AnyOption Review - Login, Bonus and Platform - Binary Options

Restaurant I’m at has Non-binary as one of the gender options for wifi login

Restaurant I’m at has Non-binary as one of the gender options for wifi login submitted by Keejyi to lgbt [link] [comments]

RESULTS of the State of the Game Survey: September 2020

Hi all,

It’s time for the results!

Thank you to everyone who took the time to respond - we had over 1,750 responses, which is great! These insights wouldn’t be possible without your time and support.

As always, neither myself nor this survey are associated with Intelligent Systems or Nintendo in any way. Please direct feedback about the game itself to the official channels.

Now let’s get into it!
 
Previous Survey Results:
April_2020_State_of_the_Game_Survey

~ Demographics ~

53.8% began playing FE:H in February 2017, with 20.0% more joining during the first year of the game. 12.0% of respondents joined during the second year, 8.7% joined during the third, and 4.0% joined during the fourth year (the last ~7 months).

The age range breakdown of respondents is as follows:

75.8% of respondents identified as Male, 18.4% as Female, and 3.0% as Non-binary.

24.6% of respondents have never missed a daily login, while a further 38.8% have missed less than a month’s worth of logins, 11.7% missed 1-2 months, 9.9% missed 3-6 months, 5.8% missed 7-12 months, and 4.7% missed over a year’s worth.

33.5% report being F2P, while 28.7% have spent less than $100, 18.3% spent between $100 - $499, 7.3% spent between $500 - $999, and 8.7% have spent over $1000.

46.6% last spent money on FE:H during the fourth year of the game (the last 3 months), while 6.6% last spent money during the third year of the game, 5.8% last spent during the second year of the game, and 5.1% last spent money during the first year of the game.

~ Summoning ~

“Which of the following banners have you used orbs on at least once?”
  • (86.8%) A New Future (CYL 4)
  • (60.2%) Overseas Memories (3H Summer)
  • (59.8%) Dark Burdens (Fallen Heroes)
  • (57.9%) Legendary Heroes: Edelgard
  • (55.2%) Legendary Heroes: Corrin
  • (53.1%) Book IV Mid: Mirabilis and More
  • (52.9%) Hero Fest
  • (52.2%) Pirate’s Pride
  • (44.5%) Mythic Heroes: Hel
  • (44.2%) Mythic Heroes: Mila
  • (43.7%) Bridal Beloveds
  • (39.6%) Summer Passing (Sacred Stones Summer (mostly))
  • (37.5%) Legendary Heroes: Seliph
  • (31.1%) Light and Shadow (New Mystery)

“Which of the following banners did you use the most orbs on?”
  • (44.8%) A New Future (CYL 4)
  • (8.6%) Overseas Memories (3H Summer)
  • (5.9%) Legendary Heroes: Corrin
  • (5.8%) Dark Burdens (Fallen Heroes)
  • (5.5%) Pirate’s Pride
  • (4.9%) Legendary Heroes: Edelgard
  • (4.5%) Hero Fest
  • (3.5%) Mythic Heroes: Hel
  • (3.0%) Bridal Beloveds
  • (2.8%) Book IV Mid: Mirabilis and More
  • (2.5%) Summer Passing (Sacred Stones Summer (mostly))
  • (2.5%) Legendary Heroes: Seliph
  • (2.3%) Mythic Heroes: Mila
  • (1.7%) Light and Shadow (New Mystery)

“What was your favorite banner?”
  • (37.4%) A New Future (CYL 4)
  • (10.9%) Dark Burdens (Fallen Heroes)
  • (8.9%) Pirate’s Pride
  • (8.5%) Overseas Memories (3H Summer)
  • (5.7%) Hero Fest
  • (5.4%) Legendary Heroes: Corrin
  • (3.3%) Legendary Heroes: Edelgard
  • (2.9%) Legendary Heroes: Seliph
  • (2.6%) Book IV Mid: Mirabilis and More
  • (2.6%) Bridal Beloveds
  • (2.5%) Summer Passing (Sacred Stones Summer (mostly))
  • (2.3%) Light and Shadow (New Mystery)
  • (1.5%) Mythic Heroes: Hel
  • (1.4%) Mythic Heroes: Mila

“Did you spend money specifically to summon on any of the banners below?”
  • (17.6%) A New Future (CYL 4)
  • (10.3%) Overseas Memories (3H Summer)
  • (8.9%) Legendary Heroes: Corrin
  • (6.8%) Dark Burdens (Fallen Heroes)
  • (6.6%) Pirate’s Pride
  • (6.5%) Legendary Heroes: Edelgard
  • (5.8%) Hero Fest
  • (5.1%) Bridal Beloveds
  • (4.9%) Mythic Heroes: Hel
  • (4.8%) Book IV Mid: Mirabilis and More
  • (4.8%) Mythic Heroes: Mila
  • (4.8%) Summer Passing (Sacred Stones Summer (mostly))
  • (3.4%) Light and Shadow (New Mystery)
  • (3.3%) Legendary Heroes: Seliph

~ Summoning Mechanics ~

33.7% spent orbs on the Hero Fest banner AFTER Intelligent Systems announced how they would be compensating players for the Hero Fest banner glitch, compared to 61.7% who did not.

30.5% say that knowing about the compensation for the Hero Fest banner glitch caused them to spend more orbs on the banner than they would have otherwise, compared to 41.5% who say it did not. 28.0% did not spend orbs on the Hero Fest banner.

34.3% feel positively or very positively about the quality of 4* focuses on regular banners, compared to 26.9% who feel negatively or very negatively.

69.7% feel positively or very positively about the quality of 4* focuses on seasonal banners, compared to 7.8% who feel negatively or very negatively.

53.8% report that the system guaranteeing a free 5* after 40 summons generally makes them summon more, while 5.4% report that it generally makes them summon less and 36.1% report no change in their summoning habits on New Heroes banners.

“If all New Heroes Banners used the permanent 40-summons-for-a-guaranteed-5* system that CYL4 used, how would your orb-spending habits on New Heroes banners change?”
  • (1.8%) I would spend fewer orbs than I did before
  • (22.3%) I would spend the same amount of orbs I usually do
  • (10.3%) I would spend more orbs than I did before
  • (62.2%) My spending would depend more on the Heroes offered

~ Choose Your Legends IV ~

“Which CYL4 Brave Heroes have you summoned, whether from the guaranteed choice banner or the regular banner?”
  • (78.0%) Dimitri
  • (73.4%) Claude
  • (65.7%) Edelgard
  • (56.6%) Lysithea

Of the summoning milestones on the CYL4 banner:
  • (20.2%) did not reach any of these summoning milestones
  • (79.7%) reached 40 summons
  • (41.0%) reached 80 summons
  • (19.8%) reached 120 summons
  • (11.1%) reached 160 summons

45.7% say that the free 5* hero at 40, 80, 120 and 160 summons caused them to spend more on CYL4 than they would have otherwise, while 50.3% say it did not.

22.8% say that the potential use of a new Brave Hero in future F2P Guides for content such as Hero Battles influenced their Brave Heroes summons, compared to 74.0% who say it did not.

“If you could only get ONE of the new Brave Heroes, which one would you choose?”
  • (36.8%) Dimitri
  • (28.9%) Edelgard
  • (22.9%) Claude
  • (7.8%) Lysithea

“Which Brave Hero do you believe is the overall strongest?”
  • (60.7%) Edelgard
  • (21.9%) Dimitri
  • (7.9%) Claude
  • (1.2%) Lysithea

“Which Brave Hero do you believe is the overall weakest?”
  • (61.2%) Lysithea
  • (13.7%) Claude
  • (7.0%) Dimitri
  • (1.7%) Edelgard

“Which Brave Hero do you believe has the best art?”
  • (32.9%) Claude
  • (27.3%) Dimitri
  • (20.1%) Lysithea
  • (13.3%) Edelgard

“Which set of Brave Heroes is your favorite overall?”
  • (24.2%) 1st CYL (Ike, Lucina, Lyn, Roy)
  • (19.4%) 2nd CYL (Ephraim, Celica, Hector, Veronica)
  • (11.2%) 3rd CYL (Alm, Camilla, Eliwood, Micaiah)
  • (39.9%) 4th CYL (Claude, Dimitri, Edelgard, Lysithea)

23.6% feel positively or very positively about the addition of Jorge as the CYL4 GHB hero, compared to 33.0% who feel negatively or very negatively.

86.3% believe CYL5 should add further protections against vote botting, compared to 4.4% who do not.

70.1% believe CYL5 should require Nintendo Account sign-in to vote, compared to 12.6% who do not.

~ Feh Pass and Resplendent Heroes ~

41.2% feel negatively about the addition of the Feh Pass (down 15.8% from the last survey), compared to 11.6% who feel positively (up 1.5% from the last survey). 46.1% are neutral (up 14.3% from the last survey).

40.2% have purchased the Feh Pass, compared to 59.8% who have not. This is a 9.5% increase compared to the last survey, following a 6.7% increase before that.

Of those who have subscribed to Feh Pass, 17.4% have purchased Resplendent Heroes separately (up 12.9% from the last survey), compared to 82.6% who have not.

“Which Resplendent Hero has your favorite art?”
  • (13.4%) Cordelia
  • (12.8%) Eliwood
  • (8.7%) Eirika
  • (8.4%) Olwen
  • (7.5%) Sophia
  • (7.3%) Minerva
  • (6.0%) Azura
  • (5.7%) Lyn
  • (5.2%) Ike
  • (4.1%) Sanaki
  • (4.0%) Roy
  • (3.7%) M!Robin
  • (2.3%) Hector
  • (1.6%) Linde
  • (1.3%) Alm

“Which Resplendent outfit theme is your favorite?”
  • (16.3%) Muspell
  • (15.0%) Askr
  • (14.8%) Nifl
  • (11.5%) Embla
  • (11.5%) Hel
  • (10.3%) Ljosalfheimr

~ Miscellaneous ~

15.8% feel positively about the introduction of Harmonized Heroes, compared to 31.3% who feel negatively.

29.5% have a Harmonized Hero, compared to 70.1% who do not.

14.6% feel positively or very positively about the Resonant Battles game mode, compared to 51.5% who feel negatively or very negatively.

4.6% say that the Resonant Battles game mode influenced them to pull for Harmonized Heroes, compared to 94.5% who say it has not.

34.8% believe the new Arena maps are better than the maps they replaced, while 7.4% believe they are worse, and 36.7% believe they are about the same.

“How often do you use Auto Dispatch in Aether Raids?”
  • (34.3%) All of them, always
  • (0.2%) All of them, in Light Season
  • (3.6%) All of them, in Astra season
  • (24.3%) Only sometimes
  • (37.6%) I never use it

“IV Mango” is the preferred term for Trait Fruit according to 32.2% of respondents, followed by “IVcado” at 28.9%, “Fruit” at 7.6%, and “Dragonfruit” at 6.6%. The remaining 24.7% prefer to just call them Trait Fruit.

39.3% say they will use their first Trait Fruits on a Heroic Grails unit, while 32.9% say they will use them on a Summonable unit, and 1.3% say they will use them on an Askr unit.

58.7% prefer Stat Boosts for Legendary Heroes, compared to 26.3% who prefer Pair-Up.

56.5% generally prefer Regular Duo Heroes, compared to 8.8% who prefer Harmonized Duo Heroes.

1.8% say that the update that raised the minimum hardware/software required to play the game affected their ability to play FE:H, compared to 95.8% who say it did not.

~ Recurring Miscellaneous ~

“Which game do you want a New Heroes banner from the most?”
  • (26.0%) Three Houses (-1.9%)
  • (9.7%) Radiant Dawn (+0.5%)
  • (7.7%) Sacred Stones (+0.2%)
  • (7.5%) Awakening (-3.1%)
  • (6.4%) Genealogy of the Holy War (-1.3%)
  • (6.1%) Path of Radiance (-0.9%)
  • (6.0%) Gaiden / Shadows of Valentia (+2.7%)
  • (5.9%) TMS #FE (+1.9%)
  • (5.4%) Blazing Blade (+1.3%)
  • (5.0%) Fates (+1.0%)
  • (4.2%) Thracia 776 (+0.8%)
  • (2.4%) Binding Blade (+0.6%)
  • (0.8%) Shadow Dragon and the Blade of Light / Shadow Dragon (-1.0%)
  • (0.8%) Mystery of the Emblem / New Mystery of the Emblem (-1.1%)

“How much do you care about your rank in the following modes?”
  • (2.90/5.00 average) Arena
  • (2.82/5.00 average) Aether Raids
  • (2.48/5.00 average) PvE game modes with player ranking boards
  • (1.82/5.00 average) Arena Assault

“How have recent changes to FE:H changed your opinion on the game as a whole?”
  • (39.3%) My opinion was positive and has stayed positive
  • (5.7%) My opinion used to be negative, but has turned positive
  • (40.1%) Neutral
  • (9.9%) My opinion used to be positive, but has turned negative
  • (5.1%) My opinion was negative and has stayed negative

~ Intelligent Systems Approval Ratings ~

The approval ratings are calculated by the proportion of Approve responses compared to the number of both Approve and Disapprove responses.

Percent who approve of the way Intelligent Systems is handling:
  • 74.6% - The addition of new heroes / characters to the game (+11.9)
  • 69.4% - The gacha mechanics and summoning banners (+5.5)
  • 59.2% - The story/plot (+9.4)
  • 85.2% - Unranked PvE game modes (Hero Battles, Forging Bonds, Tactics Drills, Lost Lore, Hall of Forms) (-1.2)
  • 50.7% - Ranked PvE game modes (Voting Gauntlets, Tempest Trials, Grand Conquest, Allegiance Battles, Rokkr Sieges, Mjolnir's Strike) (-2.6)
  • 34.6% - Arena (-6.2)
  • 48.0% - Arena Assault (+6.7)
  • 45.8% - Aether Raids (+12.7)

40.5% believe Intelligent Systems cares about its Free to Play userbase (up 10.1% from the last survey), while 34.7% do not. This continues the upward trend from the previous survey, bringing us to 8.8% down from where we were before the February drop).

42.9% approve of the way Intelligent Systems is handling Fire Emblem: Heroes as a whole (up 14.8% from the last survey), while 16.9% disapprove. This continues the upward trend from the previous survey, bringing us to only 2.5% down from where we were before the February drop).

A NOTE ABOUT METHODOLOGY: The overall approval ratings question above has traditionally been the exact percent of Approve responses, as a proportion with both Neutral and Disapprove responses. Note that this is different than the way approval is calculated for individual modes (the proportion of Approve responses compared to the number of both Approve and Disapprove responses), where Neutral responses are excluded. The difference in calculation has continued this way in order to maintain comparability with previous survey results.
For comparisons sake, the overall approval rating trend going by raw Approval percentage over the last 4 surveys is: 50.6% (Dec) -> 22.9% (Feb) -> 28.1% (Apr) -> 42.9% (Sept)
Whereas the overall approval rating trend going by proportion of Approve/Disapprove with the Neutrals excluded over the last 4 surveys is: 82.2% (Dec) -> 41.0% (Feb) -> 51.3% (Apr) -> 71.7% (Sept).

~ Bonus Questions ~

“Who is your Favorite Hero added since the last survey?”
  • Dimitri (Brave) is the winner, followed by Edelgard (Brave), then Claude (Brave).
  • Full results here: [Graph]

“Who is your Most Wanted Hero added since the last survey?”
  • Tibarn (Pirate) is the winner, followed by Corrin (F, Legendary), then Micaiah (Duo, Bridal).
  • Full results here: [Graph].

“What would be the best Harmonized Hero (a pair of two heroes from different games) and why?”:

Rather than selecting a subset of responses this time, the link below is to a google sheet of almost all unique responses. I cleaned it up a little bit to remove “idk” type answers, duplicates, and partial string duplicates, so don’t worry if you don’t see your exact response in it.

[Full Responses].

