Windows: Track which application establish connectiion using cmd

To find out establish connection and its id process use netstat -no and find
D:\>netstat -no | find "EST"
  TCP    127.0.0.1:61319        127.0.0.1:61320        ESTABLISHED     2636
  TCP    127.0.0.1:61320        127.0.0.1:61319        ESTABLISHED     2636
  TCP    127.0.0.1:61321        127.0.0.1:61322        ESTABLISHED     11224
  TCP    127.0.0.1:61322        127.0.0.1:61321        ESTABLISHED     11224
  TCP    127.0.0.1:61324        127.0.0.1:61325        ESTABLISHED     5016
  TCP    127.0.0.1:61325        127.0.0.1:61324        ESTABLISHED     5016
  TCP    127.0.0.1:61329        127.0.0.1:61330        ESTABLISHED     5920
  TCP    127.0.0.1:61330        127.0.0.1:61329        ESTABLISHED     5920
  TCP    127.0.0.1:61343        127.0.0.1:61344        ESTABLISHED     4524
  TCP    127.0.0.1:61344        127.0.0.1:61343        ESTABLISHED     4524
  TCP    192.168.0.108:60442    52.230.84.0:443        ESTABLISHED     3140
  TCP    192.168.0.108:61323    139.193.253.91:80      ESTABLISHED     2636
  TCP    192.168.0.108:61331    216.239.38.120:443     ESTABLISHED     2636
  TCP    192.168.0.108:61341    172.217.194.95:443     ESTABLISHED     2636
  TCP    192.168.0.108:61355    74.125.200.101:443     ESTABLISHED     2636
  TCP    192.168.0.108:61356    172.217.194.17:443     ESTABLISHED     2636
  TCP    192.168.0.108:61357    172.217.194.84:443     ESTABLISHED     2636
  TCP    192.168.0.108:61360    172.217.194.132:443    ESTABLISHED     2636
  TCP    192.168.0.108:61365    74.125.200.139:80      ESTABLISHED     2636
  TCP    192.168.0.108:61372    74.125.68.94:443       ESTABLISHED     2636
  TCP    192.168.0.108:61375    74.125.130.113:443     ESTABLISHED     2636
  TCP    192.168.0.108:61385    74.125.24.94:443       ESTABLISHED     2636
  TCP    192.168.0.108:61386    74.125.24.17:443       ESTABLISHED     2636
  TCP    192.168.0.108:61387    172.217.194.94:443     ESTABLISHED     2636
To find out which application for parcular id use tasklist -v and find
D:\>tasklist /v | find "2636"
firefox.exe                   2636 Console                   17    258,080 K Running         [pc]\[username]                                       0:00:34 Articles: New - Garasiku - Administration - Mozilla Firefox
Firefox accessing internet using local port 2636.

Windows 10: Disable Windows Defender Real-time Protection

Sometimes, we need to turn off Windows Defender Real-time protection. In my experience, this software may cause some error to run Android Emulator such as BigNox. To disable Windows Defender Real-time protection do these steps:

1. Run Windows PowerShell as administrator
2. execute set-mppreference -DisableRealtimeMonitoring 1

Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\WINDOWS\system32> set-mppreference -DisableRealtimeMonitoring 1
PS C:\WINDOWS\system32>
In Windows registry it will create
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection -> DisableRealtimeMonitoring REG_DWORD 1
To disable permanently you can use regedit as steps below:

1. Create key Real-Time Protection under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\
2. Create Dword DisableRealtimeMonitoring 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\

It will locked option in Real-time Protection "This setting is managed by your administrator".
Tested on Windows 10 Version 10.0.17134 Build 17134
References:
https://www.tenforums.com/tutorials/3569-turn-off-windows-defender-real-time-protection-windows-10-a.html

Debian Stretch: Scanner and Sane

For old scanner like my Umax 3450, it is impossible to get windows x64 driver. Its driver only available for windows 32. Manufacture refuse to build windows x64 driver.
But it does not matter in Linux in my case Debian. It will available in both Debian x64 and x32.

To list your scanner detected by Debian

# lsusb
Bus 001 Device 003: ID 0408:0f21 Quanta Computer, Inc.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 002: ID 18e8:6260 Qcom
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 004: ID 1606:0060 Umax Astra 3400/3450
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

Use Sane to detect your scanner

# sane-find-scanner

  # sane-find-scanner will now attempt to detect your scanner. If the
  # result is different from what you expected, first make sure your
  # scanner is powered up and properly connected to your computer.

  # No SCSI scanners found. If you expected something different, make sure that
  # you have loaded a kernel SCSI driver for your SCSI adapter.

found USB scanner (vendor=0x1606 [UMAX], product=0x0060 [USB SCANNER], chip=LM9832/3) at libusb:002:004
  # Your USB scanner was (probably) detected. It may or may not be supported by
  # SANE. Try scanimage -L and read the backend's manpage.

