Best way to protect against Ransomware – Backups and Snapshots

You’ve been hearing about Ransomware attacks (they are  attacks that target your files and encrypt them and make you pay money to hidden organizations to get your files back – at first they targeted regular consumers like you and me and now they are targeting more and more businesses.)

How can you protect yourself against Ransomware Attacks? UPDATE:

SIDENOTE: protect is the wrong word, as you might still get attacked. However using the techniques below you will be able to recover from a hack without paying the ransom & without much effort. The line should instead say:

How to recover from a ransom ware attack?

  • Backups
    • Have a local backup
    • Offsite back
    • Not enough can be said about having backups. They are not just good for Ransomware attacks. They are good for all sorts of data and intellectual property protection.
  • Snapshots
    • Filesystems like ZFS and BTRFS support Readonly snapshots. They take backups of your files point-in-time and nothing can touch them. Ransomware cannot penetrate the filesystems readonly barrier. Ransomware attacks operate on common protocols like Cifs/Samba. If your ZFS and BTRFS snapshots are not exposed or are readonly the attack vectors cant change your files.
    • Store your important data on file servers or systems that support snapshots. Setup Hourly or Daily snapshots. Snapshots are great because if there are not alot of changes they dont take up much space

So now if you get attacked all you have to do is just look for your original un-encrypted file in your snapshots or in your backups.

UPDATE: Its been brought to my attention that using above techniques do not protect you from the actual hack happening. That is true. The above solutions are only a cure to if you got already hacked. Either way its good to have backups and good to have snapshots. The above are not like a vaccine that will prevent the issue indefinitely. However I would like to mention, in a perfect world we would have both the cure and vaccine. Ransomware is constantly evolving, so your network security and computer security would have to stay ahead of that all of the time. Most of the common Ransomware hacks are fought by common security tools and common network security appliances, so keep those up to date, and make sure to have those in place & your chance of being compromised decrease.


Guide to Fixing Audio Out of Sync in VLC

Watching a video and your audio and video are out of sync. Try reloading video. If that doesn’t work try the audio delay option (which will delay the audio by 50 millisecond increments = 50ms increments). By default the audio delay option is set to 0 (or off)

You can have negative audio delay, or positive audio delay.

Pressing j will give you more negative audio delay. So you can go from 0 to -50ms to -100ms to -150ms etc. This brings the audio back.

Pressing k will give you positive audio delay. So you can go from 0 to +50ms to +100m etc. This moves the audio forward.

Imagine that the video and audio are on two different stills. You cant control the video still with this option, you only control the audio still. The video still is controller by when you play the video (rewind, fastforward, play and pause)

How to tell if you need to go negative or positive:

Look at the video and listen. Watch the way people say things or wait for an audible action (like a light switch being turned on, or somebody dropping something).

First we find out if the audio is behind or ahead of the video. Then before changing try to count off in your head the delay time. Remember that you change the delay in 50ms increments. 1000ms is 1 second. 1second delay is very noticeable. Even 100ms is noticeable. Im working with a video right not is 600ms off sync (the video comes first, so I have to put in -600ms audio delay to line it up)

If you notice that the video happens first then a few split moments later the audio follows. Then you can fix it by brining the audio back (back = negative), so press the j button.

If you notice that the audio happens first then the video follows, you can fix that by brining the audio forward (forward = positive), so press the k key.

Tip: when trying to find the delay and adjust it its good to know a few good hot keys (not just the j and k). First find a good point in the video (i.e. light switch is turned on, and there is clear audio and video; the click and light change should be on top of each other; or people speaking and you hear their voices and their mouths moving). You can pause on that moment with Spacebar. You can rewind a few seconds with Shift + Left Arrow. You can rewind even more by holding Shift and pressing the Left Arrow a few times. You can fast forward in a similar manner with ShiftRight Arrow.

Sidenote: the human ears are pretty good at fixing most delay and out of syncs, so we just need to get in the ball part within 100ms. So if the audio is actually 633ms behind the video. You can get away with -600ms and -650ms and -700ms. -650 will obviously be better.

Sidenote: this guide says to use the f and g keys. f is for negative, g is for positive. Might be the old keys: https://wiki.videolan.org/Adjust_Audio_Delay/


Best Most Featured Wallet – Ive searched the universe for this wallet


3 window ids that fit many or 1 items snugly.

2 or 4 hidden pockets.

+8 credit card holders (i just use 2 and fit them all there).

zipper pocket in cash pocket. 2 cash pockets. so its like 3 cash pockets.


only con: lasted a few months so bought it again… thats why it only cost 14$ (or 9$ when I first bought it)


Samba Disabling Trusted Domains (all or specific ones)

You can either disable all trusted domains or certain/specific trusted domains.