~ Feedback ~

As always, I received lots of great feedback, both in your survey responses and in the thread itself. A heartfelt thank you to all participants for your encouragements and criticisms - these surveys wouldn’t be where they are without your feedback. But it’s not all serious; feedback messages also included:

  • #FloofMomGang #GiveLeoAGoodFuckingAltForOnce #NowiRefineWhen #TelliusNewHeroesPlz #ElinciaResplendentWhen #JusticeForDedue #PleaseRemoveLChromInstysIAmBeggingYouICantLiveLikeThisAnymore
  • “There once was a CYL4 banner / That hit my orbs hard like a hammer / The very next day / FloomMom Duo came our way / Now I'm stuck bartering with a loan planner”
  • bonk, go to survey jail”
  • “Am I also allowed to put in "Norne and Azura" for a Harmonized Hero pair? No reason.”
  • “Brace yourself. Winter (armours) are coming!” “Brave Hector's refine has made me so very happy with it's inclusion. Go shove your bow up your butt Legendary Chrom.”
  • “Give me villager alts or give me death”
  • “I expect the next survey to come with +12 to attack, null follow up, and special cooldown reduction.”
  • “The true best Harmonized Hero would be Azura and Roy since it would make me uninstall the game and never want to play a gacha ever again”
  • “My headcanon for the dream storyline is that the evil fairies have the Summoner off picking up pebbles that look like orbs. Fredrickson would be proud.”
  • “Where's the most wanted unit to add to the game question so I can shout my want for Seteth into the void?”
  • “I no longer dab, for Legendary Seliph has finally appeared.”
  • And greetings from Argentina, the Bahamas, Brazil, Chile, Colombia, Finland, Germany, Greece, Hong Kong, Ireland, Russia, South Korea, Sweden, the UK, Vietnam, the Pacific Northwest, Alaska, Toronto, and St. Louis, as well as from many fictional locations!
And some personal/meta comments:
  • “Any chance we end up seeing another Super Serious Survey in the not-so-distant future?” -> I could not believe it’s been over a year since the last one! We’ll have to do one soon!
  • “Feels like the end of an era, not having to count all my five stars” -> I know, right? I may have it return in a side survey for the most hardcore of respondents at some point, since some people are asking about it and it would be good to get data on it every once in a while.
  • “I was looking through your Nornes skills and saw you haven't given her live for bounty yet! It's the best skill for her, what are you doing!?” -> I am a fraud :( I have given her Live for Honor though :P
  • “What do you hope for in FEH?” -> Norne alt, Resplendent Jaffar, and Shamir
  • Multiple people mentioned that they had returned after a long break and were surprised to see Norne instead of Azura! Welcome back!
  • I also missed a bunch of other possible Trait Fruit nicknames, which I knew would inevitably happen. Sorry!

Note: Please don’t ask me to feature your feedback comment; it’s the only guaranteed way to not have your comment added!

Finally, the suggestion to have separate options for serious vs non-serious feedback was a good idea, I’ll try that out on the next survey!

~ Closing Remarks ~

If you missed out on responding to this survey when it was available, consider subscribing to FEHSurveys. This subreddit serves as a place to organize FE:H-related surveys, make new releases more visible, and make it easier for users to see when surveys are active.

Thanks again to everyone who participated! I hope you find the results interesting, and if there’s anything else you think can be discovered from the data, let me know and I’ll do my best to oblige!
 
 
Weekly/Important Megathreads:
Weekly Discussion Megathread
Tempest Trials+: Dancing Affinity Megathread
Forging Bonds: Beyond Blood Rebout Megathread
Limited Hero Battles Megathread
submitted by ShiningSolarSword to FireEmblemHeroes [link] [comments]

