Something I’m not proud of, but am in a way…

I wrote this to a private group on Facebook.  After posting it, I felt maybe a wider audience could learn from my mistakes here, and use my story here to better themselves.   Within the group, we refer to ourselves as Savage Gentleman.  It’s a group to help guide each other to be the best men we can be, from shaving advice to fatherhood to, well, things like you’re about to read.

I will start by describing what I believe to be a Savage Gentleman. I’ll break that down to Gentleman, Savage and then what it means to be such together. I’d like some input from everyone on my take on this.

Then, I’m going to get into describing a situation I was in, from this morning’s visit to Walmart. This isn’t rant about walmart. If anything, it could be mistaken as a rant on the degradation of society, proving why we need more SG’s in this world. No, it won’t be that either though – this will be about me, as a person, as a Savage Gent.

I will also cover some more important factors in my life which has helped, guided and been a stable foundation for my growth as a person, emotionally, spiritually, and as a Gentleman. This is relevant to the situation I experienced today, and my actions and attitude towards handling it. Spoiler: I could have done a whole lot better, but hey, no one is in the hospital and no cops were called.

At this point, I haven’t even started and you’re wondering if you should continue reading. It’s going to be a long one. It’ll probably push some peoples buttons too, but that’s not the intention here. So, I do hope you enjoy!

For me, a Savage Gentleman is a balance game, without our minds, bodies and souls. It’s a state of being, an attitude towards life, love, society & civilization, and the world in general. Most importantly, it’s a description of a man’s sense of being, how they attack life each and every day, how he overcomes life’s… issues. At least, this is how I view, and live as a Savage Gentleman.

To be a Gentleman, is to be a man with high morals and ethics. To be a man who takes personal as well as societal responsibility. To have adherence to the law of the land for which he stands upon. To hold himself to a higher standard, accountable to more than himself. A Gentleman shows respect, when it isn’t specifically undue; holds dear to his heart his principle and values, and does not let anyone tarnish these. A Gentleman is a pillar of encouragement for the betterment of himself, his loved ones, and every aspect of life, society and the world around him which he has influence over. (Take a look at your life, and you will surely realize, you have much more influence than you might suspect)

To be Savage, however, is another point. There is savage, for the sake of being savage. Then, there is being savage for the sake of protecting oneself, family and way of life, one’s values and all that makes up those values. Put bluntly, “not taking shit from anyone” To be purely savage would be to unduly offend, to be mean for no reason, to act irrational, uncivilized, anti-social. Even then, there are reasons to dip into these depths. There are times in life when releasing that brutally honest, fierce savage within each of us may be warranted. When a man must take a stand, no matter how small or how big, to defend his morals, ethics, princples, values. When a man sees wrong in society and has no choice but to correct it, or at least make the attempt. This level of savagery is our last ditch effort to make things right in the world. It is this savagery with meaning which we may use as a tool. We should shy away from that beast within each of us, but draw from it only when needed. It is a tool we should weild with high regard, and use only for those situations which have not been corrected with other efforts.

To be a Savage Gentleman, we take the best of both. We bolster our defense with our savagery, we use our intellect and wisdom for our offense, when absolutely needed. Every situation in life can boil down to something we need to attack, defend against, embrace with our hearts and minds, or has no bearing on us what so ever. This is true just as much for choosing our physical tools – from wrenches to pedicure files and beard balms – as well our metal tools: knowledge, wisdom, behavior, values and principles. From situations as choosing what vehicle to procure, to dealing with unjust actions taken against our loved ones. To be a Savage Gentleman is to use both sides, to balance ourselves and dip into each side more and more as necessary, to stand for what we believe in and ensure no one scrapes that away from us. To be a man who can sit in a bar and have some laughs with strangers and friends alike. To be a man who can stand up for what he believes in and do the best he can to protect and correct whenever possible. To live his life and not let others negatively affect it.

