Linux SSH login – a good starting point

The steps below were included in a later article I wrote, regarding new Linux server installations, here which includes much more information from that aspect. The information below is still valid, useful, educational information which should be read if intending to start the process of hardening a Linux server. I apologize for the sloppiness of this, but I see no reason to copy and paste the same information into this article when it flows very naturally in the new article. You will thank yourself for reading both articles, however!

My environment:
Ubuntu Server 18.04 hosted in a datacenter, with a public IP used for administration and public use.
Windows client computer with SSH terminal program. (I highly suggest WinSSHTerm v2 for higher level usage)

The goal:
To run a server with SSH key login only.
To use password authentication for privilege escalation only.
To prevent unauthorized access, login and escalation, through various methods.

The server software:
OpenSSH (sshd – ssh daemon service)
fail2ban (intrusion prevention service)
Linux PAM (Pluggable Authentication Module)
UFW (Uncomplicated FireWall, in lieu of IPTables)

Additional software used for demonstration puroses:
MariaDB (A fork of MySQL, with some enhancements)
HAProxy (A layer 4 and 7 routing service (HTTP(S) and TCP-only proxy)
Hiawatha (HTTP daemon akin to Apache, with simpler configs, and a security focus)

The method:
Using the above software services, the GNU/Linux installation will be secure from intrusion from unauthorized and unauthenticated users (and user-like software). This process will include allowing TCP port 22 incoming access, and denying incoming access to all other ports (opening 22, closing everything else), until such time as additional ports are needed for access into the machine. All outbound connections will be allowed in this tutorial. Once UFW is enabled, external clients may connect only to port 22/TCP. Being OpenSSH will run on port 22, SSH is the only thing that can connect to the server. The next step will be to allow SSH key logins, ensure this is working correctly, and then disable password authentication on SSH. After getting the server to a point where only SSH with a key pair can connect to the server, fail2ban and PAM will be utilized to help mitigate brute-force attacks for login and privilege escalation (i.e. sudo and su usage).

The end result:
We’ll be using 5 pieces of software (Linux, SSH, fail2ban, PAM and UFW) as a starting point to secure a Linux server installation. These instructions are based around Ubuntu 18.04 LTS, but may be applicable to other distros and version. 18.04 is a SystemD based system, and some differences will occur for older, non-SysD installations. Before a Linux server can be of any use, it must be accessible. This can be through a local console (keyboard & monitor), through a remote console (such as many hosting companies provide for direct access, or which can be set up using a serial cable and terminal (often using a laptop connected to the server) – or by remote terminal access, via SSH (at this time, I do not know any other ways to access the main console or terminals of a Linux host) For this tutorial, we will assume SSH access will be used, even if console access is also used.

Users (potentially just the server admin, you, the reader perhaps) will gain access to the server with an SSH compatible client. This client will connect to TCP port 22 (possibly changed, will go over later in this article) The server will go through various methods of authenticating the connect, the supplied account, and credentials (SSH key). Upon successful connection and authentication, the user will have access to the server. If the user is granted sudoers privileges, the user can then use ‘su’ and ‘sudo’ to gain escalated (root) privileges. If, however, authentication fails, the user’s connection will be terminated. Multiple failures will invoke the user being banned, and from connecting at all. The user information will be added to a fail2ban jail, with configurable ban time (or permanent – but this is dangerous as if the admin somehow fails to login properly multiple times, the admin will have to gain direct console access to resolve the issue)

There will be a minimalized guide at the bottom with the basic information needed as a refresher for admins who understand the software and steps needed, but lack the confidence in blindly following memory to achieve this basic setup.

A synopsis of the steps needed:
Step 1 – Install and setup the Linux server, and accounts. This is the only time the root user account will be used to gain access to the system.

Step 2 – Install and set up UFW. This will include choosing to use the default SSH port, or modifying it. Changing the SSH port is “security by obscurity” – which can help mitigate SSH probing attempts, causing a lack of interest in your server to any hackers. Using the default port is still highly suggested, and though probes may find the port to be open, it will be very difficult for hackers to gain access. (Warning: These methods do not encompass software exploits which may exist in the SSH daemon, Linux, or any other software being used – This covers conventional, brute-force and guessing-game type attacks only)

Step 3 – Secure the SSHd to use SSH keys, and to then disable password login. Passwords will still be used by the system for authenticated users to gain su/sudo access.

Step 4 – Use PAM to mitigate authenticated user brute-force and guessing-game password escalation attempts, and to assist with SSH key login.

Step 5 – Ensure fail2ban is set up to ban malicious connections, and mitigate attacks on connection and escalation.

Step 6 – To use some commonly used user-accessible software services to demonstrate how to allow access to these services, including non-authentication public access (HAproxy and Hiawatha) and secure, private access (MariaDB) These demonstrations will provide a basis for understanding how to grant access to nearly any hosted service in a secure manner.

These 6 steps will give a BASE LINE level of security, and should not be counted on for 100% of a system’s security. There are many additional methods which can be utilized to harden a server system. Some options are additional software, replacement software, hardware firewalls, VPNs (Software and hardware) The extensiveness of advanced security and hardening is beyond the scope of this guide, but should be understood and researched as needed.

BluntAboutIT.com and I, the author do NOT make any guarantee to any end, and CANNOT be held accountable for security failure for any system which is set up using this guide. Again, this is a base line guide, but the admin must ensure that ALL security needs are met, including ensuring that every security measure needed is in use and properly functioning and using the latest available software. With that said, this guide can provide a good starting point for admins to secure their servers.