  # Not checking for parallel port scanners.

  # Most Scanners connected to the parallel port or other proprietary ports
  # can't be detected by this program.

To list available scanner to use

# scanimage -L
device `plustek:libusb:002:004' is a UMAX 3450 flatbed scanner

To use your default scanner to scan image

# scanimage >image.pnm

or use XSane to use your scanner

References:

• https://wiki.debian.org/Scanner

Debian Stretch: SD Card and Micro SD Card on Adapter

To find SD Card:

Way 1:

# df -l
Filesystem     1K-blocks    Used Available Use% Mounted on
...
/dev/mmcblk0p1   1923388  726864   1196524  38% /media/dedetok/AC20-AD23

Way 2:

# parted -l
....
Model: SD 00000 (sd/mmc)
Disk /dev/mmcblk0: 7888MB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:
Number  Start   End     Size    Type     File system  Flags
1      1049kB  7888MB  7887MB  primary  fat32        boot, lba

Way 3:

# fdisk -l
...
Disk /dev/mmcblk0: 7.4 GiB, 7888437248 bytes, 15407104 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x00000000
Device         Boot Start      End  Sectors  Size Id Type
/dev/mmcblk0p1 *     2048 15407103 15405056  7.4G  c W95 FAT32 (LBA)

To Format your SD Card

Format SD Card VFAT
1. Umount SD Card
# umount /dev/mmcblk0p1
2. Format SD Card vfat format
# mkfs.vfat /dev/mmcblk0p1

Tested on Debian 9.4 x64

Windows 10: Active Legacy DirectPlay

1. Go  to "Control Panel" -> "Programs and Features" and click "Turn Windows feature On or Off"
2. Check on "Legacy Components" -> "DirectPlay"

Windows 10: enabling Windows Photo Viewer

Here is registry script to enable Windows Photo Viewer on Windows 10

Windows Registry Editor Version 5.00

; Created by: Shawn Brink
; Created on: August 8th 2015
; Updated on: November 15th 2017
; Tutorial: https://www.tenforums.com/tutorials/14312-restore-windows-photo-viewer-windows-10-a.html


[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open]
"MuiVerb"="@photoviewer.dll,-3043"

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\Applications\photoviewer.dll\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap]
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
  00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
  65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,36,00,00,\
  00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-70"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Bitmap\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
  00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
  65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
  00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open]
"MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
  72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
  00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.JFIF\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
  00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
  65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,35,00,00,\
  00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-72"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open]
"MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
  72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
  00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Jpeg\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif]
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
  00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
  65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
  00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-83"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Gif\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png]
"ImageOptionFlags"=dword:00000001
"FriendlyTypeName"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,\
  00,46,00,69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,\
  77,00,73,00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,\
  00,65,00,72,00,5c,00,50,00,68,00,6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,\
  65,00,72,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,35,00,37,00,00,\
  00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\DefaultIcon]
@="%SystemRoot%\\System32\\imageres.dll,-71"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Png\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp]
"EditFlags"=dword:00010000
"ImageOptionFlags"=dword:00000001

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\DefaultIcon]
@="%SystemRoot%\\System32\\wmphoto.dll,-400"

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open]
"MuiVerb"=hex(2):40,00,25,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,\
  69,00,6c,00,65,00,73,00,25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,\
  00,20,00,50,00,68,00,6f,00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,\
  72,00,5c,00,70,00,68,00,6f,00,74,00,6f,00,76,00,69,00,65,00,77,00,65,00,72,\
  00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,33,00,30,00,34,00,33,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\PhotoViewer.FileAssoc.Wdp\shell\open\DropTarget]
"Clsid"="{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"

[HKEY_CLASSES_ROOT\SystemFileAssociations\image\shell\Image Preview\command]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,72,00,75,00,\
  6e,00,64,00,6c,00,6c,00,33,00,32,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,\
  00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,46,00,69,00,6c,00,65,00,73,00,\
  25,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,50,00,68,00,6f,\
  00,74,00,6f,00,20,00,56,00,69,00,65,00,77,00,65,00,72,00,5c,00,50,00,68,00,\
  6f,00,74,00,6f,00,56,00,69,00,65,00,77,00,65,00,72,00,2e,00,64,00,6c,00,6c,\
  00,22,00,2c,00,20,00,49,00,6d,00,61,00,67,00,65,00,56,00,69,00,65,00,77,00,\
  5f,00,46,00,75,00,6c,00,6c,00,73,00,63,00,72,00,65,00,65,00,6e,00,20,00,25,\
  00,31,00,00,00

