amp;lt;eth0,eth1&amp;gt; | rc&lt;br /&gt;
&lt;br /&gt;
pptdevs2 | x1/y1/z1 x2/y2/z2 | loader&lt;br /&gt;
&lt;br /&gt;
vmm_load | YES | loader&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Configure the virtual machine using iohyve within terminal: &lt;br /&gt;
&lt;br /&gt;
    iohyve setup pool=(pool name)&lt;br /&gt;
&lt;br /&gt;
    iohyve create pfsense 8G&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense ram=2048mb&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense cpu=2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:7=passthru,x1/y1/z1&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:8=passthru,x2/y2/z2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense os=pfsense&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense bargs=&amp;quot;-S -A -H -P&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Some have to dd the image to the zvol. It can be installed any other way so long as it boots properly. Make sure the paths and files are correct. You can disregard the following if you are able to boot using other methods. &lt;br /&gt;
&lt;br /&gt;
    iohyve fetch https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    zfs rename zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img&lt;br /&gt;
&lt;br /&gt;
    cd /iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/&lt;br /&gt;
&lt;br /&gt;
    gunzip pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    dd if=/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img of=/dev/zvol/zeus/iohyve/pfsense/disk0 bs=1m&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Start the VM&lt;br /&gt;
&lt;br /&gt;
    iohyve start pfsense&lt;br /&gt;
&lt;br /&gt;
In another shell session, connect to the console to perform the installation.&lt;br /&gt;
&lt;br /&gt;
    iohyve console pfsense&lt;br /&gt;
&lt;br /&gt;
Set it to automatically boot.&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense boot=1&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Here are some good resources to use for this in case this doesn't work: &lt;br /&gt;
&lt;br /&gt;
https://murf.se/2016/01/05/iohyve-and-pci-passthru.html&lt;br /&gt;
&lt;br /&gt;
Iohyve manual man page&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Manual&lt;br /&gt;
&lt;br /&gt;
Iohyve wiki&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki&lt;br /&gt;
&lt;br /&gt;
USB passthrough example&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/USB-3.0-PCI-Controller-Pass-through&lt;br /&gt;
&lt;br /&gt;
CentOS useful for tunables for FreeNAS&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=Limiting Jail Resources with RCTL=&lt;br /&gt;
Here is how you limit the amount of RAM or CPU each jail can have. &lt;br /&gt;
A&lt;br /&gt;
dd the following line to /boot/loader.conf:&lt;br /&gt;
&lt;br /&gt;
    kern.racct.enable=&amp;quot;1&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Reboot to activate.&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain CPU usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:pcpu:deny=75&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain virtual and physical RAM usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:vmemoryuse:deny=512M&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:memoryuse:deny=1024M&lt;br /&gt;
&lt;br /&gt;
To view the currently applied limits:&lt;br /&gt;
&lt;br /&gt;
    rctl&lt;br /&gt;
&lt;br /&gt;
To view the resources used by a jail:&lt;br /&gt;
&lt;br /&gt;
    rctl -u jail:JAILNAME&lt;br /&gt;
&lt;br /&gt;
=Install Ubuntu Linux 20.04 LTS in vm-bhyve=&lt;br /&gt;
[[Category:Linux]]&lt;br /&gt;
[[Category:FreeBSD]]&lt;br /&gt;
&lt;br /&gt;
== Introduction ==&lt;br /&gt;
This guide is how to install [https://ubuntu.com Ubuntu] in [https://github.com/churchers/vm-bhyve vm-bhyve].&lt;br /&gt;
&lt;br /&gt;
== Install ==&lt;br /&gt;
&lt;br /&gt;
    pkg install vm-bhyve qemu-tools cdrkit-genisoimage&lt;br /&gt;
    pkg install grub2-bhyve bhyve-firmware&lt;br /&gt;
&lt;br /&gt;
=== Configure Install ===&lt;br /&gt;
&lt;br /&gt;
    zfs create -o mountpoint=/vm tank1/vm&lt;br /&gt;
    cp /usr/local/share/examples/vm-bhyve/* /vm/.templates/&lt;br /&gt;
&lt;br /&gt;
Add this to rc.conf:&lt;br /&gt;
&lt;br /&gt;
    vm_enable=&amp;quot;YES&amp;quot;&lt;br /&gt;
    vm_dir=&amp;quot;zfs:tank1/vm&amp;quot;0&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Then run:&lt;br /&gt;
&lt;br /&gt;
    vm init&lt;br /&gt;
&lt;br /&gt;
=== Configure networking ===&lt;br /&gt;
&lt;br /&gt;
    vm switch create public&lt;br /&gt;
    vm switch add public eth0&lt;br /&gt;
&lt;br /&gt;
If this does not work, use the following:&lt;br /&gt;
&lt;br /&gt;
    vm switch create -t manual -b bridge0 public&lt;br /&gt;
&lt;br /&gt;
== Fetch image ==&lt;br /&gt;
&lt;br /&gt;
Download the [https://cloud-init.io | Cloud Init] image:&lt;br /&gt;
&lt;br /&gt;
 vm img http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img&lt;br /&gt;
&lt;br /&gt;
== Resize the disk ==&lt;br /&gt;
Resize to desired &lt;br /&gt;
&lt;br /&gt;
    qemu-img resize  /tank/bhyve/.img/focal-server-cloudimg-amd64.img +20G&lt;br /&gt;
&lt;br /&gt;
== Create the VM ==&lt;br /&gt;
&lt;br /&gt;
 vm create -c 8 -m 16G -t ubuntu -i focal-server-cloudimg-amd64.img -C -k ~/.ssh/id_rsa.pub ubuntu&lt;br /&gt;
&lt;br /&gt;
To change the number of CPUs, change &amp;quot;-c 8&amp;quot; to desired. Value &amp;quot;-m 16G&amp;quot; is for RAM. A maximum of 16 vCPUs is currently supported in bhyve.&lt;br /&gt;
&lt;br /&gt;
== Start the VM ==&lt;br /&gt;
&lt;br /&gt;
    vm start ubuntu&lt;br /&gt;
&lt;br /&gt;
== Log-in ==&lt;br /&gt;
&lt;br /&gt;
Determine the IP address and ssh to the vm:&lt;br /&gt;
&lt;br /&gt;
    ssh ubuntu@192.168.0.10&lt;br /&gt;
&lt;br /&gt;
vm-bhyve doesn't have any way of showing the actual IP so you need to search the DHCP logs or use nmap.&lt;br /&gt;
&lt;br /&gt;
== Set hostname ==&lt;br /&gt;
&lt;br /&gt;
    hostnamectl set-hostname ubuntu.vmhostname&lt;br /&gt;
    reboot&lt;br /&gt;
&lt;br /&gt;
== Package management ==&lt;br /&gt;
&lt;br /&gt;
=== Do not install recommended and suggested packages ===&lt;br /&gt;
&lt;br /&gt;
    cat &amp;lt;&amp;lt;EOT &amp;gt;/etc/apt/apt.conf.d/61norecommends&lt;br /&gt;
    APT::Install-Recommends &amp;quot;false&amp;quot;;&lt;br /&gt;
    APT::Install-Suggests &amp;quot;false&amp;quot;; &lt;br /&gt;
    EOT&lt;br /&gt;
&lt;br /&gt;
== Update the software ==&lt;br /&gt;
&lt;br /&gt;
    apt update &amp;amp;&amp;amp; apt -y upgrade&lt;br /&gt;
    reboot&lt;br /&gt;
&lt;br /&gt;
== Enable autostart ==&lt;br /&gt;
&lt;br /&gt;
Make sure the VM is listed in &amp;lt;code&amp;gt;vm_list&amp;lt;/code&amp;gt; in &amp;lt;code&amp;gt;/etc/rc.conf&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
 vm_list=&amp;quot;ubuntu vm1 vm2 ...&amp;quot;&lt;br /&gt;
&lt;br /&gt;
=Resize a root disk=&lt;br /&gt;
Reboot into single user. This is assuming that da0 is the root drive and da0p2 is the root partition. &lt;br /&gt;
&lt;br /&gt;
    gpart recover da0&lt;br /&gt;
    gpart resize -i 2 da0&lt;br /&gt;
    zpool online -e zroot da0p2&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
= References =&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/churchers/vm-bhyve vm-bhyve | Management system for FreeBSD bhyve virtual machines]&lt;br /&gt;
* [https://www.freebsd.org/cgi/man.cgi?query=vm&amp;amp;sektion=8&amp;amp;manpath=freebsd-release-ports vm(8)]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=339</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=339"/>
		<updated>2023-03-20T20:21:59Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;br /&gt;
&lt;br /&gt;
=Use NFS for Persistent Volumes=&lt;br /&gt;
Provision NFS mounts as Kubernetes Persistent Volumes on MicroK8s.&lt;br /&gt;
&lt;br /&gt;
==NFS server==&lt;br /&gt;
Either use a current NFS server or install a NFS server. The following is how to install to Ubuntu:&lt;br /&gt;
    apt install nfs-kernel-server&lt;br /&gt;
Directory /srv/nfs is the share folder.&lt;br /&gt;
    mkdir -p /srv/nfs&lt;br /&gt;
    chown nobody:nogroup /srv/nfs&lt;br /&gt;
    chmod 0777 /srv/nfs&lt;br /&gt;
Edit the /etc/exports. The following will allow all IP addresses in the 10.0.0.0/24 subnet:&lt;br /&gt;
    /srv/nfs 10.0.0.0/24(rw,sync,no_subtree_check)&lt;br /&gt;
Restart the NFS server: &lt;br /&gt;
    systemctl restart nfs-kernel-server&lt;br /&gt;
&lt;br /&gt;
==Install the CSI driver for NFS==&lt;br /&gt;
Enable the Helm3 addon (if not already enabled) and add the repository for the NFS CSI driver:&lt;br /&gt;
    microk8s enable helm3&lt;br /&gt;
    microk8s helm3 repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts&lt;br /&gt;
    microk8s helm3 repo update&lt;br /&gt;
This will install the Helm chart under the kube-system namespace:&lt;br /&gt;
    microk8s helm3 install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet&lt;br /&gt;
After deploying the Helm chart, wait for the CSI controller and node pods to come up using the following kubectl command:&lt;br /&gt;
    microk8s kubectl wait pod --selector app.kubernetes.io/name=csi-driver-nfs --for condition=ready --namespace kube-system&lt;br /&gt;
If successful, you will see &amp;quot;condition met&amp;quot;. &lt;br /&gt;
List the available CSI drivers in the Kubernetes cluster:&lt;br /&gt;
    microk8s kubectl get csidrivers&lt;br /&gt;
==Create a StorageClass for NFS==&lt;br /&gt;
This creates a Kubernetes Storage Class which uses the nfs.csi.k8s.io CSI driver. Create the following file sc-nfs.yaml and change 10.0.0.42 to the NFS server:&lt;br /&gt;
&lt;br /&gt;
    apiVersion: storage.k8s.io/v1&lt;br /&gt;
    kind: StorageClass&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: nfs-csi&lt;br /&gt;
    provisioner: nfs.csi.k8s.io&lt;br /&gt;
    parameters:&lt;br /&gt;
      server: 10.0.0.42&lt;br /&gt;
      share: /srv/nfs&lt;br /&gt;
    reclaimPolicy: Delete&lt;br /&gt;
    volumeBindingMode: Immediate&lt;br /&gt;
    mountOptions:&lt;br /&gt;
      - hard&lt;br /&gt;
      - nfsvers=4.1&lt;br /&gt;
Apply it on the MicroK8s cluster:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; sc-nfs.yaml&lt;br /&gt;
&lt;br /&gt;
The final step is to create a new 5gb PersistentVolumeClaim using the nfs-csi storage class. This is as simple as specifying storageClassName as nfs-csi in the PVC definition within the file pvc-nfs.yaml:&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolumeClaim&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: my-pvc&lt;br /&gt;
    spec:&lt;br /&gt;
      storageClassName: nfs-csi&lt;br /&gt;
      accessModes: [ReadWriteOnce]&lt;br /&gt;
      resources:&lt;br /&gt;
        requests:&lt;br /&gt;
          storage: 5Gi&lt;br /&gt;
Then create the PVC with:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; pvc-nfs.yaml&lt;br /&gt;
Check the PVC configuration: &lt;br /&gt;
    microk8s kubectl describe pvc my-pvc&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* [https://microk8s.io/docs/nfs Microk8s Documentation | Use NFS for Persistent Volumes]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=338</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=338"/>
		<updated>2023-03-20T20:21:28Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;br /&gt;
&lt;br /&gt;
=Use NFS for Persistent Volumes=&lt;br /&gt;
Provision NFS mounts as Kubernetes Persistent Volumes on MicroK8s.&lt;br /&gt;
&lt;br /&gt;
==NFS server==&lt;br /&gt;
Either use a current NFS server or install a NFS server. The following is how to install to Ubuntu:&lt;br /&gt;
    apt install nfs-kernel-server&lt;br /&gt;
Directory /srv/nfs is the share folder.&lt;br /&gt;
    mkdir -p /srv/nfs&lt;br /&gt;
    chown nobody:nogroup /srv/nfs&lt;br /&gt;
    chmod 0777 /srv/nfs&lt;br /&gt;
Edit the /etc/exports. The following will allow all IP addresses in the 10.0.0.0/24 subnet:&lt;br /&gt;
    /srv/nfs 10.0.0.0/24(rw,sync,no_subtree_check)&lt;br /&gt;
Restart the NFS server: &lt;br /&gt;
    systemctl restart nfs-kernel-server&lt;br /&gt;
&lt;br /&gt;
==Install the CSI driver for NFS==&lt;br /&gt;
Enable the Helm3 addon (if not already enabled) and add the repository for the NFS CSI driver:&lt;br /&gt;
    microk8s enable helm3&lt;br /&gt;
    microk8s helm3 repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts&lt;br /&gt;
    microk8s helm3 repo update&lt;br /&gt;
This will install the Helm chart under the kube-system namespace:&lt;br /&gt;
    microk8s helm3 install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet&lt;br /&gt;
After deploying the Helm chart, wait for the CSI controller and node pods to come up using the following kubectl command:&lt;br /&gt;
    microk8s kubectl wait pod --selector app.kubernetes.io/name=csi-driver-nfs --for condition=ready --namespace kube-system&lt;br /&gt;
If successful, you will see &amp;quot;condition met&amp;quot;. &lt;br /&gt;
List the available CSI drivers in the Kubernetes cluster:&lt;br /&gt;
    microk8s kubectl get csidrivers&lt;br /&gt;
==Create a StorageClass for NFS==&lt;br /&gt;
This creates a Kubernetes Storage Class which uses the nfs.csi.k8s.io CSI driver. Create the following file sc-nfs.yaml and change 10.0.0.42 to the NFS server:&lt;br /&gt;
&lt;br /&gt;
    apiVersion: storage.k8s.io/v1&lt;br /&gt;
    kind: StorageClass&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: nfs-csi&lt;br /&gt;
    provisioner: nfs.csi.k8s.io&lt;br /&gt;
    parameters:&lt;br /&gt;
      server: 10.0.0.42&lt;br /&gt;
      share: /srv/nfs&lt;br /&gt;
    reclaimPolicy: Delete&lt;br /&gt;
    volumeBindingMode: Immediate&lt;br /&gt;
    mountOptions:&lt;br /&gt;
      - hard&lt;br /&gt;
      - nfsvers=4.1&lt;br /&gt;
Apply it on the MicroK8s cluster:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; sc-nfs.yaml&lt;br /&gt;
&lt;br /&gt;
The final step is to create a new 5gb PersistentVolumeClaim using the nfs-csi storage class. This is as simple as specifying storageClassName as nfs-csi in the PVC definition within the file pvc-nfs.yaml:&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolumeClaim&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: my-pvc&lt;br /&gt;
    spec:&lt;br /&gt;
      storageClassName: nfs-csi&lt;br /&gt;
      accessModes: [ReadWriteOnce]&lt;br /&gt;
      resources:&lt;br /&gt;