(At this time, I am publishing this page, with it incomplete and lacking any actual instructions. The information here is enough for a smart person to do some research and be able to begin the process, if not complete it. This tutorial will be updated at a later time to include instructional steps for installing, setting up and utilizing the software mentioned thus far. There may also be additions to what is currently published)

An Open Letter: Healthcare

A reasonably simple solution to help fix healthcare in the US. Not a complete fix, not a miracle. This isn’t some government controlled subsidy or program. Completely private. Maybe there could be some tax breaks for it, or maybe some local gov subsidy, but not Federal.

**In this letter, I speak of Walmart – mainly because it is the largest national chain with the space and resources for such a plan. However, other business may also choose to participate, and in fact some already are. Publix, in Florida has something similar – and indeed, Walmart already does in some locations as well.**

There’s some axioms in this world. One of them is that poor people have bad health coverage and less access to good healthcare. Another is that there are Walmarts within walking distance of most less affluent areas.

Now, before anyone gets upset – I’ve been to a Walmart in Pennsylvania which hosts a clinic in their front mall area. It was a pleasant experience, considering the reason I was there. The clinic was (as of 4 years ago) operated by the local hospital. They operated somewhere between an urgent care and nursing station.

My idea is to have Walmart be encouraged to host these clinics in all of their locations within walking distance of areas in need. Walmart would work with the local health authorities (hospitals and local/state governments) for staffing and operational funding. There are plenty of hospitals, or even doctor associate groups which could provide staffing and funding. This would be beneficial for hospitals to staff, as they would be offloading their emergency room intake for non-critical cases to other areas. The operating entity would then have access to all of their insurance providers, including government health assistance programs.

Walmart could be given a tax break for each location, deducting the square footage from their yearly tax bill. This would encourage both the introduction of the clinic, as well as ensuring it is given plenty of space for operating.

I envision these clinics being able to provide free healthcare to children and possibly the elderly (60+ perhaps), and affordable healthcare for anyone over 16. This would be from minor medical questions (What’s this rash on my leg?) to minor non-emergency wounded. The staff would be able to handle situations such as patients requiring stitches – provided the bleeding is controlled, etc – basically anything that does not require a full tenured doctor. A basic walk-in clinic. These clinics can provide affordable and easy access for vacinations; infection treatements, sprains and bruises.

In some locations, I could see having a “specialization of the day” for medical prevention as well. This could include a women’s health day, men’s health day, Children’s health day, Ear-Nose-Throat day. Having as many different specializations as possible, spread out weekly, bi-weekly, monthly or even seasonally. These would be introductory services, providing resources and referals as needed. These would all be walk-in, first come, first served services.

Business-wise, these would be extensions of the local hospitals or doctors groups. This means any payment method which is accepted by the main business, should also be accepted at these clinics, including cash, insurane and government assistance.

From a sociology perspective, having these clinics in such accessible locations can help to deter infections diseases (flu, stds, etc), provide for a better quality of life for the area, and help to educate the population. Federal, State and Local laws will of course be obeyed, however the ability for people without transportation to be able to have a medical professional take a look at their issue(s) can help to alleviate un-diagnosed and un-treated ailments and conditions. This could be especially beneficial for young adults (and teens) who are sexually active where embarassment factors could prevent treatement otherwise.

Encouraging the wide-spread deployment of public clinics within the Walmart network of stores can greatly increase the overall public health of the country. The CDC can also get more accurate and larger samples of statistics regarding infectious diseases. Over-worked emergency room staff will be able to focus on higher priority cases.

These clinics are intended to fill a void in healthcare accessibility. Where other healthcare options are already plentiful within walking distance of less affluent neighborhoods, these would not be neccisary but still allowable.

I hope this will make it to the eyes of someone much more influential than I and can get this started as a standard operating procedure for retail business.

Simple batch file clock

A very simple batch file clock to run in a command prompt or powershell window.
This was intially written to watch for OS freezes for Wolf68k, when he was streaming. The concept is simple: show an ever changing display which will cease updating during system freezes. I’ll go over the lines one at a time below.


|@echo off
|title JDenslinger's local system Time
|color 0a
|cls
| :CLOCK
| | cls
| | echo %time%
| | ping localhost -n 1 >null
| goto CLOCK

wordpress seems to want to delete all my extra space. I hate it. so, here, in the code section, there is a pipe | preceeding the lines. Remove the pipes if you use this code, otherwise it will not function properly or at all!

@echo off
– Ths provides for the system to not show any of the commands, and to only output the time
title JDenslinger’s local system Time
– two parts here, to form the titlebar display:
— title – the command to initiate the titlebar display
— JDenslinger’s local system time – the words to be displayed.
color 0a
– the background (0) and text (a) colors, black and lime, respectively
cls
– clears the screen, ensuring that the display is only a single line
:CLOCK
– basic function pointer, can be called later in the script
cls
– this clears the previous time allow for the new time to be displayed
echo %time%
– echo (output to the display) the current time (%time% is a system variable)
ping localhost -n 1 >null
– poor man’s timer. On very slow systems, this can more close to a second or longer delay.
goto CLOCK
– This directs the script to go back to our function pointer, creating an infinite loop.

This script can be stopped with ctrl-c or by closing the window.

Icecast music streaming…

This is an old guide I wrote back in 2014. It may still be applicable, or it may be completely useless now. But at least it’s shows the steps I took years ago to set up a streaming station.

BEGIN:==========================================================================
Poor man’s basic Icecast source setup instructions
Everything needed to set up a basic streaming system without the mess.

