All posts by cdstealer

Vegan

Vegan Frangipane Tarts

Vegan blueberry frangipane tarts - these delicious little eggless and dairy free blueberry bakewell tarts are a perfect Summer treat! Lovely for dessert or Afternoon tea.Course Dessert Cuisine British, vegan Keyword tarts Prep Time 25 minutes Cook Time 50 minutes Servings 8 people Author Domestic Gothess

Ingredients

Pastry:

  • 200 g (1 +2/3 cup) plain (all-purpose) flour
  • 50 g (1/2 cup) ground almonds
  • 50 g (1/3 cup + 1 Tbsp) icing (powdered) sugar
  • 1/4 tsp salt
  • 150 g (5.3 oz / 1/2 cup + 2 Tbsp) vegan block butter (NOT the spreadable kind. I use Naturli Vegan Block) cold and diced
  • 1 Tbsp cold vodka (or water)

Frangipane:

  • 70 g (2.5 oz / scant 1/3 cup) melted vegan block butter (I use Naturli Vegan Block)
  • 110 g (1/2 cup + 1 Tbsp) caster sugar
  • 40 g (1/3 cup) plain (all-purpose) flour
  • 5 g (1/2 Tbsp) cornflour (cornstarch)
  • 80 ml (1/3 cup) aquafaba or non dairy milk
  • 175 g (1 + 3/4 cups) ground almonds
  • 1/2 tsp baking powder
  • 3/4 tsp almond extract
  • 3/4 tsp vanilla extract

To Finish:

  • about 8 heaped tsp black cherry jam
  • a handful of morello cherries
  • large handful flaked almonds

Instructions

  1. To make the pastry, place the flour, ground almonds, icing sugar and salt in a food processor and pulse to combine.
  2. Add the diced cold butter and blend until it resembles fine breadcrumbs. With the motor running, gradually drizzle in the cold vodka (or water), until the pastry comes together into a ball.
  3. Shape the pastry into a disc, wrap in clingfilm (or an environmentally friendly alternative) and place in the fridge for half an hour.
  4. Divide the chilled pastry into 6 even pieces and roll each one into a ball. Roll each ball out thinly on a floured surface so that it is large enough to line an 8-9cm/3.25-3.5in tart tin.
  5. Carefully lift the pastry into the tin and press it right into the corners and up the sides. Roll over the top with a rolling pin to trim off the excess pastry. Reserve the trimmings.
  6. Repeat with the rest of the balls of pastry then gather together the trimmings, divide in half and roll each into a ball. Roll out as before and line another two tart tins. You should get 8 tarts in total.
  7. Prick the pastry cases all over the base with a fork then place them in the freezer for 20 minutes while you preheat the oven to 180°C/350°F/gas mark 4.
  8. Line each of the frozen pastry cases with a square of tin foil, pressing it right into the corners. Fill each one with baking beans or dried rice then bake for 15 minutes.
  9. Remove the tin foil and beans/rice and return the pastry cases to the oven for 5 minutes then remove and set aside.
  10. To make the frangipane, whisk together the melted vegan butter and the sugar then whisk in the flour and cornflour followed by the aquafaba. Finally, mix in the ground almonds, baking powder and almond and vanilla extracts.
  11. Spread a heaped tsp of blueberry jam over the base of each tart shell then spread a couple of heaped Tbsp of the frangipane over the top, making sure that the jam is fully covered. The frangipane will puff up a little in the oven so don't fill them more than 3/4 full.
  12. Scatter some fresh blueberries over each one, making sure that they aren't too close to the edge as any juice that seeps out can cause the pastry to stick to the tin if it bubbles over.
  13. Finally, scatter over some flaked almonds then bake the tarts for about 30-35 minutes, until nicely browned.
  14. Leave to cool in the tins for 20 minutes before turning out. Store any leftovers in an airtight container for up to 3 days.

NOTE: These are amazing! Better than I remember.

Linux

DNS Firewall

If you're running your own DNS server as described here, then you can easily setup your domain zone to block ads, malware, phishing etc etc.
I'll describe the process here.