Greed is Subtle

The morning alarm woke up Ghen. With an annoyed sigh, he stretched out his arm and silenced the foul-sounding chirps. Slowly sitting up in bed, he let out a deep yawn and got to his feet.
Running a couple of chitinous fingers along his antennae to stimulate them to life, he made his bed and then went to his closet. Today was a work day, so he needed his suit. Once the pants were on, he stretched out his wings so that he could button up the shirt, then relaxing them once all the buttons were secured.
Dressing for the day was done, now for the morning meal. Entering his kitchen, he took out the chilled leftovers of the evening meal last night and popped it into the radiator, first defrosting and then slightly cooking it.
During that process, he also fished out a ceramic cup and placed it in his brewer, serving himself some synthesized caffeine. His idle thought led him to being amused that, when eaten directly off a plant, it has a concentration that could kill him three times over. But after going through some refinement and roasting, all it does is make him hyper.
Once the meal was put together, his plate of heated leftovers and a cup of almost-piping-hot cup of Xia's, he took his time to enjoy it. His communicator vibrated. When he looked, he found it was from his boss.
"Hello?" Ghen answered.
"Ghen, the meeting's been moved up to a few minutes from now." His boss, Xkik, announced. "Apparently higher up has something important they want to say. We have a terminal ready for you, I'll message the login details."
"Wha-, what's so important?" Ghen asked in bewilderment. "Did a water line rupture or something?"
"No, nothing like that." Xkik replied with a slight chuckle. "It's actually about the rumors we've been hearing. That human corporation wanting to acquire us? That's what they're talking about."
Ghen could feel everything inside his thorax drop to the floor. "That must mean it's true then, right? Did we get sold off by the Queen to this company then?"
"Show up to the meeting and you'll get your answer." Xkik said simply. When he finished, Ghen got the notification on his communicator. There's the login details, allowing him to remotely attend the meeting. "They're about to start, hurry up."
Once Xkik disconnected, Ghen worked fast to login and set up the remote viewing. Once everything was done, his screen started transmitting the meeting room. It was already packed. And off by the main board, he saw his answer. There was a human, resting against the wall on his two legs. Standing right in the center of everyone's view was the coordinator, Tizx, watching the clock periodically.
As soon as the meeting's start time was reached, the coordinator began. "Alright everyone. I realize that this was rather short notice, so I want to say how appreciative I am that you made it. Now then, let's just get right to it. For some time now, many of you have been hearing rumors that a human corporation has been interested in us. Why? We never really knew. We're just an organization responsible for finding, extracting and providing water to the colony here all under the direction of the Queen herself. Well, as of now, I have the answer for you. Why don't I let Ryan say that?"
Stepping back, Tizx motioned for the human, Ryan, to take over. With a nod, Ryan practically bounced over and then took the position. "Good morning to you all. I hope my Zazk is passable, heh. Anyways, the answer to those rumors, is yes. Terran Galactic Company is indeed interested in you all. Which now leads to me. I'm here to announce that, effective yesterday evening, this water company is now a subsidiary of Terran Galactic Company, under the name of Zilia Water Delivery."
Many other sub-coordinators broke into hushed conversation, no doubt speaking their thoughts with each other about this move. Ghen could only wonder if this was even a good thing. What will the humans do? Will he still have his job? Will he have to learn how to deal with the ruthless humans?
"Now, I am well aware this is quite the...uh, change." Ryan continued. "That's why I'm happy to inform you that, no, nothing negative or detrimental will happen to you. You just have new people to answer to. Operations will continue as normal, everybody here will still keep their jobs. The only real change any of you will personally experience is that Coordinator Tizx here will now report to someone else. On behalf of the Terran Galactic Company, we are extremely excited and are looking forward to working with you all. Thank you for your time."
A week later.
At least Ryan wasn't lying. After the initial shock wore off, things went back as they normally did. There were no terminations, no reductions in annual pay or anything. Nothing really changed. At least until this new meeting was called. Ghen was at the worksite this time, so he took his seat and watched as, once again, Ryan led the meeting.
"Hello again, everyone!" He said cheerfully, his Zazk noticeably improved. "I hope I didn't end up looking like a liar, right? Everything's still normal, all that?"
All the zazk in the room confirmed, providing comments to their pleasant surprise as well as lingering thoughts.
"Awesome! Awesome." Ryan said jubilantly, his fleshy mouth revealing his bone-white teeth. "Now then, you're probably wondering why I'm here again, right? Well, I got another fantastic piece of news for you all! Two, actually. I'll start with the first: Zilia Water Delivery has just completed its IPO. The company is now publicly traded!"
Ghen and the others voiced their confusion, having no idea what in the name of the Queen Ryan was talking about. What was Ryan talking about? What's an IPO? And why exactly is being publicly traded such a significant thing?
"Oh, you guys don't know any of that?" Ryan asked in surprised confusion. After everybody confirmed, he let out a quick huff as he began his explanation. "Well, to begin, IPO is short for Initial Public Offering. Basically what that means is that, before today, Zilia was privately held. Only certain individuals could buy and sell shares here. But now that we're public? Literally anyone can buy and sell shares in the company, hence us being publicly traded."
"Uh, what's a share?" Ghen asked, still completely lost.
"Oh, boy..." Ryan muttered under his breath before returning to his peppy image. "To simply put it, a share is short for having a share of ownership in a company. When you buy a share, you're buying a piece of ownership, and when you sell, you're selling that amount."
"So wait...if someone buys a share, they're a co-owner then?" One of the other team coordinators asked.
"If they get enough, yeah." Ryan nodded. "You need a lot though, and that really depends on the company. If I had to give an answer though? I'd say usually you need to have a lot more shares than a lot of people combined to be officially a co-owner, but we call that being a majority shareholder."
"And how do we do that?" Ghen asked, now growing curious but still not understanding why such a concept exists.
"Simple. Buy shares." Ryan said simply. "And that leads into the second piece of awesome news. Zilia's corporate has a product in mind, a premium-package of water delivery. Instead of the usual water that you pump out, filter and ensure its potable before delivery, with the premium package, not only will you get that, but you'll also get all of the required nutrients and vitamins the zazk body requires! And they feel you guys have the best expertise and understanding to pull it off! So, here's what we're offering as a good-faith bonus: A 25% increase to your annual salary as well as being given stock options."
Ghen wasn't sure about the second part, but the salary definitely got his attention, as well as everyone else's. Although his job was considered to have a good pay, Ghen isn't going to say no to a higher salary. In fact, he's been focusing his work on getting a promotion so he can come home with even more credits in pocket.
"What do you mean by stock options?" Ghen asked after some time.
Ryan let out that smile again, the one that revealed his teeth. "If you choose to transfer over to the new group, you'll be provided 50,000 shares in Zilia itself. Why's that awesome? Let me walk you through it. Right now, our last closing price per share was 3.02 credits. And if you have 50,000 shares during that time, you're sitting on 151,000 credits, if you cash it out immediately."
"And why shouldn't we?" One of the coordinators demanded in an ambiguous tone.
"Because the price per share changes a lot." Ryan explained promptly. "When we got done with the IPO? It closed at 2.73 a share. Right now? My money's on the closing price being 2.99 a share. However, we are extremely confident in this premium package being successful. If it does? Well, my bet is that the share price will skyrocket to 3.12 a share. If you hold those shares and the price gets to what my bet was? You'll instead get 156,000 credits. Just by holding onto them, you just made an additional 5,000 credits!"
"And what if we have more shares?" Ghen questioned, now getting excited at the prospect of free money.
"Even more money!" Ryan laughed a bit. "And don't forget about dividends, but that's for another time. The premium group is gearing up right now, we just need the workforce. If any of you wants in, I'll be back tomorrow with all the forms needed to make it official. Take the day and tonight to think it over, yeah?"
Everything else melted into a blur. Ghen was practically on autopilot that whole day. Was this the secret to the humans' incredibly massive economy? How so many of them have amassed so much money out of nowhere? All you had to do was just buy this share out of a company and you get more money without even working?
As soon as he got home, Ghen knew what he was going to do during the night. After feverishly looking through the galnet, now having the human race connected to it, he looked and gathered up as many books that were translated into zazk as he could find, all talking about the human economic system. The last time he undertook such an intensive study was during his primary education phase.
And during his search, he even found forums on the galnet that were completely dedicated to the human's economy. All of them talking about strategies on what company, or stock, to pick. How to analyze a company's performance to determine if it was worth the money, or it had potential to grow over time. And that was when he discovered the humans found another method to the extremely simple buying and selling process. There were humans and some other immigrated aliens who made five times what Ghen could receive over a simple month just by watching the share prices during trading hours, and then buying and selling them at the proper times.
Ghen's mind was just absolutely flabbergasted. He thought it was just some strange concept only aliens could make, but no, not with the humans. They've practically made their economy into an art or a science. No, not even their economy. Everything. If humans can see a way to make money off of it, they'll do it. And if there isn't, they'll look for a way.
Healthcare was monetized. Galnet services, transportation, shopping at the store, they even made all of their utilities into profit-oriented companies.
And it was there that Ghen paused, the realization slamming into him. Everything was monetized. Which means, if you don't have the money for it, you're not getting it. Right? Are the humans truly that ruthless? So obsessed with making money? To the point that they're willing to deprive their own people of the absolute necessities if it's a source of credits?
Ghen let out a scoff. There's no way. Nobody is that cruel and callous. He's never been to the United Nations. He can't rely on what a bunch of random people on the galnet says. He decided that from here on out, he'll only go as far as saying that humans are a little obsessed with credits, nothing more.
...
There he was. Ryan, sitting in the office provided to him. And there was a rather large line leading to him. Looks like word got around. Although, the line wasn't as large as he expected it to be. Maybe the others thought it was just a ruse? That there's no such thing as making free money by spending it on such a made-up concept?
Ghen only knows that, if it is a ruse, it's an extremely elaborate one, where all of the humans are in on it. And he believes that's just extremely ridiculous. At the end, if he's unsure, he'll just take the transfer for the very real increase in his very real salary. And although he spent a very good chunk of the night reading up on how humans do things, he's still going to play it smart. He'll leave his 50,000 shares alone and see where it goes from there.
"Good morning sir." Ryan greeted warmly once Ghen took his seat. "Now, name please?"
"Ghen." He answered, barely keeping his nerves down.
"Alright...and what's your position at this location?" Ryan questioned after scribbling on his form.
"I monitor the pumping stations near the extraction sites." Ghen explained, staying on point. "To be more specific, I check to see if they're in need of maintenance, as well as reading the flow rate that's determined by the calculators installed there. If there's too little for what's needed, I pump out more. And if there's too much, I pull it back a little."
"Nice...and how long have you been doing it for?" Ryan complimented with a nod.
"As of tomorrow, ten years." Ghen replied, voice quickly changing to minor awe once he realized that fact.
"Excellent. Do you have anyone in mind you'd like to replace you here?" Ryan questioned after another scribble. "If you don't have anyone, you're free to say so."
Ghen took a moment to think it over. A bunch of names went through his mind, but one stuck with him. "Tilik. He's just been accepted here, but he's learned quickly. Very attentive and he always catches something subtle. I think he'll do really well in my position, even better actually."
"Tilik, really?" Ryan questioned with a little shock, going through his completed forms. Ghen felt a short sense of panic in him. Did something happen, or was Tilik actually transferring? His answer didn't take long to reveal itself. "Right, Tilik was actually one of the first people to want to transfer here. He's actually requested to be part of the testing teams specifically. Do you have a second choice?"
"Um...no, actually." Ghen replied, feeling a little ashamed. "Tilik was my only choice, to be honest."
"Hey, don't worry." Ryan said assuringly with his hands raised. "Nothing wrong with that. Sometimes, there's just nobody up to snuff, right? 'Kay, so, last question. Is there anything specific you'd like to do when given the transfer?"
"If you need someone monitoring new pumps, I'd be happy to do that." Ghen stated.
"So basically same job but with better payoff, am I right?" Ryan grinned. "I hear you. Sometimes, we're just not paid enough for what we're doing. I know I think that sometimes. Uh, our secret, yeah?"
"Yeah, our secret." Ghen nodded, thinking it'd be better to have friendly relations with the human, just in case.
"Awesome. Back on topic, that's it." Ryan announced, placing the form on his pile. "We'll give you a call when you're accepted."
"Oh, uh, that's it?" Ghen questioned with a shrug in shocked surprise.
"What, expecting a question like, why do you want to transfer?" Ryan chuckled a bit as he leaned in his seat. "You can bullshit all you want, but we both know the answer. Sweet money and stock options. Not saying that's a bad answer of course, just that it's pretty obvious."
"I suppose it is." Ghen commented, realizing the point. "Also, you mentioned this...dividend? Is that for Zilia shares?"
Ryan laughed a little bit before nodding. "Yep, announced before I came here. About 0.43 per share. Want to know why that's awesome? Instead of waiting for the proper price to cash out your shares, now? The company pays you for each share you hold."
"A...Are you serious?" Ghen demanded, flabbergasted.
Ryan nodded with his now-trademark grin. "Dead serious. If you get the transfer, and get those 50,000 shares? A little head math...right, if you hold onto those, in addition to your salary, you'll now annually be paid 21,500 credits, if you keep it at 50,000 shares. Only you can decide to sell or buy shares."
Ghen just stood there silent and motionless, no idea of whether to believe it or not, to which Ryan just laughed. Once he walked out of the room, he managed to snap back to reality. Again, just focus on the very real pay-raise. He'll deal with the other parts later.
After he returned to his spot, he spotted Tizx approaching by his desk. The coordinator seems to be as casual as always.
"I saw you in that line a bit ago, Ghen." He said as he leaned on the desk. "Guess you're really taking that human's word?"
"I mean, I don't know about all this share business or what not." Ghen began with a shrug, his tone sounding a little defensive. "But I mean, having a bigger salary? Course I'm going for it when I can. And if all this magic credits turn out to be real? You realize we can live like the royal servants, right? Get the best cars, the nicest food and all that?"
"I'd be very careful, Ghen." Tizx warned in a sudden shift in tone. "Don't trust those humans. The way they just...obsess over money? Come up with more and more insane ways of getting credits? I don't know, it just makes my wings twitch."
"You think this is a bad idea?" Ghen asked with a little surprise at the change-in-demeanor.
"I think you should be careful, with the humans, and with what you're saying." Tizx replied, straightening his posture. "I wouldn't put it past those Earthmen to backstab you if it gets them a few more credits. And we all know how the royal servants get if any of us lowly commoners start thinking we can break into their circle."
"I hear you, I'll be on my guard, promise." Ghen stated with a nod. With a confirming nod of his own, Tizx returned back to his duty, walking past Ghen's desk.
Several weeks later.
Everything became so much better. Ghen got the transfer. He didn't need to relocate to a new residence either. And after he was walked through into learning how to manage his stock account, and seeing that new form of payment in his hands, he already felt as though he made the best decision. But it was only when he decided to take those shares more seriously that he became privy to what he was given. After receiving the dividend payment, and actually seeing it was real, valid credits after transferring it to his main bank account, all he could describe was the most powerful high he ever felt.
While his first thoughts were to buy himself a royalty-class car, some nicer furnishings for his home, or even a better home entirely, he ended up going the smarter route.
After going back to his stock account, he discovered that Zilia's shares rose to about 3.22 credits in price. Knowing that this was the easiest money he could ever make, he took all of his dividend earnings and bought more shares in Zilia, bringing him to owning 56,891.
And from his new regional coordinator, a human named Dylan, tomorrow is the grand release of the premium package. For just a monthly rate of 14.99 credits, the tap water will now include a sizeable portion of all nutrients and vitamins required in the zazk physiology. Still, Ghen has to admit. He's not entirely sure why anybody would want such a thing, if they'd even go for it. But, as long as he's practically swimming in easy credits, he won't pay much attention to it.
And just like when he was intensively studying the basics of how the human economy worked, he barely got any sleep. His mind was constantly thinking about the things he would buy. Or rather, what other stocks to put his credits into. Even now he can still hardly believe it. Just spend your money on some, make-believe thing and, if you wait long enough and picked the right stock, you'll get more than you spent back?
His mind even wandered onto what human colonies, or even their homeworld, Earth, was like. If everybody was making so much money, what kind of things would they offer? What kind of ridiculous service or product or item can you get? He's even debating on joining some forum and just asking around. Explain how he's new to how humans do things and was wondering what he should expect if he's successful.
By the time he felt like he can go to sleep, the binary-stars of the system were rising from the horizon. After getting out of his bed and changing to clean clothes, his mind returned onto what-ifs.
What if he bought better clothes? He's had his eye on that human brand of luxury clothes, Tessuti di Venezia, that's been all the rage amongst the royal servants. Or maybe he can go on vacation and just check out Earth for real?
It was a short ride to his workplace from his home. After getting stuff his stuff and preparing to walk through the doors, he heard the roar of a car grow louder. When he looked, he saw the sleekest and quite possibly the coolest looking car he's ever seen. Each time the engine revved it would startle him, both from how harsh it sounded as well as just how intense it sounded. And after it parked, he saw the doors pop out and then slide along the body back. And there, he saw Tilik, the seat literally turning and extending out a bit before he got off.
As soon as he saw Ghen staring, he struck a rather prideful pose after putting on his lab coat and then sauntered over to Ghen.
"What do you think?" Tilik said, without any doubt inviting praise or compliments.
"D...Did you actually buy that?" Ghen asked, unable to tear his eyes away from the car.
"You're Queens-damn right I did!" Tilik laughed happily. "Thing takes off like a starship, has temperature-controlled seating, all-in-one center console, barely any bouncing on rough roads. Hoof, best decision I've ever made!"
"How much did that thing cost?" Ghen asked after letting out an incredulous laugh.
"Five million credits." Tilik replied, earning an absolutely shocked stare from Ghen. "And thanks to the incredible salary I have, in addition to all these shares and dividends, I'll pay back the credits I borrowed in no time!"
Ghen needed a few moments before he could speak again. "All I've been doing is buying more shares."
Tilik laughed and then patted the now-envious monitor's back. "Smart man. I got a little carried away, yeah, but not anymore. Any spending credits I got, going right back to investing. That's what it's called right, investing?"
"Yeah, it is." Ghen nodded, feeling a fire light up in his thorax. "And also? Today's the day that the premium water thing is being released. Here's hoping it starts out well, right?"
"Oh it will, trust me." Tilik chuckled as they both began making their way inside the workplace. "Lots of research, lots of study. By the Queen, so much of it...it'll make your head spin."
And after hearing that, Ghen had a moment of realization. "Hey, Tilik? How did you get such a nice position anyways? Weren't you just studying under me before the humans came along?"
Tilik let out a sigh after opening the door. "I'll be honest, I never wanted your job. Not because it's boring or terrible, just...I didn't suffer so many sleepless nights in the science academy just to be a glorified button pusher. This is what I've always wanted. Doing science, solving problems rather than just applying the solution, you know?"
"Wait, you got an academic certificate?" Ghen questioned, completely floored. "How did you end up beneath me then? I should've been answering to you!"
"Simple." Tilik gave a heavier sigh. "A royal servant was asking for the same job I was. Take a guess at who got it."
"Ouch. Good thing the humans came along when they did, yeah?" Ghen was taken aback. He never heard anything about a servant taking a job at his place. "Looks like you're proving yourself to be well suited."
"By the Queen, of course I am." Tilik nodded. "Like I said, I nearly broke my wings through so many nights, got certified top of my class, all just to get pushed to the dirt because someone who was born into a particular family wanted the same thing I did? I know I'm smarter than any of those empty-skull servants back in the Center. I know that, whatever, uh...corporate? Yeah, whatever corporate wants out of science, I will xeek give it to them."
"Well, let me know how things go in the lab." Ghen said, admiring his drive as they neared the main office floor. "Because this is where the button pusher needs to go."
Tilik let out a laugh as he nodded. "Hey, how about we meet up at Queen's Fine Eatery tonight. I'll pay, yeah?"
Ghen, at first, wanted to admonish him for choosing such an outrageously expensive place to go. But he quickly realized that, he truly is good for it, thanks to the humans. "Well, hey, if you're paying for it."
...
It was a fantastic opening. After being told what news sites to keep in mind for stocks, he first heard it from Dylan, and then got more detail on Business Today. There was such a massive demand right from the start that Zilia needs to increase extraction just to meet it. But what really got his attention was the effect it had. Zilia Water Delivery's share price just blasted off. After seemingly holding steady at about 3.15, by the time he got home and logged onto his account, it already reached 7.04 a share. The calculator on his account told him that he got a value-gain of 54.26%.
Never in his entire life had he felt such...joy. With all of the shares he currently has? He's sitting at 400,512.64 credits. He knows that it is woefully pathetic compared to what the royal servants have just in their pockets, but the fact that he has such money, just by owning some intangible concept? Why even work at Zilia? Why doesn't he just sit at home, figure out what companies to invest in and make his money that way?
What's even the point in working a real job, getting a pathetic pay when you can just take the money you have, determine where to spend it, and get triple back? All just sitting on your wings at home, researching?
He was so wrapped up in his excited high that he completely forgot he was going to meet Tilik at Queen's. After quickly and haphazardly putting on his nicer clothes, he got to the place only a few minutes late.
Tilik was there by the guide, no doubt having been waiting for him. As soon as he strode up, Tilik's wings stiffned out some. No doubt he must've seen the numbers as well.
"I can see your wings, Ghen." Tilik began with an excited chuckle. "Made some serious credits?"
Ghen let out an incredulous scoff, struggling to find the words for a moment. "Incredible. All I'm going to say."
"Likewise." Tilik chortled some before nodding to the table guide. "All here. Table please?"
"Right this way, sir." The guide said politely. It was a short walk, travelling between round tables. The vast majority were populated by zazk, but Ghen was surprised at seeing a few humans here as well. No doubt corporate workers checking out the local food. He did spot them having bowls filled with some kind of mass. Some were brown, others white with what looks to be black specks on them.
They arrived at their table. A rather nice one, affording a view out the windows into the busy colony streets. Once Tilik and Ghen settled in, the guide handed out the menus.
"May I suggest our rather popular option for tonight?" The guide began. "Human ice-cream. Ingredients sourced from Earth itself. Very cold, but incredibly sweet, and coming in many flavors. The most popular amongst us is called vanilla-bean. The vanilla itself soaks in the cream for much of the process, and then the innards sprinkled on top of it near the end. Rumor has it that the Queen herself has demanded personal shipments of such a treat straight from the home of vanilla, an island on Earth named Madagascar."
Ghen didn't even spare a single thought. "Vanilla bean ice cream then, please."
"Same." Tilik seconded when the guide glanced to him. With a slight bow, the guide proceeded to ferry their orders to the kitchen. Thankfully it was just a short wait before the guide returned, carrying a large plate containing bowls of ice cream. Ghen could feel the saliva on his mandibles as the bowl was placed before them. He could just feel the cold air around that glistening mass of sugary goodness. The white snow decorated with the black dots of vanilla bean.
Once the guide left them, Tilik and Ghen both dived in at the same time. As soon as the ice cream entered his mouth, touched his tongue, he exploded in incomprehensible bliss. The sweetness, the smooth and creamy mass, even the taste of vanilla he wasn't sure about was just absolutely delightful. It was so overwhelming that his entire body limped, slumping in his seat as he was forced to ride on the surging tide of joy and happiness sweeping over him.
Tilik was no different. He too was taken completely by the effects of the ice cream, his wings fluttering some against the seat. Ghen could hear some noise. It was the humans they passed by. They were chuckling, grinning, and glancing over at them discreetly. Unlike the two zazk, the humans seemingly just enjoyed the ice cream as if it was just another nice dessert to them. Or perhaps they couldn't allow themselves to succumb to the high?
And as soon as the wave of indescribable bliss and happiness subsided, Ghen knew. He just knew. This was the life. He wanted this. The ice cream was just the beginning. So many things denied because he didn't have the credits, or worse, not the blood. Because he was just a drone in the great Collective, even if he had the credits, he wasn't allowed because of what caste he was born in. That fire that sparked in him when he saw Tilik's new car? It exploded into a raging firestorm.
And when looking into Tilik's eyes, Ghen could see the same. He was on the same page as Ghen was. Both of them were sold. They have the credits. And the humans? If you can pay for it, they'll never discriminate. All they cared about is if you have the money.
And by the Queen, Ghen and Tilik will endeavor to amass as much credits as physically possible.
The rest of the night faded into a blur. A blur that evokes only one thing. Bliss. It was only when he walked through the door of his pathetic hut that Ghen's mind snapped back to focus. His mandibles felt sticky. And he felt a weight in his stomach. How much ice cream did he eat? Whatever it was, he ate such volume that the lower-section of his throax extended and rounded out, visible even under his shirt. He felt something odd in his pocket. It was a receipt. 43,000 credits for ten bowls of vanilla bean ice cream. Was that ten bowls for both of them? Or individually? Ghen didn't care. He's good for it.
Returning back to his calculator, he acted upon the decision that he had made at that eatery. He's acquiring as many books about investing and stock trading as he could find, frequent and study all the discussions and arguments presented by other like-minded individuals such as he, all to ensure he can live the good life. And he had a very good feeling Tilik was doing the exact same thing.
Well, first, the gurgling in his stomach, as well as the feeling of something rising demanded his attention. Looks like he'll need to take the night off to let his stomach get back to normal.
Three Years Later.
Ghen looked out beyond the horizon, seeing the colony that he grew up in. On the far side was where his old house was. With only a simple robe on, made from the finest silk from Earth's nation-state of China, he relaxed in his seat.
It was a long road. Stockpiling credits from pre-existing investments and from subsequent pays, he and Tilik made it. From having only half a million in assets and cash, now transformed to over eight-hundred million. And now, his call contracts on American Interstellar? They've just announced a breakthrough in their next generation of warp drives, reducing the speed coefficient even further, resulting in far faster travel. And with that, their stock price climbed sharply.
Another hundred million credits in the bank. Soon, very soon, he and Tilik are about to become the galaxy's first zazk billionares. But that's not enough. There are many humans who are billionares. Only those he can count on one hand are considered trillionares. He's going to break into that circle. He and Tilik.
Looking beyond the colony, he saw the abandoned building of the workplace he transferred to when the humans arrived. Turns out, the reason for such a high demand was that the humans also slipped in sugar to the tap water. As soon as that broke, many influential royal servants demanded investigations and outright banning of Terran Galactic Company's influence over the former government division. Zilia's stock price plummeted. But thanks to an advance tip from his human coordinator, Dylan, he and Tilik made a put contract. And that's where they struck gold, as the human saying goes.
Dylan warned that if they were citizens of the United Nations, they'd be investigated and convicted for insider trading. But, since they weren't, and the Collective were only just introduced to capitalism, there's no risk at all. Now the colony is going through a withdrawal phase, Zilia has been dissolved and reformed back as a government division and are currently at work re-establishing the standard, plain water delivery.
"Well, shit." Tilik muttered as he walked up to Ghen's side, taking well to human speech. "Looks like you win. American Interstellar's announcement really was a good thing. There goes a million credits. Ah well, the Royal Shipyards will make it back for me soon."
"Oh? Did they just go corporate?" Ghen asked curiously, glancing to Tilik.
"Hell yeah they did." Tilik chuckled, sitting down. "Queen and her retard servants fought it hard, but Royal Shipyards is now officially a human-style corporation. And, to a surprise to all the xenophobes in the galaxy, they're already being offered contracts for ship production. That'll raise the stock price pretty good."
"What's that human word...?" Ghen muttered, already having a reply in mind. "Dick? Yeah, calls or suck my dick, Tilik."
Tilik roared in laughter. "Already made them. Forty credits a share by this day next month."
"I have half a mind to go thirty." Ghen chuckled. "Either way, until then, I heard from Dylan that he knows a guy who knows several prime human women who happen to be into zazk."
"You're interested in women?" Tilik said as his wings fluttered. "With how often you tell me to suck you off, I'd have thought differently."
"Oh, I always thought it was you who was into men." Ghen responded dryly. "Just wanted to be a good friend, you know? Considering how you never seem to make it past, Hey sweet thing, I'm rich you know."
"Oh, go fuck yourself." Tilik countered with a little laugh. After he stopped, wings stiffened, he looked to Ghen. "So, know any royal servants we can put the squeeze on for more revenue streams?"
"I got just the one." Ghen nodded, sitting up. "Fzik. He's been fighting to control the ice cream trade. Worried it's a corrupting influence. Got done talking with the human CEO of Nestle earlier. If we clear the way, he'll know how to squeeze a little more gains in stock price when he makes the announcement."
Tilik's wings stiffened even more, signaling his approval. "Alright, time to throw some credits around, yeah?"
AN: Sorry for the period of no updates. College is starting up, lots of stuff to clear and work out. Not sure why but I just got a bug up my butt about incorporating money and the stock market into a short. Here it is. Sorry if it seems abrupt, character limit fast approaching. Let me know how you guys think about it!
submitted by SynthoStellar to HFY [link] [comments]

PSA: The version of OpenSSH Server that ships with Windows 10 and Server 2019 is broken

Thought I'd pass along a bit of insight I picked up after a week of pulling out my hair on a problem.
The version of OpenSSH Server that ships with Windows 10 and Server 2019 has a bug with per-user ChrootDirectory directives. Here's the scenario:
sshd.exe -v OpenSSH_for_Windows_7.7p1, LibreSSL 2.6.5 
By default, users are dumped into their profile directory. I'm trying to dump them into individual ChrootDirectory folders as I'm setting this up as an SFTP server.
relevant lines in my sshd_config:
ForceCommand internal-sftp DenyGroups administrators AllowUsers sftptest Match User sftptest ChrootDirectory c:\serverroot\sftptest 
Upon multiple consecutive logins, I've found that the user is only dumped into c:\serverroot\sftptest about 25% of the time. I tried all sorts of fixes. Changed the logging to file-based DEBUG3 level. I had no consistent answer and banged my head against a wally for a week.
Turns out that even though ChrootDirectory was introduced in 7.7.0.0 per Microsoft's documentation, there's definitely some kind of bug in it. What's more, they haven't updated the binaries for the feature that come with Windows since, despite the project being in active development at GitHub. The latest release is 8.1.0.0, and somewhere along the way between 7.7 and 8.1 the bug was fixed. Debug logs confirm that the ChrootDirectory is set, and I've not had a single issue since updating.
The moral of the story is, if you'd like to run OpenSSH Server for Windows, skip the version that's built-in as an optional Windows feature, and get a newer release from GitHub. As an aside, the active development moved to: https://github.com/PowerShell/openssh-portable but the Wiki is still at the old GitHub repo, so everything is very confusing.
Don't be like me, fellow admins!
submitted by Ecrofirt to sysadmin [link] [comments]