This tutorial assumes you’ve successfully setup icecast2 for this.
This tutorial also assumes you’ve got audio files to use to stream to icecast2.
You will also need a method seperate from your source computer to tune-in to the
stream – another computer or a friend with a PC you can be in communication with.

We will be using several programs to achieve this. These are:
VB-Cable from Pagesperso-orange.fr
edcast reborn from code.google.com
LAME MP3 from rarewares.org
VLC from videolan.org

First, you will need to download and install several pieces of software.
We will do this before continuing to configuration. Please follow the directions
as given as not doing so may cause errors in setup or configuration which cannot
easily be traced with issue diagnosing.

Go to:
http://vb-audio.pagesperso-orange.fr/Cable/index.htm
download CB-Cable Driver (center coloumn)
unzip to a fodler on your desktop and open the folder
right click on VBCable_setup and choose “Run as Administrator”
**Note: If using Windows 64bit, instead use VBCable_Setup_x64**
Click install on the screen that opens (if nothing, use other setup file)
allow the software to be trusted (check the box) and install
Verify this was installed by:
open Sound control panel
verify “CABLE Input” exists on “Playback” tab
verify “CABLE Output” exists on “Recording” tab
close Sound control panel

Go to:
http://code.google.com/p/edcast-reborn/downloads/
download edcast_standalone_3.37~~
Open Edcast Standalone Setup
click “Next>”
click “I Agree” (after reading and understanding the liscensing and terms)
click “Next>”
click “Install” (yes, use the default path)
Verify edcast is installed:
open the icon on the desktop for EdcastStandalone
Verify edcast opens, providing a window with several controls
close edcast

Go to:
http://www.rarewares.org/mp3-lame-bundle.php
Download LAME 3.99.5 with a size of 636kB (top download)
(DO NOT download the 64bit version)
open your edcast installation directory (C:\Program Files (x64)\edcast)
open the lame3.99.5.zip archive
copy lame_enc.dll from the zip to ~\edcast (it will be in with ogg.dll, vorbis.dll)
close the zip archive
close the edcast install directory
Verify LAME is installed:
open edcast (shortcut on desktop)
click “Add Encoder” button
See that a new entry was added under “Encoder Settings” and it is the only one
right click the new Encoder Setting selection, choose “Configure”
click the “Encoder Type” drop down, choose “MP3 Lame”
(it will not allow you to select it if it’s not instaleld properly)
click “OK” button
close edcast

Go to:
http://www.videolan.org
download VLC (big blue “Download VLC” button)
open VLC install
follow instructions on screen to install
use “Recommended” install type (just press next on “Choose Components” screen)
Verify VLC is installed:
open VLC (shortcut on desktop)
play any media file with audio to make sure VLC is working
close VLC

Now, go get some coffee, mt dew, take a bathroom break or just stretch.
You now have all the base software installed on your computer.
When you get back, it will be time to put all these bits together and stream!

OK Good! You’re back. At this point it would be ideal to have either another
computer, or a friend you can communicate with to help with testing. Their part
will be minimal, they just have to connect to your icecast server and listen.

Now, it’s time to configure VLC and edcast to work in tandem via VB-Cable.
VB-Cable shouldn’t need to be configured, but we will touch it’s options.

Open VLC (shortcut on the desktop)
open VLC’s Preferences (ctrl-p)
under “Show settings” click “All”
Go to Audio > Output modules
for “Audio output module” select “DirectX audio output”
go to Audio > Output modules > DirectX (You will have to expand the list to see it)
for “Output device” select “CABLE Input (VB-Audio Virtual Cable)
uncheck “Use float32 output”
for “Speaker configuration” select “stereo”
click “Save” button
Close VLC
re-open VLC (This is required to set the audio output properly)

set VLC aside for a bit, but leave it open.

Open edcast (desktop shortcut)
under “Live Recording” select “CABLE Output…”
right click on the MP3: selection under Encoder Settings, choose “configure”
Basic Settings tab:
change “Server IP” to the *IP* address of your server
change “Server Port” if you chose something other than 8000 in icecast2 setup
change “Encoder Password” to the password you used when setting up icecast2
YP Settings tab:
uncheck “Public Server” (This disables your server from being in icecast directories)
change “Stream Name” to your website/domain/station name
change “Stream Description”
change “Stream URL” to your website or icecast2 url
Advanced Settings tab:
(nothing to change, but look anyways for familiarity)
click “OK” button
click “Edit” to the right of “Metadata”
put your station name and your dj handle in the “Metadata” field
click “OK” button

Now it’s time to get your client computer or friend to tune into the stream
Be advised the audio may be very loud, so the volume on the client should be down

go to VLC
load up the playlist with files, enough for 20 minutes, or hit repeat
press play, ensure you cannot hear audio from it from your speakers
turn the volume all the way up to ensure audio quality to edcast and beyond

go to edcast
click the large black bar towards the top, it should start showing two
green and yellow bars bouncing left and right
press “Connect” button and let your friend know to tune in

You should now have a live stream going from VLC to edcast to icecast2 to your friend.

There are additonal features of edcast that can be set or configured. Such as the
Metadata being able to pull the song title from VLC’s window (this did not work for me)
Take note of what you change in case it breaks something and you need to revert it.

Play with the settings so you know what everything does, and remember it’s better to
have the audio player’s volume very high and use edcast to limit it so as to keep the
audio quality higher.