Winbind will only allow users to use SMB if they can authenticate into the samba server with a user that is in one of trusted domain; you can have winbind ignore certain domains so you can shrink that allowable user list. That means that only users of the domain that you joined the samba server to can use smb (and also the users that belong to any unignored trusted domains). This is useful in big firms that have tens of thousands (or more) users spanning multiple trusted domains – ideally only some of those domains will ever be using the samba server. So its wise to disable the domains that are not going to be using the samba server.

Login to a samba server. And edit the /etc/smb.conf under the [global] section.
To disable all trusted domains: Only users of the domain you joined can use samba

allow trusted domains = no
To disable specific trusted domains: All of the users in the entire domain minus the users from domains you ignore will be able to use samba
winbind:ignore domains = DOMAIN1 DOMAIN2

where DOMAIN1 and DOMAIN2 are trusted domains that you want to remove (untrust/disable). you can disable 1 domain like this

winbind:ignore domains = DOMAIN1

Or you can untrust 4 domains like this

winbind:ignore domains = DOMAIN1 DOMAIN2 DOMAIN3 DOMAIN4

You just have to separate them with a space. You can have many domains (im not sure if there is a limit, in this article someone blocked 13 domains https://lists.samba.org/archive/samba/2009-July/149577.html and everything worked)

You can check which trusted domains exist and which are online (not ignored) and which are offline (ignored, i guess they might be offline for other reasons as well)

Note that NIM10 is the domain I joined to and its online. This is a bad example as I dont have trusted domain, and I dont have any disabled. But essentially you would see it here (although the output of wbinfo –online-status might be buggy I hear, so its probably best to test using regular authentication via samba)

Dont forget to restart winbind and samba afterwards.


Don’t Use “for” loops for File Iteration – Use “while read” Loops

Imagine a list of files (either in a text file, or a command that outputs a list of files). First make sure these files are newline seperated. Why newline? because filenames dont support the newline char. They also dont support null chars, but we wont cover that here (most provided file lists come as a list of file path, one on each line)

So imagine a list of files:

Most people would do this:

By default for loops iterate on spaces, tabs and newlines. So its important to set the IFS variable. IFS is a system variable thats always there (read up more here: http://www.infotinks.com/ifs-cheatsheet-setting-to-default-to-newline-for-files-folders-with-spaces/). If you forgot the IFS=$’\n’, then above would of processed that last file as two different files /cloudfs/cc1/path1/asdfa and another called sdf.txt. But since we didnt that helps. I used a subshell because IFS variable should be set back if changed. Subshells dont touch your own environment variables (only its own; and its childrens), so you dont have to worry about anything.

Another option is to do this

That way IFS variable gets set back. However thats an extra line. I like the subshell method better, it forgives you from having to set variables (like system variable IFS) back to their default. Also subshells run everything like a script, at once, not line by line showing you the PS1 prompt everytime (very annoying; subshells avoid this annoyance). Also a subshell will allow that i variable to not carry over into your main/parent shell.

So whats the best way???? not with a for loop. And you dont even need a subshell & you dont need to set any system variables. While read loops are the way to go.

Why are while loops best for reading lists of files? because while read loops work 1 line at a time

Or without a subshell (I personally prefer to run everything in a subshell, so I would use above method. I only avoid subshells in actual shell scripts – since I like alot of copy paste command; write in notepad, copy, paste into putty/shell, therefore subshells are my best buddy)

Here is an example of a “tee” replacement (incase you are in freebsd and you dont have tee – or some other OS)

To change to append mode tee just change > output.txt to >> output.txt .

The end.


Move Tv Shows in SickRage from one directory / folder to another

Example: you have 2 tv show folders and you want to merge them.
Ex: you have 10 tv shows here /VD/TvShows and 3 tv shows here /VD/TvShows1. you would like to move them all to /VD/TvShows (assuming no conflicts), so that in the end /VD/TvShows has 13 tv shows.

Format of the sqlite search and replace command:

Sidenote: another method you might be thinking of is to get the SQL ascii text from the sickrage.db file and use sed (search and replace) to replace all occurrences of /VD/TvShows1 with /VD/TvShows & then use that new SQL ascii to make a new sickrage.db, THIS WILL NOT WORK  sqlite sickrage.db .dump > tmp.sql; sed -i tmp.sql 's|/VD/TvShows1|/VD/TvShows1/g'; sqlite sickrage1.db < tmp.sql; cp sickrage.db sickrage.db-backup; cp sickrage1.db sickrage.db; this method will NOT WORK and sickrage will not launch afterwards (even though the database is totally fine – well it seems totally fine, but other aspects/properties of it are lost & when you launch sickrage it will complain things are missing like encryption or something. whatever. just use the steps below). HOWEVER METHOD BELOW WORKED.