In named.conf, add the following within the options block:

response-policy {
  zone "sinkhole";
};

Next is to download the RPZ (Response Policy Zone) file from a reputable source. For the purpose of this, I'll be using EnergizedProtection.
This is ~25Mb in size and contains over 900,000 entries.
Next I added a new zone to named.conf:

zone "sinkhole" IN {
        type master;
        file "pri/sinkhole.zone";
        notify yes;
        allow-update { key "rndc-key"; };
};

Though I discovered that a few lines were too long. So before restarting named, run a check:

named-checkconf

will check named.conf for errors and

named-checkzone sinkzone /var/bind/pri/sinkhole.zone

will check the zone file for issues.

# named-checkzone sinkzone /var/bind/pri/sinkhole.zone
dns_master_load: /var/bind/pri/sinkhole.zone:316077: ran out of space
dns_master_load: /var/bind/pri/sinkhole.zone:467504: ran out of space
zone sinkzone/IN: loading from master file /var/bind/pri/test failed: ran out of space
zone sinkzone/IN: not loaded due to errors.

This means that the given line numbers in the zone file are too long.

316077 https.outlook.live.com.user0500.deor.error.c8nkichfistk8dphfvkfd9ssli82.is38avdj8h0k381gx0id7hhkg8l.6dls9sz6hv72290ddkuhs.7lxhhjh86k0f2hrivsb1jku718.7lxhhjh86k0f2hrivsb1jku718.h7g6fi9d0fhy6kk6htk4.kwddz0mtsqe28sh3wkj9nhhsd6drh.linestarts.duckdns.org CNAME .
467504 paypal.com.us.continue.myaccount.account.active.login.us.intl.internationa.transfer.now.login.myaccount.account.active.login.us.intl.internationa.transfer.now.myaccount.account.active.login.us.intl.internationa.transfer.now.newmanhope.duckdns.org CNAME .

To workaround this I've written an update script which is run by cron on a weekly basis.

#!/usr/bin/env bash

zfile='/var/bind/pri/sinkhole.zone'
wget -O- https://block.energized.pro/ultimate/formats/rpz.txt | grep -Pv "(\.)?care2\.com|^#" > "${zfile}"
errs=($(/usr/sbin/named-checkzone sinkzone "${zfile}" | pcregrep -o1 ':(\d+):'))
x=0
for a in ${errs[@]}; do
  a=$[a - ${x} ]
  sed -i "${a}d" "${zfile}"
  x=$[x + 1 ]
done
errs=($(/usr/sbin/named-checkzone sinkzone "${zfile}" | pcregrep -o1 ':(\d+):'))
if [ -z ${errs} ]; then
  echo "Success, restarting named"
  systemctl restart named
else
  echo -e "We missed some errors in ${zfile}.  On lines:\n${errs}"
fi

That's it...done!

Changes this:

into this:

Linux

SSH Agent

Adding your SSH key to the ssh-agent

Before adding a new SSH key to the ssh-agent to manage your keys, you should have checked for existing SSH keys and generated a new SSH key.
Doing this weakens the security, but only if someone has access to your account or your system has already been compromised.
SSH-AGENT is not a daemon and must be started upon each login which will ask for the passphrase. You *could* NOHUP the command so it stays active between reboots. But I'd avoid doing this.

Start the ssh-agent in the background.

$ eval "$(ssh-agent -s)"
> Agent pid 59566

Add your SSH private key to the ssh-agent. If you created your key with a different name, or if you are adding an existing key that has a different name, replace id_rsa in the command with the name of your private key file.

$ ssh-add ~/.ssh/id_rsa
Linux

Splunk tweaks

Set the default search time period.
$SPLUNK_HOME/etc/system/local/ui-prefs.conf file includes:

[search]
 dispatch.earliest_time = -15m
 dispatch.latest_time = now

----------------------

Linux

Handy Exim Filters

For a while now I'd been thinking about how to block spam that is mascarading as myself. Today, I fixed it :)
In my exim.conf, I have a section for spam filtering under the "acl_check_data" section.