This document is liscensed under the Creative Commons Attribution with ShareAlike BY-SA

Spreadsheets, Minecraft and OCD organization…

Let me start out with HOLY CRAP TWO POSTS IN ONE DAY!? AFTER 9 MONTHS OF NO POSTS!? WOAH!! Am I crazy? Probably! Maybe not enough though…

So I found that I really enjoy using Google Docs spreadsheets. Well, I’d say use, but I think “abuse” is more the correct adjective here. Did you know that you can get 188000 rows, if you have only 13 columns? Well, it’s an odd limitation, but I found it! A workbook on Googlde Docs Spreadsheets can have only 5 million cells. That’s all sheets in a spreadsheet, not per-spreadsheet. It makes sense, memory resource limitations and all.

I’ve taken to using a spreadsheet for organizing all of the permissions for a small Minecraft network. When I say small, I mean 9 servers, 26 worlds, 10 “tracks” (groups of permission groups), 75 positions (permission groups), with an unknown amount of permission nodes for 98 plugins. The way I have my spreadsheet set up, is to use a row as section headers for the next set of columns. (If that don’t sound foncusing, let me explain)

The first row is, of course, my sheet header with each column labeled – because “A” “B” etc are not good names for data organization. I have this row frozen, so it’s always at the top. I also have the first and second columns frozen, so they will always be shown on the left side of the screen. These columns are Track and Group. I then have Columns “C”, “D” and “E” grouped under Group. These columns are “Prefix” “Username” and “Suffix” This was important so I can hide these columns now that I’ve completed that part of my job, without starting a new sheet, or removing them. Duration and Titles, “G” and “H” are grouped under Info, column “F”. Again, so the Duration and Titles columns can be hidden under Info. Columns “I” and “J” are “Server context” and “World context”, with World being grouped under Server, again to hide it. The next three columns, “K”, “L” and “M” are Plugin, Permissions and Negated Permissions. Yes, “L” and “M” are grouped under “K”. When I say grouped, this is a function in Spreadsheets which allows the grouped rows or columns to be folded or collapsed into the parent row/column. So with everything collapsed, I see columns “A”, “B”, “F”, “I” and “K” – and I can expand the section I need to focus on.

I’ve done this with rows as well. The first data row is the name of my first track, and as such A2 is filled in with that name, “Admin” (A1 being the label for the column in my header row, “Track”) For organizational purposes, I’ve left B2 empty, and went to B3 for my first “Group” entry. This allows me to collpase B3 under A2, without showing the first group, as it would be if I were to have used B2. This also allows me to free-up the rest of the row for track-specific data, such as Suffix, info, etc. I’ve done the same for the rows which contain an entry in the Group column, again so I can have group-specific data stored in that row. Moving to Column “I” or “Server context” I have again stepped the first entry in this column to the next row down. So, I4 is my first entry for Server contexts. And “J5” is my first entry for World contexts, as a “world” is a subset of a “server” I’ve continued this mostly-empty row organization with columns “K”, with each row having a plugin name. My first plugin is in cell K6. The next two columns will contain all of the permissions for that plugin in the same row however, L6 (first plugin’s permissions) and M6 (first plugin’s negated permissions) Row 7 will have my second plugin, permissions and negations, so on and so forth until I run out of plugins.

I have a nice nested effect going on with my rows, with the column to the left being the “header” for the cells to down and to the right. And when I collapse all of my rows, I see a nice list of all of my tracks. Then I can expand which track I want, and see the Groups within it. And expand the Group for which I want to modify or retrieve data from. At this point, I’m working towards well over 120000 rows, with 12 columns (The username column is only a placeholder, and is going to be removed) And so I’ll be looking at 1.4 million cells, with the vast majority of them empty, and not even visible at any given time.

But why so many rows, columns and thus cells? So, each plugin has it’s own permissions – some plugins give inherent permissions for all players, and some give inherent permissions only for those in the game servers’ “Op” file. Minecraft uses it’s own very primitive permission system for built-in commands. It’s archaic, non-granular, has 4 levels and various permissions within each level, with each higher level inheriting the permissions from the lower. But here’s the kicker, and why it’s archaic – Say I want someone to be able to kick a player, but not to build at spawn – well, with Minecraft’s Op system, that’s not possible, because building in spawn protected areas is a base level permission – kicking is the next level up. So, enter, and back to, Minecraft Permission Management Systems. I’m transitioning from PermissionsEx to LuckPerms. Various reasons, mostly due to LuckPerms having an active development team, and some functional technical reasons as well. I’m also taking the opportunity to build out readable documentation that my staff can access to assist with entering all of the permissions into LuckPerms, and for future reference for myself.

I seemed to have digressed a bit with that, so back to the question of why so many. First off, I have an unknown number of permissions. But let’s say the average plugin has 15 permissions (so have none, and some have much much more, so 15 is pulled out of thin air). Now, I have about 100 plugins. That alone means there’s 1500 permissions. Now, one plugin in specific has roughly 1500 permissions by itself. So, let’s say we have a total of 3000 permissions. Now, you may ask “OK, but that’s only 100 rows, as permissions for each plugin are grouped into the same row?” It’s not that simple. There is the potential for each world context (a world context is the number of worlds + the global server context, so n+1) having at least one entry for each plugin. There are a total of 26 world contexts, and several servers are only using a single context (global), so there’s the potential for even more. So we’re at 2600 unique potential permission rows. World context * plugin count. (I’m at 96 confirmed plugins, but may be adding a few more, so we’ll round off to 100 for this exercise) Now here’s the kicker: That’s per position. I have 75 permission groups (positions) So, 2600*75 is 195000 potential permission rows. Now, not all plugins will be installed on all servers, not all plugin permissions will be applied to every position (given or negated), not all plugins even have permissions, and there are some tricks to compounding permissions using * and built-in super-permissions (a permission which gives all the same functions as multiple other permissions) So it’s a LOT of permissions, data and work.