We make decisions every moment of every day. Every situation we are presented with, we have the option to attack it, defend against it, let it alone, or embrace it. This, to me, can be seen as Most sage to Most Gentlemanly in behavior. A good mark of a man is for him to know when to attack and when to embrace. Society is getting to the point where we, as Savage Gentleman, should be standing up to attack those things which are contradictory to our way of life. To attack with personal, social and political responses. To attack by voting out those leaders whom would see harm done to us. And, if it were ever to come to it, to attack in a more physical means. We are well past “letting it be” and our defenses, though strong, are often not enough to prevent the degredation of our way of life. No, I’m not issuing a call to arms. I’m issue a call of personal responsibility, if anything. We need to live our lives as shining examples of what we believe, and not let anyone take that away from us.

This, to me, is what it means to be a Savage Gentleman.

Today, I was feeling much more Gentlanmanly than savage. I’ve nothing pressing which has to be done today. I work for myself, and I’m more or less taking a day off. My wife and I are planning to go shopping this weekend, and neither of us like to shop at Walmart on the weekend. So, being in a good mood, I decided I would go to walmart and get the few things we can’t get at other stores. That’ll make this weekend much more enjoyable. Or, so the day began with such thoughts and wished.

I’m not here to rant against walmart, but to explain what happened, how it could have happened, and what I could have done better. I’ve had anger issues since I was 11. I’m nearly 40. Every day, I wake up and have to work to keep myself composed. Some days it’s much easier. Other days, though much easier now than previously in my life, is still challenging to me. Today quickly turned into one of /those/ days.

I spent about 45 minutes in the store. Nearly every other product I went to collect was out of stock. By about the third item, I started to get annoyed. I would have to come back tomorrow, or try to find the items at the other stores we shop at. Regardless, my like of 15 or so items was not going to be completed this morning. Twice, I attempted to get an employee’s attention, because often there are products on pallets in the back which havn’t been stocked. Twice I was promptly ignored. Now, I’m starting to get a bit upset. But, I say to myself “it’s walmart, this isn’t unusual for these people. Chill”

Soon I realize there’s no one stocking anything but 2 employees. One of which is stocking an already fully stocked produce department. Ok, I get it, that’s where she works. But, no other employee is working to stock the bare shelves. Maybe the truck hasn’t come in. Maybe the employees aren’t on duty yet. But no amount of justifying the situation made me less upset, in fact it served only to make me more upset. All that kept going through my mind is “$15 an hour and these people can’t keep product on the shelves” Yes, this was pretty petty of me. The savage, for which we should dip into only when needed, had taken it upon himself to poke his head out and grumble.

Then it happened. The woman stocking produce looked right at me. There was no way should could had missed me walking into the department. Instead of waiting for me to pass through, she, from a full stop, pulled her stock cart right in my way, cutting me off. “Really!?” I muttered aloud, but quietly. I was maybe 8 feet away. If she were quick, she could do it and get out of my way. She didn’t. She stopped the cart again in the isle. I’m on the verge of being pissed off. I’m not thinking clearly. I’m moving along, wanting to get out of this incarnation of Hell upon Earth. I attempt to go around the cart, but there is no room. My cart hits the stock cart. Not hard though, I wasn’t walking that fast or hard. I stop, exclaim “Fuck!” – but the stock cart is now out of my way. So I walk briskly away, pushing my cart.

She did it. And frankly, I’m proud of myself for not reacting. As I’m walking away, I hear her cussing me. Yes, maybe I was a bit of an ass for hitting her cart. I honestly didn’t mean to do such – at least not consciously. Maybe I could had apologized, but I didn’t. To me, at that moment, I had done nothing wrong. I had not caused the situation. But I had done something wrong. I escalated the situation. I didn’t stop before hitting the cart. That moment nearly broke me. Because of that, I had now afforded her the self entitlement she so wanted to cuss a customer. My blood is now boiling. Such a piece of work. To cut me off and then cuss me!? The balls on this woman. Suddenly, I realized I needed to just let it be, to move along. A single feeling started to come over me. I did not want to go to jail. And I knew, had I turned around, had I screamed at that woman like my heart was yearning for, has I made that scene – the cops would be called, and I would be going to jail. Thankfully, I did just move along.