Red Hat OpenShift Container Platform Instruction Manual for Windows Powershell

Introduction to the manual
This manual is made to guide you step by step in setting up an OpenShift cloud environment on your own device. It will tell you what needs to be done, when it needs to be done, what you will be doing and why you will be doing it, all in one convenient manual that is made for Windows users. Although if you'd want to try it on Linux or MacOS we did add the commands necesary to get the CodeReady Containers to run on your operating system. Be warned however there are some system requirements that are necessary to run the CodeReady Containers that we will be using. These requirements are specified within chapter Minimum system requirements.
This manual is written for everyone with an interest in the Red Hat OpenShift Container Platform and has at least a basic understanding of the command line within PowerShell on Windows. Even though it is possible to use most of the manual for Linux or MacOS we will focus on how to do this within Windows.
If you follow this manual you will be able to do the following items by yourself:
● Installing the CodeReady Containers
● Updating OpenShift
● Configuring a CodeReady Container
● Configuring the DNS
● Accessing the OpenShift cluster
● Deploying the Mediawiki application
What is the OpenShift Container platform?
Red Hat OpenShift is a cloud development Platform as a Service (PaaS). It enables developers to develop and deploy their applications on a cloud infrastructure. It is based on the Kubernetes platform and is widely used by developers and IT operations worldwide. The OpenShift Container platform makes use of CodeReady Containers. CodeReady Containers are pre-configured containers that can be used for developing and testing purposes. There are also CodeReady Workspaces, these workspaces are used to provide any member of the development or IT team with a consistent, secure, and zero-configuration development environment.
The OpenShift Container Platform is widely used because it helps the programmers and developers make their application faster because of CodeReady Containers and CodeReady Workspaces and it also allows them to test their application in the same environment. One of the advantages provided by OpenShift is the efficient container orchestration. This allows for faster container provisioning, deploying and management. It does this by streamlining and automating the automation process.
What knowledge is required or recommended to proceed with the installation?
To be able to follow this manual some knowledge is mandatory, because most of the commands are done within the Command Line interface it is necessary to know how it works and how you can browse through files/folders. If you either don’t have this basic knowledge or have trouble with the basic Command Line Interface commands from PowerShell, then a cheat sheet might offer some help. We recommend the following cheat sheet for windows:
Https://www.sans.org/security-resources/sec560/windows\_command\_line\_sheet\_v1.pdf
Another option is to read through the operating system’s documentation or introduction guides. Though the documentation can be overwhelming by the sheer amount of commands.
Microsoft: https://docs.microsoft.com/en-us/windows-serveadministration/windows-commands/windows-commands
MacOS
Https://www.makeuseof.com/tag/mac-terminal-commands-cheat-sheet/
Linux
https://ubuntu.com/tutorials/command-line-for-beginners#2-a-brief-history-lesson https://www.guru99.com/linux-commands-cheat-sheet.html
http://cc.iiti.ac.in/docs/linuxcommands.pdf
Aside from the required knowledge there are also some things that can be helpful to know just to make the use of OpenShift a bit simpler. This consists of some general knowledge on PaaS like Dockers and Kubernetes.
Docker https://www.docker.com/
Kubernetes https://kubernetes.io/

System requirements

Minimum System requirements

The minimum system requirements for the Red Hat OpenShift CodeReady Containers has the following minimum hardware:
Hardware requirements
Code Ready Containers requires the following system resources:
● 4 virtual CPU’s
● 9 GB of free random-access memory
● 35 GB of storage space
● Physical CPU with Hyper-V (intel) or SVM mode (AMD) this has to be enabled in the bios
Software requirements
The minimum system requirements for the Red Hat OpenShift CodeReady Containers has the following minimum operating system requirements:
Microsoft Windows
On Microsoft Windows, the Red Hat OpenShift CodeReady Containers requires the Windows 10 Pro Fall Creators Update (version 1709) or newer. CodeReady Containers does not work on earlier versions or other editions of Microsoft Windows. Microsoft Windows 10 Home Edition is not supported.
macOS
On macOS, the Red Hat OpenShift CodeReady Containers requires macOS 10.12 Sierra or newer.
Linux
On Linux, the Red Hat OpenShift CodeReady Containers is only supported on Red Hat Enterprise Linux/CentOS 7.5 or newer and on the latest two stable Fedora releases.
When using Red Hat Enterprise Linux, the machine running CodeReady Containers must be registered with the Red Hat Customer Portal.
Ubuntu 18.04 LTS or newer and Debian 10 or newer are not officially supported and may require manual set up of the host machine.

Required additional software packages for Linux

The CodeReady Containers on Linux require the libvirt and Network Manager packages to run. Consult the following table to find the command used to install these packages for your Linux distribution:
Table 1.1 Package installation commands by distribution
Linux Distribution Installation command
Fedora Sudo dnf install NetworkManager
Red Hat Enterprise Linux/CentOS Su -c 'yum install NetworkManager'
Debian/Ubuntu Sudo apt install qemu-kvm libvirt-daemonlibvirt-daemon-system network-manage

Installation

Getting started with the installation

To install CodeReady Containers a few steps must be undertaken. Because an OpenShift account is necessary to use the application this will be the first step. An account can be made on “https://www.openshift.com/”, where you need to press login and after that select the option “Create one now”
After making an account the next step is to download the latest release of CodeReady Containers and the pulled secret on “https://cloud.redhat.com/openshift/install/crc/installer-provisioned”. Make sure to download the version corresponding to your platform and/or operating system. After downloading the right version, the contents have to be extracted from the archive to a location in your $PATH. The pulled secret should be saved because it is needed later.
The command line interface has to be opened before we can continue with the installation. For windows we will use PowerShell. All the commands we use during the installation procedure of this guide are going to be done in this command line interface unless stated otherwise. To be able to run the commands within the command line interface, use the command line interface to go to the location in your $PATH where you extracted the CodeReady zip.
If you have installed an outdated version and you wish to update, then you can delete the existing CodeReady Containers virtual machine with the $crc delete command. After deleting the container, you must replace the old crc binary with a newly downloaded binary of the latest release.
C:\Users\[username]\$PATH>crc delete 
When you have done the previous steps please confirm that the correct and up to date crc binary is in use by checking it with the $crc version command, this should provide you with the version that is currently installed.
C:\Users\[username]\$PATH>crc version 
To set up the host operating system for the CodeReady Containers virtual machine you have to run the $crc setup command. After running crc setup, crc start will create a minimal OpenShift 4 cluster in the folder where the executable is located.
C:\Users\[username]>crc setup 

Setting up CodeReady Containers

Now we need to set up the new CodeReady Containers release with the $crc setup command. This command will perform the operations necessary to run the CodeReady Containers and create the ~/.crc directory if it did not previously exist. In the process you have to supply your pulled secret, once this process is completed you have to reboot your system. When the system has restarted you can start the new CodeReady Containers virtual machine with the $crc start command. The $crc start command starts the CodeReady virtual machine and OpenShift cluster.
You cannot change the configuration of an existing CodeReady Containers virtual machine. So if you have a CodeReady Containers virtual machine and you want to make configuration changes you need to delete the virtual machine with the $crc delete command and create a new virtual machine and start that one with the configuration changes. Take note that deleting the virtual machine will also delete the data stored in the CodeReady Containers. So, to prevent data loss we recommend you save the data you wish to keep. Also keep in mind that it is not necessary to change the default configuration to start OpenShift.
C:\Users\[username]\$PATH>crc setup 
Before starting the machine, you need to keep in mind that it is not possible to make any changes to the virtual machine. For this tutorial however it is not necessary to change the configuration, if you don’t want to make any changes please continue by starting the machine with the crc start command.
C:\Users\[username]\$PATH>crc start 
\ it is possible that you will get a Nameserver error later on, if this is the case please start it with* crc start -n 1.1.1.1

Configuration

It is not is not necessary to change the default configuration and continue with this tutorial, this chapter is here for those that wish to do so and know what they are doing. However, for MacOS and Linux it is necessary to change the dns settings.

Configuring the CodeReady Containers

To start the configuration of the CodeReady Containers use the command crc config. This command allows you to configure the crc binary and the CodeReady virtual machine. The command has some requirements before it’s able to configure. This requirement is a subcommand, the available subcommands for this binary and virtual machine are:
get, this command allows you to see the values of a configurable property
set/unset, this command can be used for 2 things. To display the names of, or to set and/or unset values of several options and parameters. These parameters being:
○ Shell options
○ Shell attributes
○ Positional parameters
view, this command starts the configuration in read-only mode.
These commands need to operate on named configurable properties. To list all the available properties, you can run the command $crc config --help.
Throughout this manual we will use the $crc config command a few times to change some properties needed for the configuration.
There is also the possibility to use the crc config command to configure the behavior of the checks that’s done by the $crc start end $crc setup commands. By default, the startup checks will stop with the process if their conditions are not met. To bypass this potential issue, you can set the value of a property that starts with skip-check or warn-check to true to skip the check or warning instead of ending up with an error.
C:\Users\[username]\$PATH>crc config get C:\Users\[username]\$PATH>crc config set C:\Users\[username]\$PATH>crc config unset C:\Users\[username]\$PATH>crc config view C:\Users\[username]\$PATH>crc config --help 

Configuring the Virtual Machine

You can use the CPUs and memory properties to configure the default number of vCPU’s and amount of memory available for the virtual machine.
To increase the number of vCPU’s available to the virtual machine use the $crc config set CPUs . Keep in mind that the default number for the CPU’s is 4 and the number of vCPU’s you wish to assign must be equal or greater than the default value.
To increase the memory available to the virtual machine, use the $crc config set memory . Keep in mind that the default number for the memory is 9216 Mebibytes and the amount of memory you wish to assign must be equal or greater than the default value.
C:\Users\[username]\$PATH>crc config set CPUs  C:\Users\[username]\$PATH>crc config set memory > 

Configuring the DNS

Window / General DNS setup

There are two domain names used by the OpenShift cluster that are managed by the CodeReady Containers, these are:
crc.testing, this is the domain for the core OpenShift services.
apps-crc.testing, this is the domain used for accessing OpenShift applications that are deployed on the cluster.
Configuring the DNS settings in Windows is done by executing the crc setup. This command automatically adjusts the DNS configuration on the system. When executing crc start additional checks to verify the configuration will be executed.

macOS DNS setup

MacOS expects the following DNS configuration for the CodeReady Containers
● The CodeReady Containers creates a file that instructs the macOS to forward all DNS requests for the testing domain to the CodeReady Containers virtual machine. This file is created at /etc/resolvetesting.
● The oc binary requires the following CodeReady Containers entry to function properly, api.crc.testing adds an entry to /etc/hosts pointing at the VM IPaddress.

Linux DNS setup

CodeReady containers expect a slightly different DNS configuration. CodeReady Container expects the NetworkManager to manage networking. On Linux the NetworkManager uses dnsmasq through a configuration file, namely /etc/NetworkManageconf.d/crc-nm-dnsmasq.conf.
To set it up properly the dnsmasq instance has to forward the requests for crc.testing and apps-crc.testing domains to “192.168.130.11”. In the /etc/NetworkManageconf.d/crc-nm-dnsmasq.conf this will look like the following:
● Server=/crc. Testing/192.168.130.11
● Server=/apps-crc. Testing/192.168.130.11

Accessing the Openshift Cluster

Accessing the Openshift web console

To gain access to the OpenShift cluster running in the CodeReady virtual machine you need to make sure that the virtual machine is running before continuing with this chapter. The OpenShift clusters can be accessed through the OpenShift web console or the client binary(oc).
First you need to execute the $crc console command, this command will open your web browser and direct a tab to the web console. After that, you need to select the htpasswd_provider option in the OpenShift web console and log in as a developer user with the output provided by the crc start command.
It is also possible to view the password for kubeadmin and developer users by running the $crc console --credentials command. While you can access the cluster through the kubeadmin and developer users, it should be noted that the kubeadmin user should only be used for administrative tasks such as user management and the developer user for creating projects or OpenShift applications and the deployment of these applications.
C:\Users\[username]\$PATH>crc console C:\Users\[username]\$PATH>crc console --credentials 

Accessing the OpenShift cluster with oc

To gain access to the OpenShift cluster with the use of the oc command you need to complete several steps.
Step 1.
Execute the $crc oc-env command to print the command needed to add the cached oc binary to your PATH:
C:\Users\[username]\$PATH>crc oc-env 
Step 2.
Execute the printed command. The output will look something like the following:
PS C:\Users\OpenShift> crc oc-env $Env:PATH = "CC:\Users\OpenShift\.crc\bin\oc;$Env:PATH" # Run this command to configure your shell: # & crc oc-env | Invoke-Expression 
This means we have to execute* the command that the output gives us, in this case that is:
C:\Users\[username]\$PATH>crc oc-env | Invoke-Expression 
\this has to be executed every time you start; a solution is to move the oc binary to the same path as the crc binary*
To test if this step went correctly execute the following command, if it returns without errors oc is set up properly
C:\Users\[username]\$PATH>.\oc 
Step 3
Now you need to login as a developer user, this can be done using the following command:
$oc login -u developer https://api.crc.testing:6443
Keep in mind that the $crc start will provide you with the password that is needed to login with the developer user.
C:\Users\[username]\$PATH>oc login -u developer https://api.crc.testing:6443 
Step 4
The oc can now be used to interact with your OpenShift cluster. If you for instance want to verify if the OpenShift cluster Operators are available, you can execute the command
$oc get co 
Keep in mind that by default the CodeReady Containers disables the functions provided by the commands $machine-config and $monitoringOperators.
C:\Users\[username]\$PATH>oc get co 

Demonstration

Now that you are able to access the cluster, we will take you on a tour through some of the possibilities within OpenShift Container Platform.
We will start by creating a project. Within this project we will import an image, and with this image we are going to build an application. After building the application we will explain how upscaling and downscaling can be used within the created application.
As the next step we will show the user how to make changes in the network route. We also show how monitoring can be used within the platform, however within the current version of CodeReady Containers this has been disabled.
Lastly, we will show the user how to use user management within the platform.

Creating a project

To be able to create a project within the console you have to login on the cluster. If you have not yet done this, this can be done by running the command crc console in the command line and logging in with the login data from before.
When you are logged in as admin, switch to Developer. If you're logged in as a developer, you don't have to switch. Switching between users can be done with the dropdown menu top left.
Now that you are properly logged in press the dropdown menu shown in the image below, from there click on create a project.
https://preview.redd.it/ytax8qocitv51.png?width=658&format=png&auto=webp&s=72d143733f545cf8731a3cca7cafa58c6507ace2
When you press the correct button, the following image will pop up. Here you can give your project a name and description. We chose to name it CodeReady with a displayname CodeReady Container.
https://preview.redd.it/vtaxadwditv51.png?width=594&format=png&auto=webp&s=e3b004bab39fb3b732d96198ed55fdd99259f210

Importing image

The Containers in OpenShift Container Platform are based on OCI or Docker formatted images. An image is a binary that contains everything needed to run a container as well as the metadata of the requirements needed for the container.
Within the OpenShift Container Platform it’s possible to obtain images in a number of ways. There is an integrated Docker registry that offers the possibility to download new images “on the fly”. In addition, OpenShift Container Platform can use third party registries such as:
- Https://hub.docker.com/
- Https://catalog.redhat.com/software/containers/search
Within this manual we are going to import an image from the Red Hat container catalog. In this example we’ll be using MediaWiki.
Search for the application in https://catalog.redhat.com/software/containers/search

https://preview.redd.it/c4mrbs0fitv51.png?width=672&format=png&auto=webp&s=f708f0542b53a9abf779be2d91d89cf09e9d2895
Navigate to “Get this image”
Follow the steps to “create a registry service account”, after that you can copy the YAML.
https://preview.redd.it/b4rrklqfitv51.png?width=1323&format=png&auto=webp&s=7a2eb14a3a1ba273b166e03e1410f06fd9ee1968
After the YAML has been copied we will go to the topology view and click on the YAML button
https://preview.redd.it/k3qzu8dgitv51.png?width=869&format=png&auto=webp&s=b1fefec67703d0a905b00765f0047fe7c6c0735b
Then we have to paste in the YAML, put in the name, namespace and your pull secret name (which you created through your registry account) and click on create.
https://preview.redd.it/iz48kltgitv51.png?width=781&format=png&auto=webp&s=4effc12e07bd294f64a326928804d9a931e4d2bd
Run the import command within powershell
$oc import-image openshift4/mediawiki --from=registry.redhat.io/openshift4/mediawiki --confirm imagestream.image.openshift.io/mediawiki imported 

Creating and managing an application

There are a few ways to create and manage applications. Within this demonstration we’ll show how to create an application from the previously imported image.