As someone who is very visually organizationally oriented, this helps to fully detail out the entire scope of the permissions on the network of servers. For me, at least. Ideally, this will also give my staff the ability to read the permissions per world, per server, per group and thus be able to enter the permissions into the new system for me. AND We’ll have a system-agnostic documentation that can be referred to and altered as needed in the future. It sounds extrememly convoluted and anything from easy. And it has been an absolute pain in the sphincter to set up. However, it’s use should be pretty simple, provided those who use it can understand multi-dimensional data storage. (spreadsheets with collapsable rows and columns) At it’s visually smallest, there will be only 11 rows and 5 columns. 55 cells, with 44 of them being empty. This is how each person should initially view this document. Each row and column can then be exapanded and collapsed as needed to navigate to the particular section and sub-section to modify or read.

In some respects, this is still easier than Windows Server 2003’s Active Directory. In others, I’ve completely rebuilt the entire framework of a Permissions Management System in a spreadsheet. For years, I’ve hoped someone would create an AD or OpenLDAP Minecraft plugin, but I feel the time for such an adventurous project has come and gone. Microsoft may be doing wonderful things with Minecraft still, but if we’re not already in it, Minecraft’s sunset period will be upon us within a few years. With the release of the right game, it could be even sooner. But what the developers behind LuckPerms has done is absolutely amazing and I hope they have written it in a way that LuckPerms can become game-agnostic and useful for other ventures in the future. It is already available for Minecraft Java Edition (Bukkit, Spigot and Paper); Minecraft Bedrock (for consoles/Win10) through NukkitX, a Bedrock server written in Java; Minecraft Forge servers (Also for Minecraft Java Edition, but different API) and I think another Minecraft server or two as well. But these things have two things very much in common: the base Minecraft game & Java.

At the top of this post, there’s a screenshot of the framework, with some sections collapsed, and some visible. For reference to this article only.

Linux, Java, Git and Maven…

Here, I will explain how to *simply* get a Java project with Maven compile instructions (pom.xml) on Github to your system, and compile it using Maven. This requires a few things. We’ll use Potato. You can fork this project with your own Github account, and then you can say that you’ve “Forked a Potato” (Seriously, it’s just a fun project with limited to no practicle use) We’ll be using Potato as our reference example project. It is Java, with Maven, on Github and will compile under Linux. https://github.com/AeSix/Potato

First, let me state that I use Ubuntu GNU/Linux distros. Life is too short to worry about getting everything installed “the hard way” – Ubuntu’s apt-get is, in my humble opinion, the simplest way to do routine software installs. I’ve built Slackware linux, ran through Fedora Core, messed with Gentoo and Suse, and various other distros, including Debian (Ubuntu’s papa distro) For everything I’ve ever needed, Ubuntu has provided much simpler than other distros. That may not be the case for everyone, however. So with that all said, I’ll be talking about “Linux” pertaining to Ubuntu GNU/Linux specifically. These instructions may be translatable to other Linus distros, to UNIX distros (FreeBSD, MacOS, etc) or even for Windows with varrying degrees of success. I won’t discuss these here though.

The first step, of course, is to procure suitable environment and install your OS. We’ll assume this is done. If it’s not, you’ll want to do that, after reading the rest of this. You’ll find specific instructions for your environment online, and so I won’t waste time here detailing that.

Next, you’ll need to install Java. This is a considerably more difficult process on any Linux distro, if you’re wanting to use Oracle Java (as opposed to OpenJDK), that’s as simple as
> apt-get install open-jdk
I prefer to use Oracle JDK, however that’s a personal preference. You can find installation instructions if you were to search for “Oracle Java Ubuntu webupd8” – there’s plenty of info on that and does not need to be duplicated here.

Once you have Java installed, you’ll want to get a Git client and Maven. Again, there are installation instructions online for each of these. I suggest Gitlab’s instructions, but DigitalOcean has some nice write-ups as well.

At this point, we’ll assume you can do these things:
login to your Linux user account, and perform commands with sudo. I highly suggest NOT using root user!
– Test your network connection:
> ping google.com
– Test your Java installation:
> java -version
– Test git client:
> git –version
– Test Maven installation:
> mvn –version

Assuming this all went to plan, you should now create your work environment. I suggest making a ‘dev’ directory under your /home/username, with a git directory under that. OCD organization!
> cd ~ && mkdir dev && cd dev && mkdir git && cd git && pwd
Provided this worked, you should see something akin to, with “yourusername” being replaced:
/home/yourusername/dev/git

Now all the setup is done, let’s clone us some code!
> git clone https://github.com/AeSix/Potato
> cd Potato && ls
The first command here will reach out to Github and fetch a copy of Potato from github.com/AeSix/ and create a new directory under git/ called “Potato” The git client will always create a new directory in your cwd with the project name as the new directory name. The second command simply puts us into that directory and lists it’s contents. Verify that the contents on your system match that of the repository you cloned from. If it does match, Congrats! You’ve cloned a Java Maven Git project!

Let’s build this project. This is what I *LOVE* about Maven, how simple it is! You’ll be addicted and wanting to compile github projects every day! (Ok, maybe I alone got a bit overly enthusiastic about Maven when I first got it working!)
> mvn clean install
That’s it! That’s all you needed to do! Of course, you *have* to be in the directory with the project’s files for this to work, and the project *has* to have a ‘pom.xml’ file. Of course, the project also has to be fully written, not broken, and compatible with your version of Java and potentially your OS (Very old OSes may not have some functions that newer Java projects require, but then your Java version would be subject to these and you’d never get a new enough Java installed to even build with much less run the project with)

Oh! You actually want to run the project? I guess I can tell you where the compiled jar is.
You should still be in /home/yourusername/dev/git/Potato – so do
> pwd
and confirm you are. If you’re not, then something went awefully awry and you should figure that out. Let’s assume there’s no problems though. Now do
> ls
You should now see a “target” directory. Again, assuming all things went well, do
> cd target && ls
And you’ll see “classes” and “Potato.jar” So let’s run Potato!
> java -jar Potato.jar
You should be greeted with a friendly, if passive-aggressive, yet humerous message from your new Potato.