warn  message = X-Antivirus-Scanned: Clean
warn  message = X-Spam-Score: $spam_score
      spam = mail:true
      condition = ${if <{$message_size}{80k}{true}{false}}
warn  message = X-SA-Status: No
      spam = mail:true
      condition = ${if <{$spam_score_int}{29}{true}{false}}
warn  message = X-Spam-Report: $spam_report
      spam = mail:true
      condition = ${if >{$spam_score_int}{40}{true}{false}}
warn  message = Subject: [SPAM] $h_Subject
      spam = mail:true
      condition = ${if >{$spam_score_int}{30}{true}{false}
warn  message = X-SA-Status: Yes
      spam = mail:true
      condition = ${if >{$spam_score_int}{30}{true}{false}}
warn message = X-Spam-Score: 80
spam = mail:true
condition = ${if !match{$sender_host_address:}{"(127.0.0.1|198.16.181.0/24)"}{true}{false}}}}
condition = ${if match{$sender_address:}{"(me|other.me)"@}{true}{false}}
condition = ${if match{$h_to:}{"(me|other.me)"@}{true}{false}}
deny  message = This message scored $spam_score spam points.
      spam = mail:true
      condition = ${if >{$spam_score_int}{44}{true}{false}}

I also added the following under the acl_check_helo:

# If the HELO pretend to be this host
deny    condition = ${if or { \
                     {eq {${lc:$sender_helo_name}}{cdstealer.com}} \
                     {eq {${lc:$sender_helo_name}}{127.0.0.1}} \
                     {eq {${lc:$sender_helo_name}}{198.16.181.0/24}} \
                     } {true}{false} }
Linux

Create Bootable Windows Installation USB

So, a situation may arise where you are required to install Windows where the only media you have is a USB drive. Now if you're already running Windows, you can do this with the media creation tool.
You can download a Windows 10 image direct from M$ here.

Obviously, we're running Linux ;) So download the ISO image and let's get cracking ;)

USB Prepare

You will need a drive >4Gb (I used a 2Gb :\)

Insert your USB and execute (where 'X' is the drive eg /dev/sda):

fdisk /dev/sdX

I'm assuming there are no partitions defined. So we'll start from scratch.

# fdisk /dev/sdj

Welcome to fdisk (util-linux 2.30.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): p
Disk /dev/sdj: 1.9 GiB, 2058354688 bytes, 4020224 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0003dd8d
-------------------------------------------------------------------------------
Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 
First sector (2048-4020223, default 2048): 
Last sector, +sectors or +size{K,M,G,T,P} (2048-4020223, default 4020223): 

Created a new partition 1 of type 'Linux' and of size 1.9 GiB.
-------------------------------------------------------------------------------
Command (m for help): t
Selected partition 1
Hex code (type L to list all codes): 7
Changed type of partition 'Linux' to 'HPFS/NTFS/exFAT'.
-------------------------------------------------------------------------------
Command (m for help): a
Selected partition 1
The bootable flag on partition 1 is enabled now.
-------------------------------------------------------------------------------
Command (m for help): p
Disk /dev/sdj: 1.9 GiB, 2058354688 bytes, 4020224 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0003dd8d

Device     Boot Start     End Sectors  Size Id Type
/dev/sdj1  *     2048 4020223 4018176  1.9G  7 HPFS/NTFS/exFAT
-------------------------------------------------------------------------------
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

Make sure you have sys-fs/ntfs3g installed.

Execute

mkntfs -Q /dev/sdj1
# mkntfs -Q /dev/sdj1
Cluster size has been automatically set to 4096 bytes.
Creating NTFS volume structures.
mkntfs completed successfully. Have a nice day.
Install boot sector

Make sure you have ms-sys installed.

Execute ms-sys -n /dev/sdj1

# ms-sys -n /dev/sdj1
NTFS Windows 7 boot record successfully written to /dev/sdj1

Now for the installation files.

Mount the downloaded ISO and the USB drive.

mount -o loop /$HOME/Downloads/Win10_1709_English_x64.iso /mnt/THIS
mount /dev/sdj1 /mnt/THIS

Now copy the files.

cp -Rv /mnt/THIS/* /run/media///

And that's it. Unmount the ISO/USB and go install.

Linux

Simple Python HTTP server

Knocking up a simple and quick web server can be extremely useful without the need to install and configure a full fat web server. However, this isn't secure and will expose ALL files from the current directory executed in!