[HKEY_CLASSES_ROOT\SystemFileAssociations\image\shell\Image Preview\DropTarget]
"{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A}"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities]
"ApplicationDescription"="@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3069"
"ApplicationName"="@%ProgramFiles%\\Windows Photo Viewer\\photoviewer.dll,-3009"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Photo Viewer\Capabilities\FileAssociations]
".jpg"="PhotoViewer.FileAssoc.Jpeg"
".wdp"="PhotoViewer.FileAssoc.Wdp"
".jfif"="PhotoViewer.FileAssoc.JFIF"
".dib"="PhotoViewer.FileAssoc.Bitmap"
".png"="PhotoViewer.FileAssoc.Png"
".jxr"="PhotoViewer.FileAssoc.Wdp"
".bmp"="PhotoViewer.FileAssoc.Bitmap"
".jpe"="PhotoViewer.FileAssoc.Jpeg"
".jpeg"="PhotoViewer.FileAssoc.Jpeg"
".gif"="PhotoViewer.FileAssoc.Gif"
".tif"="PhotoViewer.FileAssoc.Tiff"
".tiff"="PhotoViewer.FileAssoc.Tiff"

Copy paste into notepad, save it to file with .reg extension and merge it.
References:

• https://www.tenforums.com/tutorials/14312-restore-windows-photo-viewer-windows-10-a.html

Joomla: hardening your joomla using build-in text filter

Requirement:

• Joomla 3.8 or later.

Never trust any input event from user. You need to sanitize any input to your Joomla system. Here the easy steps:

• Go to "System" -> "Global Configuration", open "Text Filter"
• Change all "Filter Type" to "Default Blacklist"
• Done

Tested on Joomla 3.8.10.
Thanks to mrkronkz or mr kronkz or woyname<at>gmail.com or what ever to log your attack into my system :D.

Handbrake: downgrade 0.98GB Video to 9.89MB Video

Handbrake version: 1.1 (https://handbrake.fr)

Original:

• Resolution 1920x1080
• Audio Bit rate 317kbps Stereo
• file size 0.98GB

Result:

• Resolution 240x128
• Audio Bit rate 32kbps mono
• file size 9.89MB

The steps are:

1. Open original video file 
2. In "Presets" choose "Devices" -> "Apple240p30"
3. In tab Summary change:
   1. Web Optimized -> checked
   2. Align A/V Start
4. In tab Dimensions change:
   1. Dimension: 240x128
   2. Keep Aspect Ratio: checked
5. In tab Video change:
   1. Video codec H.264
   2. Framerate: 20
   3. Constant Quality: 18
6. In tab Audio change:
   1. Bitrate: 64 
   2. Mixdown: Mono
7. And last one fill output file name in "Set Save As:"
8. Then click "Start Encode", wait until it finish. It may take some  times.

Android Studio 3.1.3: fix warning compile, androidTestCompile and testCompile

Fix Warning:

1. Configuration 'compile' is obsolete and has been replaced with 'implementation'
2. Configuration 'androidTestCompile' is obsolete and has been replaced with 'androidTestImplementation'
3. Configuration 'testCompile' is obsolete and has been replaced with 'testImplementation'

My Android studio:

• Android Studio 3.1.3
• buildToolsVersion "28.0.0"
• Compile Target SDK 28 / min SDK 17

Open Project -> Gradle Scripts -> build-gradle (Module: app)

1. Change 'compile' to 'implementation'
2. Change 'androidTestCompile' to 'androidTestImplementation'
3. Change 'testCompile' to 'testImplementation'

For exmaple my previous

android {

    compileSdkVersion 27

    buildToolsVersion "27.0.3"

    defaultConfig {

        minSdkVersion 17

        targetSdkVersion 27

...

dependencies {

    compile fileTree(dir: 'libs', include: ['*.jar'])

    androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {

        exclude group: 'com.android.support', module: 'support-annotations'

    })

    compile 'com.android.support:appcompat-v7:26.+'

    compile 'com.android.support.constraint:constraint-layout:1.0.2'

    testCompile 'junit:junit:4.12'

    compile 'org.jsoup:jsoup:+'

    compile 'com.google.android.gms:play-services-ads:11.2.2'

}

After update

android {

    compileSdkVersion 28

    buildToolsVersion "28.0.0"

    defaultConfig {

        minSdkVersion 17

        targetSdkVersion 28

...

dependencies {

    implementation fileTree(dir: 'libs', include: ['*.jar'])

    androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'

    implementation 'com.android.support:appcompat-v7:27.+'

    implementation 'com.android.support.constraint:constraint-layout:1.1.2'

    testImplementation 'junit:junit:4.12'

    androidTestImplementation 'com.android.support.test:runner:1.0.2'

    implementation 'com.google.android.gms:play-services-ads:15.0.1'

} 

You may need to change "Gradle Scripts" -> "build.gradle (Project:[your_project_name])"

buildscript {

    repositories {

        jcenter()

        google() 

    }

    dependencies {

        classpath 'com.android.tools.build:gradle:3.1.3'

        // NOTE: Do not place your application dependencies here; they belong

        // in the individual module build.gradle files

    }

}

Move/Restore Joomla site to a new server using Kickstart 5.4.2

Tested on Joomla 3.8.3 and Kickstart 5.4.2.
Note: you don't need to install Joomla first, Kickstart will extract your Joomla.
Required:

1. previous back up using Akeeba Backup for Joomla (jpa or zip file)
2. MySQL user and password
3. Read/write permission on web root

Here are the steps:

1. Download Akeeba Kickstart from https://www.akeebabackup.com/products/akeeba-kickstart.html. Kickstart contains kickstart.php and its supporting files.
2. Upload and extract Kickstart to your previoes Joomla root for example upload and extract kickstart-core-5.4.2.zip into [your_home]/public_html/joomla.
3. Upload your backup files to your web root for example upload site-garasiku.web.id-20180104-031734utc.jpa into [your_home]/public_html/joomla. It may take time, depends on your connection speed.
4. From your browser open URL http://[your_site]/joomla/kickstart.php and click "Click here or press ESC to close this message".
5. Fill form
   1. Archive file: [your jpa/jps files] e.q. [your_home]/public_html/site-garasiku.web.id-20180104-031734utc.jpa
   2. Temporary directory: [your_ftp_temp_folder] e.q. [your_home]/public_html/tmp
6. Click "Start" to start extracting your Joomla site backup and click "Run Installer" to reinstall and configure your Joomla site.
7. It will open ANGIE – Akeeba Next Generation Installer Engine v.5.6.3 in a new tab. Click "Next".
8. Fill your MySQL access
   1. Database server host name: localhost [Note: check your hosting provider]
   2. User name:    [your MySQL user]
   3. Password:    [your MySQL user password]
   4.  Database Name:    [your MySQL database name]
9. To continue click "Next", It will give a warning, you may click "Ok" or "Cancel".
10. If Success, click "Next Step".
11. It will restore your configuration files. Update your preferences if you wish, and fill your Joomla administrator password.
12. Click "Next" to finish configuration. It will ask your to clean up your Kickstart. It will clean
    1. Kickstart files
    2. folder Installation
13. Done and conguratulation!  

REMOVE your JPA/JPS  files from public_html!

Additional Option to change Akeeba backup folder

1. Create folder for example akeebabackup on your home directory for example [your_home]/akeebabackup.
2. Open your Joomla Administrator page and update Joomla system if necessary.
3. "Components -> Akeeba Backup" in "Basic Operation" select "Configuration".
4. Change Output Directory into your akeebabackup folder for example /home/example/akeebabackup
5. To change non default backup schema, under "Components -> Akeeba Backup" in "Basic Operation" select "Profiles Management"

Reference:
https://www.akeebabackup.com/videos/1212-akeeba-backup-core/1618-abtc04-restore-site-new-server.html

Connecting domain to web hosting from 2 different provider

I have domain registar in at Indosatm2. After my sponsor refuse to fix the server, I decided to hosting my web on web hosting. After searching web hosting, I choose masterweb for web hosting.
The problem arrise how to connect my domain to web hosting. After searching some information, here is how I do that.

1. At web hosting, find out name server for your web hosting. If you can not find them, issue ticket to ask name server for your web hosting.
2. Login into your domain registar.
3. Go to Manage your domain for example garasiku.web.id.
4. Select "Name Server" and use "Use custom nameservers (enter below)"
5. You need at least 2 name server.
   1. Nameserver 1: [Nameserver_from_web_hosting]
   2. Nameserver 2: [Nameserver_from_web_hosting]
   3. Nameserver 3...etc: [optional]
6. Make sure "Registar Lock" is disable to make it easy to transfer from domain registar provideer to web hosting provider.
7. Go to "DNS Management" and fill Hostname, Record type "A" and IPv4 address. For eample
   1. Host Name: garasiku.web.id
   2. Record Type: A
   3. Address: [xx.xx.xx.xx]
8. It takes time to propagate your domain about 24 hours. In my case it took about 6-8 hours. You may check using nslookup your domain points to your web hosting.
9. Done.

Mengganti kartu Sim Indosat lama dengan Kartu SIM Nano Indosat/Ooredoo 4G/LTE

Pastikan nomor SIM-nya terdaftar sesuai data diri di-KTP anda.

Untuk mengeceknya, gunakan URL https://myim3.indosatooredoo.com/registration/index.

Bila anda memerlukan penyesuaian data diri, lakukan dengan mengirimkan SMS ke-4444 dengan format:
ULANG#[no_ktp]#[no_kk]#
tanpa tanda [], contoh ULANG#1234567890123456#1234567890123456#.
Anda akan menerima SMS jawaban "Terima kasih nomor Anda telah BERHASIL diregistrasi ulang". Catatan: hanya berlaku untuk eKTP.

Selanjutnya, siapkan copy KTP dan KK untuk melakukan penggantian Kartu SIM Indosat lama dengan Kartu SIM Nano Indosat/Ooredoo 4G/LTE di-Gerai Indosat/Ooredoo terdekat. Jam operasional gerai 8:00 s/d 20:00, Senin s/d Sabtu.