If *anything* went wrong, I suggest starting from the top of the first checklist, pinging Google. If you still can’t get it going, you may need to do some more research.

Here’s the TL;DR for those who just need a reminding of how easy (so easy, it’s forgettable) Java/Maven/Git is:

Get project url:
example: https://github.com/AeSix/Potato
Enter your working environment:
> cd ~/dev/git
Clone project to local system:
> git clone https://github.com/AeSix/Potato
Build with Maven:
> mvn clean install
Test the built jar:
> java -jar Potato/target/Potato.jar
Rejoice at the deliciously prepared Potato!

To update the local project files:
> cd ~/dev/git/Potato
> git pull
The git pull command has to be done from within the project’s local directory, otherwise it wouldn’t know which project to update.

Life in general, a rant

Holy crap can life throw some curve balls.

So without getting into details – life in general has been very hectic the last couple of weeks. It’s been building to a boiling point for several months. In the last 5 months there has been a death, a marriage, a family feud, I started smoking, a family addition (more on that later, maybe) a hurricane, a trip to the mountains, and a couple of falls on the way home, a bit of personal self-learning. I quit smoking. Not in any specific order.

I now have, for the first time in my life, a preferred auto-body shop. I’ve never needed one before, but so far, so good. I’d prefer to not need one, but alas, I have one. Why might I now need an auto-body shop? Because our brand new, less than a week old car had some issues. It’s sitting at the auto-body shop with the drive-off tag still attached. Almost $8,000 of estimated damage. In two claims. Thankfully. Had the damage been a single claim, it could have turned out very bad for us, with the car being totaled and a replacement not exactly working out. (Blame that marriage thing I mentioned earlier)

The wife and I went on a trip to Tennessee a couple of weeks ago, a last vacation for the foreseeable future. Not that we won’t be taking small trips, etc, but we have none planned. We enjoyed ourselves greatly! The car did not enjoy the trip so much however. The Saturday before we left for our trip, we traded up our 2015 Soul for a 2018 model. Score! New car smell, tiny little issues all gone, OOOH SHINEY! New, real Rims! By Thursday, I had backed into a tree. Saturday on the return trip home, an old woman t-boned us in a parking lot. Not fun. Not so shiny any more. Not my greatest moments. Though the delivery was quite rude, crude even in tone and volume – the words were not. Or maybe they were a bit. I was beyond pissed. I couldn’t drive the car if I wanted to, my nerves were (and to some extent still are) completely shot. I can’t stand people pulling out onto the road I’m traveling from side streets – at all.

With my nerves shot and responsibilities which include driving, I turned to that old crutch, the only horrible coping mechanism I’ve used in the past. Smoking. Cigarettes. I’ve quit again, as of Saturday Night (So about 36 hours now, as of this writing) So what’s the first thing my body does? That night, it start expunging crap from my lungs and decides that’d be a great time to give me a lung infection. So now, I’m sitting my computer, coughing and writing this because I’m too sore and physically exhausted to do anything else. And I have about 200 hours of work to get done. *sigh*

I’ve done a lot of “growing the fuck up” over the last 5 months. A lot. My mother passed away less than a month before my wedding. I’ll never forgive myself for that, though I know there was nothing I could do. My mother’s husband had lost almost everything taking care of her, and over the last three years or so was completely unable to leave her alone for more than a few minutes at a time. My mother’s family, completely inept and incapable of ever understanding the drain she put on him, decided to see things that weren’t there. To put it nicely. It was bad enough she wouldn’t be at my wedding. Then my wedding was cut considerably smaller because of those expenses. Wouldn’t her family help out too? Oh hell no. My crowd funding got called a scam, I was called a liar and thief. Her husband was insulted multiple times. Oh, and there was a murder investigation. No charges were brought against anyone, nor was there any reason to. I don’t care how old a person is, when they have a good relationship with their parents and they die, it’s fucking hard. Needless to say, I’m *done* with my uncles and aunts, etc from my mother’s side. Those people, I wouldn’t hit in the forehead with a penny if they asked for help from me.

My wife’s family came together for my wife and I at our wedding and made it one of the best days of my life, and I’m sure it was one of my wife’s best days too. I learned a lot about humanity, my new family, and myself when I got married. Amazing people, the whole lot of em. It’s great how her family was able to help us make it such a wonderful event. Our friends and family are the greatest. So many things changed when She and I became one in the eyes of the law. It seems like every time I turn around there’s something new that we must do, cannot do, or should/shouldn’t do because we’re married. Taxes, Insurance, Loans, even just a bank account… so many things change (some for the better) – all because we no pronounce we are legally one. So weird. More weird is the fact it’s all just financial stuff that seems to really change. I could rant on that alone for two posts. I wouldn’t change a bit of that if it meant not being married.