The official doc can be found here (v2) and here (v3).

NOTE: You will need to generate the certs for HTTPS version.

Python2:

HTTP

HTTPS

 
#!/usr/bin/env python2

import BaseHTTPServer, SimpleHTTPServer

httpd = BaseHTTPServer.HTTPServer(('<listen IP>', <port>),
        SimpleHTTPServer.SimpleHTTPRequestHandler)

httpd.serve_forever()

Or a simple one liner:

python -m SimpleHTTPServer
 
#!/usr/bin/env python2

import BaseHTTPServer, SimpleHTTPServer
import ssl

httpd = BaseHTTPServer.HTTPServer(('<listen IP>', <port>),
        SimpleHTTPServer.SimpleHTTPRequestHandler)

httpd.socket = ssl.wrap_socket (httpd.socket,
        keyfile="key.pem",
        certfile='cert.pem', server_side=True)

httpd.serve_forever()

Python3:

HTTP

HTTPS

 
#!/usr/bin/env python3

import http.server, socketserver

Handler = http.server.SimpleHTTPRequestHandler
httpd = socketserver.TCPServer(('<listen ip>', <port>), Handler)

httpd.serve_forever()

Or a simple one liner:

python -m http.server <port> --bind '<listen ip>'
 
#!/usr/bin/env python3

import http.server, socketserver
import ssl

Handler = http.server.SimpleHTTPRequestHandler
httpd = socketserver.TCPServer(('<listen ip>', <port>), Handler)

httpd.socket = ssl.wrap_socket (httpd.socket,
        keyfile="key.pem",
        certfile='cert.pem', server_side=True)

httpd.serve_forever()
Linux

Creating and applying a patch.

Just because! So sometimes you may need to patch a kernel source file, or a script, or maybe even your life who knows. But whatever the reason, creating a patch file and applying it are extremely easy.

Let's take the config from this post as an example.

Copy the file /etc/grub.d/10_linux to /etc/grub.d/10_linux_patched.

Open /etc/grub.d/10_linux_patched in your favourite editor and make the required changes (line 204), then save.

Original:

initrd=
  for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
           "initrd-${version}" "initramfs-${version}.img" \
           "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
           "initrd-${alt_version}" "initramfs-${alt_version}.img" \
           "initramfs-genkernel-${version}" \
           "initramfs-genkernel-${alt_version}" \
           "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
           "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
 if test -e "${dirname}/${i}" ; then
           initrd="$i"
           break
 fi
 done

Patched:

 initrd=
 for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
            "initrd-${version}" "initramfs-${version}.img" \
            "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
            "initrd-${alt_version}" "initramfs-${alt_version}.img" \
            "initramfs-genkernel-${version}" \
            "initramfs-genkernel-${alt_version}" \
            "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
            "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
 if test -e "${dirname}/${i}" ; then
            initrd="early_ucode.cpio ${rel_dirname}/$i"
            break
 else
            initrd="early_ucode.cpio"
 fi
 done

If you just run a diff on the files, you see the changes.

# diff 10_linux_unpatched 10_linux_patched
204c204
<            initrd="$i"
---
>            initrd="early_ucode.cpio ${rel_dirname}/${i}"
205a206,207
>     else
>            initrd="early_ucode.cpio"

But this output we can't use to patch with. Now we rerun the diff command, but with a 'u' switch.

# diff -u 10_linux_unpatched 10_linux_patched
--- 10_linux_unpatched	2017-06-18 14:38:05.204929981 +0100
+++ 10_linux_patched	2017-06-18 14:38:26.540589618 +0100
@@ -201,8 +201,10 @@
 	   "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
 	   "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
     if test -e "${dirname}/${i}" ; then
-           initrd="$i"
+           initrd="early_ucode.cpio ${rel_dirname}/${i}"
            break
+    else
+           initrd="early_ucode.cpio"
     fi
   done

Hopefully the above output will make sense. Basically, '-' is old and '+' is new. So all we need to do is direct this output to a file.

diff -u 10_linux_unpatched 10_linux_patched > 10_linux.patch

The filenames that precede the '---' & '+++' are the files to be read '+++' and the file to be changed '---'. These 2 lines may also have a full or partial path to the files.