        requests:&lt;br /&gt;
          storage: 5Gi&lt;br /&gt;
Then create the PVC with:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; pvc-nfs.yaml&lt;br /&gt;
Check the PVC configuration: &lt;br /&gt;
    microk8s kubectl describe pvc my-pvc&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* [https://microk8s.io/docs/nfs Use NFS for Persistent Volumes]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=337</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=337"/>
		<updated>2023-03-20T20:19:43Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;br /&gt;
&lt;br /&gt;
=Use NFS for Persistent Volumes=&lt;br /&gt;
Provision NFS mounts as Kubernetes Persistent Volumes on MicroK8s.&lt;br /&gt;
&lt;br /&gt;
==NFS server==&lt;br /&gt;
Either use a current NFS server or install a NFS server. The following is how to install to Ubuntu:&lt;br /&gt;
    apt install nfs-kernel-server&lt;br /&gt;
Directory /srv/nfs is the share folder.&lt;br /&gt;
    mkdir -p /srv/nfs&lt;br /&gt;
    chown nobody:nogroup /srv/nfs&lt;br /&gt;
    chmod 0777 /srv/nfs&lt;br /&gt;
Edit the /etc/exports. The following will allow all IP addresses in the 10.0.0.0/24 subnet:&lt;br /&gt;
    /srv/nfs 10.0.0.0/24(rw,sync,no_subtree_check)&lt;br /&gt;
Restart the NFS server: &lt;br /&gt;
    systemctl restart nfs-kernel-server&lt;br /&gt;
&lt;br /&gt;
==Install the CSI driver for NFS==&lt;br /&gt;
Enable the Helm3 addon (if not already enabled) and add the repository for the NFS CSI driver:&lt;br /&gt;
    microk8s enable helm3&lt;br /&gt;
    microk8s helm3 repo add csi-driver-nfs https://raw.githubusercontent.com/kubernetes-csi/csi-driver-nfs/master/charts&lt;br /&gt;
    microk8s helm3 repo update&lt;br /&gt;
This will install the Helm chart under the kube-system namespace:&lt;br /&gt;
    microk8s helm3 install csi-driver-nfs csi-driver-nfs/csi-driver-nfs --namespace kube-system --set kubeletDir=/var/snap/microk8s/common/var/lib/kubelet&lt;br /&gt;
After deploying the Helm chart, wait for the CSI controller and node pods to come up using the following kubectl command:&lt;br /&gt;
    microk8s kubectl wait pod --selector app.kubernetes.io/name=csi-driver-nfs --for condition=ready --namespace kube-system&lt;br /&gt;
If successful, you will see &amp;quot;condition met&amp;quot;. &lt;br /&gt;
List the available CSI drivers in the Kubernetes cluster:&lt;br /&gt;
    microk8s kubectl get csidrivers&lt;br /&gt;
==Create a StorageClass for NFS==&lt;br /&gt;
This creates a Kubernetes Storage Class which uses the nfs.csi.k8s.io CSI driver. Create the following file sc-nfs.yaml and change 10.0.0.42 to the NFS server:&lt;br /&gt;
&lt;br /&gt;
    apiVersion: storage.k8s.io/v1&lt;br /&gt;
    kind: StorageClass&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: nfs-csi&lt;br /&gt;
    provisioner: nfs.csi.k8s.io&lt;br /&gt;
    parameters:&lt;br /&gt;
      server: 10.0.0.42&lt;br /&gt;
      share: /srv/nfs&lt;br /&gt;
    reclaimPolicy: Delete&lt;br /&gt;
    volumeBindingMode: Immediate&lt;br /&gt;
    mountOptions:&lt;br /&gt;
      - hard&lt;br /&gt;
      - nfsvers=4.1&lt;br /&gt;
Apply it on the MicroK8s cluster:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; sc-nfs.yaml&lt;br /&gt;
&lt;br /&gt;
The final step is to create a new 5gb PersistentVolumeClaim using the nfs-csi storage class. This is as simple as specifying storageClassName as nfs-csi in the PVC definition within the file pvc-nfs.yaml:&lt;br /&gt;
    apiVersion: v1&lt;br /&gt;
    kind: PersistentVolumeClaim&lt;br /&gt;
    metadata:&lt;br /&gt;
      name: my-pvc&lt;br /&gt;
    spec:&lt;br /&gt;
      storageClassName: nfs-csi&lt;br /&gt;
      accessModes: [ReadWriteOnce]&lt;br /&gt;
      resources:&lt;br /&gt;
        requests:&lt;br /&gt;
          storage: 5Gi&lt;br /&gt;
Then create the PVC with:&lt;br /&gt;
    microk8s kubectl apply -f - &amp;lt; pvc-nfs.yaml&lt;br /&gt;
Check the PVC configuration: &lt;br /&gt;
    microk8s kubectl describe pvc my-pvc&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=336</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=336"/>
		<updated>2023-03-16T16:42:50Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Install Kubernetes to Ubuntu */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=335</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=335"/>
		<updated>2023-03-16T15:59:32Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Install Kubernetes to Ubuntu */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress metallb metrics-server observability&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=334</id>
		<title>FreeBSD</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=334"/>
		<updated>2023-03-13T20:14:12Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;FreeBSD&amp;lt;/strong&amp;gt;&lt;br /&gt;
[[File:FreeBSD Logo.png|thumb]]&lt;br /&gt;
FreeBSD is a free and open-source Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). FreeBSD is a direct descendant of BSD of which was historically called &amp;quot;BSD Unix&amp;quot; or &amp;quot;Berkeley Unix&amp;quot; (in violation of the UNIX trademark). The first version of FreeBSD was released in 1993 and, as of 2005, FreeBSD was the most widely used open-source BSD operating system, accounting for more than three-quarters of all installed BSD systems.&lt;br /&gt;
&lt;br /&gt;
FreeBSD shares similarities with Linux but has two major differences in scope and licensing; FreeBSD maintains a complete system, i.e. the project delivers a kernel, device drivers, userland utilities, and documentation, as opposed to Linux only delivering a kernel, drivers, and relying upon third-parties for system software. FreeBSD source code is generally released under a permissive BSD license, as opposed to the copyleft GPL used by Linux.&lt;br /&gt;
&lt;br /&gt;
The FreeBSD project includes a security team overseeing all software shipped in the base distribution. A wide range of additional third-party applications may be installed using the pkg package management system, FreeBSD Ports, or by compiling source code.&lt;br /&gt;
&lt;br /&gt;
Due to its licensing, much of FreeBSD's codebase has become an integral part of other operating systems, such as Apple's Darwin (the basis for macOS, iOS, watchOS, and tvOS), the open-source NAS/SAN operating system FreeNAS, the Nintendo Switch system software, and the system software for Sony's PlayStation 3 and PlayStation 4.&lt;br /&gt;
&lt;br /&gt;
=Pools=&lt;br /&gt;
To list pools:&lt;br /&gt;
    zpool import&lt;br /&gt;
To import a pool:&lt;br /&gt;
    zpool import POOLNAME&lt;br /&gt;
This pool has to be mounted manually if moved from another system. &lt;br /&gt;
    zfs set mountpoint=/mnt/dirname poolname&lt;br /&gt;
    zfs mount -a&lt;br /&gt;
&lt;br /&gt;
=Attach a mirror to existing hard drive in FreeBSD/FreeNAS=&lt;br /&gt;
Let's assume ada0 is your existing disk, ada1 is the new one, tank is the pool name.&lt;br /&gt;
    gpart create -s gpt /dev/ada1&lt;br /&gt;
    gpart add -i 1 -b 128 -t freebsd-swap -s 2g /dev/ada1&lt;br /&gt;
    gpart add -i 2 -t freebsd-zfs /dev/ada1&lt;br /&gt;
* Run &amp;lt;code&amp;gt;zpool status&amp;lt;/code&amp;gt; and note the gptid of the existing disk&lt;br /&gt;
* Run &amp;lt;code&amp;gt;glabel status&amp;lt;/code&amp;gt; and find the gptid of the newly created partition. It is the gptid associated with ada1p2.&lt;br /&gt;
    zpool attach tank /dev/gptid/[gptid_of_the_existing_disk] /dev/gptid/[gptid_of_the_new_partition]&lt;br /&gt;
&lt;br /&gt;
It may take a while to resilver your drive after this - you will not have access to it whilst this is running. &lt;br /&gt;
&lt;br /&gt;
=Encryption=&lt;br /&gt;
Unlock Geli-encrypted ZFS Volume:&lt;br /&gt;
    geli attach -k [geli_key_file] [dev_to_unlock]&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
    geli attach -k /data/geli/geli.key /dev/ada0p2&lt;br /&gt;
To import the pool, see [https://wiki.tbpindustries.com/index.php?title=FreeBSD#Pools Pools]&lt;br /&gt;
&lt;br /&gt;
=Iocage/Warden Jails=&lt;br /&gt;
To migrate jails from one pool to another:&lt;br /&gt;
&lt;br /&gt;
    zfs snapshot -r poolname/jails@relocate&lt;br /&gt;
    zfs send -R poolname/jails@relocate | zfs receive -vF newpool/jails&lt;br /&gt;
&lt;br /&gt;
To migrate a jail from one computer to another:&lt;br /&gt;
&lt;br /&gt;
    iocage stop jailname&lt;br /&gt;
    iocage export jailname&lt;br /&gt;
&lt;br /&gt;
Exporting jails will create a zip file &amp;quot;jail_name_date.zip&amp;quot; inside &amp;quot;/mnt/iocage/images/&amp;quot;. &lt;br /&gt;
To import these backups, copy the exported backup files into &amp;quot;/mnt/iocage/images/&amp;quot; and then restore: &lt;br /&gt;
&lt;br /&gt;
    iocage import jailname_name_date.zip&lt;br /&gt;
&lt;br /&gt;
If iocage gives trouble, use the jail name instead:&lt;br /&gt;
&lt;br /&gt;
        iocage import jailname&lt;br /&gt;
&lt;br /&gt;
Change iocage pool location:&lt;br /&gt;
&lt;br /&gt;
     iocage activate NEWPOOLNAME&lt;br /&gt;
&lt;br /&gt;
To clone jail1 to jail2, run:&lt;br /&gt;
&lt;br /&gt;
    iocage clone jail1 --name jail2&lt;br /&gt;
&lt;br /&gt;
Manual import of a jail:&lt;br /&gt;
    zfs create zpool1/iocage/jails/jail1&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1 &amp;lt; jail1_2020-10-24&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/data &amp;lt; jail1_2020-10-24_data&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/root &amp;lt; jail1_2020-10-24_root&lt;br /&gt;
&lt;br /&gt;
Automatically stop, make an export backup, and start all available iocage jails in a for loop into zpool1/iocage/images:&lt;br /&gt;
    for i in $(iocage list |awk '{print $4}' |grep -vi name|awk NF); do iocage stop $i &amp;amp;&amp;amp; iocage export $i &amp;amp;&amp;amp; iocage start $i; done&lt;br /&gt;
&lt;br /&gt;
=Iohyve PCI passthrough=&lt;br /&gt;
The following is how to get Iohyve PCI passthrough working in FreeNAS with pfsense. &lt;br /&gt;
&lt;br /&gt;
Get the PCI addresses for the ethernet card.&lt;br /&gt;
&lt;br /&gt;
    pciconf -lv&lt;br /&gt;
&lt;br /&gt;
Find the PCI addresses for the ethernet card. A multi-port card will have several. You will need them for the pptdev2 tunable in a x/y/z format. This example is for two ethernet ports with PCI addresses x1/y1/z1 and x2/y2/z2.&lt;br /&gt;
&lt;br /&gt;
Go to System &amp;gt; Tunables and configure the following options to enable iohyve and PCI passthrough. pptdevs2  is used because regular pptdevs did not work so it depends on the setup. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Variable | Value | Type&lt;br /&gt;
&lt;br /&gt;
iohyve_enable | YES | rc&lt;br /&gt;
&lt;br /&gt;
iohyve_flags | kmod=1 net=&amp;lt;eth0,eth1&amp;gt; | rc&lt;br /&gt;
&lt;br /&gt;
pptdevs2 | x1/y1/z1 x2/y2/z2 | loader&lt;br /&gt;
&lt;br /&gt;
vmm_load | YES | loader&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Configure the virtual machine using iohyve within terminal: &lt;br /&gt;
&lt;br /&gt;
    iohyve setup pool=(pool name)&lt;br /&gt;
&lt;br /&gt;
    iohyve create pfsense 8G&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense ram=2048mb&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense cpu=2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:7=passthru,x1/y1/z1&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:8=passthru,x2/y2/z2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense os=pfsense&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense bargs=&amp;quot;-S -A -H -P&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Some have to dd the image to the zvol. It can be installed any other way so long as it boots properly. Make sure the paths and files are correct. You can disregard the following if you are able to boot using other methods. &lt;br /&gt;
&lt;br /&gt;
    iohyve fetch https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    zfs rename zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img&lt;br /&gt;
&lt;br /&gt;
    cd /iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/&lt;br /&gt;
&lt;br /&gt;
    gunzip pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    dd if=/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img of=/dev/zvol/zeus/iohyve/pfsense/disk0 bs=1m&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Start the VM&lt;br /&gt;
&lt;br /&gt;
    iohyve start pfsense&lt;br /&gt;
&lt;br /&gt;
In another shell session, connect to the console to perform the installation.&lt;br /&gt;
&lt;br /&gt;
    iohyve console pfsense&lt;br /&gt;
&lt;br /&gt;
Set it to automatically boot.&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense boot=1&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Here are some good resources to use for this in case this doesn't work: &lt;br /&gt;
&lt;br /&gt;
https://murf.se/2016/01/05/iohyve-and-pci-passthru.html&lt;br /&gt;
&lt;br /&gt;
Iohyve manual man page&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Manual&lt;br /&gt;
&lt;br /&gt;
Iohyve wiki&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki&lt;br /&gt;
&lt;br /&gt;
USB passthrough example&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/USB-3.0-PCI-Controller-Pass-through&lt;br /&gt;
&lt;br /&gt;
CentOS useful for tunables for FreeNAS&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=Limiting Jail Resources with RCTL=&lt;br /&gt;
Here is how you limit the amount of RAM or CPU each jail can have. &lt;br /&gt;
A&lt;br /&gt;
dd the following line to /boot/loader.conf:&lt;br /&gt;
&lt;br /&gt;
    kern.racct.enable=&amp;quot;1&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Reboot to activate.&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain CPU usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:pcpu:deny=75&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain virtual and physical RAM usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:vmemoryuse:deny=512M&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:memoryuse:deny=1024M&lt;br /&gt;
&lt;br /&gt;
To view the currently applied limits:&lt;br /&gt;
&lt;br /&gt;
    rctl&lt;br /&gt;
&lt;br /&gt;
To view the resources used by a jail:&lt;br /&gt;
&lt;br /&gt;
    rctl -u jail:JAILNAME&lt;br /&gt;
&lt;br /&gt;
=Install Ubuntu Linux 20.04 LTS in vm-bhyve=&lt;br /&gt;
[[Category:Linux]]&lt;br /&gt;