Technically the hurricane was closer to 6 months ago now. It’s effects are still being felt. Our garden is in complete and utter disrepair. When the hurricane killed my plants, I got depressed about the whole thing. Then this January, we had a hard freeze which killed off most of the rest. Partly because I didn’t plan accordingly (see above comment) We had various vegetables, herbs, and some squash plants. It was more of a “Let’s see what we can grow, and enjoy it” After all, the store is still an option. But now, we’ve come to discover that some of her several-year-old plants are now dead from the freeze. *Gut punch* Not too bad, but it’s just one thing after another. Not to mention the grass, which I’m fairly certain is just obliging my thoughts on not having to mow so much, is dying around the front entry and driveway.

This isn’t too horrible, other than I need to get some rock and stepping stones, which costs money – oh and the abominable trugreen salesmen who, despite the “NO SOLICITING” sign up front, continue to bother us about our dead grass. I like my neighbor’s opinion on that, which he voiced at our latest HOA meeting. It involved a shotgun. Apparently complete and utter verbal hostility is not enough to get on their “do not talk to” list. The last one left a written door hangar (folded up and shoved in the door), started with “I read your sign” How ignorant can people be? Seriously, this makes me sad on so many levels. I digress.

Anyways, I mentioned a new addition to the family. Well, not really an addition. More of a re-introduction? My wife and I are adopting my niece – originally we just wanted her placed with us, to get her out of the foster care system. However, there was a threat that she could be taken away for nearly any reason and that adopting her would prevent that. What ever. I just want the girl to have some-what of a normal life. The longer she’s in that system, the more harm is done. We’re within a week of finalizing this, so I feel it’s OK to say so. This has brought on it’s own set of stress, complications, and curve balls. Being we’re adopting a child from the state, we must have a “home study” completed. This involves background checks, finger printing, digging up stupid shit from my past, and generally being a nuisance to us. Certain people have known, and some have been mislead to believe otherwise – I’m sorry for any deceit from this. There were reasons.

The home study has been going on since November. We told the people before they ever scheduled anything that my fiance and I would be getting married and leaving for honeymoon. And what’s right after when we get back from our honeymoon? Thanksgiving. So what does this woman try to do? Schedule the first interview while we’re gone. As in not even in the state of Florida. At that moment I knew I should had requested another worker. What has the last 5 months done for that? Proven me right. Though I’m not sure there are any workers who are less inept and incompetent. Maybe there are, maybe she’s the worse of them all. I don’t know, but I bite my tongue because I need her to do her job. She’s lost reference letters sent to her. She outright replied to a personal reference email from my wife’s mother asking who the subject of said reference is talking about. (My wifes, my nieces and my full names were in the letter) This is after we sat at our kitchen table for 4 hours trying to explain how criminal records work. One would think this person would know this already. And yes, I have misdemeanors and traffic violations, etc. Anyone ever claiming me to be perfect is not to be trust and should probably be put away. But that’s all of us.

On the lighter side of things, I’ve got a trailer to haul stuff with (and which will be holding my lawn tools while in the garage) We’ve got the property mom’s husband lives cleaned up, and some back taxes paid. And he’s on his way back to building his lawn service company. I’m on better talking terms with my siblings, and we might be getting a puppy some time in the future. Puppies are always great. Almost as great as kittehs!

So, I think I’m done ranting. Thanks for reading, chuckling, laughing, crying.

So You want to be an Internet Moderator…

AS OF:8Feb18, 10:18am This file is a WORK IN PROGRESS.
This will continue to be worked on and expanded until the basics are covered.

Moderator, chat-mod, staff, admin, owner, Op, SysOp, Community Manager, etc, etc, etc

There are many positions with many more titles that one can take upon themselves online, through others’ or one’s own services. As I write this, there are many services one can choose to use as part of an online community. Some of those services are forums, IRC, Discordapp Guilds (including text, voice and video communications), Games of all kinds, broadcasting services (such as twitch.tv, mixer, etc), even Facebook groups. Some of those positions, in no particular order are: owner, administrator, operator, moderator, and various forms there of. There may be specialized positions, which moderate only a single aspect of the community, and there may be overarching positions which touch upon most or all aspects and areas of the community. We’ll go over what each position is later in this post.

There’s plenty to write on the philosophy of moderating online communities. From the standpoint of morals, ethics, and values, a lot of conflict and problems will arise. But without these, the community cannot have enforceable rules. The rules will be hollow and seen as unjust by the community – even if the rules are being followed. It is important for anyone who will be moderating a community to understand the reason for the specific rules, as well as the depth and breadth of the restrictions, freedoms and punishments of those rules. This is “staff policy” and is the governing terms for the community’s staff – the document which tells every staff what is expected of them as staff. Every one, from the person who owns the service for which a community will be built upon to the trusted members of the community should know, understand and agree to the rules. This does not mean that the rules must always be obeyed or may not be changed some time in the future. When that time comes – and it most definitely will – Everyone who is in a position of moderation must go through the changes and agree, or be removed. The community as a whole must also be made aware of the rules. Compliance from each member of the community is not mandatory, as their actions and words will clearly show who is able and willing to abide by the changes – and who is not.

Whew! That’s a bit of heavy paragraph there. That’s this entire document in a nutshell. There’s so much more to go over, and I have been considering a training service for those wishing to learn how to moderate chat, games, and communities. This is my foot in the door. We’ll see how it goes!

Before I go much further, I want to list out some terms and their definitions. There is a lot of misunderstanding and confusion regarding various aspects of moderating and enforcing rules. The first and foremost is that UNLESS YOU PUT THE EFFORT, ENERGY and MONEY INTO THE COMMUNITY – YOU CANNOT BE “Owner”! “Owner” is not a title and should never be treated as just another staff position. Founder, Owner, Operator (of various kinds) are the ones who – if push come to shove, are the ones who are legally liable for the community. More on that later. Communities may have “Founding Members” – and this is fine, as long as it is made very clear that these members are not staff, and their word as weight is not definite.

