Read more...
AWS DynamoDB forum
Efficiency considerations:
+ FilterExpressions are executed one the items are returned.
Example Code:
Complete example, stackoverflow
Building a Mars Rover Application with DynamoDB
Two videos, you will find some solutions there if you really want to make it right [source]:
https://www.youtube.com/watch?v=HaEPXoXVf2k
https://www.youtube.com/watch?v=DIQVJqiSUkE
Sodium-Plus references, notes
Sodium-Plus: A Positive Cryptography Experience for JavaScript Developers
Message Encryption in JavaScript and PHP
Improving the Cryptography of the JavaScript Ecosystem
Libsodium Quick Reference on Dev.to
Scott Arciszewski articles on Dev.to
Security and Cryptography Mistakes You Are Probably Doing All The Time
https://download.libsodium.org/doc/
Cryptography Terms and Concepts for Developers | Comparison of Cryptography Libraries
Cryptographic tutorial using libsodium and javascript
2018 Guide to Building Secure PHP Software
Article on libsodium with Scott Arciszewski, on Twitter as CiPHPerCoder
Libsodium jedisct1 |
Using Libsodium in PHP Projects |
Libsodium quick reference | Official Libsodium docs | Libsodium Functions and Constants | How to install Libsodium on Php 7 in Windows
Libsodium documentation
How to get Libsodium to work on Xampp 7.2+ | Docs on github
Random strings and ints in PHP using sodium
Javascript sodium: 1 | 2 | low-level API |
___
PyNaCl: Python binding to the libsodium library — PyNaCl 1.3.0 documentation
How to use HMAC: Using Encryption and Authentication Correctly (for PHP developers) | PHP, Simplest Two Way Encryption and How to encrypt/decrypt data in php? [source]
Php hmac example: https://secure.php.net/manual/en/function.openssl-encrypt.php#refsect1-function.openssl-encrypt-examples
After encrypting a MAC (message authentication code) is computed over the ciphertext and stored. This MAC should be recomputed before decrypting the ciphertext, and if it does not match the stored MAC then the ciphertext has been modified and is invalid.
Php encryption: https://github.com/defuse/php-encryption
How to make Php openssl encryption compatible with command line openssl
https://secure.php.net/manual/en/function.openssl-encrypt.php#104438
Commandline openssl enc by default does password-based encryption — the supplied 'password' is not used as the key, but is instead run through a (rather poor) derivation function to produce the actual key (also IV for cipher modes that use one). The third argument of PHP openssl_encrypt is the key. You can give enc the actual key instead of a password by using -K (uppercase, not -k) with the key in hex. When using this option you also need to provide the IV explicitly with -iv and hex if the cipher mode requires it, but ECB doesn't. [source]
PS: if you don't set OPENSSL_RAW_DATA, openssl_encrypt does base64 for you.
You should ALWAYS use unique IV's every time you encrypt, and they should be random. If you cannot guarantee they are random, use OCB as it only requires a nonce, not an IV, and there is a distinct difference. A nonce does not drop security if people can guess the next one, an IV can cause this problem. [source] The source explains the difference between CCM, OCB, and GCM.