[[Category:FreeBSD]]&lt;br /&gt;
&lt;br /&gt;
== Introduction ==&lt;br /&gt;
This guide is how to install [https://ubuntu.com Ubuntu] in [https://github.com/churchers/vm-bhyve vm-bhyve].&lt;br /&gt;
&lt;br /&gt;
== Install ==&lt;br /&gt;
&lt;br /&gt;
    pkg install vm-bhyve qemu-tools cdrkit-genisoimage&lt;br /&gt;
    pkg install grub2-bhyve bhyve-firmware&lt;br /&gt;
&lt;br /&gt;
=== Configure Install ===&lt;br /&gt;
&lt;br /&gt;
    zfs create -o mountpoint=/vm tank1/vm&lt;br /&gt;
    cp /usr/local/share/examples/vm-bhyve/* /vm/.templates/&lt;br /&gt;
&lt;br /&gt;
Add this to rc.conf:&lt;br /&gt;
&lt;br /&gt;
    vm_enable=&amp;quot;YES&amp;quot;&lt;br /&gt;
    vm_dir=&amp;quot;zfs:tank1/vm&amp;quot;0&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Then run:&lt;br /&gt;
&lt;br /&gt;
    vm init&lt;br /&gt;
&lt;br /&gt;
=== Configure networking ===&lt;br /&gt;
&lt;br /&gt;
    vm switch create public&lt;br /&gt;
    vm switch add public eth0&lt;br /&gt;
&lt;br /&gt;
If this does not work, use the following:&lt;br /&gt;
&lt;br /&gt;
    vm switch create -t manual -b bridge0 public&lt;br /&gt;
&lt;br /&gt;
== Fetch image ==&lt;br /&gt;
&lt;br /&gt;
Download the [https://cloud-init.io | Cloud Init] image:&lt;br /&gt;
&lt;br /&gt;
 vm img http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img&lt;br /&gt;
&lt;br /&gt;
== Resize the disk ==&lt;br /&gt;
Resize to desired &lt;br /&gt;
&lt;br /&gt;
    qemu-img resize  /tank/bhyve/.img/focal-server-cloudimg-amd64.img +20G&lt;br /&gt;
&lt;br /&gt;
== Create the VM ==&lt;br /&gt;
&lt;br /&gt;
 vm create -c 8 -m 16G -t ubuntu -i focal-server-cloudimg-amd64.img -C -k ~/.ssh/id_rsa.pub ubuntu&lt;br /&gt;
&lt;br /&gt;
To change the number of CPUs, change &amp;quot;-c 8&amp;quot; to desired. Value &amp;quot;-m 16G&amp;quot; is for RAM. A maximum of 16 vCPUs is currently supported in bhyve.&lt;br /&gt;
&lt;br /&gt;
== Start the VM ==&lt;br /&gt;
&lt;br /&gt;
    vm start ubuntu&lt;br /&gt;
&lt;br /&gt;
== Log-in ==&lt;br /&gt;
&lt;br /&gt;
Determine the IP address and ssh to the vm:&lt;br /&gt;
&lt;br /&gt;
    ssh ubuntu@192.168.0.10&lt;br /&gt;
&lt;br /&gt;
vm-bhyve doesn't have any way of showing the actual IP so you need to search the DHCP logs or use nmap.&lt;br /&gt;
&lt;br /&gt;
== Set hostname ==&lt;br /&gt;
&lt;br /&gt;
    hostnamectl set-hostname ubuntu.vmhostname&lt;br /&gt;
    reboot&lt;br /&gt;
&lt;br /&gt;
== Package management ==&lt;br /&gt;
&lt;br /&gt;
=== Do not install recommended and suggested packages ===&lt;br /&gt;
&lt;br /&gt;
    cat &amp;lt;&amp;lt;EOT &amp;gt;/etc/apt/apt.conf.d/61norecommends&lt;br /&gt;
    APT::Install-Recommends &amp;quot;false&amp;quot;;&lt;br /&gt;
    APT::Install-Suggests &amp;quot;false&amp;quot;; &lt;br /&gt;
    EOT&lt;br /&gt;
&lt;br /&gt;
== Update the software ==&lt;br /&gt;
&lt;br /&gt;
    apt update &amp;amp;&amp;amp; apt -y upgrade&lt;br /&gt;
    reboot&lt;br /&gt;
&lt;br /&gt;
== Enable autostart ==&lt;br /&gt;
&lt;br /&gt;
Make sure the VM is listed in &amp;lt;code&amp;gt;vm_list&amp;lt;/code&amp;gt; in &amp;lt;code&amp;gt;/etc/rc.conf&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
 vm_list=&amp;quot;ubuntu vm1 vm2 ...&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/churchers/vm-bhyve vm-bhyve | Management system for FreeBSD bhyve virtual machines]&lt;br /&gt;
* [https://www.freebsd.org/cgi/man.cgi?query=vm&amp;amp;sektion=8&amp;amp;manpath=freebsd-release-ports vm(8)]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=333</id>
		<title>FreeBSD</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=333"/>
		<updated>2023-03-13T20:10:37Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;FreeBSD&amp;lt;/strong&amp;gt;&lt;br /&gt;
[[File:FreeBSD Logo.png|thumb]]&lt;br /&gt;
FreeBSD is a free and open-source Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). FreeBSD is a direct descendant of BSD of which was historically called &amp;quot;BSD Unix&amp;quot; or &amp;quot;Berkeley Unix&amp;quot; (in violation of the UNIX trademark). The first version of FreeBSD was released in 1993 and, as of 2005, FreeBSD was the most widely used open-source BSD operating system, accounting for more than three-quarters of all installed BSD systems.&lt;br /&gt;
&lt;br /&gt;
FreeBSD shares similarities with Linux but has two major differences in scope and licensing; FreeBSD maintains a complete system, i.e. the project delivers a kernel, device drivers, userland utilities, and documentation, as opposed to Linux only delivering a kernel, drivers, and relying upon third-parties for system software. FreeBSD source code is generally released under a permissive BSD license, as opposed to the copyleft GPL used by Linux.&lt;br /&gt;
&lt;br /&gt;
The FreeBSD project includes a security team overseeing all software shipped in the base distribution. A wide range of additional third-party applications may be installed using the pkg package management system, FreeBSD Ports, or by compiling source code.&lt;br /&gt;
&lt;br /&gt;
Due to its licensing, much of FreeBSD's codebase has become an integral part of other operating systems, such as Apple's Darwin (the basis for macOS, iOS, watchOS, and tvOS), the open-source NAS/SAN operating system FreeNAS, the Nintendo Switch system software, and the system software for Sony's PlayStation 3 and PlayStation 4.&lt;br /&gt;
&lt;br /&gt;
=Pools=&lt;br /&gt;
To list pools:&lt;br /&gt;
    zpool import&lt;br /&gt;
To import a pool:&lt;br /&gt;
    zpool import POOLNAME&lt;br /&gt;
This pool has to be mounted manually if moved from another system. &lt;br /&gt;
    zfs set mountpoint=/mnt/dirname poolname&lt;br /&gt;
    zfs mount -a&lt;br /&gt;
&lt;br /&gt;
=Attach a mirror to existing hard drive in FreeBSD/FreeNAS=&lt;br /&gt;
Let's assume ada0 is your existing disk, ada1 is the new one, tank is the pool name.&lt;br /&gt;
    gpart create -s gpt /dev/ada1&lt;br /&gt;
    gpart add -i 1 -b 128 -t freebsd-swap -s 2g /dev/ada1&lt;br /&gt;
    gpart add -i 2 -t freebsd-zfs /dev/ada1&lt;br /&gt;
* Run &amp;lt;code&amp;gt;zpool status&amp;lt;/code&amp;gt; and note the gptid of the existing disk&lt;br /&gt;
* Run &amp;lt;code&amp;gt;glabel status&amp;lt;/code&amp;gt; and find the gptid of the newly created partition. It is the gptid associated with ada1p2.&lt;br /&gt;
    zpool attach tank /dev/gptid/[gptid_of_the_existing_disk] /dev/gptid/[gptid_of_the_new_partition]&lt;br /&gt;
&lt;br /&gt;
It may take a while to resilver your drive after this - you will not have access to it whilst this is running. &lt;br /&gt;
&lt;br /&gt;
=Encryption=&lt;br /&gt;
Unlock Geli-encrypted ZFS Volume:&lt;br /&gt;
    geli attach -k [geli_key_file] [dev_to_unlock]&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
    geli attach -k /data/geli/geli.key /dev/ada0p2&lt;br /&gt;
To import the pool, see [https://wiki.tbpindustries.com/index.php?title=FreeBSD#Pools Pools]&lt;br /&gt;
&lt;br /&gt;
=Iocage/Warden Jails=&lt;br /&gt;
To migrate jails from one pool to another:&lt;br /&gt;
&lt;br /&gt;
    zfs snapshot -r poolname/jails@relocate&lt;br /&gt;
    zfs send -R poolname/jails@relocate | zfs receive -vF newpool/jails&lt;br /&gt;
&lt;br /&gt;
To migrate a jail from one computer to another:&lt;br /&gt;
&lt;br /&gt;
    iocage stop jailname&lt;br /&gt;
    iocage export jailname&lt;br /&gt;
&lt;br /&gt;
Exporting jails will create a zip file &amp;quot;jail_name_date.zip&amp;quot; inside &amp;quot;/mnt/iocage/images/&amp;quot;. &lt;br /&gt;
To import these backups, copy the exported backup files into &amp;quot;/mnt/iocage/images/&amp;quot; and then restore: &lt;br /&gt;
&lt;br /&gt;
    iocage import jailname_name_date.zip&lt;br /&gt;
&lt;br /&gt;
If iocage gives trouble, use the jail name instead:&lt;br /&gt;
&lt;br /&gt;
        iocage import jailname&lt;br /&gt;
&lt;br /&gt;
Change iocage pool location:&lt;br /&gt;
&lt;br /&gt;
     iocage activate NEWPOOLNAME&lt;br /&gt;
&lt;br /&gt;
To clone jail1 to jail2, run:&lt;br /&gt;
&lt;br /&gt;
    iocage clone jail1 --name jail2&lt;br /&gt;
&lt;br /&gt;
Manual import of a jail:&lt;br /&gt;
    zfs create zpool1/iocage/jails/jail1&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1 &amp;lt; jail1_2020-10-24&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/data &amp;lt; jail1_2020-10-24_data&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/root &amp;lt; jail1_2020-10-24_root&lt;br /&gt;
&lt;br /&gt;
Automatically stop, make an export backup, and start all available iocage jails in a for loop into zpool1/iocage/images:&lt;br /&gt;
    for i in $(iocage list |awk '{print $4}' |grep -vi name|awk NF); do iocage stop $i &amp;amp;&amp;amp; iocage export $i &amp;amp;&amp;amp; iocage start $i; done&lt;br /&gt;
&lt;br /&gt;
=Iohyve PCI passthrough=&lt;br /&gt;
The following is how to get Iohyve PCI passthrough working in FreeNAS with pfsense. &lt;br /&gt;
&lt;br /&gt;
Get the PCI addresses for the ethernet card.&lt;br /&gt;
&lt;br /&gt;
    pciconf -lv&lt;br /&gt;
&lt;br /&gt;
Find the PCI addresses for the ethernet card. A multi-port card will have several. You will need them for the pptdev2 tunable in a x/y/z format. This example is for two ethernet ports with PCI addresses x1/y1/z1 and x2/y2/z2.&lt;br /&gt;
&lt;br /&gt;
Go to System &amp;gt; Tunables and configure the following options to enable iohyve and PCI passthrough. pptdevs2  is used because regular pptdevs did not work so it depends on the setup. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Variable | Value | Type&lt;br /&gt;
&lt;br /&gt;
iohyve_enable | YES | rc&lt;br /&gt;
&lt;br /&gt;
iohyve_flags | kmod=1 net=&amp;lt;eth0,eth1&amp;gt; | rc&lt;br /&gt;
&lt;br /&gt;
pptdevs2 | x1/y1/z1 x2/y2/z2 | loader&lt;br /&gt;
&lt;br /&gt;
vmm_load | YES | loader&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Configure the virtual machine using iohyve within terminal: &lt;br /&gt;
&lt;br /&gt;
    iohyve setup pool=(pool name)&lt;br /&gt;
&lt;br /&gt;
    iohyve create pfsense 8G&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense ram=2048mb&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense cpu=2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:7=passthru,x1/y1/z1&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:8=passthru,x2/y2/z2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense os=pfsense&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense bargs=&amp;quot;-S -A -H -P&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Some have to dd the image to the zvol. It can be installed any other way so long as it boots properly. Make sure the paths and files are correct. You can disregard the following if you are able to boot using other methods. &lt;br /&gt;
&lt;br /&gt;
    iohyve fetch https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    zfs rename zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img&lt;br /&gt;
&lt;br /&gt;
    cd /iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/&lt;br /&gt;
&lt;br /&gt;
    gunzip pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    dd if=/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img of=/dev/zvol/zeus/iohyve/pfsense/disk0 bs=1m&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Start the VM&lt;br /&gt;
&lt;br /&gt;
    iohyve start pfsense&lt;br /&gt;
&lt;br /&gt;
In another shell session, connect to the console to perform the installation.&lt;br /&gt;
&lt;br /&gt;
    iohyve console pfsense&lt;br /&gt;
&lt;br /&gt;
Set it to automatically boot.&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense boot=1&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Here are some good resources to use for this in case this doesn't work: &lt;br /&gt;
&lt;br /&gt;
https://murf.se/2016/01/05/iohyve-and-pci-passthru.html&lt;br /&gt;
&lt;br /&gt;
Iohyve manual man page&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Manual&lt;br /&gt;
&lt;br /&gt;
Iohyve wiki&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki&lt;br /&gt;
&lt;br /&gt;
USB passthrough example&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/USB-3.0-PCI-Controller-Pass-through&lt;br /&gt;
&lt;br /&gt;
CentOS useful for tunables for FreeNAS&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=Limiting Jail Resources with RCTL=&lt;br /&gt;
Here is how you limit the amount of RAM or CPU each jail can have. &lt;br /&gt;
A&lt;br /&gt;
dd the following line to /boot/loader.conf:&lt;br /&gt;
&lt;br /&gt;
    kern.racct.enable=&amp;quot;1&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Reboot to activate.&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain CPU usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:pcpu:deny=75&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain virtual and physical RAM usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:vmemoryuse:deny=512M&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:memoryuse:deny=1024M&lt;br /&gt;
&lt;br /&gt;
To view the currently applied limits:&lt;br /&gt;
&lt;br /&gt;
    rctl&lt;br /&gt;
&lt;br /&gt;
To view the resources used by a jail:&lt;br /&gt;
&lt;br /&gt;
    rctl -u jail:JAILNAME&lt;br /&gt;
&lt;br /&gt;
=Install Ubuntu Linux 20.04 LTS in vm-bhyve=&lt;br /&gt;
[[Category:Linux]]&lt;br /&gt;
[[Category:FreeBSD]]&lt;br /&gt;
&lt;br /&gt;
== Introduction ==&lt;br /&gt;
This guide is how to install [https://ubuntu.com Ubuntu] in [https://github.com/churchers/vm-bhyve vm-bhyve].&lt;br /&gt;
&lt;br /&gt;
== Install ==&lt;br /&gt;
&lt;br /&gt;
    pkg install vm-bhyve qemu-tools cdrkit-genisoimage&lt;br /&gt;
    pkg install grub2-bhyve bhyve-firmware&lt;br /&gt;
&lt;br /&gt;
=== Configure Install ===&lt;br /&gt;
&lt;br /&gt;
    zfs create -o mountpoint=/vm tank1/vm&lt;br /&gt;
    cp /usr/local/share/examples/vm-bhyve/* /vm/.templates/&lt;br /&gt;
&lt;br /&gt;
Add this to rc.conf:&lt;br /&gt;
&lt;br /&gt;
    vm_enable=&amp;quot;YES&amp;quot;&lt;br /&gt;
    vm_dir=&amp;quot;zfs:tank1/vm&amp;quot;0&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Then run:&lt;br /&gt;
&lt;br /&gt;
    vm init&lt;br /&gt;
&lt;br /&gt;
=== Configure networking ===&lt;br /&gt;
&lt;br /&gt;
    vm switch create public&lt;br /&gt;
    vm switch add public eth0&lt;br /&gt;
&lt;br /&gt;
If this does not work, use the following:&lt;br /&gt;
&lt;br /&gt;