Here is a loose glossary of terms:

  • Founder: the person who created, set up, and started the initial growth of the community. The first owner is always a founder, but founders are not always owners.
  • Owner: the person who is financially, legally and ethically responsible for the community, for which they have created, paid for, or have attained ownership of. The person who has the right to transfer the community to another. The person who’s word is law.
  • Operator: the person who runs the technical aspects of the community. This is the skilled person who the Owner turns to for functional work to be completed. This position may be held by the owner. There can be Operators (Ops) for specific aspects of the community, ideally all Ops will work together as a team under supervision of the owner or lead Op.
  • Administrator: the person who ensures that the community management is successfully run. This person handles administrative duties and works with the Op and owner to ensure the members have the ability to fully utilize the services of the community.
  • Moderator: the person who ensures that the members are properly following the rules and whom properly follow policy when those rules are broken. This position should be held by people who are able to be strict but who are also capable of understanding the human condition. Like Op and Admin, Mods may specialize in specific areas of the community, such as a “chat-mod” moderating only the chat, or “game-mod” moderating game-play.
  • Junior-*: this person is given partial, restricted or even full control over their duties, usually with supervision. These positions are usually reserved for trainees or those who are capable of the task but otherwise do not completely qualify for the position.
  • Mini-*: this person is not a staff and should not be allowed to act as such. Any person who has been identified by the staff or community as being a “mini-mod” or “mini-admin” etc should be corrected as quickly as possible. These people can wreck a community if not controlled or removed.
  • Member: this person is part of the community in a non-staff role. This is the person who is suitable to be in the community, to enjoy and utilize the services and who will help grow the community in number, in dissemination and ideally in financial methods as well.
  • Trusted Member: this person has been part of the community for a considerably duration, but has not chosen to be staff, or in some communities is the first step to becoming staff. These people are the community’s first line of assistance for others, and should be treated with that level of respect.
  • Guest: this person is new, has not made it clear that they are going to continue to be part of the community, or may not have yet made the choice to do such. These people are potential members, but have not made the commitment to the community to be so. Each community will have their own requisites for determining Guest to Member status changes.
  • Chat: Loosely, this can be voice or text, or even Morse code – it is just simple informal live communications between two or more parties. Generally, this is live or near live primarily text communications. In communities where Voice is the primary communication, “chat” may refer to voice, otherwise, “voice chat” is the predominate term in primarily text areas. This is important for defining “chat mod”

There’s more, oh so many more, but these are the primary terms we’ll be worried about here. Most any other title, position, rank, etc for staff members will generally be some reflection of the above. Clearly defining these positions, what ever they are called, will greatly reduce confusion among the staff and the community as a whole. A good way to define these positions and to define the relationship of each position to the rest of the positions is to make an organizational chart.

There are words used to define positions within a staff heir achy – from Owner to Moderator, etc. These words, used as the names of these positions, these “titles” are founded in the ages old definitions of the words for which they are based. Those definitions are as important, if not more so than the loose glossary above. Along with those definitions, there are many words used to describe unwelcome, bad, negative, malicious, etc behaviors in chat and in game-play.

If it has not been made clear yet, a good portion of knowing how to be an internet moderator is knowing the definitions of words – After all, how can one “ban” someone if they do not know what the word “ban” means, or that it is short for “banishment” – more specifically that to ban someone means to restrict that person from certain actions and/or activities.

The learner here should be sure to take the time to look up any word which is unfamiliar, is a word seemingly being used wrong, or even words which one cannot seem to stop thinking about. If reading a section that seems unmemorable, or seems as though it has not been read – there is a misunderstood word which should be looked up in the dictionary and properly defined in the contextual use case. This means if a word is defined but that definition does not seem to fit the rest of the sentence or paragraph, there is another definition that needs to be found. I, the author of this document, use American English and British English, in this order – as such words should be defined Merriam-Webster and Oxford English Dictionary when possible. Most words will not have deviating definitions from American to British English. Throughout this document, I may provide the specific definition for certain words, or a loose definition as the word is being used if the need arises.

Yesterday…

I’ve been officially married in the eyes of God, the law, friends and family for five days now. Nothing much has changed. But that’s to be expected – because we have been married to each other for over two years in our own eyes. We made that commitment then, to each other and have lived by it since.

It’s amusing how much has not changed. And how much actually has. The things I would have bet good money on changing after our ceremony are absolutely 100% the same. I’m still a perfectionist, and she is still the perfect person for me.

We’ve spent many units of space time together, traveling through this life with each other in the last 2+ years. We’re each other’s companion, staying side by side through all that life throws at us. She is by far much more my strength than I hers. We have grown together, she has taught me patience that no one else ever has, and has taught me to be calm. Her opinion is the first to matter to me in a long time. Maybe that’s what love is about?

She now refers to me as her husband, and I refer to her as my wife. These are not possessive terms as much as they are self-proclamations of attachment. I attach myself to her when I call her “my wife” – not the other way around. For so long, the left has been shouting wrongness and irrationality at my that I didn’t realize how much they were wrong, and how calling someone “my wife” would affect me positively.

I am not her property, and she is not my property, except that we give ourselves to each other and have bound our lives together, equally and have been acting as husband and wife for 2 years – only now we are legally and socially allowed to use the titles of endearment for which roles we play. Life is good, it is simple, and it is the most complex it has ever been, it is terrifying and exhilarating all at the same time. It’s a hell of a thing, and I’m so happy to be sharing this journey with the woman who calls me husband.