Openssl wiki: https://wiki.openssl.org/index.php/Enc
Don't use password as an encryption key; how to create encryption key in PHP and other encryption details; use authenticated encryption | Password storage cheat sheet; very good
Recommended # of iterations when using PKBDF2-SHA256
___
Painless password hash upgrades | Password storage cheat sheet
git-remote-gcrypt | git-crypt | git-secret
curl cheat.sh/find | curl https://cheat.sh/find | bash alias: function ct { curl cheat.sh\/"$1"; } | on github |
Cheat sheets: muo Vim | vim | tldr simpler man pages | find | awk | awk quickref | htg awk | sed | sed, htg | 13 CLI cmds | dig | netstat cmds | html |
ls -Al | tr -s ' ' | cut -f9- -d' ' (list just file and folder names; -R for dir recursion)
comm -12 <(sort file1.txt) <(sort file2.txt) find common lines in two files
cat papers_to_read.htm | sort | cut -c 1-50 | uniq -d (find duplicate lines)
gpg --output outfile.gpg --symmetric --cipher-algo AES256 file.ext | gpg -o original_file.txt -d file.txt.gpg |
history -c
chmod --reference=reference_file file | chown --reference=reference_file file |
sudo systemctl -a | sudo systemctl --state active |
sudo cp -p pedit.html blogview.html cp -rp doc | sudo chmod/chown --reference=f f1 [f2 f3] |
grep -Eri '(Redirect|RewriteRule)' /etc/apache2/
host ipaddr|domain (Cloud Shell: get ip addr for domain or domain for ip addr, etc)
find /tmp -type f -name ".htaccess" -exec grep -EHi '(Redirect|RewriteRule)' {} \;
find . -maxdepth 1 -type f -name "*.md" -exec ls -al {} \; |
whatis | free | find . -type f -perm 777 -exec chmod 644 {} \; |
sudo apache2ctl -M (show all loaded modules)
sudo apache2ctl -D DUMP_RUN_CFG | sudo apache2ctl -D DUMP_VHOSTS
sudo apache2ctl -S (show parsed VHost settings) | sudo apachectl -t (apache config test)
journalctl -u ssh.service | journalctl -u network.service | journalctl article |
faillog
netstat -tulpn | netstat -npl
tar -cvzf archive-name.tar.gz directory-name | tar -C /diff-folder -xvf yourfile.tar to extract to a different directory |
curl http://ipv4.icanhazip.com or curl http://icanhazip.com` or curl http://ip.fossdaily.xyz | curl --ssl | curl --insecure | curl -I http://domain.com (headers info) |
wget --no-check-certificate
zgrep -E "^(Remove:|Purge)" /var/log/apt/history.log*
sudo iptables -L -nv --line-numbers | sudo iptables-restore < /etc/iptables/rules.v4 |
lastlog | last
install pkgs “kept back”: sudo apt-get dist-upgrade | sudo apt-get --with-new-pkgs upgrade |
apt list --installed | grep " installed" /var/log/dpkg.log (also log.1) | apt show <pkg> |
sudo -u www-data php occ app:list
sudo systemctl list-unit-files | sudo systemctl list-unit-files | grep -i docker |
sudo systemctl | grep running (list running services)
sudo systemctl list-unit-files | grep enabled (list enabled services)
apt-cache search php7.3
dpkg-query -L <package name> (list files in package)
zip -d gallery.zip "picture_43_9.jpg" (delete file from zip, note zip goes first, followed by file)
netstat -plane | grep :80 | awk '{print $5}' | grep -Eo '([0-9]{1,3}\.){3}[0-9]{1,3}'| sort | uniq -c | sort -n conn port 80
perl -pi -e 's,RoseHosting,BestManagedVPS' file.php Replace all string instances w/o opening file w text editor
find /home -type d -perm -o+w -exec ls -ld {} \; find world-writable directories in /home
sed -e "s/\r//g" file > newfile remove newline chars from file
sed -i 's/search/repace/g' *.php replace string in all specified files
sudo sshd -T | sudo systemctl reload ssh.service | /etc/ssh/sshd_config | ssh security hardening |
sudo lshw
df -h | df -T
systemctl list-unit-files --type=service
systemctl list-dependencies graphical.target
apt list --installed
apt purge <unneeded package>
sudo apt autoremove | sudo apt autoclean
id <username>
timedatectl | Bash date to/from unix epoch time: date +%s | date -d @<unix epoch time> |
hostnamectl status
lsb_release -a | cat /proc/version |
gcloud info | gcloud version |
Windows: netstat | findstr ESTABLISHED
Replace string recursively with find and sed
Remove all dpkg rc residual packages
delete every line until PATTERN, that line included: cat index.html | sed '1,/body onload/d'
print (p) from the first line matching PATTERN to the end ($): cat index.html | sed -n '/body onload/,$p'
Which Linux distro is running: cat /etc/*-release
text processing in the shell
dpkg queries:
-l, --list package-name-pattern...
List packages matching given pattern.
-s, --status package-name...
Report status of specified package.