    vm switch create -t manual -b bridge0 public&lt;br /&gt;
&lt;br /&gt;
== Fetch image ==&lt;br /&gt;
&lt;br /&gt;
Download the [https://cloud-init.io | Cloud Init] image:&lt;br /&gt;
&lt;br /&gt;
 vm img http://cloud-images.ubuntu.com/focal/current/focal-server-cloudimg-amd64.img&lt;br /&gt;
&lt;br /&gt;
== Create the VM ==&lt;br /&gt;
&lt;br /&gt;
 vm create -c 8 -m 16G -t ubuntu -i focal-server-cloudimg-amd64.img -C -k ~/.ssh/id_rsa.pub ubuntu&lt;br /&gt;
&lt;br /&gt;
To change the number of CPUs, change &amp;quot;-c 8&amp;quot; to desired. Value &amp;quot;-m 16G&amp;quot; is for RAM. A maximum of 16 vCPUs is currently supported in bhyve.&lt;br /&gt;
&lt;br /&gt;
== Start the VM ==&lt;br /&gt;
&lt;br /&gt;
    vm start ubuntu&lt;br /&gt;
&lt;br /&gt;
== Log-in ==&lt;br /&gt;
&lt;br /&gt;
Determine the IP address and ssh to the vm:&lt;br /&gt;
&lt;br /&gt;
    ssh ubuntu@192.168.0.10&lt;br /&gt;
&lt;br /&gt;
vm-bhyve doesn't have any way of showing the actual IP so you need to search the DHCP logs or use nmap.&lt;br /&gt;
&lt;br /&gt;
== Set hostname ==&lt;br /&gt;
&lt;br /&gt;
    hostnamectl set-hostname ubuntu.vmhostname&lt;br /&gt;
    reboot&lt;br /&gt;
&lt;br /&gt;
== Package management ==&lt;br /&gt;
&lt;br /&gt;
=== Do not install recommended and suggested packages ===&lt;br /&gt;
&lt;br /&gt;
    cat &amp;lt;&amp;lt;EOT &amp;gt;/etc/apt/apt.conf.d/61norecommends&lt;br /&gt;
    APT::Install-Recommends &amp;quot;false&amp;quot;;&lt;br /&gt;
    APT::Install-Suggests &amp;quot;false&amp;quot;; &lt;br /&gt;
    EOT&lt;br /&gt;
&lt;br /&gt;
== Update the software ==&lt;br /&gt;
&lt;br /&gt;
    apt update &amp;amp;&amp;amp; apt -y upgrade&lt;br /&gt;
    reboot&lt;br /&gt;
&lt;br /&gt;
== Enable autostart ==&lt;br /&gt;
&lt;br /&gt;
Make sure the VM is listed in &amp;lt;code&amp;gt;vm_list&amp;lt;/code&amp;gt; in &amp;lt;code&amp;gt;/etc/rc.conf&amp;lt;/code&amp;gt;.&lt;br /&gt;
&lt;br /&gt;
 vm_list=&amp;quot;ubuntu vm1 vm2 ...&amp;quot;&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
== References ==&lt;br /&gt;
&lt;br /&gt;
* [https://github.com/churchers/vm-bhyve vm-bhyve | Management system for FreeBSD bhyve virtual machines]&lt;br /&gt;
* [https://www.freebsd.org/cgi/man.cgi?query=vm&amp;amp;sektion=8&amp;amp;manpath=freebsd-release-ports vm(8)]&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=332</id>
		<title>Kubernetes</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Kubernetes&amp;diff=332"/>
		<updated>2023-03-10T21:00:34Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating softwar...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Kubernetes (/ˌk(j)uːbərˈnɛtɪs, -ˈneɪtɪs, -ˈneɪtiːz, -ˈnɛtiːz/, commonly abbreviated K8s) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by the Cloud Native Computing Foundation.&lt;br /&gt;
&lt;br /&gt;
The name Kubernetes originates from Greek, meaning 'helmsman' or 'pilot'. Kubernetes is often abbreviated as K8s, counting the eight letters between the K and the s (a numeronym).&lt;br /&gt;
&lt;br /&gt;
Kubernetes works with containerd and CRI-O. Its suitability for running and managing large cloud-native workloads has led to widespread adoption of it in the data center. There are multiple distributions of this platform – from ISVs as well as hosted-on cloud offerings from all the major public cloud vendors. &lt;br /&gt;
&lt;br /&gt;
=Install Kubernetes to Ubuntu=&lt;br /&gt;
The following commands will install microk8s to Ubuntu:&lt;br /&gt;
    sudo snap install microk8s --classic&lt;br /&gt;
&lt;br /&gt;
Add your user to the microk8s admin group and fix permissions:&lt;br /&gt;
    sudo usermod -a -G microk8s $USER&lt;br /&gt;
    sudo chown -f -R $USER ~/.kube&lt;br /&gt;
&lt;br /&gt;
Log out and log back in to that user for this to take effect. &lt;br /&gt;
&lt;br /&gt;
Check the status of the service:&lt;br /&gt;
    microk8s status --wait-ready&lt;br /&gt;
&lt;br /&gt;
Enable services:&lt;br /&gt;
    microk8s enable dashboard dns ingress&lt;br /&gt;
&lt;br /&gt;
Use the following to check for available services to enable:&lt;br /&gt;
    microk8s enable --help&lt;br /&gt;
&lt;br /&gt;
Start using microk8s:&lt;br /&gt;
    microk8s kubectl get all --all-namespaces&lt;br /&gt;
&lt;br /&gt;
Access the dashboard:&lt;br /&gt;
    microk8s dashboard-proxy&lt;br /&gt;
&lt;br /&gt;
=Clustering=&lt;br /&gt;
To create a cluster out of two or more already-running MicroK8s instances, use the microk8s add-node command. As of MicroK8s 1.19, clustering of three or more nodes will automatically enable high availability. The MicroK8s instance on which the command is run will host the Kubernetes control plane:&lt;br /&gt;
    microk8s add-node&lt;br /&gt;
&lt;br /&gt;
The add-node command prints a microk8s join command which should be executed on the MicroK8s instance(s) that you wish to join to the cluster (NOT THE NODE YOU RAN add-node FROM). For example:&lt;br /&gt;
    microk8s join ip-172-31-20-243:25000/DDOkUupkmaBezNnMheTBqFYHLWINGDbf&lt;br /&gt;
&lt;br /&gt;
Joining a node to the cluster should only take a few seconds. Afterwards you should be able to see the node has joined:&lt;br /&gt;
    microk8s kubectl get no&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=331</id>
		<title>FreeBSD</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=FreeBSD&amp;diff=331"/>
		<updated>2023-03-10T20:54:03Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;FreeBSD&amp;lt;/strong&amp;gt;&lt;br /&gt;
[[File:FreeBSD Logo.png|thumb]]&lt;br /&gt;
FreeBSD is a free and open-source Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). FreeBSD is a direct descendant of BSD of which was historically called &amp;quot;BSD Unix&amp;quot; or &amp;quot;Berkeley Unix&amp;quot; (in violation of the UNIX trademark). The first version of FreeBSD was released in 1993 and, as of 2005, FreeBSD was the most widely used open-source BSD operating system, accounting for more than three-quarters of all installed BSD systems.&lt;br /&gt;
&lt;br /&gt;
FreeBSD shares similarities with Linux but has two major differences in scope and licensing; FreeBSD maintains a complete system, i.e. the project delivers a kernel, device drivers, userland utilities, and documentation, as opposed to Linux only delivering a kernel, drivers, and relying upon third-parties for system software. FreeBSD source code is generally released under a permissive BSD license, as opposed to the copyleft GPL used by Linux.&lt;br /&gt;
&lt;br /&gt;
The FreeBSD project includes a security team overseeing all software shipped in the base distribution. A wide range of additional third-party applications may be installed using the pkg package management system, FreeBSD Ports, or by compiling source code.&lt;br /&gt;
&lt;br /&gt;
Due to its licensing, much of FreeBSD's codebase has become an integral part of other operating systems, such as Apple's Darwin (the basis for macOS, iOS, watchOS, and tvOS), the open-source NAS/SAN operating system FreeNAS, the Nintendo Switch system software, and the system software for Sony's PlayStation 3 and PlayStation 4.&lt;br /&gt;
&lt;br /&gt;
=Pools=&lt;br /&gt;
To list pools:&lt;br /&gt;
    zpool import&lt;br /&gt;
To import a pool:&lt;br /&gt;
    zpool import POOLNAME&lt;br /&gt;
This pool has to be mounted manually if moved from another system. &lt;br /&gt;
    zfs set mountpoint=/mnt/dirname poolname&lt;br /&gt;
    zfs mount -a&lt;br /&gt;
&lt;br /&gt;
=Attach a mirror to existing hard drive in FreeBSD/FreeNAS=&lt;br /&gt;
Let's assume ada0 is your existing disk, ada1 is the new one, tank is the pool name.&lt;br /&gt;
    gpart create -s gpt /dev/ada1&lt;br /&gt;
    gpart add -i 1 -b 128 -t freebsd-swap -s 2g /dev/ada1&lt;br /&gt;
    gpart add -i 2 -t freebsd-zfs /dev/ada1&lt;br /&gt;
* Run &amp;lt;code&amp;gt;zpool status&amp;lt;/code&amp;gt; and note the gptid of the existing disk&lt;br /&gt;
* Run &amp;lt;code&amp;gt;glabel status&amp;lt;/code&amp;gt; and find the gptid of the newly created partition. It is the gptid associated with ada1p2.&lt;br /&gt;
    zpool attach tank /dev/gptid/[gptid_of_the_existing_disk] /dev/gptid/[gptid_of_the_new_partition]&lt;br /&gt;
&lt;br /&gt;
It may take a while to resilver your drive after this - you will not have access to it whilst this is running. &lt;br /&gt;
&lt;br /&gt;
=Encryption=&lt;br /&gt;
Unlock Geli-encrypted ZFS Volume:&lt;br /&gt;
    geli attach -k [geli_key_file] [dev_to_unlock]&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
    geli attach -k /data/geli/geli.key /dev/ada0p2&lt;br /&gt;
To import the pool, see [https://wiki.tbpindustries.com/index.php?title=FreeBSD#Pools Pools]&lt;br /&gt;
&lt;br /&gt;
=Iocage/Warden Jails=&lt;br /&gt;
To migrate jails from one pool to another:&lt;br /&gt;
&lt;br /&gt;
    zfs snapshot -r poolname/jails@relocate&lt;br /&gt;
    zfs send -R poolname/jails@relocate | zfs receive -vF newpool/jails&lt;br /&gt;
&lt;br /&gt;
To migrate a jail from one computer to another:&lt;br /&gt;
&lt;br /&gt;
    iocage stop jailname&lt;br /&gt;
    iocage export jailname&lt;br /&gt;
&lt;br /&gt;
Exporting jails will create a zip file &amp;quot;jail_name_date.zip&amp;quot; inside &amp;quot;/mnt/iocage/images/&amp;quot;. &lt;br /&gt;
To import these backups, copy the exported backup files into &amp;quot;/mnt/iocage/images/&amp;quot; and then restore: &lt;br /&gt;
&lt;br /&gt;
    iocage import jailname_name_date.zip&lt;br /&gt;
&lt;br /&gt;
If iocage gives trouble, use the jail name instead:&lt;br /&gt;
&lt;br /&gt;
        iocage import jailname&lt;br /&gt;
&lt;br /&gt;
Change iocage pool location:&lt;br /&gt;
&lt;br /&gt;
     iocage activate NEWPOOLNAME&lt;br /&gt;
&lt;br /&gt;
To clone jail1 to jail2, run:&lt;br /&gt;
&lt;br /&gt;
    iocage clone jail1 --name jail2&lt;br /&gt;
&lt;br /&gt;
Manual import of a jail:&lt;br /&gt;
    zfs create zpool1/iocage/jails/jail1&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1 &amp;lt; jail1_2020-10-24&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/data &amp;lt; jail1_2020-10-24_data&lt;br /&gt;
    zfs recv -F zpool1/iocage/jails/jail1/root &amp;lt; jail1_2020-10-24_root&lt;br /&gt;
&lt;br /&gt;
Automatically stop, make an export backup, and start all available iocage jails in a for loop into zpool1/iocage/images:&lt;br /&gt;
    for i in $(iocage list |awk '{print $4}' |grep -vi name|awk NF); do iocage stop $i &amp;amp;&amp;amp; iocage export $i &amp;amp;&amp;amp; iocage start $i; done&lt;br /&gt;
&lt;br /&gt;
=Iohyve/Bhyve Virtual Machines=&lt;br /&gt;
The following is how to get Iohyve PCI passthrough working in FreeNAS with pfsense. &lt;br /&gt;
&lt;br /&gt;
Get the PCI addresses for the ethernet card.&lt;br /&gt;
&lt;br /&gt;
    pciconf -lv&lt;br /&gt;
&lt;br /&gt;
Find the PCI addresses for the ethernet card. A multi-port card will have several. You will need them for the pptdev2 tunable in a x/y/z format. This example is for two ethernet ports with PCI addresses x1/y1/z1 and x2/y2/z2.&lt;br /&gt;
&lt;br /&gt;
Go to System &amp;gt; Tunables and configure the following options to enable iohyve and PCI passthrough. pptdevs2  is used because regular pptdevs did not work so it depends on the setup. &lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Variable | Value | Type&lt;br /&gt;
&lt;br /&gt;
iohyve_enable | YES | rc&lt;br /&gt;
&lt;br /&gt;
iohyve_flags | kmod=1 net=&amp;lt;eth0,eth1&amp;gt; | rc&lt;br /&gt;
&lt;br /&gt;
pptdevs2 | x1/y1/z1 x2/y2/z2 | loader&lt;br /&gt;
&lt;br /&gt;
vmm_load | YES | loader&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Configure the virtual machine using iohyve within terminal: &lt;br /&gt;
&lt;br /&gt;
    iohyve setup pool=(pool name)&lt;br /&gt;
&lt;br /&gt;
    iohyve create pfsense 8G&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense ram=2048mb&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense cpu=2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:7=passthru,x1/y1/z1&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense pcidev:8=passthru,x2/y2/z2&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense os=pfsense&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense bargs=&amp;quot;-S -A -H -P&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Some have to dd the image to the zvol. It can be installed any other way so long as it boots properly. Make sure the paths and files are correct. You can disregard the following if you are able to boot using other methods. &lt;br /&gt;
&lt;br /&gt;
    iohyve fetch https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    zfs rename zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img&lt;br /&gt;
&lt;br /&gt;
    cd /iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/&lt;br /&gt;
&lt;br /&gt;
    gunzip pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz&lt;br /&gt;
&lt;br /&gt;
    dd if=/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img of=/dev/zvol/zeus/iohyve/pfsense/disk0 bs=1m&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Start the VM&lt;br /&gt;
&lt;br /&gt;
    iohyve start pfsense&lt;br /&gt;
&lt;br /&gt;
In another shell session, connect to the console to perform the installation.&lt;br /&gt;
&lt;br /&gt;
    iohyve console pfsense&lt;br /&gt;
&lt;br /&gt;
Set it to automatically boot.&lt;br /&gt;
&lt;br /&gt;
    iohyve set pfsense boot=1&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Here are some good resources to use for this in case this doesn't work: &lt;br /&gt;
&lt;br /&gt;
https://murf.se/2016/01/05/iohyve-and-pci-passthru.html&lt;br /&gt;
&lt;br /&gt;
Iohyve manual man page&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Manual&lt;br /&gt;
&lt;br /&gt;
Iohyve wiki&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki&lt;br /&gt;
&lt;br /&gt;
USB passthrough example&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/USB-3.0-PCI-Controller-Pass-through&lt;br /&gt;
&lt;br /&gt;
CentOS useful for tunables for FreeNAS&lt;br /&gt;
https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
=Limiting Jail Resources with RCTL=&lt;br /&gt;
Here is how you limit the amount of RAM or CPU each jail can have. &lt;br /&gt;
A&lt;br /&gt;
dd the following line to /boot/loader.conf:&lt;br /&gt;
&lt;br /&gt;