To apply the patch, just execute:
patch < 10_linux.patch

If you now diff the 2 files, they should match ;)

So if not applying in the root of the files, we need to inform patch to omit the preceding segments.

example:

If the first 2 lines of the patch have a relative path.

--- a/10_linux_unpatched 2017-06-18 14:38:05.204929981 +0100
+++ b/10_linux_patched 2017-06-18 14:38:26.540589618 +0100

We would use the 'p' switch.

patch -p1 < 10_linux.patch

This will ignore the 'a' & 'b' path segments.

Linux

Gentoo CPU Microcode

Here we will get the firmware for the CPU loaded at boot.  This helps the stability and efficiency of the processor.

Let's make sure we have the required options enabled in the kernel and rebuild if not.

General setup  --->
    [*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
Processor type and features  --->
    <*> CPU microcode loading support
    [*]   Intel microcode loading support

If these were not enabled, enable them as above (not modules!) and recompile and install your kernel.

Next we'll install 2 packages required for this to work.

# emerge -av intel-microcode iucode_tool

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild R ] sys-firmware/intel-microcode-20161104::gentoo USE="split-ucode -initramfs -monolithic" 0 KiB
[ebuild R ] sys-apps/iucode_tool-2.1.1::gentoo 0 KiB

Mount your /boot filesystem and execute the following to generate the cpio archive.

iucode_tool -S --write-earlyfw=/boot/early_ucode.cpio /lib/firmware/intel-ucode/*

You should see output like this with a different HEX value.

iucode_tool: system has processor(s) with signature 0x000206a7
iucode_tool: Writing selected microcodes to: /boot/early_ucode.cpio

Now we'll configure grub2 and install the new boot config.

Open the file /etc/grub.d/10_linux in your favourite editor and (at line ~204) make the following change.

From this:

initrd=
  for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
           "initrd-${version}" "initramfs-${version}.img" \
           "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
           "initrd-${alt_version}" "initramfs-${alt_version}.img" \
           "initramfs-genkernel-${version}" \
           "initramfs-genkernel-${alt_version}" \
           "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
           "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
    if test -e "${dirname}/${i}" ; then
      initrd="$i"
      break
    fi
  done

To:

 initrd=
 for i in "initrd.img-${version}" "initrd-${version}.img" "initrd-${version}.gz" \
  	   "initrd-${version}" "initramfs-${version}.img" \
  	   "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
  	   "initrd-${alt_version}" "initramfs-${alt_version}.img" \
  	   "initramfs-genkernel-${version}" \
  	   "initramfs-genkernel-${alt_version}" \
  	   "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
  	   "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
 if test -e "${dirname}/${i}" ; then
 initrd="early_ucode.cpio ${rel_dirname}/$i"
 break
 else
 initrd="early_ucode.cpio"
 fi
 done

Edit /etc/default/grub (at line ~59)

# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to kernel
GRUB_DISABLE_LINUX_UUID=true

And last off, install the new grub config:

grub-mkconfig -o /boot/grub/grub.cfg

And that is it!

If there is an update to sys-firmware/intel-microcode from this point that contains firmware for your CPU, just mount your boot FS and execute the iucode_tool command to generate a new cpio archive.

Linux

Expand VirtualBox VDI drive

This process is very easy.  Obviously I'll be using  a Linux host, but the process should be the same for a windows host.

Windows Guest:

First thing is to detach the vdi from the VM we wish to expand.

Open the VirtualBox Manager GUI.

Open the settings for the VM to modify.

Click Storage on the left

Right click the VDI to change and select Remove Attachment.

Now open a terminal and enter the following command (change for your details)

VBoxManage modifymedium "/path/to/win10/win10.vdi" --resize 50000

(The resize value is in MB)

As soon as you press enter, the vdi will be expanded.

Now re-attach the vdi to the VM

Open the settings for the VM to modify.

Click Storage on the left

Right click on the Controller and select Add Hard Disk

Then Choose existing disk

Browse to the VDI file.

Now we need to configure windows to use the new space.

Start up the VM.

Right click on the Start button and select Disk Management

Right click on the drive you want to expand and select Extend Volume.

Click Next a few times.

Done.  That's it!