Creating the application

To create an image with the previously imported image go back to the console and topology. From here on select container image.
https://preview.redd.it/6506ea4iitv51.png?width=869&format=png&auto=webp&s=c0231d70bb16c76cd131e6b71256e93550cc8b37
For the option image you'll want to select the “image stream tag from internal registry” option. Give the application a name and then create the deployment.
https://preview.redd.it/tk72idniitv51.png?width=813&format=png&auto=webp&s=a4e662cf7b96604d84df9d04ab9b90b5436c803c
If everything went right during the creating process you should see the following, this means that the application is successfully running.
https://preview.redd.it/ovv9l85jitv51.png?width=901&format=png&auto=webp&s=f78f350207add0b8a979b6da931ff29ffa30128c

Scaling the application

In OpenShift there is a feature called autoscaling. There are two types of application scaling, namely vertical scaling, and horizontal scaling. Vertical scaling is adding only more CPU and hard disk and is no longer supported by OpenShift. Horizontal scaling is increasing the number of machines.
One of the ways to scale an application is by increasing the number of pods. This can be done by going to a pod within the view as seen in the previous step. By either pressing the up or down arrow more pods of the same application can be added. This is similar to horizontal scaling and can result in better performance when there are a lot of active users at the same time.
https://preview.redd.it/s6i1vbcrltv51.png?width=602&format=png&auto=webp&s=e62cbeeed116ba8c55704d61a990fc0d8f3cfaa1
In the picture above we see the number of nodes and pods and how many resources those nodes and pods are using. This is something to keep in mind if you want to scale up your application, the more you scale it up, the more resources it will take up.

https://preview.redd.it/quh037wmitv51.png?width=194&format=png&auto=webp&s=5e326647b223f3918c259b1602afa1b5fbbeea94

Network

Since OpenShift Container platform is built on Kubernetes it might be interesting to know some theory about its networking. Kubernetes, on which the OpenShift Container platform is built, ensures that the Pods within OpenShift can communicate with each other via the network and assigns them their own IP address. This makes all containers within the Pod behave as if they were on the same host. By giving each pod its own IP address, pods can be treated as physical hosts or virtual machines in terms of port mapping, networking, naming, service discovery, load balancing, application configuration and migration. To run multiple services such as front-end and back-end services, OpenShift Container Platform has a built-in DNS.
One of the changes that can be made to the networking of a Pod is the Route. We’ll show you how this can be done in this demonstration.
The Route is not the only thing that can be changed and or configured. Two other options that might be interesting but will not be demonstrated in this manual are:
- Ingress controller, Within OpenShift it is possible to set your own certificate. A user must have a certificate / key pair in PEM-encoded files, with the certificate signed by a trusted authority.
- Network policies, by default all pods in a project are accessible from other pods and network locations. To isolate one or more pods in a project, it is possible to create Network Policy objects in that project to indicate the allowed incoming connections. Project administrators can create and delete Network Policy objects within their own project.
There is a search function within the Container Platform. We’ll use this to search for the network routes and show how to add a new route.
https://preview.redd.it/8jkyhk8pitv51.png?width=769&format=png&auto=webp&s=9a8762df5bbae3d8a7c92db96b8cb70605a3d6da
You can add items that you use a lot to the navigation
https://preview.redd.it/t32sownqitv51.png?width=1598&format=png&auto=webp&s=6aab6f17bc9f871c591173493722eeae585a9232
For this example, we will add Routes to navigation.
https://preview.redd.it/pm3j7ljritv51.png?width=291&format=png&auto=webp&s=bc6fbda061afdd0780bbc72555d809b84a130b5b
Now that we’ve added Routes to the navigation, we can start the creation of the Route by clicking on “Create route”.
https://preview.redd.it/5lgecq0titv51.png?width=1603&format=png&auto=webp&s=d548789daaa6a8c7312a419393795b52da0e9f75
Fill in the name, select the service and the target port from the drop-down menu and click on Create.
https://preview.redd.it/qczgjc2uitv51.png?width=778&format=png&auto=webp&s=563f73f0dc548e3b5b2319ca97339e8f7b06c9d6
As you can see, we’ve successfully added the new route to our application.
https://preview.redd.it/gxfanp2vitv51.png?width=1588&format=png&auto=webp&s=1aae813d7ad0025f91013d884fcf62c5e7d109f1
Storage
OpenShift makes use of Persistent Storage, this type of storage uses persistent volume claims(PVC). PVC’s allow the developer to make persistent volumes without needing any knowledge about the underlying infrastructure.
Within this storage there are a few configuration options:
It is however important to know how to manually reclaim the persistent volumes, since if you delete PV the associated data will not be automatically deleted with it and therefore you cannot reassign the storage to another PV yet.
To manually reclaim the PV, you need to follow the following steps:
Step 1: Delete the PV, this can be done by executing the following command
$oc delete  
Step 2: Now you need to clean up the data on the associated storage asset
Step 3: Now you can delete the associated storage asset or if you with to reuse the same storage asset you can now create a PV with the storage asset definition.
It is also possible to directly change the reclaim policy within OpenShift, to do this you would need to follow the following steps:
Step 1: Get a list of the PVs in your cluster
$oc get pv 
This will give you a list of all the PV’s in your cluster and will display their following attributes: Name, Capacity, Accesmodes, Reclaimpolicy, Statusclaim, Storageclass, Reason and Age.
Step 2: Now choose the PV you wish to change and execute one of the following command’s, depending on your preferred policy:
$oc patch pv  -p '{"spec":{"persistentVolumeReclaimPolicy":"Retain"}}' 
In this example the reclaim policy will be changed to Retain.
$oc patch pv  -p '{"spec":{"persistentVolumeReclaimPolicy":"Recycle"}}' 
In this example the reclaim policy will be changed to Recycle.
$oc patch pv  -p '{"spec":{"persistentVolumeReclaimPolicy":"Delete"}}' 
In this example the reclaim policy will be changed to Delete.

Step 3: After this you can check the PV to verify the change by executing this command again:
$oc get pv 

Monitoring

Within Red Hat OpenShift there is the possibility to monitor the data that has been created by your containers, applications, and pods. To do so, click on the menu option in the top left corner. Check if you are logged in as Developer and click on “Monitoring”. Normally this function is not activated within the CodeReady containers, because it uses a lot of resources (Ram and CPU) to run.
https://preview.redd.it/an0wvn6zitv51.png?width=228&format=png&auto=webp&s=51abf8cc31bd763deb457d49514f99ee81d610ec
Once you have activated “Monitoring” you can change the “Time Range” and “Refresh Interval” in the top right corner of your screen. This will change the monitoring data on your screen.
https://preview.redd.it/e0yvzsh1jtv51.png?width=493&format=png&auto=webp&s=b2c563635cfa60ea7ce2f9c146aa994df6aa1c34
Within this function you can also monitor “Events”. These events are records of important information and are useful for monitoring and troubleshooting within the OpenShift Container Platform.
https://preview.redd.it/l90vkmp3jtv51.png?width=602&format=png&auto=webp&s=4e97f14bedaec7ededcdcda96e7823f77ced24c2

User management

According to the documentation of OpenShift is a user, an entity that interacts with the OpenShift Container Platform API. These can be a developer for developing applications or an administrator for managing the cluster. Users can be assigned to groups, which set the permissions applied to all the group’s members. For example, you can give API access to a group, which gives all members of the group API access.
There are multiple ways to create a user depending on the configured identity provider. The DenyAll identity provider is the default within OpenShift Container Platform. This default denies access for all the usernames and passwords.
First, we’re going to create a new user, the way this is done depends on the identity provider, this depends on the mapping method used as part of the identity provider configuration.
for more information on what mapping methods are and how they function:
https://docs.openshift.com/enterprise/3.1/install_config/configuring_authentication.html
With the default mapping method, the steps will be as following
$oc create user  
Next up, we’ll create an OpenShift Container Platform Identity. Use the name of the identity provider and the name that uniquely represents this identity in the scope of the identity provider:
$oc create identity : 
The is the name of the identity provider in the master configuration. For example, the following commands create an Identity with identity provider ldap_provider and the identity provider username mediawiki_s.
$oc create identity ldap_provider:mediawiki_s 
Create a useidentity mapping for the created user and identity:
$oc create useridentitymapping :  
For example, the following command maps the identity to the user:
$oc create useridentitymapping ldap_provider:mediawiki_s mediawiki 
Now were going to assign a role to this new user, this can be done by executing the following command:
$oc create clusterrolebinding  \ --clusterrole= --user= 
There is a --clusterrole option that can be used to give the user a specific role, like a cluster user with admin privileges. The cluster admin has access to all files and is able to manage the access level of other users.
Below is an example of the admin clusterrole command:
$oc create clusterrolebinding registry-controller \ --clusterrole=cluster-admin --user=admin 

What did you achieve?

If you followed all the steps within this manual you now should have a functioning Mediawiki Application running on your own CodeReady Containers. During the installation of this application on CodeReady Containers you have learned how to do the following things:
● Installing the CodeReady Containers
● Updating OpenShift
● Configuring a CodeReady Container
● Configuring the DNS
● Accessing the OpenShift cluster
● Deploying an application
● Creating new users
With these skills you’ll be able to set up your own Container Platform environment and host applications of your choosing.

Troubleshooting

Nameserver
There is the possibility that your CodeReady container can't connect to the internet due to a Nameserver error. When this is encountered a working fix for us was to stop the machine and then start the CRC machine with the following command:
C:\Users\[username]\$PATH>crc start -n 1.1.1.1 
Hyper-V admin
Should you run into a problem with Hyper-V it might be because your user is not an admin and therefore can’t access the Hyper-V admin user group.
  1. Click Start > Control Panel > Administration Tools > Computer Management. The Computer Management window opens.
  2. Click System Tools > Local Users and Groups > Groups. The list of groups opens.
  3. Double-click the Hyper-V Administrators group. The Hyper-V Administrators Properties window opens.
  4. Click Add. The Select Users or Groups window opens.
  5. In the Enter the object names to select field, enter the user account name to whom you want to assign permissions, and then click OK.
  6. Click Apply, and then click OK.

Terms and definitions

These terms and definitions will be expanded upon, below you can see an example of how this is going to look like together with a few terms that will require definitions.
Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications. Openshift is based on Kubernetes.
Clusters are a collection of multiple nodes which communicate with each other to perform a set of operations.
Containers are the basic units of OpenShift applications. These container technologies are lightweight mechanisms for isolating running processes so that they are limited to interacting with only their designated resources.
CodeReady Container is a minimal, preconfigured cluster that is used for development and testing purposes.
CodeReady Workspaces uses Kubernetes and containers to provide any member of the development or IT team with a consistent, secure, and zero-configuration development environment.

Sources

  1. https://www.ibm.com/support/knowledgecenteen/SSMKFH/com.ibm.apmaas.doc/install/hyperv_config_add_nonadmin_user_hyperv_usergroup.html
  2. https://access.redhat.com/documentation/en-us/openshift_container_platform/4.5/
  3. https://docs.openshift.com/container-platform/3.11/admin_guide/manage_users.html
submitted by Groep6HHS to openshift [link] [comments]

Ethereum on ARM. New Eth2.0 Raspberry Pi 4 image for joining the Medalla multi-client testnet. Step-by-step guide for installing and activating a validator (Prysm, Teku, Lighthouse and Nimbus clients included)

TL;DR: Flash your Raspberry Pi 4, plug in an ethernet cable, connect the SSD disk and power up the device to join the Eth2.0 medalla testnet.
The image takes care of all the necessary steps to join the Eth2.0 Medalla multi-client testnet [1], from setting up the environment and formatting the SSD disk to installing, managing and running the Eth1.0 and Eth2.0 clients.
You will only need to choose an Eth2.0 client, start the beacon chain service and activate / run the validator.
Note: this is an update for our previous Raspberry Pi 4 Eth2 image [2] so some of the instructions are directly taken from there.

MAIN FEATURES

SOFTWARE INCLUDED

INSTALLATION GUIDE AND USAGE

RECOMMENDED HARDWARE AND SETUP
STORAGE
You will need an SSD to run the Ethereum clients (without an SSD drive there’s absolutely no chance of syncing the Ethereum blockchain). There are 2 options:
Use an USB portable SSD disk such as the Samsung T5 Portable SSD.
Use an USB 3.0 External Hard Drive Case with a SSD Disk. In our case we used a Inateck 2.5 Hard Drive Enclosure FE2011. Make sure to buy a case with an UASP compliant chip, particularly, one of these: JMicron (JMS567 or JMS578) or ASMedia (ASM1153E).
In both cases, avoid getting low quality SSD disks as it is a key component of your node and it can drastically affect the performance (and sync times). Keep in mind that you need to plug the disk to an USB 3.0 port (in blue).
IMAGE DOWNLOAD AND INSTALLATION
1.- Download the image:
http://www.ethraspbian.com/downloads/ubuntu-20.04.1-preinstalled-server-arm64+raspi-eth2-medalla.img.zip
SHA256 149cb9b020d1c49fcf75c00449c74c6f38364df1700534b5e87f970080597d87
2.- Flash the image
Insert the microSD in your Desktop / Laptop and download the file.
Note: If you are not comfortable with command line or if you are running Windows, you can use Etcher [10]
Open a terminal and check your MicroSD device name running:
sudo fdisk -l
You should see a device named mmcblk0 or sdd. Unzip and flash the image:
unzip ubuntu-20.04.1-preinstalled-server-arm64+raspi-eth2-medalla.img.zip
sudo dd bs=1M if=ubuntu-20.04.1-preinstalled-server-arm64+raspi.img of=/dev/mmcblk0 conv=fdatasync status=progress
3.- Insert de MicroSD into the Raspberry Pi 4. Connect an Ethernet cable and attach the USB SSD disk (make sure you are using a blue port).
4.- Power on the device
The Ubuntu OS will boot up in less than one minute but you will need to wait approximately 7-8 minutes in order to allow the script to perform the necessary tasks to install the Medalla setup (it will reboot again)
5.- Log in
You can log in through SSH or using the console (if you have a monitor and keyboard attached)
User: ethereum Password: ethereum 
You will be prompted to change the password on first login, so you will need to log in twice.
6.- Forward 30303 port in your router (both UDP and TCP). If you don’t know how to do this, google “port forwarding” followed by your router model. You will need to open additional ports as well depending on the Eth2.0 client you’ve chosen.
7.- Getting console output
You can see what’s happening in the background by typing:
sudo tail -f /valog/syslog
8.- Grafana Dashboards
There are 5 Grafana dashboards available to monitor the Medalla node (see section “Grafana Dashboards” below).