    kern.racct.enable=&amp;quot;1&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Reboot to activate.&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain CPU usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:pcpu:deny=75&lt;br /&gt;
&lt;br /&gt;
The following is how to constrain virtual and physical RAM usage, in percentage:&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:vmemoryuse:deny=512M&lt;br /&gt;
&lt;br /&gt;
    rctl -a jail:JAILNAME:memoryuse:deny=1024M&lt;br /&gt;
&lt;br /&gt;
To view the currently applied limits:&lt;br /&gt;
&lt;br /&gt;
    rctl&lt;br /&gt;
&lt;br /&gt;
To view the resources used by a jail:&lt;br /&gt;
&lt;br /&gt;
    rctl -u jail:JAILNAME&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=AWK&amp;diff=330</id>
		<title>AWK</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=AWK&amp;diff=330"/>
		<updated>2023-02-24T15:58:46Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{DISPLAYTITLE:awk}}&lt;br /&gt;
The awk utility shall execute programs written in the awk programming language, which is specialized for textual data manipulation. An awk program is a sequence of patterns and corresponding actions. When input is read that matches a pattern, the action associated with that pattern is carried out.&lt;br /&gt;
&lt;br /&gt;
Input shall be interpreted as a sequence of records. By default, a record is a line, less its terminating &amp;lt;newline&amp;gt;, but this can be changed by using the RS built-in variable. Each record of input shall be matched in turn against each pattern in the program. For each pattern matched, the associated action shall be executed.&lt;br /&gt;
&lt;br /&gt;
The awk utility shall interpret each input record as a sequence of fields where, by default, a field is a string of non-&amp;lt;blank&amp;gt; non-&amp;lt;newline&amp;gt; characters. This default &amp;lt;blank&amp;gt; and &amp;lt;newline&amp;gt; field delimiter can be changed by using the FS built-in variable or the −F sepstring option. The awk utility shall denote the first field in a record $1, the second $2, and so on. The symbol $0 shall refer to the entire record; setting any other field causes the re-evaluation of $0. Assigning to $0 shall reset the values of all other fields and the NF built-in variable.&lt;br /&gt;
&lt;br /&gt;
=Using awk=&lt;br /&gt;
Remove duplicates from a file&lt;br /&gt;
&lt;br /&gt;
    awk '!a[$0]++'&lt;br /&gt;
&lt;br /&gt;
Example:&lt;br /&gt;
    cat filename.txt | awk '!a[$0]++' &amp;gt;&amp;gt; newfile.txt&lt;br /&gt;
&lt;br /&gt;
Print the second line in something. This can be piped | output or whatever.&lt;br /&gt;
    awk '{print $2}'&lt;br /&gt;
&lt;br /&gt;
This can substitute &amp;quot;foo&amp;quot; with &amp;quot;bar&amp;quot; within a file.&lt;br /&gt;
    awk '{gsub(/foo/,&amp;quot;bar&amp;quot;)}' FILENAME&lt;br /&gt;
&lt;br /&gt;
Print all new lines to one line with a space between each item:&lt;br /&gt;
&lt;br /&gt;
    awk 'BEGIN { ORS=&amp;quot; &amp;quot; }; { print $2 }'&lt;br /&gt;
&lt;br /&gt;
&lt;br /&gt;
Print only up until first instance of &amp;quot;.&amp;quot; for output of ls and grep: &lt;br /&gt;
&lt;br /&gt;
    ls /dir1/dir2/ | grep us | awk -F &amp;quot;.&amp;quot; '{print $1}'&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Strace&amp;diff=329</id>
		<title>Strace</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Strace&amp;diff=329"/>
		<updated>2023-02-24T15:58:10Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;{{DISPLAYTITLE:strace}} strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes a...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;{{DISPLAYTITLE:strace}}&lt;br /&gt;
strace is a diagnostic, debugging and instructional userspace utility for Linux. It is used to monitor and tamper with interactions between processes and the Linux kernel, which include system calls, signal deliveries, and changes of process state. The operation of strace is made possible by the kernel feature known as ptrace.&lt;br /&gt;
&lt;br /&gt;
Some Unix-like systems provide other diagnostic tools similar to strace, such as truss. &lt;br /&gt;
&lt;br /&gt;
== Usage and features ==&lt;br /&gt;
The most common use is to start a program using strace, which prints a list of system calls made by the program. This is useful if the program continually crashes, or does not behave as expected; for example using strace may reveal that the program is attempting to access a file which does not exist or cannot be read.&lt;br /&gt;
&lt;br /&gt;
== Examples ==&lt;br /&gt;
strace can be used to follow a program directly or using the PID as seen below.&lt;br /&gt;
&lt;br /&gt;
    strace ls&lt;br /&gt;
&lt;br /&gt;
    strace -p $(PID)&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Secure_Shell&amp;diff=328</id>
		<title>Secure Shell</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Secure_Shell&amp;diff=328"/>
		<updated>2023-02-08T18:49:10Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* SSH Jumping */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network.&lt;br /&gt;
&lt;br /&gt;
SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.&lt;br /&gt;
&lt;br /&gt;
The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.&lt;br /&gt;
&lt;br /&gt;
SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.&lt;br /&gt;
&lt;br /&gt;
=Reverse SSH=&lt;br /&gt;
You can initiate SSH using SSH in case you do not have access to the local firewall or something else. On the machine you want to SSH to, run the following: &lt;br /&gt;
&lt;br /&gt;
    ssh –R 2210:localhost:22 username@domain.com&lt;br /&gt;
&lt;br /&gt;
On the other computer that you want to ssh from, run the following: &lt;br /&gt;
&lt;br /&gt;
    ssh -p 2210 username@localhost&lt;br /&gt;
&lt;br /&gt;
Open a port tunnel on port 443 through ssh from one computer into another, perform a keepalive request, and prevent ssh from reconnecting if the connection is already established:&lt;br /&gt;
&lt;br /&gt;
    ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 user@domain.com&lt;br /&gt;
&lt;br /&gt;
This will allow you to get around any port issues on the first network by using domain.com's network to &amp;quot;forward&amp;quot; the port over ssh to the first device. This can be installed to cronie to keep the connection going with the following example: &lt;br /&gt;
&lt;br /&gt;
    if ps aux |grep &amp;quot;root@domain.com&amp;quot; |grep -vi grep |grep 443 ; then exit 0; else ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 root@domain.com ; fi&lt;br /&gt;
&lt;br /&gt;
=SSH Jumping=&lt;br /&gt;
This will allow you to SSH through various SSH-enabled computers quickly and easily, assuming your SSH key is installed to each of these, in a seamless manner right to computer 192.168.0.202 using modifier &amp;quot;-j&amp;quot;. This assumes that the domain.com SSH port is 999, the 192.168.0.111 SSH port is 123, and the 192.168.0.202 SSH port is 22. You can specify multiple computers, separated with a comma. The final destination will be separated by a space instead. &lt;br /&gt;
&lt;br /&gt;
    ssh -C -o ServerAliveInterval=60 -i /home/username/.ssh/id_rsa.pub -J user@domain.com:999,user@192.168.0.111:123 user@192.168.0.202&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Secure_Shell&amp;diff=327</id>
		<title>Secure Shell</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Secure_Shell&amp;diff=327"/>
		<updated>2023-02-08T18:48:24Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Secure Shell, or SSH, is a cryptographic (encrypted) network protocol to allow remote login and other network services to operate securely over an unsecured network.&lt;br /&gt;
&lt;br /&gt;
SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.&lt;br /&gt;
&lt;br /&gt;
The most visible application of the protocol is for access to shell accounts on Unix-like operating systems, but it sees some limited use on Windows as well. In 2015, Microsoft announced that they would include native support for SSH in a future release.&lt;br /&gt;
&lt;br /&gt;
SSH was designed as a replacement for Telnet and for unsecured remote shell protocols such as the Berkeley rlogin, rsh, and rexec protocols. Those protocols send information, notably passwords, in plaintext, rendering them susceptible to interception and disclosure using packet analysis. The encryption used by SSH is intended to provide confidentiality and integrity of data over an unsecured network, such as the Internet, although files leaked by Edward Snowden indicate that the National Security Agency can sometimes decrypt SSH, allowing them to read the content of SSH sessions.&lt;br /&gt;
&lt;br /&gt;
=Reverse SSH=&lt;br /&gt;
You can initiate SSH using SSH in case you do not have access to the local firewall or something else. On the machine you want to SSH to, run the following: &lt;br /&gt;
&lt;br /&gt;
    ssh –R 2210:localhost:22 username@domain.com&lt;br /&gt;
&lt;br /&gt;
On the other computer that you want to ssh from, run the following: &lt;br /&gt;
&lt;br /&gt;
    ssh -p 2210 username@localhost&lt;br /&gt;
&lt;br /&gt;
Open a port tunnel on port 443 through ssh from one computer into another, perform a keepalive request, and prevent ssh from reconnecting if the connection is already established:&lt;br /&gt;
&lt;br /&gt;
    ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 user@domain.com&lt;br /&gt;
&lt;br /&gt;
This will allow you to get around any port issues on the first network by using domain.com's network to &amp;quot;forward&amp;quot; the port over ssh to the first device. This can be installed to cronie to keep the connection going with the following example: &lt;br /&gt;
&lt;br /&gt;
    if ps aux |grep &amp;quot;root@domain.com&amp;quot; |grep -vi grep |grep 443 ; then exit 0; else ssh -XYC -R 443:127.0.0.1:443 -N -f -o ExitOnForwardFailure=yes -o ServerAliveInterval=60 root@domain.com ; fi&lt;br /&gt;
&lt;br /&gt;
=SSH Jumping=&lt;br /&gt;
This will allow you to SSH through various SSH-enabled computers quickly and easily, assuming your SSH key is installed to each of these, in a seamless manner right to computer 192.168.0.202 using modifier &amp;quot;-j&amp;quot;. This assumes that the domain.com SSH port is 999, the 192.168.0.111 SSH port is 123, and the 192.168.0.202 SSH port is 22. You can specify multiple computers, separated with a comma. &lt;br /&gt;
&lt;br /&gt;
    ssh -C -o ServerAliveInterval=60 -i /home/username/.ssh/id_rsa.pub -J user@domain.com:999,user@192.168.0.111:123 user@192.168.0.202&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=326</id>
		<title>Main Page</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Main_Page&amp;diff=326"/>
		<updated>2022-10-12T17:17:52Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Other Links */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;&amp;lt;strong&amp;gt;TBP Wiki Main Page&amp;lt;/strong&amp;gt;&lt;br /&gt;
&lt;br /&gt;
This wiki is mostly here to help out TBP with configuration of files, services, and servers but has been made public to help whomever needs it. We will be adding new pages and information as time goes on so things may be messy. Please understand. &lt;br /&gt;
&lt;br /&gt;
=All Available Pages=&lt;br /&gt;
{{Special:Allpages}}&lt;br /&gt;
&lt;br /&gt;
=Other Links=&lt;br /&gt;
Check out our other services we offer:&lt;br /&gt;
* [https://tbpchan.cz/ip/index.php Check IP]&lt;br /&gt;
* [https://tbpchan.cz/ipmagnet/ IP Magnet]&lt;br /&gt;
* [https://tbpchan.cz/ Imageboard]&lt;br /&gt;
* [https://paste.tbpchan.cz/ Pastebin]&lt;br /&gt;
* [https://tbpchan.cz/yt.php Audio Downloader]&lt;br /&gt;
* [https://man.tbpindustries.com/ Linux man pages]&lt;br /&gt;
&lt;br /&gt;
There is a Minecraft server (latest version) at tbpchan.net and a Tekkit server at tbpchan.cz. &lt;br /&gt;
&lt;br /&gt;
We also have a [https://tbpchan.cz/canary.txt warrant canary] which governs the entire server and is updated sometimes.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Nmap&amp;diff=325</id>
		<title>Nmap</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Nmap&amp;diff=325"/>
		<updated>2022-04-08T21:43:36Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* Usage */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Nmap (Network Mapper) is a free and open-source network scanner created by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich). Nmap is used to discover hosts and services on a computer network by sending packets and analyzing the responses.&lt;br /&gt;
&lt;br /&gt;
Nmap provides a number of features for probing computer networks, including host discovery and service and operating system detection. These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features. Nmap can adapt to network conditions including latency and congestion during a scan.&lt;br /&gt;
&lt;br /&gt;
Nmap started as a Linux utility and was ported to other systems including Windows, macOS, and BSD. Linux is the most popular platform, followed by Windows.&lt;br /&gt;
&lt;br /&gt;
=Usage=&lt;br /&gt;
&lt;br /&gt;
Scan a single port&lt;br /&gt;
    nmap -p 22 192.168.1.1&lt;br /&gt;
&lt;br /&gt;
Scan a range of ports&lt;br /&gt;
    nmap -p 1-100 192.168.1.1&lt;br /&gt;
&lt;br /&gt;
Scan 100 most common ports (Fast)&lt;br /&gt;
    nmap -F 192.168.1.1&lt;br /&gt;
&lt;br /&gt;
Scan all 65535 ports&lt;br /&gt;
    nmap -p- 192.168.1.1&lt;br /&gt;
&lt;br /&gt;
Scan a port for all ciphers used&lt;br /&gt;
    nmap --script ssl-enum-ciphers domain.com -p 443&lt;br /&gt;
&lt;br /&gt;
Scan for all devices on network&lt;br /&gt;
    nmap -sn 192.168.0.0/24&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Python&amp;diff=324</id>
		<title>Python</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Python&amp;diff=324"/>
		<updated>2022-03-25T18:58:34Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;Python is a high-level, general-purpose programming language. Its design philosophy emphasizes code readability with the use of significant indentation. Its language construct...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Python is a high-level, general-purpose programming language. Its design philosophy emphasizes code readability with the use of significant indentation. Its language constructs and object-oriented approach aim to help programmers write clear, logical code for small- and large-scale projects.&lt;br /&gt;
&lt;br /&gt;