Petugas akan melakukan validasi data diri anda dan memberikan Kartu SIM Nano Indosat/Ooredoo 4G/LTE. Petugas akan menyampaikan bahwa kartu SIM baru anda baru bisa digunakan 1 jam kemudian dan menginstruksikan agar kartu lama dimatikan/tidak digunakan.

Setelah 2 jam (disuruhnya sih 1 jam), viola, Kartu SIM Nano Indosat/Ooredoo 4G/LTE sudah bisa digunakan tanpa kendala.

Anda juga akan merima pesan SMS "Kartu SIM Anda berhasil diganti, Terima kasih!" dan "Pelanggan Setia Indosat Ooreddo, permintaan layanan Penggantian Kartu Pascabayar Anda 62816xxxxx telah diproses, Selamat menggunakan layanan dari Indosat Ooredoo. Terima kasih.".

Android adb: analyzing Android

Adb for analyzing Android 

Personal note

in linux

adb logcat -d -b events | grep boot

in windows 

adb logcat -d -b events | findstr /L "boot" or
adb logcat -d -b events | findstr /R "boot"

in linux

adb logcat -d | grep preload

in windows 

adb logcat -d -b events | findstr /L "preload" or
adb logcat -d -b events | findstr /R "preload"

To get android property
adb shell getprop

List AMD Processor does not need AMD Catalyst in Windows 10 x64 and x32

List AMD Processor does not need AMD Catalyst in Windows 10 x64 and x32:

• AMD A8-7410
• AMD A8-4500M
• AMD A6-6310
• AMD A4-4020

From original  (as a copy in case the reference deleted):

This document provides information about Windows® 10 driver support for APUs with AMD Radeon™ Graphics.

For the purpose of this document the term “APU Graphics” refers to the On-die graphics adapter on an AMD APU that is the designated primary graphics controller on a system.

This document does not apply to Discrete AMD Radeon™ Graphics products. For more information about Windows 10 driver support for Discrete AMD Radeon™ Graphics products, please visit: Windows® 10 Driver Support for Discrete AMD Radeon™ Graphics Products

The following AMD APU products with AMD Radeon™ Graphics support up to WDDM 2.0 and DirectX® 12 on Windows® 10:

• AMD A6/A8/A10/FX-8000 Series APUs
• AMD A4 Pro/A6 Pro/A8 Pro/A10 Pro/A12 Pro-8000 Series APUs
• AMD E1/E2/A4/A6/A8/A10/FX-7000 Series APUs (except A4-7300 APUs)
• AMD A4 Pro/A6 Pro/A8 Pro/A10 Pro-7000 Series APUs
• AMD E1/E2/A4/A6-6#10 Series APUs
• AMD E1/A4/A10 Micro-6000 Series APUs
• AMD A4-5000, A4-5100 and A6-5200 APUs
• AMD Athlon 5000 series APUs
• AMD Sempron 2650 and 3850 APUs
  
• AMD E1-2000 Series and E2-3000 Series APUs
• AMD A4/A6-1000 Series APUs

The following AMD APU products with AMD Radeon™ Graphics support up to WDDM 1.3 and DirectX® 11 on Windows® 10

• AMD A4-7300 APUs
• AMD A4/A6/A8/A10-6000 Series APUs
• AMD A4/A6/A8/A10-5000 Series APUs (except A4-5000, A4-5100, and A6-5200)
• AMD A4/A6/A8/A10-4000 Series APUs

NOTE: If your graphics product is included on the list of supported products above, please install the latest AMD Catalyst™ Driver for Windows® 10 to fully enable its feature set. AMD Catalyst™ Driver can be downloaded from: http://www.amd.com/drivers

The following AMD APU products with AMD Radeon™ Graphics support up to WDDM 1.2 and DirectX® 11 on Windows 10:

• AMD A4/A6/A8-3000 Series APUs
• AMD E2-2000 APU
• AMD E1/E2-1000 Series APUs
• AMD E-200/300/400 Series APUs
• AMD C-Series APUs
• AMD Z-Series APUs

NOTE: These APU products must be installed only using the display driver version available via Windows Update. If you have upgraded to Windows® 10, please DO NOT install the AMD Catalyst™ Driver. Instead, enable Windows Update and allow it to detect and install the appropriate driver.

If you have already upgraded to Windows® 10 and installed the AMD Catalyst™ Driver, please follow the steps listed below to resolve this issu

1. Uninstall the AMD Catalyst™ Driver using the Program and Features option in the Control Pane
2. Reboot the system
3. Use Windows Update to install the appropriate graphics driver for the APU.

References:

https://community.amd.com/docs/DOC-1312

How to install Raspbian Stretch to SD Card for Raspberry-pi using Windows (bonus how to unlock SD Card using Windows)

You need to download Raspbian Stretch from https://www.raspberrypi.org/downloads/
File 2017-11-29-raspbian-stretch.zip size: 1.64 GB (1,764,972,666 bytes)

Extract it.
File 2017-11-29-raspbian-stretch.img size: 4.58 GB (4,919,918,592 bytes)

Download and install Win32 Disk Imager from https://sourceforge.net/projects/win32diskimager/. 