The Medalla Eth2.0 multi-client testnet

Medalla is the official Eth2.0 multi-client testnet according to the latest official specification for Eth2.0, the v0.12.2 [11] release (which is aimed to be the final) [12].
In order to run a Medalla Eth 2.0 node you will need 3 components:
The image takes care of the Eth1.0 setup. So, once flashed (and after a first reboot), Geth (Eth1.0 client) starts to sync the Goerli testnet.
Follow these steps to enable your Eth2.0 Ethereum node:
CREATE THE VALIDATOR KEYS AND MAKE THE DEPOSIT
We need to get 32 Goerli ETH (fake ETH) ir order to make the deposit in the Eth2.0 contract and run the validator. The easiest way of getting ETH is by joining Prysm Discord's channel.
Open Metamask [14], select the Goerli Network (top of the window) and copy your ETH Address. Go to:
https://discord.com/invite/YMVYzv6
And open the “request-goerli-eth” channel (on the left)
Type:
!send $YOUR_ETH_ADDRESS (replace it with the one copied on Metamask)
You will receive enough ETH to run 1 validator.
Now it is time to create your validator keys and the deposit information. For your convenience we’ve packaged the official Eth2 launchpad tool [4]. Go to the EF Eth2.0 launchpad site:
https://medalla.launchpad.ethereum.org/
And click “Get started”
Read and accept all warnings. In the next screen, select 1 validator and go to your Raspberry Pi console. Under the ethereum account run:
cd && deposit --num_validators 1 --chain medalla
Choose your mnemonic language and type a password for keeping your keys safe. Write down your mnemonic password, press any key and type it again as requested.
Now you have 2 Json files under the validator_keys directory. A deposit data file for sending the 32 ETH along with your validator public key to the Eth1 chain (goerli testnet) and a keystore file with your validator keys.
Back to the Launchpad website, check "I am keeping my keys safe and have written down my mnemonic phrase" and click "Continue".
It is time to send the 32 ETH deposit to the Eth1 chain. You need the deposit file (located in your Raspberry Pi). You can, either copy and paste the file content and save it as a new file in your desktop or copy the file from the Raspberry to your desktop through SSH.
1.- Copy and paste: Connected through SSH to your Raspberry Pi, type:
cat validator_keys/deposit_data-$FILE-ID.json (replace $FILE-ID with yours)
Copy the content (the text in square brackets), go back to your desktop, paste it into your favourite editor and save it as a json file.
Or
2.- Ssh: From your desktop, copy the file:
scp [email protected]$YOUR_RASPBERRYPI_IP:/home/ethereum/validator_keys/deposit_data-$FILE_ID.json /tmp
Replace the variables with your data. This will copy the file to your desktop /tmp directory.
Upload the deposit file
Now, back to the Launchpad website, upload the deposit_data file and select Metamask, click continue and check all warnings. Continue and click “Initiate the Transaction”. Confirm the transaction in Metamask and wait for the confirmation (a notification will pop up shortly).
The Beacon Chain (which is connected to the Eth1 chain) will detect this deposit (that includes the validator public key) and the Validator will be enabled.
Congrats!, you just started your validator activation process.
CHOOSE AN ETH2.0 CLIENT
Time to choose your Eth2.0 client. We encourage you to run Lighthouse, Teku or Nimbus as Prysm is the most used client by far and diversity is key to achieve a resilient and healthy Eth2.0 network.
Once you have decided which client to run (as said, try to run one with low network usage), you need to set up the clients and start both, the beacon chain and the validator.
These are the instructions for enabling each client (Remember, choose just one Eth2.0 client out of 4):
LIGHTHOUSE ETH2.0 CLIENT
1.- Port forwarding
You need to open the 9000 port in your router (both UDP and TCP)
2.- Start the beacon chain
Under the ethereum account, run:
sudo systemctl enable lighthouse-beacon
sudo systemctl start lighthouse-beacon
3.- Start de validator
We need to import the validator keys. Run under the ethereum account:
lighthouse account validator import --directory=/home/ethereum/validator_keys
Then, type your previously defined password and run:
sudo systemctl enable lighthouse-validator
sudo systemctl start lighthouse-validator
The Lighthouse beacon chain and validator are now enabled

PRYSM ETH2.0 CLIENT
1.- Port forwarding
You need to open the 13000 and 12000 ports in your router (both UDP and TCP)
2.- Start the beacon chain
Under the ethereum account, run:
sudo systemctl enable prysm-beacon
sudo systemctl start prysm-beacon
3.- Start de validator
We need to import the validator keys. Run under the ethereum account:
validator accounts-v2 import --keys-dir=/home/ethereum/validator_keys
Accept the default wallet path and enter a password for your wallet. Now enter the password previously defined.
Lastly, set up your password and start the client:
echo "$YOUR_PASSWORD" > /home/ethereum/validator_keys/prysm-password.txt
sudo systemctl enable prysm-validator
sudo systemctl start prysm-validator
The Prysm beacon chain and the validator are now enabled.

TEKU ETH2.0 CLIENT
1.- Port forwarding
You need to open the 9151 port (both UDP and TCP)
2.- Start the Beacon Chain and the Validator
Under the Ethereum account, check the name of your keystore file:
ls /home/ethereum/validator_keys/keystore*
Set the keystore file name in the teku config file (replace the $KEYSTORE_FILE variable with the file listed above)
sudo sed -i 's/changeme/$KEYSTORE_FILE/' /etc/ethereum/teku.conf
Set the password previously entered:
echo "yourpassword" > validator_keys/teku-password.txt
Start the beacon chain and the validator:
sudo systemctl enable teku
sudo systemctl start teku
The Teku beacon chain and validator are now enabled.

NIMBUS ETH2.0 CLIENT
1.- Port forwarding
You need to open the 19000 port (both UDP and TCP)
2.- Start the Beacon Chain and the Validator
We need to import the validator keys. Run under the ethereum account:
beacon_node deposits import /home/ethereum/validator_keys --data-dir=/home/ethereum/.nimbus --log-file=/home/ethereum/.nimbus/nimbus.log
Enter the password previously defined and run:
sudo systemctl enable nimbus
sudo systemctl start nimbus
The Nimbus beacon chain and validator are now enabled.

WHAT's NEXT
Now you need to wait for the Eth1 blockchain and the beacon chain to get synced. In a few hours the validator will get enabled and put into a queue. These are the validator status that you will see until its final activation:
Finally, it will get activated and the staking process will start.
Congratulations!, you join the Medalla Eth2.0 multiclient testnet!

Grafana Dashboards

We configured 5 Grafana Dashboards to let users monitor both Eth1.0 and Eth2.0 clients. To access the dashboards just open your browser and type your Raspberry IP followed by the 3000 port:
http://replace_with_your_IP:3000 user: admin passwd: ethereum 
There are 5 dashboards available:
Lots of info here. You can see for example if Geth is in sync by checking (in the Blockchain section) if Headers, Receipts and Blocks fields are aligned or find Eth2.0 chain info.

Updating the software

We will be keeping the Eth2.0 clients updated through Debian packages in order to keep up with the testnet progress. Basically, you need to update the repo and install the packages through the apt command. For instance, in order to update all packages you would run:
sudo apt-get update && sudo apt-get install geth teku nimbus prysm-beacon prysm-validator lighthouse-beacon lighthouse-validator
Please follow us on Twitter in order to get regular updates and install instructions.
https://twitter.com/EthereumOnARM

References

  1. https://github.com/goerli/medalla/tree/mastemedalla
  2. https://www.reddit.com/ethereum/comments/hhvi2ethereum_on_arm_new_eth20_raspberry_pi_4_image/
  3. https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20
  4. https://github.com/ethereum/eth2.0-deposit-cli/releases
  5. https://github.com/prysmaticlabs/prysm/releases/tag/v1.0.0-alpha.23
  6. https://github.com/PegaSysEng/teku
  7. https://github.com/sigp/lighthouse/releases/tag/v0.2.8
  8. https://github.com/status-im/nim-beacon-chain
  9. https://grafana.com
  10. https://www.balena.io/etcher
  11. https://github.com/ethereum/eth2.0-specs/releases/tag/v0.12.2
  12. https://blog.ethereum.org/2020/08/03/eth2-quick-update-no-14
  13. https://goerli.net
  14. https://metamask.io
submitted by diglos76 to ethereum [link] [comments]

Node.js Application Monitoring with Prometheus and Grafana

Hi guys, we published this article on our blog (here) some time ago and I thought it could be interesting for node to read is as well, since we got some good feedback on it!

What is application monitoring and why is it necessary?

Application monitoring is a method that uses software tools to gain insights into your software deployments. This can be achieved by simple health checks to see if the server is available to more advanced setups where a monitoring library is integrated into your server that sends data to a dedicated monitoring service. It can even involve the client side of your application, offering more detailed insights into the user experience.
For every developer, monitoring should be a crucial part of the daily work, because you need to know how the software behaves in production. You can let your testers work with your system and try to mock interactions or high loads, but these techniques will never be the same as the real production workload.

What is Prometheus and how does it work?

Prometheus is an open-source monitoring system that was created in 2012 by Soundcloud. In 2016, Prometheus became the second project (following Kubernetes) to be hosted by the Cloud Native Computing Foundation.
https://preview.redd.it/8kshgh0qpor51.png?width=1460&format=png&auto=webp&s=455c37b1b1b168d732e391a882598e165c42501a
The Prometheus server collects metrics from your servers and other monitoring targets by pulling their metric endpoints over HTTP at a predefined time interval. For ephemeral and batch jobs, for which metrics can't be scraped periodically due to their short-lived nature, Prometheus offers a Pushgateway. This is an intermediate server that monitoring targets can push their metrics before exiting. The data is retained there until the Prometheus server pulls it later.
The core data structure of Prometheus is the time series, which is essentially a list of timestamped values that are grouped by metric.
With PromQL (Prometheus Query Language), Prometheus provides a functional query language allowing for selection and aggregation of time series data in real-time. The result of a query can be viewed directly in the Prometheus web UI, or consumed by external systems such as Grafana via the HTTP API.

How to use prom-client to export metrics in Node.js for Prometheus?

prom-client is the most popular Prometheus client library for Node.js. It provides the building blocks to export metrics to Prometheus via the pull and push methods and supports all Prometheus metric types such as histogram, summaries, gauges and counters.

Setup sample Node.js project

Create a new directory and set up the Node.js project:
$ mkdir example-nodejs-app $ cd example-nodejs-app $ npm init -y 

Install prom-client

The prom-client npm module can be installed via:
$ npm install prom-client 

Exposing default metrics

Every Prometheus client library comes with predefined default metrics that are assumed to be good for all applications on the specific runtime. The prom-client library also follows this convention. The default metrics are useful for monitoring the usage of resources such as memory and CPU.
You can capture and expose the default metrics with following code snippet:
const http = require('http') const url = require('url') const client = require('prom-client') // Create a Registry which registers the metrics const register = new client.Registry() // Add a default label which is added to all metrics register.setDefaultLabels({ app: 'example-nodejs-app' }) // Enable the collection of default metrics client.collectDefaultMetrics({ register }) // Define the HTTP server const server = http.createServer(async (req, res) => { // Retrieve route from request object const route = url.parse(req.url).pathname if (route === '/metrics') { // Return all metrics the Prometheus exposition format res.setHeader('Content-Type', register.contentType) res.end(register.metrics()) } }) // Start the HTTP server which exposes the metrics on http://localhost:8080/metrics server.listen(8080) 

Exposing custom metrics

While default metrics are a good starting point, at some point, you’ll need to define custom metrics in order to stay on top of things.
Capturing and exposing a custom metric for HTTP request durations might look like this:
const http = require('http') const url = require('url') const client = require('prom-client') // Create a Registry which registers the metrics const register = new client.Registry() // Add a default label which is added to all metrics register.setDefaultLabels({ app: 'example-nodejs-app' }) // Enable the collection of default metrics client.collectDefaultMetrics({ register }) // Create a histogram metric const httpRequestDurationMicroseconds = new client.Histogram({ name: 'http_request_duration_seconds', help: 'Duration of HTTP requests in microseconds', labelNames: ['method', 'route', 'code'], buckets: [0.1, 0.3, 0.5, 0.7, 1, 3, 5, 7, 10] }) // Register the histogram register.registerMetric(httpRequestDurationMicroseconds) // Define the HTTP server const server = http.createServer(async (req, res) => { // Start the timer const end = httpRequestDurationMicroseconds.startTimer() // Retrieve route from request object const route = url.parse(req.url).pathname if (route === '/metrics') { // Return all metrics the Prometheus exposition format res.setHeader('Content-Type', register.contentType) res.end(register.metrics()) } // End timer and add labels end({ route, code: res.statusCode, method: req.method }) }) // Start the HTTP server which exposes the metrics on http://localhost:8080/metrics server.listen(8080) 
Copy the above code into a file called server.jsand start the Node.js HTTP server with following command:
$ node server.js 
You should now be able to access the metrics via http://localhost:8080/metrics.

How to scrape metrics from Prometheus

Prometheus is available as Docker image and can be configured via a YAML file.
Create a configuration file called prometheus.ymlwith following content:
global: scrape_interval: 5s scrape_configs: - job_name: "example-nodejs-app" static_configs: - targets: ["docker.for.mac.host.internal:8080"] 
The config file tells Prometheus to scrape all targets every 5 seconds. The targets are defined under scrape_configs. On Mac, you need to use docker.for.mac.host.internal as host, so that the Prometheus Docker container can scrape the metrics of the local Node.js HTTP server. On Windows, use docker.for.win.localhost and for Linux use localhost.
Use the docker run command to start the Prometheus Docker container and mount the configuration file (prometheus.yml):
$ docker run --rm -p 9090:9090 \ -v `pwd`/prometheus.yml:/etc/prometheus/prometheus.yml \ prom/prometheus:v2.20.1 
Windows users need to replace pwd with the path to their current working directory.
You should now be able to access the Prometheus Web UI on http://localhost:9090

What is Grafana and how does it work?

Grafana is a web application that allows you to visualize data sources via graphs or charts. It comes with a variety of chart types, allowing you to choose whatever fits your monitoring data needs. Multiple charts are grouped into dashboards in Grafana, so that multiple metrics can be viewed at once.
https://preview.redd.it/vt8jwu8vpor51.png?width=3584&format=png&auto=webp&s=4101843c84cfc6293debcdfc3bdbe70811dab2e9
The metrics displayed in the Grafana charts come from data sources. Prometheus is one of the supported data sources for Grafana, but it can also use other systems, like AWS CloudWatch, or Azure Monitor.
Grafana also allows you to define alerts that will be triggered if certain issues arise, meaning you’ll receive an email notification if something goes wrong. For a more advanced alerting setup checkout the Grafana integration for Opsgenie.

Starting Grafana

Grafana is also available as Docker container. Grafana datasources can be configured via a configuration file.
Create a configuration file called datasources.ymlwith the following content:
apiVersion: 1 datasources: - name: Prometheus type: prometheus access: proxy orgId: 1 url: http://docker.for.mac.host.internal:9090 basicAuth: false isDefault: true editable: true 
The configuration file specifies Prometheus as a datasource for Grafana. Please note that on Mac, we need to use docker.for.mac.host.internal as host, so that Grafana can access Prometheus. On Windows, use docker.for.win.localhost and for Linux use localhost.
Use the following command to start a Grafana Docker container and to mount the configuration file of the datasources (datasources.yml). We also pass some environment variables to disable the login form and to allow anonymous access to Grafana:
$ docker run --rm -p 3000:3000 \ -e GF_AUTH_DISABLE_LOGIN_FORM=true \ -e GF_AUTH_ANONYMOUS_ENABLED=true \ -e GF_AUTH_ANONYMOUS_ORG_ROLE=Admin \ -v `pwd`/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml \ grafana/grafana:7.1.5 
Windows users need to replace pwd with the path to their current working directory.
You should now be able to access the Grafana Web UI on http://localhost:3000

Configuring a Grafana Dashboard

Once the metrics are available in Prometheus, we want to view them in Grafana. This requires creating a dashboard and adding panels to that dashboard:
  1. Go to the Grafana UI at http://localhost:3000, click the + button on the left, and select Dashboard.
  2. In the new dashboard, click on the Add new panel button.
  3. In the Edit panel view, you can select a metric and configure a chart for it.
  4. The Metrics drop-down on the bottom left allows you to choose from the available metrics. Let’s use one of the default metrics for this example.
  5. Type process_resident_memory_bytesinto the Metricsinput and {{app}}into the Legendinput.
  6. On the right panel, enter Memory Usage for the Panel title.
  7. As the unit of the metric is in bytes we need to select bytes(Metric)for the left y-axis in the Axes section, so that the chart is easy to read for humans.
You should now see a chart showing the memory usage of the Node.js HTTP server.
Press Apply to save the panel. Back on the dashboard, click the small "save" symbol at the top right, a pop-up will appear allowing you to save your newly created dashboard for later use.

Setting up alerts in Grafana

Since nobody wants to sit in front of Grafana all day watching and waiting to see if things go wrong, Grafana allows you to define alerts. These alerts regularly check whether a metric adheres to a specific rule, for example, whether the errors per second have exceeded a specific value.
Alerts can be set up for every panel in your dashboards.
  1. Go into the Grafana dashboard we just created.
  2. Click on a panel title and select edit.
  3. Once in the edit view, select "Alerts" from the middle tabs, and press the Create Alertbutton.
  4. In the Conditions section specify 42000000 after IS ABOVE. This tells Grafana to trigger an alert when the Node.js HTTP server consumes more than 42 MB Memory.
  5. Save the alert by pressing the Apply button in the top right.

Sample code repository

We created a code repository that contains a collection of Docker containers with Prometheus, Grafana, and a Node.js sample application. It also contains a Grafana dashboard, which follows the RED monitoring methodology.
Clone the repository:
$ git clone https://github.com/coder-society/nodejs-application-monitoring-with-prometheus-and-grafana.git 
The JavaScript code of the Node.js app is located in the /example-nodejs-app directory. All containers can be started conveniently with docker-compose. Run the following command in the project root directory:
$ docker-compose up -d 
After executing the command, a Node.js app, Grafana, and Prometheus will be running in the background. The charts of the gathered metrics can be accessed and viewed via the Grafana UI at http://localhost:3000/d/1DYaynomMk/example-service-dashboard.
To generate traffic for the Node.js app, we will use the ApacheBench command line tool, which allows sending requests from the command line.
On MacOS, it comes pre-installed by default. On Debian-based Linux distributions, ApacheBench can be installed with the following command:
$ apt-get install apache2-utils 
For Windows, you can download the binaries from Apache Lounge as a ZIP archive. ApacheBench will be named ab.exe in that archive.
This CLI command will run ApacheBench so that it sends 10,000 requests to the /order endpoint of the Node.js app:
$ ab -m POST -n 10000 -c 100 http://localhost:8080/order 
Depending on your hardware, running this command may take some time.
After running the ab command, you can access the Grafana dashboard via http://localhost:3000/d/1DYaynomMk/example-service-dashboard.