step 1. close out of sickrage

step 2. make a backup of your sickrage setup and your videos

step 3. move the TvShows


step 4. optional make backup of sickrage db. make another quick backup just in case (its redundant with step2, but depending on how you did step2, this might be faster to reach if you mess up)

cp sickrage.db sickrage-backup.db

step 5. load up sickrage

step 6: update tv_shows

details: located all of the locations columns in tv_shows tables that have /VD/TvShows1 somewhere in the value (update tv_shows … location like ‘%/VD/TvShows1%’; The % allow the value /VD/TvShows1 to be somewhere in the value. We could remove the first % because the strings starts with /VD/TvShows1, but we dont as its optional & this way example can apply to more people) and set the value of the location column to whatever the value of location is if you were to replace any occurance of /VD/TvShows1 anywhere in the string with /VD/TvShows.

step 7: update tv_episodes

Note: the other tables dont have “location” or any paths.

Note: also other .db files like cache.db and failed.db and cache/rss/*db dont have anything related to the location of tv_shows and episodes (at least they didnt on the latest version on 2016-04-28)

step 8: you may also need to change your config.ini or from General Config -> Show Root Directories


Creating any string or variable in Bash – single quotes, double quotes, no quotes

Recommend to read this first: http://wiki.bash-hackers.org/syntax/quoting

With bash you will see 3 types of quoting & in general typing anything in bash you will be in one of these scenarios (your either in quotes: single OR double, or your not in quotes – thats 3 scenerios)

situation 1. without quotes – not being inside quotes is the common bash world – such as typing date +%z – this behaves like weak quotes (variables expansion and escapes work), however spaces usually seperate different arguments
situation 2. weak quotes / double quotes: “” – variables expand & substitutions work, spaces do not seperate different arguments, whole double quote content is seen as one argument
situation 3. strong quotes / single quotes: ” – variables do not expand, escaping doesnt work, and substitutions dont work

With these 3 situations you can make any type of variable you want. With varying double and single quotes in your content if you want.

* variable expansion (get content of variable): ${i} , $i * escaping (avoid normal behavior of command): \' , \" , \$ * substitutions (run command inside and show its output): date $(date)

sidenote: to type a single quotes.

sidenote: to type a double quotes:

sidenote: they differ on '\''  vs "\""  thats because situation 3 ignores escapes and situation 2 doesnt ignore escapes.

ideally: each none-escaped single quote needs a partner. each none-escaped double quote also needs a none-escaped double quotes

sidenote: you can make null chars like this ""  or like this ''

if you see this (its not wrong, its just extra chars):

Study the behavior of these

NOTE: ssh someserver ‘$COMMAND’ would fail because $COMMAND is not defined on the remote side. its neither a variable and its not a filename/command to run. it literally tries to run $COMMAND.

NOTE: sometimes these combinations of quotes and double quotes can get so confusing that I even think bash gets it wrong (maybe it doesnt and im just not smart enough)


FreeBSD schedule function – mimics linux’s “at”

schedule is created to mimic linux’s “at” function which allows you to schedule a command/script/set of commands to run later.

schedule is a bash function (that you need to copy paste into your shell, or run from bash_profile/bashrc file)
since its function it will only last thru your shell and its subshells it will not interrupt other shells

I wrote a bash function called schedule, very basic style. Its like linuxes “at” command, which allows you to schedule a command for later. My version of FreeBSD is missing it (im using FreeBSD 8), im sure I Could install it somehow, but I just wrote a bash function to compensate.

BEFORE USING: edit these 2 items in the bash function.

  1. edit CRONTABFILE="/var/cron/tabs/root" to match the cron file that is accessed when you run crontab -e/crontab -l.
  2. edit /etc/rc.d/cron restart in the if statement towards the bottom (cron needs to be restarted so that it takes on your changes). Note that when you edit a crontab with crontab -e, it automatically reloads the crontab. I didnt find another way to reload the crontab other than restarting cron – shouldn’t be a big deal to restart cron.

The bash function (Tested with FreeBSD 8 and bash 4.x)

Copy paste that into your bash session and you will have that “schedule” function.

Just type “schedule” in bash to see how to use it:

To schedule something like “(date; df -h) >> /tmp/dfsize.txt” to run at the next 19:20pm (localtime to your box)

That will create a script in /tmp/crontab-EPOCHTIME-somerandomnumber.sh (that has +x executable bit so it can run). That script runs your  (date; df -h) >> /tmp/dfsize.txt and then it removes the job from cron.

After that script is created. It creates the following crontab line to your crontab

So then at 19:20 (7:20pm) this script runs /tmp/crontab-EPOCHTIME-somerandomnumber.sh which runs your command and then deletes that crontab line (thus ensuring it doesnt get deleted).

NOTE: it deletes it by grepping out /tmp/crontab-EPOCHTIME-somerandomnumber.sh (which should be unique thanks to EPOCHTIME and RANDOM)

The End.