Step to write your Raspbian Stretch image into SD Card:

1. Put your SD Card into slot and run Win 32 Disk Imager.
2. Select image files and point device to your SD Card.
3. Click Write and wait until it finish. It will take some times, the image size is big :).

It takes 5-10 minues on my PC.

In case your SD Card state Write Protect or something like that, and you are sure that your SD Card switch is Unlock please follow these to unlock your SD Card (bonus): 

Caution: Use with your own risk! These instructions below may destroy your existing system/data on your hard drive if not careful.

A. Remove SD Card protection policy by running regedit

1. Open Computer -> HKEY_LOCAL_MACHINE -> System -> Current Control Set -> Control
2. Create (if not exist) or edit Storage Device Policies to DWORD (32 bit) Value to 0
3. Restart your windows 

B. Unlock and remove any partition on SD Card

1. Run diskpart
   Microsoft DiskPart version 10.0.16299.15
   Copyright (C) Microsoft Corporation.
   On computer: DEDET2013
2. List your disk (CAUTION: Please read/select your disk carefully otherwise you may remove partition on your hard drive)
   DISKPART> list disk
     Disk ###  Status         Size     Free     Dyn  Gpt
     --------  -------------  -------  -------  ---  ---
     Disk 0    Online          465 GB   451 MB        *
     Disk 1    Online         7580 MB  3072 KB
3. Choose/select your sd card
   DISKPART> select disk 1
   Disk 1 is now the selected disk.
   DISKPART> list disk
     Disk ###  Status         Size     Free     Dyn  Gpt
     --------  -------------  -------  -------  ---  ---
     Disk 0    Online          465 GB   451 MB        *
   * Disk 1    Online         7580 MB  3072 KB
4. It will mark * for selected disk, now you can unlock and remove any partition on selected disk.
   DISKPART> clean
   DiskPart succeeded in cleaning the disk.
5. Exit diskpart by type exit command
   DISKPART> exit

Running Raspberry Stretch for first time:

1. Default user is pi with password raspberry, to change default password for pi user:
   $ passwd 
2. Set password for root:
   $ sudo passwd root

References: 

• https://www.raspberrypi.org/documentation/installation/installing-images/ 
• https://www.raspberrypi.org/documentation/installation/installing-images/windows.md 
• https://www.easeus.com/storage-media-recovery/remove-write-protection-in-windows-10-8-7.html 

Detecting DNS flood using dns-flood-detector

You need to install dns-flood-detector
# apt-get install dns-flood-detector

dns-flood-detector will give you warning in dmesg something like:
[1309426.142779] TCP: request_sock_TCP: Possible SYN flooding on port 53. Sending cookies.  Check SNMP counters.

To show where it is come from
# /etc/init<dot>d/dns-flood-detector status
* dns-flood-detector<dot>service - LSB: start and stop the dns-flood-detector daemon
   Loaded: loaded (/etc/init<dot>d/dns-flood-detector; generated; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-05 14:25:46 WIB; 2 weeks 1 days ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 2 (limit: 4915)
   CGroup: /system<dot>slice/dns-flood-detector<dot>service
           `-475 /usr/bin/dns-flood-detector -d -v -v -t5 -w3
Jan 20 18:09:20 mars dns_flood_detector[475]: source [66<dot>220<dot>156<dot>144] - 3 tc…AA]
Jan 20 18:09:23 mars dns_flood_detector[475]: source [173<dot>252<dot>90<dot>118] - 3 tc…AA]
Warning: Journal has been rotated since unit was started<dot> Log output is incomplete or unavailable<dot>
Hint: Some lines were ellipsized, use -l to show in full<dot>

or
# service dns-flood-detector status
* dns-flood-detector<dot>service - LSB: start and stop the dns-flood-dete
ctor daemon
   Loaded: loaded (/etc/init<dot>d/dns-flood-detector; generated; vendor preset: ena
bled)
   Active: active (running) since Fri 2018-01-05 14:25:46 WIB; 2 week
s 1 days ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 2 (limit: 4915)
   CGroup: /system<dot>slice/dns-flood-detector<dot>service
           `-475 /usr/bin/dns-flood-detector -d -v -v -t5 -w3
Jan 20 18:09:20 mars dns_flood_detector[475]: source [66<dot>220<dot>156<dot>144] -
3 tcp qps : 3 udp qps [1 qps A] [5 qps AAAA]
Jan 20 18:09:23 mars dns_flood_detector[475]: source [173<dot>252<dot>90<dot>118] -
3 tcp qps : 3 udp qps [1 qps A] [5 qps AAAA]
Warning: Journal has been rotated since unit was started<dot> Log output is incomple
te or unavailable<dot>