Python is dynamically-typed and garbage-collected. It supports multiple programming paradigms, including structured (particularly procedural), object-oriented and functional programming. It is often described as a &amp;quot;batteries included&amp;quot; language due to its comprehensive standard library.&lt;br /&gt;
&lt;br /&gt;
Guido van Rossum began working on Python in the late 1980s as a successor to the ABC programming language and first released it in 1991 as Python 0.9.0. Python 2.0 was released in 2000 and introduced new features such as list comprehensions, cycle-detecting garbage collection, reference counting, and Unicode support. Python 3.0, released in 2008, was a major revision that is not completely backward-compatible with earlier versions. Python 2 was discontinued with version 2.7.18 in 2020.&lt;br /&gt;
&lt;br /&gt;
Python consistently ranks as one of the most popular programming languages.&lt;br /&gt;
&lt;br /&gt;
== History ==&lt;br /&gt;
Python was conceived in the late 1980s by Guido van Rossum at Centrum Wiskunde &amp;amp; Informatica (CWI) in the Netherlands as a successor to the ABC programming language, which was inspired by SETL, capable of exception handling and interfacing with the Amoeba operating system. Its implementation began in December 1989. Van Rossum shouldered sole responsibility for the project, as the lead developer, until 12 July 2018, when he announced his &amp;quot;permanent vacation&amp;quot; from his responsibilities as Python's &amp;quot;benevolent dictator for life&amp;quot;, a title the Python community bestowed upon him to reflect his long-term commitment as the project's chief decision-maker. In January 2019, active Python core developers elected a five-member Steering Council to lead the project.&lt;br /&gt;
&lt;br /&gt;
Python 2.0 was released on 16 October 2000, with many major new features. Python 3.0, released on 3 December 2008, with many of its major features backported to Python 2.6.x and 2.7.x. Releases of Python 3 include the 2to3 utility, which automates the translation of Python 2 code to Python 3.&lt;br /&gt;
&lt;br /&gt;
Python 2.7's end-of-life was initially set for 2015, then postponed to 2020 out of concern that a large body of existing code could not easily be forward-ported to Python 3. No further security patches or other improvements will be released for it. With Python 2's end-of-life, only Python 3.6.x and later are supported.&lt;br /&gt;
&lt;br /&gt;
Python 3.9.2 and 3.8.8 were expedited as all versions of Python (including 2.7) had security issues leading to possible remote code execution and web cache poisoning. &lt;br /&gt;
&lt;br /&gt;
== Design philosophy and features ==&lt;br /&gt;
Python is a multi-paradigm programming language. Object-oriented programming and structured programming are fully supported, and many of its features support functional programming and aspect-oriented programming (including by metaprogramming and metaobjects  ). Many other paradigms are supported via extensions, including design by contract and logic programming.&lt;br /&gt;
&lt;br /&gt;
Python uses dynamic typing, and a combination of reference counting and a cycle-detecting garbage collector for memory management. It uses dynamic name resolution (late binding), which binds method and variable names during program execution.&lt;br /&gt;
&lt;br /&gt;
Its design offers some support for functional programming in the Lisp tradition. It has filter,mapandreduce functions; list comprehensions, dictionaries, sets, and generator expressions. The standard library has two modules (itertools and functools) that implement functional tools borrowed from Haskell and Standard ML.&lt;br /&gt;
&lt;br /&gt;
Its core philosophy is summarized in the document The Zen of Python (PEP 20), which includes aphorisms such as:&lt;br /&gt;
&lt;br /&gt;
    Beautiful is better than ugly.&lt;br /&gt;
    Explicit is better than implicit.&lt;br /&gt;
    Simple is better than complex.&lt;br /&gt;
    Complex is better than complicated.&lt;br /&gt;
    Readability counts.&lt;br /&gt;
&lt;br /&gt;
Rather than building all of its functionality into its core, Python was designed to be highly extensible via modules. This compact modularity has made it particularly popular as a means of adding programmable interfaces to existing applications. Van Rossum's vision of a small core language with a large standard library and easily extensible interpreter stemmed from his frustrations with ABC, which espoused the opposite approach.&lt;br /&gt;
&lt;br /&gt;
Python strives for a simpler, less-cluttered syntax and grammar while giving developers a choice in their coding methodology. In contrast to Perl's &amp;quot;there is more than one way to do it&amp;quot; motto, Python embraces a &amp;quot;there should be one—and preferably only one—obvious way to do it&amp;quot; philosophy. Alex Martelli, a Fellow at the Python Software Foundation and Python book author, wrote: &amp;quot;To describe something as 'clever' is not considered a compliment in the Python culture.&amp;quot;&lt;br /&gt;
&lt;br /&gt;
Python's developers strive to avoid premature optimization, and reject patches to non-critical parts of the CPython reference implementation that would offer marginal increases in speed at the cost of clarity. When speed is important, a Python programmer can move time-critical functions to extension modules written in languages such as C; or use PyPy, a just-in-time compiler. Cython is also available, which translates a Python script into C and makes direct C-level API calls into the Python interpreter.&lt;br /&gt;
&lt;br /&gt;
Python's developers aim for it to be fun to use. This is reflected in its name—a tribute to the British comedy group Monty Python—and in occasionally playful approaches to tutorials and reference materials, such as examples that refer to spam and eggs (a reference to a Monty Python sketch) instead of the standard foo and bar.&lt;br /&gt;
&lt;br /&gt;
A common neologism in the Python community is pythonic, which has a wide range of meanings related to program style. &amp;quot;Pythonic&amp;quot; code may use Python idioms well, be natural or show fluency in the language, or conform with Python's minimalist philosophy and emphasis on readability. Code that is difficult to understand or reads like a rough transcription from another programming language is called unpythonic.&lt;br /&gt;
&lt;br /&gt;
Python users and admirers, especially those considered knowledgeable or experienced, are often referred to as Pythonistas. &lt;br /&gt;
&lt;br /&gt;
== Syntax and semantics ==&lt;br /&gt;
Python is meant to be an easily readable language. Its formatting is visually uncluttered, and often uses English keywords where other languages use punctuation. Unlike many other languages, it does not use curly brackets to delimit blocks, and semicolons after statements are allowed but rarely used. It has fewer syntactic exceptions and special cases than C or Pascal.&lt;br /&gt;
&lt;br /&gt;
Python uses whitespace indentation, rather than curly brackets or keywords, to delimit blocks. An increase in indentation comes after certain statements; a decrease in indentation signifies the end of the current block. Thus, the program's visual structure accurately represents its semantic structure. This feature is sometimes termed the off-side rule. Some other languages use indentation this way; but in most, indentation has no semantic meaning. The recommended indent size is four spaces.&lt;br /&gt;
Statements and control flow&lt;br /&gt;
&lt;br /&gt;
Python's statements include:&lt;br /&gt;
&lt;br /&gt;
    The assignment statement, using a single equals sign =&lt;br /&gt;
    The if statement, which conditionally executes a block of code, along with else and elif (a contraction of else-if)&lt;br /&gt;
    The for statement, which iterates over an iterable object, capturing each element to a local variable for use by the attached block&lt;br /&gt;
    The while statement, which executes a block of code as long as its condition is true&lt;br /&gt;
    The try statement, which allows exceptions raised in its attached code block to be caught and handled by except clauses; it also ensures that clean-up code in a finally block is always run regardless of how the block exits&lt;br /&gt;
    The raise statement, used to raise a specified exception or re-raise a caught exception&lt;br /&gt;
    The class statement, which executes a block of code and attaches its local namespace to a class, for use in object-oriented programming&lt;br /&gt;
    The def statement, which defines a function or method&lt;br /&gt;
    The with statement, which encloses a code block within a context manager (for example, acquiring a lock before it is run, then releasing the lock; or opening and closing a file), allowing resource-acquisition-is-initialization (RAII)-like behavior and replacing a common try/finally idiom&lt;br /&gt;
    The break statement, which exits a loop&lt;br /&gt;
    The continue statement, which skips the current iteration and continues with the next&lt;br /&gt;
    The del statement, which removes a variable—deleting the reference from the name to the value, and producing an error if the variable is referred to before it is redefined&lt;br /&gt;
    The pass statement, serving as a NOP, syntactically needed to create an empty code block&lt;br /&gt;
    The assert statement, used in debugging to check for conditions that should apply&lt;br /&gt;
    The yield statement, which returns a value from a generator function (and also an operator); used to implement coroutines&lt;br /&gt;
    The return statement, used to return a value from a function&lt;br /&gt;
    The import statement, used to import modules whose functions or variables can be used in the current program&lt;br /&gt;
&lt;br /&gt;
The assignment statement (=) binds a name as a reference to a separate, dynamically-allocated object. Variables may subsequently be rebound at any time to any object. In Python, a variable name is a generic reference holder without a fixed data type; however, it always refers to some object with a type. This is called dynamic typing—in contrast to statically-typed languages, where each variable may contain only a value of a certain type.&lt;br /&gt;
&lt;br /&gt;
Python does not support tail call optimization or first-class continuations, and, according to van Rossum, it never will. However, better support for coroutine-like functionality is provided by extending Python's generators. Before 2.5, generators were lazy iterators; data was passed unidirectionally out of the generator. From Python 2.5 on, it is possible to pass data back into a generator function; and from version 3.3, it can be passed through multiple stack levels.&lt;br /&gt;
Expressions&lt;br /&gt;
&lt;br /&gt;
Some Python expressions are similar to those in languages such as C and Java, while some are not:&lt;br /&gt;
&lt;br /&gt;
    Addition, subtraction and multiplication are the same, but the behavior of division differs. There are two types of divisions in Python: floor division (or integer division) // and floating-point/division. Python also uses the ** operator for exponentiation.&lt;br /&gt;
    The @ infix operator was introduced in Python 3.5. It is intended to be used by libraries such as NumPy for matrix multiplication.&lt;br /&gt;
    The syntax :=, called the &amp;quot;walrus operator&amp;quot;, was introduced in Python 3.8. It assigns values to variables as part of a larger expression.&lt;br /&gt;
    In Python, == compares by value, versus Java, which compares numerics by value and objects by reference. Python's is operator may be used to compare object identities (comparison by reference), and comparisons may be chained—for example, a &amp;lt;= b &amp;lt;= c.&lt;br /&gt;
    Python uses and, or, and not as boolean operators rather than the symbolic &amp;amp;&amp;amp;, ||, ! in Java and C.&lt;br /&gt;
    Python has a type of expression called a list comprehension, as well as a more general expression called a generator expression.&lt;br /&gt;
    Anonymous functions are implemented using lambda expressions; however, there may be only one expression in each body.&lt;br /&gt;
    Conditional expressions are written as x if c else y (different in order of operands from the c ? x : y operator common to many other languages).&lt;br /&gt;
    Python makes a distinction between lists and tuples. Lists are written as , are mutable, and cannot be used as the keys of dictionaries (dictionary keys must be immutable in Python). Tuples, written as (1, 2, 3), are immutable and thus can be used as keys of dictionaries, provided all of the tuple's elements are immutable. The + operator can be used to concatenate two tuples, which does not directly modify their contents, but produces a new tuple containing the elements of both. Thus, given the variable t initially equal to (1, 2, 3), executing t = t + (4, 5) first evaluates t + (4, 5), which yields (1, 2, 3, 4, 5), which is then assigned back to t—thereby effectively &amp;quot;modifying the contents&amp;quot; of t while conforming to the immutable nature of tuple objects. Parentheses are optional for tuples in unambiguous contexts.&lt;br /&gt;
    Python features sequence unpacking where multiple expressions, each evaluating to anything that can be assigned (to a variable, writable property, etc.) are associated in an identical manner to that forming tuple literals—and, as a whole, are put on the left-hand side of the equal sign in an assignment statement. The statement expects an iterable object on the right-hand side of the equal sign that produces the same number of values as the provided writable expressions; when iterated through them, it assigns each of the produced values to the corresponding expression on the left.&lt;br /&gt;
    Python has a &amp;quot;string format&amp;quot; operator % that functions analogously to printf format strings in C—e.g. &amp;quot;spam=%s eggs=%d&amp;quot; % (&amp;quot;blah&amp;quot;, 2) evaluates to &amp;quot;spam=blah eggs=2&amp;quot;. In Python 2.6+ and 3+, this was supplemented by the format() method of the str class, e.g. &amp;quot;spam={0} eggs={1}&amp;quot;.format(&amp;quot;blah&amp;quot;, 2). Python 3.6 added &amp;quot;f-strings&amp;quot;: blah = &amp;quot;blah&amp;quot;; eggs = 2; f'spam={blah} eggs={eggs}'.&lt;br /&gt;