Summary

Prometheus is a powerful open-source tool for self-hosted monitoring. It’s a good option for cases in which you don’t want to build from scratch but also don’t want to invest in a SaaS solution.
With a community-supported client library for Node.js and numerous client libraries for other languages, the monitoring of all your systems can be bundled into one place.
Its integration is straightforward, involving just a few lines of code. It can be done directly for long-running services or with help of a push server for short-lived jobs and FaaS-based implementations.
Grafana is also an open-source tool that integrates well with Prometheus. Among the many benefits it offers are flexible configuration, dashboards that allow you to visualize any relevant metric, and alerts to notify of any anomalous behavior.
These two tools combined offer a straightforward way to get insights into your systems. Prometheus offers huge flexibility in terms of metrics gathered and Grafana offers many different graphs to display these metrics. Prometheus and Grafana also integrate so well with each other that it’s surprising they’re not part of one product.
You should now have a good understanding of Prometheus and Grafana and how to make use of them to monitor your Node.js projects in order to gain more insights and confidence in your software deployments.
submitted by matthevva to node [link] [comments]

11-04 23:47 - 'DON'T USE THIS' (self.linux) by /u/CreeperTyE removed from /r/linux within 6-16min

'''
This is for cyberpatriots, pls don't use this.
#!/bin/bash
# CyberPatriot Ubuntu (Trusty Tahr) Script v0.3.5
# Root is required to run this script, but chmod should not be used on script or run as root.
# User running script must be in group 'sudo'.
#
# Not everything is covered in this script. Please make sure to review checklist and the Securing Debian Manual.
# This script is only meant to be used for whichever team Keita Susuki is on.
# CHANGES: sed is now more often used to find and replace instead of append to config files
function main {
kernel_info=$(uname -a)
time=$(date)
display_info=$(whoami)
sshd="/etc/ssh/sshd_config"
apache_s="/etc/apache2/apache2.conf"
vsftpd_s="/etc/vsftpd.conf"
echo "---------------------------------------------------------"
echo "Script version: v0.3.5"
echo "Current User: $display_info"
echo "Team: Binary Bros"
echo "Current Time: $time"
echo "Kernel info: $kernel_info"
echo "Now, what can I do for you today?"
echo "---------------------------------------------------------"
echo -en '\n'
read -p "Press ENTER to continue."
echo -en '\n'
echo "WARNING: IF YOU HAVE NEGLECTED TO COMPLETE THE FORENSICS QUESTIONS, IMMEDIATELY CTRL+C THIS SCRIPT."
echo "HAVE YOU COMPLETED ALL THE FORENSICS QUESTIONS? [Y/N]"
read -r forensic_questions
if [[ $forensic_questions == "y" || $forensic_questions == "Y" ]]; then
clear
echo "Good. Now let's start working."
elif [[ $forensic_questions == "n" || $forensic_questions == "N" ]]; then
echo "Finish the forensics questions and come back."
exit
else
echo "Error: bad input."
fi
echo "Before using apt, we need to check to see if sources.list hasn't been tampered with."
echo "Redirecting you to /etc/apt/sources.list in 5 seconds..."
sleep 5
sudo gedit /etc/apt/sources.list
echo "Securing /run/shm."
echo "r-- is dangerous, only on servers if there is no reason for /run/shm."
echo "Read only /run/shm can cause many programs to break. Be cautious."
echo -en '\n'
echo "Options:"
echo "Mount /run/shm r-- (read-only) [r]"
echo "Mount /run/shm rw- (read-write) [w]"
echo "Skip this method. [x]"
read -r shared_memory
if [[ $shared_memory == "r" || $shared_memory == "R" ]]; then
echo "none /run/shm tmpfs defaults,ro 0 0" | sudo tee -a /etc/fstab
echo "Done. Restart box after script has run its course."
elif [[ $shared_memory == "w" || $shared_memory == "w" ]]; then
echo "none /run/shm tmpfs rw,noexec,nosuid,nodev 0 0" | sudo tee -a /etc/fstab
echo "Done. Restart box after script has run its course."
elif [[ $shared_memory == "x" || $shared_memory == "X" ]]; then
echo "Understood. Check UnsafeDefaults page on Ubuntu's website."
fi
echo -en '\n'
echo "Next, we will check hosts file. Make sure nothing looks amiss (default config)."
echo "Redirecting you to hosts file in 5 seconds..."
sleep 5
sudo gedit /etc/hosts
echo -en '\n'
echo "See if nameserver is unfamiliar, if it is, change to google public (8.8.8.8)."
echo "Redirecting you in 3 seconds..."
sudo gedit /etc/resolv.conf
echo -en '\n'
echo "I will now install packages necessary for the security of the system."
echo -en '\n'
sudo apt-get -y -qq install rkhunter clamav clamtk gufw ufw libpam-cracklib vim nmap sysv-rc-conf bum unattended-upgrades logcheck lynis members auditd chkrootkit fail2ban
echo -en '\n'
echo "Configuring automatic upgrades.."
sudo dpkg-reconfigure --priority=low unattended-upgrades
echo "Would you like to manually use gufw or have the script automatically use ufw and close off ports?"
echo -en '\n'
echo "Options:"
echo "g: gufw"
echo "a: auto ufw"
echo "ga: ufw then manual gufw"
read -r firewall_config
if [[ $firewall_config == "g" || $firewall_config == "G" ]]; then
echo "Opening gufw in 5 seconds..."
sleep 5
sudo gufw
elif [[ $firewall_config == "a" || $firewall_config == "A" ]]; then
sudo ufw enable
sudo ufw deny 23
sudo ufw deny 2049
sudo ufw deny 515
sudo ufw deny 111
sudo ufw deny 9051
sudo ufw deny 31337
sudo ufw status
echo "Automatic configuration of firewall completed. I recommend that you look over this again."
sleep 10
elif [[ $firewall_config == "ga" || $firewall_config == "GA" ]]; then
sudo ufw enable
sudo ufw deny 23
sudo ufw deny 2049
sudo ufw deny 515
sudo ufw deny 111
sudo ufw deny 9051
sudo ufw deny 31337
sudo gufw
else
echo "Error: bad input."
fi
clear
echo -en '\n'
echo "Running nmap on 127.0.0.1 to display open ports..." # nmap isn't considered a "hacking tool"
echo "Would you also like to save output to nmap_output.txt [y/n]?"
echo -en '\n'
read -r nmap_input
if [[ $nmap_input == "y" || $nmap_input == "Y" ]]; then
echo "Sending output to nmap_output.txt.."
touch nmap_output.txt
echo "Running nmap on localhost again so you can see the output."
nmap -sV 127.0.0.1 > nmap_output.txt
sleep 10
echo -en '\n'
elif [[ $nmap_input == "n" || $nmap_input == "N" ]]; then
echo "Understood. Running nmap on localhost.."
nmap -sV 127.0.0.1
sleep 10
echo -en '\n'
else
echo "Error: bad input."
echo -en '\n'
fi
echo "Now please disable unneeded processes keeping ports open."
sleep 5
sudo sysv-rc-conf # preferred tool for this
echo -en '\n'
echo "Please make sure there is nothing besides exit 0 and some comments."
sleep 5
sudo vim /etc/rc.local
echo -en '\n'
echo "Checking for sshd_config file"
if [ -f "$sshd" ]; then
echo "sshd is present on this system."
echo "Is sshd a critical service on this machine? [y/n]"
echo "note: selecting N will remove sshd from this system. Proceed with caution."
read -r sshd_critical
if [[ $sshd_critical == "y" || $sshd_critical == "Y" ]]; then
sshd_secure_config
elif [[ $sshd_critical == "n" || $sshd_critical == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Would you like to restart sshd? [y/n]"
read -r sshd_restart_uinput
if [[ $sshd_restart_uinput == "Y" || $sshd_restart_uinput == "y" ]]; then # may take points and then give back
echo "Restarting sshd..."
sudo service sshd restart
elif [[ $sshd_restart_uinput == "n" || $sshd_restart_uinput == "N" ]]; then
echo "Understood. Remember that changes will not happen until sshd is restarted."
else
echo "Error: bad input."
fi
fi
clear
echo -en '\n'
echo "Disabling guest user and turning off autologin. Editing /etc/lightdm/lightdm.conf"
echo "Checklist reference: GENERAL/8 Alpha, Bravo"
echo "Remember to restart lightdm or restart box later on."
echo "I will direct you there in 5 seconds."
sleep 5
sudo vim /etc/lightdm/lightdm.conf
echo -en '\n'
printf "Now, would you like for me to add some better settings for /etc/sysctl.conf? [y\n]"
read -r secure_sysctl
if [[ $secure_sysctl == "y" || $secure_sysctl == "Y" ]]; then
sysctl_secure_config
elif [[ $secure_sysctl == "n" || $secure_sysctl == "N" ]]; then
echo -en '\n'
echo "Understood, I recommend you do this manually however."
else
echo -en '\n'
echo "Error: bad input"
fi
echo -en '\n'
echo "Lock the root account? [y/n]"
read -r disable_root
echo -en '\n'
if [[ $disable_root == "y" || $disable_root == "Y" ]]; then
sudo passwd -l root
echo "Root account locked."
elif [[ $disable_root == "n" || $disable_root == "N" ]]; then
echo "Understood, manually lock please."
else
echo "Bad input."
fi
clear
echo -en '\n'
echo "Limit access to su to all users but the ones in group wheel? [y/n]"
echo -en '\n'
read -r lim_su
if [[ $lim_su == "y" || $lim_su == "Y" ]]; then
sudo chown [link]1 /bin/su sudo
chmod 04750 /bin/su
echo "Done."
elif [[ $lim_su == "n" || $lim_su == "N" ]]; then
echo "Remember to manually limit access to su! All it takes is a single uncomment..."
else
echo "Bad input."
fi
clear
if [[ -f "$apache_s" ]]; then
echo "Is apache2 supposed to be installed on this system? [y/n]"
echo "If you choose N then you will subsequently uninstall apache2. Be careful."
read -r apache2_que
if [[ $apache2_que == "y" || $apache2_que == "Y" ]]; then
echo "Understood, moving on to securing apache2."
apache2_secure
elif [[ $apache2_que == "n" || $apache2_que == "N" ]]; then
echo "Uninstalling apache2..."
sudo service apache2 stop
sudo apt-get purge apache2
else
echo "Bad input."
fi
else
echo "Apache2 is not installed, moving on."
fi
if [[ -f "$vsftpd_s" ]]; then
echo "vsftpd configuration file detected."
echo "Is vsftpd a critical service on this machine? [y/n]"
echo "If you choose N then you will subsequently uninstall vsftpd. Be careful."
read -r vsftpd_choice
if [[ $vsftpd_choice == "y" || $vsftpd_choice == "Y" ]]; then
echo "Understood, moving on to securing vsftpd."
vsftpd_secure
elif [[ $vsftpd_choice == "n" || $vsftpd_choice == "N" ]]; then
sudo service vsftpd stop
sudo apt-get purge vsftpd
else
echo "Bad input."
fi
else
echo "vsftpd is not installed on this machine, moving on."
fi
clear
echo "Check apparmor? [y/n]"
read -r apparmor_check
if [[ $apparmor_check == "y" || $apparmor_check == "Y" ]]; then
apparmor_fix
elif [[ $apparmor_check == "n" || $apparmor_check == "N" ]]; then
echo "Understood, moving on."
echo -en '\n'
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Deny su to non admins? [y/n]"
echo -en '\n'
read -r deny_su
if [[ $deny_su == "y" || $deny_su == "Y" ]]; then
sudo dpkg-statoverride --update --add root sudo 4750 /bin/su
echo "Done."
elif [[ $deny_su == "n" || $deny_su == "N" ]]; then
sudo "Understood, moving on."
else
echo "Error: bad input."
fi
echo -en '\n'
echo "Secure home directory? [y/n]"
echo "NOTE: potentially dangerous."
echo -en '\n'
read -r home_secure
if [[ $home_secure == "y" || $home_secure == "Y" ]]; then
echo "What is your username?"
echo "I need it so I can chmod 0700 your home directory."
read -r username_uinput
sudo chmod 0700 /home/"$username_uinput"
echo "Thanks!."
elif [[ $home_secure == "n" || $home_secure == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
clear
echo -en '\n'
echo "Prevent IP spoofing? [y/n]"
echo "(/etc/host.conf)"
read -r ip_spoof
echo -en '\n'
if [[ $ip_spoof == "y" || $ip_spoof == "Y" ]]; then
echo "order bind,hosts" | sudo tee -a /etc/host.conf
echo "nospoof on" | sudo tee -a /etc/host.conf
echo "IP spoofing disabled."
elif [[ $ip_spoof == "n" || $ip_spoof == "N" ]]; then
echo "Understood, skipping disabling ip spoofing."
else
echo "Error: bad input."
fi
echo "Would you like to edit /etc/pam.d? [y/n]"
read -r pam_secure
if [[ $pam_secure == "y" || $pam_secure == "Y" ]]; then
echo "Use subroutine pam_secure? [y/n]"
read -r choose_pam_secure
if [[ $choose_pam_secure == "y" || $choose_pam_secure == "Y" ]]; then
pam_secure
elif [[ $choose_pam_secure == "n" || $choose_pam_secure == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Redirecting you to /etc/pam.d/common-password. Use checklist."
echo "Checklist reference: GENERAL/10 ALPHA"
echo -en '\n'
sleep 5
sudo vim /etc/pam.d/common-password
echo -en '\n'
echo "Redirecting you to /etc/pam.d/common-auth. Use checklist."
echo "Checklist reference: GENERAL/10 BRAVO"
sleep 5
sudo vim /etc/pam.d/common-auth
echo -en '\n'
echo "Redirecting you to /etc/login.defs. Use checklist."
echo "Checklist reference: GENERAL/10 CHARLIE"
sleep 5
sudo vim /etc/login.defs
elif [[ $pam_secure == "n" || $pam_secure == "N" ]]; then
echo "Understood, will skip securing pam.d. Make sure to use the checklist and do so manually."
else
echo "Sorry, bad input."
fi
clear
echo -en '\n'
echo "Would you like to delete media files? [y/n]"
echo "Warning: Feature untested due to obvious reasons."
echo -en '\n'
read -r media_input
if [[ $media_input == "y" || $media_input == "Y" ]]; then
sudo find / -name '*.mp3' -type f -delete
sudo find / -name '*.mov' -type f -delete
sudo find / -name '*.mp4' -type f -delete
sudo find / -name '*.avi' -type f -delete
sudo find / -name '*.mpg' -type f -delete
sudo find / -name '*.mpeg' -type f -delete
sudo find / -name '*.flac' -type f -delete
sudo find / -name '*.m4a' -type f -delete
sudo find / -name '*.flv' -type f -delete
sudo find / -name '*.ogg' -type f -delete
sudo find /home -name '*.gif' -type f -delete
sudo find /home -name '*.png' -type f -delete
sudo find /home -name '*.jpg' -type f -delete
sudo find /home -name '*.jpeg' -type f -delete
elif [[ $media_input == "n" || $media_input == "N" ]]; then
echo "Understood, manually search and destroy media files."
else
echo "Error: bad input."
fi
echo -en '\n'
clear
echo "Would you like to install updates? [y/n]"
read -r update_input
if [[ $update_input == "y" || $update_input == "Y" ]]; then
sudo apt-get -qq -y update
sudo apt-get -qq -y upgrade
sudo apt-get -qq -y dist-upgrade
sudo apt-get -qq -y autoremove
elif [[ $update_input == "n" || $update_input == "N" ]]; then
echo "Understood, moving on."
echo -en '\n'
else
echo "Error: bad input."
echo -en '\n'
fi
sudo freshclam
clear
echo "Run chkrootkit and rkhunter? [y/n]"
read -r rootkit_chk
if [[ $rootkit_chk == "y" || $rootkit_chk == "Y" ]]; then
touch rkhunter_output.txt
echo "Rkhunter output file created as rkhunter_output.txt."
touch chkrootkit_output.txt
echo "chkrootkit output file created as chkrootkit_output.txt."
sudo chkrootkit | tee chkrootkit_output.txt
sudo rkhunter -c | tee rkhunter_output.txt
elif [[ $rootkit_chk == "n" || $rootkit_chk == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
sudo clamscan -r /
clear
echo -en '\n'
sleep 5
touch lynis_output.txt
echo "Lynis output file created as lynis_output.txt."
sudo lynis -c | tee lynis_output.txt
echo "Enable apparmor? [y/n]"
read -r apparmor_enabling
if [[ $apparmor_enabling == "y" || $apparmor_enabling == "Y" ]]; then
sudo perl -pi -e 's,GRUB_CMDLINE_LINUX="(.*)"$,GRUB_CMDLINE_LINUX="$1 apparmor=1 security=apparmor",' /etc/default/grub
sudo update-grub
elif [[ $apparmor_enabling == "n" || $apparmor_enabling == "N" ]]; then
echo "Understood, you should enable it however."
else
echo "Error: bad input."
fi
echo "The script has run it's course."
echo "Remember to manually check config files and finish any changes."
echo -en '\n'
echo "--------------------------------------------------------"
echo "INFORMATION"
echo "--------------------------------------------------------"
echo "Current User: $display_info"
echo "Current Time: $time"
echo "Kernel info: $kernel_info"
echo "--------------------------------------------------------"
echo -en '\n'
read -p "Press ENTER to reboot the system."
sudo reboot
}
function apache2_secure {
sudo apt-get -y install libapache2-modsecurity
sudo apt-get -y install libapache2-modevasive
sudo sed -i 's/^#?ServerSignature .*/ServerSignature Off/g' /etc/apache2/conf-enabled/security.conf
sudo sed -i 's/^#?ServerTokens .*/ServerTokens Off/g' /etc/apache2/conf-enabled/security.conf
sudo sed -i 's/^#?Options .*/Options None/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?AllowOverride .*/AllowOverride None/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?Require*/Require all granted/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?LimitRequestBody*/LimitRequestBody 204800/g' /etc/apache2/apache2.conf
echo "" | sudo tee -a /etc/apache2/apache2.conf
echo "Order deny, allow" | sudo tee -a /etc/apache2/apache2.conf
echo "Deny from all" | sudo tee -a /etc/apache2/apache2.conf
echo "Check if mod_security module is running..."
echo "
" | sudo tee -a /etc/apache2/apache2.conf
sudo sed -i 's/^#?Timeout*/Timeout 15/g' /etc/apache2/apache2.conf
sudo sed -i 's/^#?LimitXMLRequestBody*/LimitXMLRequestBody 204800/' /etc/apache2/apache2.conf
sudo apachectl -M | grep --color security
echo "Is mod_security on? It should say security2_module somewhere."
read -r security_a2_on
if [[ $security_a2_on == "y" || $security_a2_on == "Y" ]]; then
echo "Good. I will move on."
elif [[ $security_a2_on == "n" || $security_a2_on == "N" ]]; then
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
sudo sed -i 's/^#?SecRuleEngine .*/SecRuleEngine On/g' /etc/modsecurity/modsecurity.conf
sudo service apache2 restart
else
echo "Error: bad input."
fi
return 1
}
function pam_secure {
sudo sed -i 's/^#?PASS_MAX_DAYS .*/PASS_MAX_DAYS 90/g' /etc/login.defs
sudo sed -i 's/^#?PASS_MIN_DAYS .*/PASS_MIN_DAYS 7/g' /etc/login.defs
sudo sed -i 's/^#?PASS_WARN_AGE .*/PASS_WARN_AGE 7/g' /etc/login.defs
echo "Setup failed login attempts in /etc/pam.d/common-auth and add some config changes? [y/n]"
read -r fail_pamd_ca
if [[ $fail_pamd_ca == "y" || $fail_pamd_ca == "Y" ]]; then
echo "auth optional pam_tally.so deny=5 unlock_time=900 onerr=fail audit even_deny_root_account silent" | sudo tee -a /etc/pam.d/common-auth
sudo sed -i 's/^#?pam_unix.so .*/password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512
remember=10 minlen=8 difok=5/g' /etc/pam.d/common-password
elif [[ $fail_pamd_ca == "n" || $fail_pamd_ca == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Create brutally paranoid configuration for /etc/pam.d/other? [y/n]"
echo "NOTE: IF PAM FILES ARE DELETED ACCIDENTALLY, SYSTEM FAILURE MAY OCCUR."
read -r other_paranoid
if [[ $other_paranoid == "y" || $other_paranoid == "Y" ]]; then
echo "auth required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "auth required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "account required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "account required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "password required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "password required pam_warn.so" | sudo tee -a /etc/pam.d/other
echo "session required pam_deny.so" | sudo tee -a /etc/pam.d/other
echo "session required pam_warn.so" | sudo tee -a /etc/pam.d/other
elif [[ $other_paranoid == "n" || $other_paranoid == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function vsftpd_secure {
sudo sed -i 's/^anonymous_enable=.*/anonymous_enable=NO/g' /etc/vsftpd.conf
echo "Anonymous FTP login disabled."
sudo sed -i 's/^chroot_local_user=.*/chroot_local_user=YES/g' /etc/vsftpd.conf
echo "Local users restricted to their home directories."
echo "Create SSL/TLS certificate and private key for vsftpd server? [y/n]"
read -r ssl_vsftpd
if [[ $ssl_vsftpd == "y" || $ssl_vsftpd == "Y" ]]; then
sudo openssl req -x509 -days 365 -newkey [link]2 -nodes -keyout /etc/vsftpd.pem -out /etc/vsftpd.pem
echo "Created."
echo "Making config changes..."
sudo sed -i 's/^#?ssl_enable=.*/ssl_enable=YES/g' /etc/vsftpd.conf #enable tls/ssl
echo "SSL enabled."
sudo sed -i 's/^#?allow_anon_ssl=.*/allow_anon_ssl=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?force_local_data_ssl=.*/force_local_data_ssl=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?force_local_logins_ssl=.*/force_local_logins_ssl=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_tlsv1=.*/ssl_tlsv1=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_sslv2=.*/ssl_sslv2=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_sslv3=.*/ssl_sslv3=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?require_ssl_reuse=.*/require_ssl_reuse=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?ssl_ciphers=.*/ssl_ciphers=HIGH/g' /etc/vsftpd.conf
sudo sed -i 's/^#?rsa_cert_file=.*/rsa_cert_file=/etc/vsftpd.pem/g' /etc/vsftpd.conf
sudo sed -i 's/^#?rsa_private_key_file=.*/rsa_private_key_file=/etc/vsftpd.pem/g' /etc/vsftpd.conf
sudo sed -i 's/^#?pasv_max_port=.*/pasv_max_port=65535/g' /etc/vsftpd.conf
sudo sed -i 's/^#?pasv_min_port=.*/pasv_min_port=64000/g' /etc/vsftpd.conf
sudo sed -i 's/^#?local_max_rate=.*/local_max_rate=30000/g' /etc/vsftpd.conf
sudo sed -i 's/^#?idle_session_timeout=.*/idle_session_timeout=120/g' /etc/vsftpd.conf
sudo sed -i 's/^#?max_per_ip=.*/max_per_ip=15/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_enable=.*/xferlog_enable=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_std_format=.*/xferlog_std_format=NO/g' /etc/vsftpd.conf
sudo sed -i 's/^#?xferlog_file=.*/xferlog_file=/valog/vsftpd.log/g' /etc/vsftpd.conf
echo "Log file set at /valog/vsftpd.log"
sudo sed -i 's/^#?log_ftp_protocol=.*/log_ftp_protocol=YES/g' /etc/vsftpd.conf
sudo sed -i 's/^#?debug_ssl=.*/debug_ssl=YES/g' /etc/vsftpd.conf
echo "Configuration changes complete. Check /etc/vsftpd.conf later to see if they have all been done."
echo -en '\n'
echo "[link]3 "
echo -en '\n'
echo "Adding firewall exceptions.."
sudo ufw allow 20
sudo ufw allow 21
sudo ufw allow 64000:65535/tcp
sudo iptables -I INPUT -p tcp --dport 64000:65535 -j ACCEPT
elif [[ $ssl_vsftpd == "n" || $ssl_vsftpd == "N" ]]; then
echo "Understood. However, this is recommended."
else
echo "Error: bad input."
fi
echo "Restart vsftpd? [y/n]"
read -r vsftpd_restart
if [[ $vsftpd_restart == "y" || $vsftpd_restart == "Y" ]]; then
sudo service vsftpd restart
elif [[ $vsftpd_restart == "n" || $vsftpd_restart == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function apparmor_fix {
if [ -f /ussbin/apparmor_status ]; then
echo "Apparmor already installed."
else
echo "Apparmor not installed, installing."
sudo apt-get install -y -qq apparmor apparmor-profiles apparmor-utils
echo "Apparmor will be enabled at the end of the script."
fi
return 1
}
function sshd_secure_config {
sudo sed -i 's/^#?PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
return 1
sudo sed -i 's/^#?PermitEmptyPasswords .*/PermitEmptyPasswords no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?Port .*/Port 2223/' /etc/ssh/sshd_config
sudo sed -i 's/^#?X11Forwarding .*/X11Forwarding no/' /etc/ssh/sshd_config
sudo ufw allow 2223
sudo sed -i 's/^#?Protocol .*/Protocol 2/' /etc/ssh/sshd_config
sudo sed -i 's/^#?PrintLastLog .*/PrintLastLog no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?IgnoreRhosts .*/IgnoreRhosts yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#?RhostsAuthentication .*/RhostsAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?RSAAuthentication .*/RSAAuthentication yes/' /etc/ssh/sshd_config
sudo sed -i 's/^#?HostbasedAuthentication .*/HostbasedAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#?LoginGraceTime .*/LoginGraceTime 60/' /etc/ssh/sshd_config
sudo sed -i 's/^#?MaxStartups .*/MaxStartups 4/' /etc/ssh/sshd_config
echo "Automatic configuration complete."
sudo sed -i 's/^#?LogLevel .*/LogLevel VERBOSE/' /etc/ssh/sshd_config
echo "ClientAliveInterval 300" | sudo tee -a /etc/ssh/sshd_config
echo "ClientAliveCountMax 0" | sudo tee -a /etc/ssh/sshd_config
sudo sed -i 's/^#?StrictModes .*/StrictModes yes/' /etc/ssh/sshd_config
clear
echo "Use iptables to try to prevent bruteforcing? [y/n]"
read -r iptable_ssh
if [[ $iptable_ssh == "y" || $iptable_ssh == "Y" ]]; then
iptables -A INPUT -p tcp --dport 2223 -m state --state NEW -m recent --set --name ssh --rsource
iptables -A INPUT -p tcp --dport 2223 -m state --state NEW -m recent ! --rcheck --seconds 60 --hitcount 4 --name ssh --rsource -j ACCEPT
echo "Done."
elif [[ $iptable_ssh == "n" || $iptable_ssh == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
echo "Use public/private keys for authentication instead of passwords? [y/n]"
read -r auth_private
if [[ $auth_private == "y" || $auth_private == "Y" ]]; then
sudo ssh-keygen -t rsa
clear
sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/id_rsa
cat id_rsa.pub >> ~/.ssh/authorized_keys
sudo chmod 600 ~/.ssh/authorized_keys
restorecon -Rv ~/.ssh
sudo sed -i 's/^#?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
elif [[ $auth_private == "n" || $auth_private == "N" ]]; then
echo "Understood, moving on."
else
echo "Error: bad input."
fi
return 1
}
function sysctl_secure_config {
echo "kernel.sysrq = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_source_route = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects = 0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.log_martians = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_all = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.icmp_echo_ignore_broadcasts = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.tcp_syncookies=1" | sudo tee -a /etc/sysctl.conf
clear
echo -en '\n'
echo "Disable IPv6? [y/n]"
echo -en '\n'
read -r ipv6_disable
if [[ $ipv6_disable == "y" || $ipv6_disable == "Y" ]]; then
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
echo "IPv6 disabled."
elif [[ $ipv6_disable == "n" || $ipv6_disable == "N" ]]; then
echo "Understood, skipping disabling IPv6."
else
echo "Error: bad input."
fi
return 1
}
if [ "$(id -u)" != "0" ]; then
echo "Please run this script as root. I promise I won't dd /dev/urandom into /dev/sda..."
exit
else
main
fi
'''
DON'T USE THIS
Go1dfish undelete link
unreddit undelete link
Author: CreeperTyE
1: root:admin 2: rsa:2048 3: *modulo.co*/*e*u*e-ftp*s*rvi*e-v*ftp*-linux*ht*l
Unknown links are censored to prevent spreading illicit content.
submitted by removalbot to removalbot [link] [comments]