Lets we find out who they are
# whois 66<dot>220<dot>156<dot>144
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=66<dot>220<dot>156<dot>144?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange:       66<dot>220<dot>144<dot>0 - 66<dot>220<dot>159<dot>255
CIDR:           66<dot>220<dot>144<dot>0/20
NetName:        TFBNET3
NetHandle:      NET-66-220-144-0-1
Parent:         NET66 (NET-66-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS32934
Organization:   Facebook, Inc<dot> (THEFA-3)
RegDate:        2009-02-13
Updated:        2012-02-24
Ref:            https://whois<dot>arin<dot>net/rest/net/NET-66-220-144-0-1
...

and
# whois 173<dot>252<dot>90<dot>118
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=173<dot>252<dot>90<dot>118?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange:       173<dot>252<dot>64<dot>0 - 173<dot>252<dot>127<dot>255
CIDR:           173<dot>252<dot>64<dot>0/18
NetName:        FACEBOOK-INC
NetHandle:      NET-173-252-64-0-1
Parent:         NET173 (NET-173-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS32934
Organization:   Facebook, Inc<dot> (THEFA-3)
RegDate:        2011-02-28
Updated:        2012-02-24
Ref:            https://whois<dot>arin<dot>net/rest/net/NET-173-252-64-0-1

Ops they are Facebook.inc :D

Lets we block it
# ipset add mynetrules 66<dot>220<dot>156<dot>144
# ipset add mynetrules 173<dot>252<dot>90<dot>118
# iptables -L | grep mynetrules
DROP       all  --  anywhere             anywhere             match-set mynetrules src

These are how to block class C
Jan 21 10:11:31 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>119] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>125] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>126] - 3 t…AA]
Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>123] - 3 t…AA]

Jan 21 10:11:34 mars dns_flood_detector[475]: source [173<dot>252<dot>124<dot>124] - 3 t…AA]

Just check one of them
# whois 173<dot>252<dot>124<dot>124
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www<dot>arin<dot>net/whois_tou<dot>html
#
# If you see inaccuracies in the results, please report at
# https://www<dot>arin<dot>net/public/whoisinaccuracy/index<dot>xhtml
#
#
# The following results may also be obtained via:
# https://whois<dot>arin<dot>net/rest/nets;q=173<dot>252<dot>124<dot>124?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#
NetRange:       173<dot>252<dot>64<dot>0 - 173<dot>252<dot>127<dot>255
CIDR:           173<dot>252<dot>64<dot>0/18
NetName:        FACEBOOK-INC
NetHandle:      NET-173-252-64-0-1
Parent:         NET173 (NET-173-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       AS32934
Organization:   Facebook, Inc<dot> (THEFA-3)
RegDate:        2011-02-28
Updated:        2012-02-24
Ref:            https://whois<dot>arin<dot>net/rest/net/NET-173-252-64-0-1

Lets we block it
# ipset add mynetrules 173<dot>252<dot>124<dot>0/24

Using incron to monitor/watch a directory/folder

Requirement:

• kernel 2.6.13 or later

Note:

• "Note: It is important to know that incron is not recursive, so you need to manually add all sub-directories you want it to watch"
• "There are two categories of tables: system tables (with root privileges) and user tables (with user privileges)."
• "Each user has their own table, and commands in any given incrontab will be executed as the user who owns the incrontab. System users (such as apache, postfix, nobody etc.) may have their own incrontab."
• "Please remember that the same path may occur only once per table (otherwise only the first occurrence takes effect and an error message is emitted to the system log)."

Installation
# apt-get install incron

General use
<path> <mask> <command>

<mask>
IN_ACCESS File was accessed (read) (*)
IN_ATTRIB Metadata changed (permissions, timestamps, extended attributes, etc.) (*)
IN_CLOSE_WRITE File opened for writing was closed (*)
IN_CLOSE_NOWRITE File not opened for writing was closed (*)
IN_CREATE File/directory created in watched directory (*)
IN_DELETE File/directory deleted from watched directory (*)
IN_DELETE_SELF Watched file/directory was itself deleted
IN_MODIFY File was modified (*)
IN_MOVE_SELF Watched file/directory was itself moved
IN_MOVED_FROM File moved out of watched directory (*)
IN_MOVED_TO File moved into watched directory (*)
IN_OPEN File was opened (*)
Special Events
IN_ALL_EVENTS Combines all of the above events
IN_DONT_FOLLOW Don't dereference pathname if it is a symbolic link
IN_ONESHOT Monitor pathname for only one event
IN_ONLYDIR Only watch pathname if it is a directory
Wildcard Event
IN_NO_LOOP Disable monitoring of events until the current event is handled completely (until its child process exits – avoids infinite loops)

Wildcards
$$ dollar sign
$@ watched filesystem path (see above)
$# event-related file name
$% event flags (textually)
$& event flags (numerically)