    Strings in Python can be concatenated by &amp;quot;adding&amp;quot; them (with the same operator as for adding integers and floats), e.g. &amp;quot;spam&amp;quot; + &amp;quot;eggs&amp;quot; returns &amp;quot;spameggs&amp;quot;. If strings contain numbers, they are added as strings rather than integers, e.g. &amp;quot;2&amp;quot; + &amp;quot;2&amp;quot; returns &amp;quot;22&amp;quot;.&lt;br /&gt;
    Python has various string literals:&lt;br /&gt;
        Delimited by single or double quote marks. Unlike in Unix shells, Perl and Perl-influenced languages, single and double quote marks function identically. Both use the backslash (\) as an escape character. String interpolation became available in Python 3.6 as &amp;quot;formatted string literals&amp;quot;.&lt;br /&gt;
        Triple-quoted (beginning and ending with three single or double quote marks), which may span multiple lines and function like here documents in shells, Perl and Ruby.&lt;br /&gt;
        Raw string varieties, denoted by prefixing the string literal with r. Escape sequences are not interpreted; hence raw strings are useful where literal backslashes are common, such as regular expressions and Windows-style paths. (Compare &amp;quot;@-quoting&amp;quot; in C#.)&lt;br /&gt;
    Python has array index and array slicing expressions in lists, denoted as a, a or a. Indexes are zero-based, and negative indexes are relative to the end. Slices take elements from the start index up to, but not including, the stop index. The third slice parameter, called step or stride, allows elements to be skipped and reversed. Slice indexes may be omitted—for example a returns a copy of the entire list. Each element of a slice is a shallow copy.&lt;br /&gt;
&lt;br /&gt;
In Python, a distinction between expressions and statements is rigidly enforced, in contrast to languages such as Common Lisp, Scheme, or Ruby. This leads to duplicating some functionality. For example:&lt;br /&gt;
&lt;br /&gt;
    List comprehensions vs. for-loops&lt;br /&gt;
    Conditional expressions vs. if blocks&lt;br /&gt;
    The eval() vs. exec() built-in functions (in Python 2, exec is a statement); the former is for expressions, the latter is for statements&lt;br /&gt;
&lt;br /&gt;
Statements cannot be a part of an expression—so list and other comprehensions or lambda expressions, all being expressions, cannot contain statements. A particular case is that an assignment statement such as a = 1 cannot form part of the conditional expression of a conditional statement. This has the advantage of avoiding a classic C error of mistaking an assignment operator = for an equality operator == in conditions: if (c = 1) { ... } is syntactically valid (but probably unintended) C code, but if c = 1: ... causes a syntax error in Python.&lt;br /&gt;
&lt;br /&gt;
== Methods ==&lt;br /&gt;
&lt;br /&gt;
Methods on objects are functions attached to the object's class; the syntax instance.method(argument) is, for normal methods and functions, syntactic sugar for Class.method(instance, argument). Python methods have an explicit self parameter to access instance data, in contrast to the implicit self (or this) in some other object-oriented programming languages (e.g., C++, Java, Objective-C, Ruby). Python also provides methods, often called dunder methods (due to their names beginning and ending with double-underscores), to allow user-defined classes to modify how they are handled by native operations including length, comparison, in arithmetic operations and type conversion. &lt;br /&gt;
&lt;br /&gt;
== Typing ==&lt;br /&gt;
&lt;br /&gt;
Python uses duck typing and has typed objects but untyped variable names. Type constraints are not checked at compile time; rather, operations on an object may fail, signifying that it is not of a suitable type. Despite being dynamically-typed, Python is strongly-typed, forbidding operations that are not well-defined (for example, adding a number to a string) rather than silently attempting to make sense of them.&lt;br /&gt;
&lt;br /&gt;
Python allows programmers to define their own types using classes, most often used for object-oriented programming. New instances of classes are constructed by calling the class (for example, SpamClass() or EggsClass()), and the classes are instances of the metaclass type (itself an instance of itself), allowing metaprogramming and reflection.&lt;br /&gt;
&lt;br /&gt;
Before version 3.0, Python had two kinds of classes: old-style and new-style. The syntax of both is the same, the difference being whether the class object is inherited from, directly or indirectly (all new-style classes inherit from object and are instances of type). In versions of Python 2 from Python 2.2 onwards, both kinds of classes can be used. Old-style classes were eliminated in Python 3.0.&lt;br /&gt;
&lt;br /&gt;
The long-term plan is to support gradual typing. From Python 3.5 on, the language's syntax allows specifying static types, but they are not checked in the default implementation, CPython. An experimental optional static type-checker, mypy, supports compile-time type checking. &lt;br /&gt;
&lt;br /&gt;
== Arithmetic operations ==&lt;br /&gt;
&lt;br /&gt;
Python has the usual symbols for arithmetic operators (+, -, *, /), the floor division operator // and the modulo operation % (where the remainder can be negative, e.g. 4 % -3 == -2). It also has ** for exponentiation, e.g. 5**3 == 125 and 9**0.5 == 3.0, and a matrix‑multiplication operator @ . These operators work like in traditional math; with the same precedence rules, the operators infix (+ and - can also be unary to represent positive and negative numbers respectively).&lt;br /&gt;
&lt;br /&gt;
The division between integers produces floating-point results. The behavior of division has changed significantly over time:&lt;br /&gt;
&lt;br /&gt;
    Current Python (i.e. since 3.0) changed / to always be floating-point division, e.g. 5/2 == 2.5.&lt;br /&gt;
    Python 2.2 changed integer division to round towards negative infinity, e.g. 7/3 == 2 and -7/3 == -3. The floor division // operator was introduced. So 7//3 == 2, -7//3 == -3, 7.5//3 == 2.0 and -7.5//3 == -3.0. Adding from __future__ import division causes a module to use Python 3.0 rules for division (see above).&lt;br /&gt;
    Python 2.1 and earlier used C's division behavior. The / operator is integer division if both operands are integers, and floating-point division otherwise. Integer division rounds towards 0, e.g. 7/3 == 2 and -7/3 == -2.&lt;br /&gt;
&lt;br /&gt;
In Python terms, / is true division (or simply division), and // is floor division. / before version 3.0 is classic division.&lt;br /&gt;
&lt;br /&gt;
Rounding towards negative infinity, though different from most languages, adds consistency. For instance, it means that the equation (a + b)//b == a//b + 1 is always true. It also means that the equation b*(a//b) + a%b == a is valid for both positive and negative values of a. However, maintaining the validity of this equation means that while the result of a%b is, as expected, in the half-open interval  when b is negative.&lt;br /&gt;
&lt;br /&gt;
Python provides a round function for rounding a float to the nearest integer. For tie-breaking, Python 3 uses round to even: round(1.5) and round(2.5) both produce 2. Versions before 3 used round-away-from-zero: round(0.5) is 1.0, round(-0.5) is −1.0.&lt;br /&gt;
&lt;br /&gt;
Python allows boolean expressions with multiple equality relations in a manner that is consistent with general use in mathematics. For example, the expression a &amp;lt; b &amp;lt; c tests whether a is less than b and b is less than c. C-derived languages interpret this expression differently: in C, the expression would first evaluate a &amp;lt; b, resulting in 0 or 1, and that result would then be compared with c.&lt;br /&gt;
&lt;br /&gt;
Python uses arbitrary-precision arithmetic for all integer operations. The Decimal type/class in the decimal module provides decimal floating-point numbers to a pre-defined arbitrary precision and several rounding modes. The Fraction class in the fractions module provides arbitrary precision for rational numbers.&lt;br /&gt;
&lt;br /&gt;
Due to Python's extensive mathematics library, and the third-party library NumPy that further extends the native capabilities, it is frequently used as a scientific scripting language to aid in problems such as numerical data processing and manipulation. &lt;br /&gt;
&lt;br /&gt;
== Programming examples ==&lt;br /&gt;
Hello world program:&lt;br /&gt;
&lt;br /&gt;
print('Hello, world!')&lt;br /&gt;
&lt;br /&gt;
Program to calculate the factorial of a positive integer:&lt;br /&gt;
&lt;br /&gt;
n = int(input('Type a number, and its factorial will be printed: '))&lt;br /&gt;
&lt;br /&gt;
if n &amp;lt; 0:&lt;br /&gt;
    raise ValueError('You must enter a non-negative integer')&lt;br /&gt;
&lt;br /&gt;
factorial = 1&lt;br /&gt;
for i in range(2, n + 1):&lt;br /&gt;
    factorial *= i&lt;br /&gt;
&lt;br /&gt;
print(factorial)&lt;br /&gt;
&lt;br /&gt;
== Libraries ==&lt;br /&gt;
&lt;br /&gt;
Python's large standard library, commonly cited as one of its greatest strengths, provides tools suited to many tasks. For Internet-facing applications, many standard formats and protocols such as MIME and HTTP are supported. It includes modules for creating graphical user interfaces, connecting to relational databases, generating pseudorandom numbers, arithmetic with arbitrary-precision decimals, manipulating regular expressions, and unit testing.&lt;br /&gt;
&lt;br /&gt;
Some parts of the standard library are covered by specifications—for example, the Web Server Gateway Interface (WSGI) implementation wsgiref follows PEP 333—but most are specified by their code, internal documentation, and test suites. However, because most of the standard library is cross-platform Python code, only a few modules need altering or rewriting for variant implementations.&lt;br /&gt;
&lt;br /&gt;
As of September 2021, the Python Package Index (PyPI), the official repository for third-party Python software, contains over 329,000 packages with a wide range of functionality.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=IPv6&amp;diff=323</id>
		<title>IPv6</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=IPv6&amp;diff=323"/>
		<updated>2022-03-19T00:14:23Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: /* IPv4 Address representation and interpretation */&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and is intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.&lt;br /&gt;
&lt;br /&gt;
Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available. By 1998, the IETF had formalized the successor protocol. IPv6 uses 128-bit addresses, theoretically allowing 2128, or approximately 3.4×1038 total addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The two protocols are not designed to be interoperable, and thus direct communication between them is impossible, complicating the move to IPv6. However, several transition mechanisms have been devised to rectify this.&lt;br /&gt;
&lt;br /&gt;
IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.&lt;br /&gt;
&lt;br /&gt;
IPv6 addresses are represented as eight groups of four hexadecimal digits each, separated by colons. The full representation may be shortened; for example, 2001:0db8:0000:0000:0000:8a2e:0370:7334 becomes 2001:db8::8a2e:370:7334. &lt;br /&gt;
&lt;br /&gt;
== IPv6 Fundamentals ==&lt;br /&gt;
Explanation of the IPv6 address space and other fundamentals.&lt;br /&gt;
&lt;br /&gt;
The main difference of IPv6 over IPv4 is the extended address space, that is roughly 8*10^28 times larger. The reason for address space extension is caused by the IPv4 address exhaustion that became reality in 2011 when IANA allocated the last block of addresses to a regional address authority.&lt;br /&gt;
&lt;br /&gt;
Every endpoint on the Internet requires a unique IP address to realize point-to-point connections. As of 2014, already more than 10*10^9 devices are connected to the Internet. To bypass the fact that there are not enough IPv4 addresses available, technologies like Network Address Translation (NAT) are used. NAT connects full TCP/IP networks using a single registered IPv4 address to the Internet.&lt;br /&gt;
&lt;br /&gt;
==  IPv4 Address representation and interpretation ==&lt;br /&gt;
&lt;br /&gt;
An IPv4 address is composed of 4 decimal byte values in the so called dot-decimal notation. There are three IPv4 address types (the examples assume a netmask of 255.255.0.0):&lt;br /&gt;
&lt;br /&gt;
Network address: The least significant bytes (depending on the netmask) are 0. Typically not used in real communication. It is used to describe a network address range. &lt;br /&gt;
    10.41.0.0&lt;br /&gt;
&lt;br /&gt;
Broadcast address is used to communicate with all hosts on a network. It can be obtained by performing a bitwise OR operation between the bit complement of the subnet mask and the host's IP address.&lt;br /&gt;
    10.41.255.255&lt;br /&gt;
&lt;br /&gt;
Host address: any address between 10.41.0.1 and 10.41.255.254. Host addresses identify a specific host on an IP network and have to be unique.&lt;br /&gt;
    10.41.0.23&lt;br /&gt;
&lt;br /&gt;
==  IPv6 Address representation and interpretation ==&lt;br /&gt;
An IPv6 address consists of 16 bytes organized in blocks of two bytes separated by : The most significant change in representation is the hexadecimal notation. Example:&lt;br /&gt;
    2002:0a29:0017:0000:0000:ffff:0a29:0017&lt;br /&gt;
&lt;br /&gt;
IPv6 addresses often contain fields of zeros. RFC5952 allows two methods to compress the textual representation to increase readability.&lt;br /&gt;
Zero Compression replaces an arbitrary number of consecutive 16-bit groups of zeros with an additional:&lt;br /&gt;
    2002:0a29:0017::ffff:0a29:0017&lt;br /&gt;
&lt;br /&gt;
Leading zeros within a 16-bit field can be omitted:&lt;br /&gt;
    2002:a29:17::ffff:a29:17&lt;br /&gt;
&lt;br /&gt;
==  IPv6 Address Types ==&lt;br /&gt;