binary options robot: iQBot installation and login to ... How To Blow Your Account In Binary Options - YouTube THE TRUTH ABOUT BINARY OPTIONS - YouTube How To Create Binary Option MT5 Platform Account - YouTube Binary options trading  Tutorial for the beginners - YouTube How To Open a Binary.com Account! Binary.com complete ... Binary 33 Seconds Worms Strategy Real Account - YouTube Binary Options - Get $100 Free (No Deposit) - YouTube Binary Options Strategy 2020  100% WIN GUARANTEED ... Binary options trading  Binary options signals - YouTube

Trading binary options may not be suitable for everyone. Trading CFDs carries a high level of risk since leverage can work both to your advantage and disadvantage. As a result, the products offered on this website may not be suitable for all investors because of the risk of losing all of your invested capital. You should never invest money that you cannot afford to lose, and never trade with ... Binary Options is a trading instrument that offers a guaranteed return for a correct prediction about an asset's price direction within a selected timeframe. An Option is part of the derivatives types of assets. This means that their value is intrinsically tied to the value of an underlying asset. When you buy or sell an option, you do not own the underlying asset. You're typically speculating ... Binary.com login process is very simple for interested binary traders in South Africa.To get access to the platform, traders need to provide personal data to initiate the binary options registration process.. In order for Binary.com broker to ensure the safety of their funds, they are obligated to verify received data, provided by traders before placing a deposit. binary-options.ltd is modern British company that is successfully involved in profitable trading on Forex and cryptocurrency exchange. We use many effective trading instruments: Bitcoin, Ethereum, various currency pairs, commodities and precious metals. Compliance with own rules of risk-free trading helps us to avoid financial loses and increase trade capital. Experienced traders and ... Trading binary options may not be suitable for everyone. Trading CFDs carries a high level of risk since leverage can work both to your advantage and disadvantage. As a result, the products offered on this website may not be suitable for all investors because of the risk of losing all of your invested capital. You should never invest money that you cannot afford to lose, and never trade with ... Raceoption Binary Options and CFD Trading Platform Login to your account. E-MAIL. PASSWORD. Stay logged in. Login. Forgot your password? Don't have an account yet? Register ... IQ Option Binary options brokers will generally have their trading platform open when the market of the underlying asset is open. So if trading the NYSE, Nasdaq, DOW or S&P, the assets will be open to trade during the same hours as those markets are open. Any moves by the Federal reserve for example, will feed into binary markets immediately, just as you would expect. This is to say that a single login into your EmpireOption binary options trading account will give you access to all the trading features you will need, including banking services as well as trading tools, assets and features. In this article, we will take you through the simple and convenient login process required by this broker as well as the features you will require to make your trading ... In order to trade binary options on the AnyOptions trading platform, the trader has to sign up account online, login, and submit documents as proof of identification and residence, then fund the account using one of the several methods available (credit/debit cards, Paypal, Ucash, etc). The binary options trading platform is available in eight languages. This gives open participation to ...

[index] [15778] [16650] [17868] [10667] [28806] [12439] [27867] [27234] [24197] [4160]

binary options robot: iQBot installation and login to ...

Free Iq Option Demo: https://affiliate.iqoption.com/redir/?aff=53497 ExpertOption: https://r.expertoption.com/?refid=14452 For EU & USA best broker: http://w... Are binary options a good idea? If you're thinking about trading binary options, watch this video first. Check out our FREE training for traders https://bi... This video is 100% Free very simply online money making lessons Sinhala & English. Blog link http://winofthelife.blogspot.com/2017/08/binarycom.html Register Binary Demo Account: http://record.binary.com/_cABEARyQUsu6tyDIijdDK2Nd7ZgqdRLk/1/ Digital Clock Download link: https://drive.google.com/open?id=1xf... https://iqbotproject.com Whatsapp: https://wa.me/212674429706 FB-chat: https://m.me/binary.iqbot Page: https://www.fb.com/binary.iqbot Group: https://www.fb.... Binary options trading Binary options signals Hi there! I'm Lady Trader and today I'll show you my binary options strategy 2020 that I use in binary tradin... How To Open a Binary.com Account! Binary.com complete English tutorial 2018 options, binary options, binary options trading, binary options strategies, binar... The road to success through trading IQ option Best Bot Reviews Iq Option 2020 ,We make videos using this softwhere bot which aims to make it easier for you t... Binary options trading Tutorial for the beginners Hey guys! Today I'm gonna show you my binary options trading strategy that I usually use in my binary tra... BinaryOptionsFree.com - When you create your binary options free account, you will get access to exclusive $100 Free trading offers. You do NOT need to make ...

https://binaryoptiontrade.rotannist.gq