Add/edit user
# vi /etc/incron.allow
myuser

Status incron
# service incron status
* incron.service - file system events scheduler
   Loaded: loaded (/lib/systemd/system/incron.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2018-01-12 07:44:06 WIB; 33min ago
  Process: 7935 ExecStart=/usr/sbin/incrond (code=exited, status=0/SUCCESS)
 Main PID: 7936 (incrond)
    Tasks: 1 (limit: 4915)
   CGroup: /system.slice/incron.service
           `-7936 /usr/sbin/incrond

Test using user myuser

Create folder testincron under directory /home/myuser
$ mkdir testincron
$ ls /home/myuser/testincron

Create script to log change in testincron directory
$ vi testincron.sh
#!/bin/bash
echo "wildcard test: $1 $2 $3 $4 $5" >> /home/myuser/myincron.log

Make script to run
$ chmod u+x testincron.sh

Ereate/edit incrontab
$ incrontab -e
/home/myuser/testincron IN_ALL_EVENTS /home/myuser/testincron.sh $$ $@ $# $% $&

Create and delete example.txt in directory /home/myuser/testincron and see the log file
$ touch /home/myuser/testincron/example.txt
$ rm /home/myuser/testincron/example.txt
$ cat /home/myuser/myincron.log
   wildcard test: $ /home/myuser/testincron example.txt IN_CREATE 256
   wildcard test: $ /home/myuser/testincron example.txt IN_OPEN 32
   wildcard test: $ /home/myuser/testincron example.txt IN_ATTRIB 4
   wildcard test: $ /home/myuser/testincron example.txt IN_CLOSE_WRITE 8
   wildcard test: $ /home/myuser/testincron  IN_OPEN,IN_ISDIR 1073741856
   wildcard test: $ /home/myuser/testincron  IN_ACCESS,IN_ISDIR 1073741825
   wildcard test: $ /home/myuser/testincron  IN_CLOSE_NOWRITE,IN_ISDIR 1073741840
   wildcard test: $ /home/myuser/testincron example.txt IN_DELETE 512

To display date in yyyymmdd hh:mm:ss edit testincron.sh:
$ vi testincron.sh
#!/bin/bash
echo "$(date +%Y%m%d' '%H:%M:%S): $1 $2 $3 $4 $5" >> /home/myuser/myincron.log

References:

• http://www.linux-magazine.com/Issues/2014/158/Monitoring-with-incron
• https://linux.die.net/man/5/incrontab
• https://www.linux.com/learn/how-use-incron-monitor-important-files-and-folders
• https://www.garron.me/en/linux/use-incron-rsync-dropbox-backup.html

Debian Stretch: Install Genymotion

Requirement: VirtualBox 5.0.28

To install Genymotion:

1. Download genymotion from https://www.genymotion.com/ (you need account to access download page).
   $ ./Downloads/genymotion-2.11.0-linux_x64.bin
   Installing for current user only. To install for all users, restart this installer as root.
   
   Installing to folder [/home/username/genymotion]. Are you sure [y/n] ? y
   
   
   - Trying to find VirtualBox toolset .................... OK (Valid version of VirtualBox found: 4.3.36_Debianr105129)
   - Extracting files .....................................
   OK (Extract into: [/home/username/genymotion])
   - Installing launcher icon ............................. OK
   
   Installation done successfully.
   
   You can now use these tools from [/home/username/genymotion]:
    - genymotion
    - genymotion-shell
    - gmtool
   
2. To run genymotion
   $ ./genymotion/genymotion
   Logging activities to file: /home/dedetok/.Genymobile/genymotion.log

Note: You don't need root access to run genymotion.

References:

• https://www.genymotion.com/

Debian Stretch: install virtual box from virtualbox.org repository

These are steps to install virtualbox from virtualbox.org repository:

1. Add virtualbox.org repository into system:
   # echo 'deb http://download.virtualbox.org/virtualbox/debian stretch contrib' > /etc/apt/sources.list.d/virtualbox.list
2. Download and install virtualbox.org key
   # wget https://www.virtualbox.org/download/oracle_vbox_2016.asc
   # apt-key add oracle_vbox_2016.asc
3. Update your system
   # apt-get update
4. Install latest virtualbox (currently version 5.2)
   # apt-get install virtualbox-5.2

References:

• https://wiki.debian.org/VirtualBox

Windows 10: entering windows repair mode

On my pc, windows 10 update often cause my PC to unstable (application error and system not responded after update).

This note, as my personal guide to enter windows repair mode.

To enter windows repair mode, do these steps:

1. At window 10 login screen, hold shift button and click Power -> Restart.
2. Next screen choose Troubleshoot and Advanced Options.
3. There are some option to choose depend on what we want to repair:
1. Command prompt (my favorite)
2. Startup Setting
3. Startup repair 
4. others
4. Then restart your windows, it will start your windows in repair mode.

For common troubleshooting do these sequence:

1. sfc /scannow
2. chkdsk c: /f

You may need to have handy windows update troubleshooter from micro soft site https://support.microsoft.com/en-ca/help/4027322/windows-update-troubleshooter