-L, --listfiles package-name...
List files installed to your system from package-name.
-S, --search filename-search-pattern...
Search for a filename from installed packages.
-p, --print-avail package-name...
On debian/ubuntu, use instead: apt-cache show package-name
Display details about package-name, as found in /var/lib/dpkg/available.
Detaching and Reattaching GCE Boot Disks Previously, boot disks were permanently attached to their VM instances. Now you can detach boot disks from your instance. This feature simplifies the process for repairing boot disks by allowing you to mount them to another instance without deleting your original instance. Additionally, you can replace boot disks for an instance rather than recreate the entire VM instance.
debian.org doc: upgrading from debian 9
https://serverfault.com/questions/993081/policy-to-upgrade-os-images-in-google-gce?r=SearchResults
https://cloud.google.com/compute/docs/images/install-guest-environment#update-guest
https://groups.google.com/forum/#!searchin/gce-discussion/upgrade$20to$20debian$2010%7Csort:date
Differences from standard debian images
How to upgrade Debian linux distro, 8 jessie to 9 stretch
ArsTechnica article on Debian 10
Migrate Persistence Disk from one project to another
Image Family End mainstream support, deprecation date
Debian 9 (Stretch) July 2020
Create a snapshot before upgrading, restore snapshot to new instance and try to upgrade it to Debian 10; if all looks good, update f1-micro
Restoring and deleting persistent disk snapshots | Create a VM instance from a snapshot |
$ sudo systemctl list-unit-files | grep google | grep enabled
google-accounts-daemon.service enabled
google-clock-skew-daemon.service enabled
google-instance-setup.service enabled
google-network-daemon.service enabled
google-shutdown-scripts.service enabled
google-startup-scripts.service enabled
thedevx@f1-micro:/var/www/html/tips$ apt list --installed | grep google-compute
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
google-compute-engine/google-compute-engine-stretch-stable,now 1:20190916.00-g2 all [installed]
google-compute-engine-oslogin/google-compute-engine-stretch-stable,now 1:20191014.00-g1+deb9 amd64 [installed,automatic]
python-google-compute-engine/google-compute-engine-stretch-stable,now 1:20191120.00-g1 all [installed]
python3-google-compute-engine/google-compute-engine-stretch-stable,now 1:20191120.00-g1 all [installed]
nftables Replaces iptables for Packet Filtering
In Debian Buster the iptables subsystem is replaced by nftables, a newer packet filtering system with improved syntax, streamlined ipv4/ipv6 support, and built-in support for data sets such as dictionaries and maps. You can read a more detailed list of differences on the nftables wiki.
Compatibility with existing iptables scripts is provided by the iptables-nft command. The nftables wiki also has advice on transitioning from iptables to nftables. [source]
ScraPy | Use ScraPy to Build a Basic Web Crawler to Pull Information From a Website |
What to do with 2nd Oracle free tier Compute Instance? nginx?
Apache Guacamole Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. We call it clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
https://www.mapbox.com/
Add ubuntu to www-data group
markdown editor | stack editor | use pdlist with parsedown? |
Setup gce apache2 as reverse proxy to serve content from oci as backend server, or vice versa
Examples: JCoyle | DO1 | netnea |
Apache proxy server in addition to web server
Install python3-pip on oci: apt search python3-pip
1If Apache serves both HTTP/HTTPS, your reverse proxy configuration must be placed in both the HTTP and HTTPS virtual hosts. Examples cover reverse proxying both single and multiple backend servers. Also see the python flask possibilities in that article.
Try Hugo Learn theme on new blog
SourceHut
Setup Google Cloud Source Git Repositories
Look at all the reverse proxy ideas
Reverse proxy for localhost security
Tried But Decided Against
Learn Hugo and create test blog with K8spin
Look into KubeSail free tier: KubeSail | Cloud hosting as easy as Heroku, as powerful as AWS
Free, Automatic HTTPS for Every Application. A basic Ingress object which creates a web-accessible site using your free *.kubesail.io domain. You can now check your Certificates with kubectl get certificates! This cert will automatically be used and HTTPS should “just work”!