In the following section you will find a list of the various address types used in IPv6. The netIF_SetOption function allows you to change the unicast link-local address and a static address (which will typically a unicast global address).&lt;br /&gt;
&lt;br /&gt;
==  Unicast Global Addresses ==&lt;br /&gt;
IPv6 unicast global addresses are similar to IPv4 public addresses. They are globally routable. The structure of an IPv6 unicast global address creates a three-level topology of public and site information and the local host interface.&lt;br /&gt;
&lt;br /&gt;
==  Unicast site-local addresses (FC80::/48) ==&lt;br /&gt;
IPv6 unicast site-local addresses are similar to IPv4 private addresses. The scope of a site-local address is the intercommunication between subnets on an organization's site.&lt;br /&gt;
&lt;br /&gt;
==  Unicast link-local addresses (FE80::/64) ==&lt;br /&gt;
Addresses in the link-local prefix are only valid and unique on a single link. Within this prefix only one subnet is allocated (54 zero bits), yielding an effective format of fe80::/64. The least significant 64 bits are usually chosen as the interface hardware address constructed in modified EUI-64 format. It can be derived from an Ethernet MAC address.&lt;br /&gt;
&lt;br /&gt;
Unicast loopback address:&lt;br /&gt;
    0:0:0:0:0:0:0:1&lt;br /&gt;
&lt;br /&gt;
==  Neighbor Discovery Protocol and Dynamic Address Assignment ==&lt;br /&gt;
The Neighbor Discovery Protocol (NDP) mainly replaces ARP known from IPv4. The main advantage is that it operates on the ICMP layer and is less dependent on the physical layer.&lt;br /&gt;
&lt;br /&gt;
Rather than using e.g. MAC addresses, NDP uses the link local address. This also allows endpoints to keep router associations even if the global prefix of the network is changed. Link detection is also handled by NDP detecting full or partial link failures or routing failures.&lt;br /&gt;
&lt;br /&gt;
Stateless Address Autoconfiguration (SLAAC) is part of NDP and mostly replaces dynamic address assignment technologies from IPv4 networks like DHCP and Auto-IP. SLAAC assigns the link-local address to an interface and uses this to assign a global IP. Typically this is a unicast address type. Main difference to DHCP is that after a router solicitation (a broadcast on the local network to discover available routers), SLAAC self-assigns an IP address using modified EUI-64. The Duplicate Address Detection tests this new address for duplicates on the network. DHCPv6 can replicate the stateful address assignment trough a single authority on the network to replace or extend SLAAC. It is similar to DHCP on IPv4 networks also advertising additional information like time servers, name servers and bootfile servers which would be missing using SLAAC only.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=IPv6&amp;diff=322</id>
		<title>IPv6</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=IPv6&amp;diff=322"/>
		<updated>2022-03-19T00:13:54Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: Created page with &amp;quot;Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system fo...&amp;quot;&lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion, and is intended to replace IPv4. In December 1998, IPv6 became a Draft Standard for the IETF, which subsequently ratified it as an Internet Standard on 14 July 2017.&lt;br /&gt;
&lt;br /&gt;
Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available. By 1998, the IETF had formalized the successor protocol. IPv6 uses 128-bit addresses, theoretically allowing 2128, or approximately 3.4×1038 total addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The two protocols are not designed to be interoperable, and thus direct communication between them is impossible, complicating the move to IPv6. However, several transition mechanisms have been devised to rectify this.&lt;br /&gt;
&lt;br /&gt;
IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.&lt;br /&gt;
&lt;br /&gt;
IPv6 addresses are represented as eight groups of four hexadecimal digits each, separated by colons. The full representation may be shortened; for example, 2001:0db8:0000:0000:0000:8a2e:0370:7334 becomes 2001:db8::8a2e:370:7334. &lt;br /&gt;
&lt;br /&gt;
== IPv6 Fundamentals ==&lt;br /&gt;
Explanation of the IPv6 address space and other fundamentals.&lt;br /&gt;
&lt;br /&gt;
The main difference of IPv6 over IPv4 is the extended address space, that is roughly 8*10^28 times larger. The reason for address space extension is caused by the IPv4 address exhaustion that became reality in 2011 when IANA allocated the last block of addresses to a regional address authority.&lt;br /&gt;
&lt;br /&gt;
Every endpoint on the Internet requires a unique IP address to realize point-to-point connections. As of 2014, already more than 10*10^9 devices are connected to the Internet. To bypass the fact that there are not enough IPv4 addresses available, technologies like Network Address Translation (NAT) are used. NAT connects full TCP/IP networks using a single registered IPv4 address to the Internet.&lt;br /&gt;
&lt;br /&gt;
==  IPv4 Address representation and interpretation ==&lt;br /&gt;
&lt;br /&gt;
An IPv4 address is composed of 4 decimal byte values in the so called dot-decimal notation. There are three IPv4 address types (the examples assume a netmask of 255.255.0.0):&lt;br /&gt;
&lt;br /&gt;
    Network address: The least significant bytes (depending on the netmask) are 0. Typically not used in real communication. It is used to describe a network address range. &lt;br /&gt;
    10.41.0.0&lt;br /&gt;
&lt;br /&gt;
Broadcast address is used to communicate with all hosts on a network. It can be obtained by performing a bitwise OR operation between the bit complement of the subnet mask and the host's IP address.&lt;br /&gt;
    10.41.255.255&lt;br /&gt;
&lt;br /&gt;
Host address: any address between 10.41.0.1 and 10.41.255.254. Host addresses identify a specific host on an IP network and have to be unique.&lt;br /&gt;
    10.41.0.23&lt;br /&gt;
&lt;br /&gt;
==  IPv6 Address representation and interpretation ==&lt;br /&gt;
An IPv6 address consists of 16 bytes organized in blocks of two bytes separated by : The most significant change in representation is the hexadecimal notation. Example:&lt;br /&gt;
    2002:0a29:0017:0000:0000:ffff:0a29:0017&lt;br /&gt;
&lt;br /&gt;
IPv6 addresses often contain fields of zeros. RFC5952 allows two methods to compress the textual representation to increase readability.&lt;br /&gt;
Zero Compression replaces an arbitrary number of consecutive 16-bit groups of zeros with an additional:&lt;br /&gt;
    2002:0a29:0017::ffff:0a29:0017&lt;br /&gt;
&lt;br /&gt;
Leading zeros within a 16-bit field can be omitted:&lt;br /&gt;
    2002:a29:17::ffff:a29:17&lt;br /&gt;
&lt;br /&gt;
==  IPv6 Address Types ==&lt;br /&gt;
In the following section you will find a list of the various address types used in IPv6. The netIF_SetOption function allows you to change the unicast link-local address and a static address (which will typically a unicast global address).&lt;br /&gt;
&lt;br /&gt;
==  Unicast Global Addresses ==&lt;br /&gt;
IPv6 unicast global addresses are similar to IPv4 public addresses. They are globally routable. The structure of an IPv6 unicast global address creates a three-level topology of public and site information and the local host interface.&lt;br /&gt;
&lt;br /&gt;
==  Unicast site-local addresses (FC80::/48) ==&lt;br /&gt;
IPv6 unicast site-local addresses are similar to IPv4 private addresses. The scope of a site-local address is the intercommunication between subnets on an organization's site.&lt;br /&gt;
&lt;br /&gt;
==  Unicast link-local addresses (FE80::/64) ==&lt;br /&gt;
Addresses in the link-local prefix are only valid and unique on a single link. Within this prefix only one subnet is allocated (54 zero bits), yielding an effective format of fe80::/64. The least significant 64 bits are usually chosen as the interface hardware address constructed in modified EUI-64 format. It can be derived from an Ethernet MAC address.&lt;br /&gt;
&lt;br /&gt;
Unicast loopback address:&lt;br /&gt;
    0:0:0:0:0:0:0:1&lt;br /&gt;
&lt;br /&gt;
==  Neighbor Discovery Protocol and Dynamic Address Assignment ==&lt;br /&gt;
The Neighbor Discovery Protocol (NDP) mainly replaces ARP known from IPv4. The main advantage is that it operates on the ICMP layer and is less dependent on the physical layer.&lt;br /&gt;
&lt;br /&gt;
Rather than using e.g. MAC addresses, NDP uses the link local address. This also allows endpoints to keep router associations even if the global prefix of the network is changed. Link detection is also handled by NDP detecting full or partial link failures or routing failures.&lt;br /&gt;
&lt;br /&gt;
Stateless Address Autoconfiguration (SLAAC) is part of NDP and mostly replaces dynamic address assignment technologies from IPv4 networks like DHCP and Auto-IP. SLAAC assigns the link-local address to an interface and uses this to assign a global IP. Typically this is a unicast address type. Main difference to DHCP is that after a router solicitation (a broadcast on the local network to discover available routers), SLAAC self-assigns an IP address using modified EUI-64. The Duplicate Address Detection tests this new address for duplicates on the network. DHCPv6 can replicate the stateful address assignment trough a single authority on the network to replace or extend SLAAC. It is similar to DHCP on IPv4 networks also advertising additional information like time servers, name servers and bootfile servers which would be missing using SLAAC only.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Mattermost&amp;diff=321</id>
		<title>Mattermost</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Mattermost&amp;diff=321"/>
		<updated>2022-03-14T14:47:17Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;'''Mattermost''' is an open-source, self-hostable online chat service with file sharing, search, and integrations. It is designed as an internal chat for organisations and companies, and mostly markets itself as an open-source alternative to Slack and Microsoft Teams. &lt;br /&gt;
&lt;br /&gt;
== History ==&lt;br /&gt;
&lt;br /&gt;
The code was originally proprietary, as Mattermost was used as an internal chat tool inside SpinPunch, a game developer studio, but was later open-sourced. The 1.0 was released on October 2, 2015.&lt;br /&gt;
&lt;br /&gt;
The project is maintained and developed by Mattermost Inc. The company generates funds by selling support services and additional features that aren't in the open-source edition.&lt;br /&gt;
&lt;br /&gt;
There are desktop clients for Windows, MacOS, and Linux and mobile apps for iOS and Android.&lt;br /&gt;
&lt;br /&gt;
In the media, Mattermost is mostly regarded as an alternative to the more popular Slack. It was also integrated into GitLab as &amp;quot;GitLab Mattermost&amp;quot;, although in 2017 GitLab acquired Gitter, another popular chat tool. In 2021 GitLab sold Gitter. &lt;br /&gt;
&lt;br /&gt;
== Adoption among non-profits ==&lt;br /&gt;
Mattermost was adopted in the tech/non-profit sector that was in need to move away from limitations of corporate services, and praised for its bridging to IRC channels. It has been tested for community use by Wikimedia as Wikimedia Chat on Wikimedia Cloud Services as of late summer 2020.&lt;br /&gt;
&lt;br /&gt;
== Building Mattermost plugins for FreeBSD ==&lt;br /&gt;
&lt;br /&gt;
The Mattermost plugin marketplace does not work in FreeBSD. Every plugin needs to be manually built and installed. Add the following to the Makefile next to similar code:&lt;br /&gt;
&lt;br /&gt;
    cd server &amp;amp;&amp;amp; env GOOS=freebsd GOARCH=amd64 $(GO) build $(GO_BUILD_FLAGS) -o dist/plugin-freebsd-amd64;&lt;br /&gt;
&lt;br /&gt;
Add the following to plugin.json next to similar code under &amp;quot;server&amp;quot; and then &amp;quot;executables&amp;quot;: &lt;br /&gt;
&lt;br /&gt;
    &amp;quot;freebsd-amd64&amp;quot;: &amp;quot;server/dist/plugin-freebsd-amd64&amp;quot;,&lt;br /&gt;
&lt;br /&gt;
If the plugin.json edit did not work, replace whole &amp;quot;server&amp;quot; section with the following: &lt;br /&gt;
&lt;br /&gt;
    &amp;quot;server&amp;quot;: {&lt;br /&gt;
        &amp;quot;executable&amp;quot;: &amp;quot;server/dist/plugin-freebsd-amd64&amp;quot;&lt;br /&gt;
    },&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
	<entry>
		<id>https://wiki.tbpindustries.com/index.php?title=Mattermost&amp;diff=320</id>
		<title>Mattermost</title>
		<link rel="alternate" type="text/html" href="https://wiki.tbpindustries.com/index.php?title=Mattermost&amp;diff=320"/>
		<updated>2022-03-14T14:43:39Z</updated>

		<summary type="html">&lt;p&gt;Goldbolt: &lt;/p&gt;
&lt;hr /&gt;
&lt;div&gt;'''Mattermost''' is an open-source, self-hostable online chat service with file sharing, search, and integrations. It is designed as an internal chat for organisations and companies, and mostly markets itself as an open-source alternative to Slack and Microsoft Teams. &lt;br /&gt;
&lt;br /&gt;
== History ==&lt;br /&gt;
&lt;br /&gt;
The code was originally proprietary, as Mattermost was used as an internal chat tool inside SpinPunch, a game developer studio, but was later open-sourced. The 1.0 was released on October 2, 2015.&lt;br /&gt;
&lt;br /&gt;
The project is maintained and developed by Mattermost Inc. The company generates funds by selling support services and additional features that aren't in the open-source edition.&lt;br /&gt;
&lt;br /&gt;
There are desktop clients for Windows, MacOS, and Linux and mobile apps for iOS and Android.&lt;br /&gt;
&lt;br /&gt;
In the media, Mattermost is mostly regarded as an alternative to the more popular Slack. It was also integrated into GitLab as &amp;quot;GitLab Mattermost&amp;quot;, although in 2017 GitLab acquired Gitter, another popular chat tool. In 2021 GitLab sold Gitter. &lt;br /&gt;
&lt;br /&gt;
== Adoption among non-profits ==&lt;br /&gt;
Mattermost was adopted in the tech/non-profit sector that was in need to move away from limitations of corporate services, and praised for its bridging to IRC channels. It has been tested for community use by Wikimedia as Wikimedia Chat on Wikimedia Cloud Services as of late summer 2020.&lt;/div&gt;</summary>
		<author><name>Goldbolt</name></author>
		
	</entry>
</feed>