The camel’s back, now fully loaded. Oh, look! One more straw! There are two registers open. And each line has several fully loaded cart. Oh! Look at that, the one cashier is talking to her friend instead of scanning their items. I’d had it. I’m done. I’m not going to jail over these idiots. But they sure as hell aren’t getting my money either. Considerably loudly, as if I were talking to a friend 5 feet away, I exclaim as such. “Fuck it! I’m done. Going home, this place is fucking retarded!” as I pushed my cart deep into women’s clothing, between racks of cloths. I’m sure at least 3 employees heard, and seen me. I felt no remorse, no regret, no shame in these actions and words. These people need a wake up call. They can put away the $100 or so worth of merchandise which I’ve abandoned. I’m not doing it. As I’m walking towards the door, a manager, could do nothing but stand there with her jaw wide open just staring at me. Not a single attempt to ask me what the issue was, to try to correct anything – nothing. Just stood there like an imbecile.

Now I’m certain this woman is going to be calling for security. I’m 40 feet from the doors. There’s plenty of time for them to catch up to me. I’m certain they’re now going to escalate this into an reported incident. Thankfully, I was wrong. Not a single employee or person attempted to approach me. The only wise thing walmart employees did today. I continue on to my truck, still weary that someone might be following me. I turn around and look, no one. I get in, turn the truck on and just sit there. I need to calm down. I’m mad. Seriously mad. I don’t drive when I’m mad, any more.

So, no cops, nothing. After all, the very worse I did was accidentally bump the stock cart. I hadn’t berated any employee. I hadn’t made any physically threatening gestures. I simply walked out of the store exclaiming my dis-satisfaction. I do some mental exercises to calm down some more. The last thing I need is for a speeding or reckless driving ticket. I know, however, in my heart as well as my mind, that those thoughts are a sign of guilt. I am guilty. I allowed myself to be non-proportionally savage and on the verge of out of control when I should not had allowed it to get as far as it did.

I am not alone in this, however. Those employees are just as guilty in the events which lead up to me leaving the store. But they will never understand that. They will never fully realize how much of an emotional and mental drain they are on their customers. These people demand to be paid more, to be treated better, to be entitled to work and pay. They put no effort into this, where it matters. Quality, service, personability, worth ethics, civility. They lack this. Maybe not completely, and maybe not every one. But this is where society has been led. On a golden leash of promises.

I hope my actions and words have served as a wake-up call to these people today. I hope that some good can and will come out of this situation. But, those employees will probably, if not already, forget about me existing at all.

For the better part of 30 years, I have fought every day to improve myself. I have fought to hold back the savage in me. I have fought to control my temper and anger. Maybe I’m just getting older, but the last 8 years, I have truly started to get a grip, a real control on that side of me. About 5 years ago, I met the woman who would become my wife (We’ve been married just over 2 years now). She has seen me at my absolute worse – punching holes in our bedroom door, throwing stuff across the garage. She bore those times with me. She helped me get through them. She has helped me every day to be less anger filled and to not have to fight to be in control. I have had the cops called on me because of my irrational responses to employees in walmart before. For much less than what happened today.

I owe a very large part of my self control to her. She truly loves me, and I her. It is that love that has kept us together, that has helped to shape me into a much more respectable man, that has given me the control to walk away from situations that could end up so much worse. She brings out the best of the Gentleman in me. She is my torch. Together, we stand on a pillar of morals and values. I might slip now and again, but even when we’re apart, she helps get me back on top.

I still have to work hard every day. But now, it is not to control myself, not to keep my temper and anger subdued. I work every day to better myself. To make that fight even less of an issue. To get to the point, where one day, I can wake up and not even think about my issues. I fight every day to grow to be the man my wife deserves. Today, I failed in that. She may never know, but I will. I have tarnished my own values, yet again. So, every moment, every day, every situation, I will work to make the best choices, the best decisions I can to lead to being the Savage Gentleman she deserves in her life.

I neither deserve nor want accolades. I have spent the last few hours beating myself up over this. I respect the situation in that I have an opportunity to learn, to grow and to be better for the next situation as such. I share my story in hope others can learn, and know they’re not alone For the mentors out there to better understand the struggles they themselves may not personally have.

I’d love to read your thoughts on this. I’d open to any legitimate advice that can help me make situations like this a thing of the past. Don’t feel obligated, but anything you share would be greatly appreciated – not just by me, but potentially hundreds of others. How can we fix our civilization if we can’t even admit to ourselves that we need to fix us? We learn from each other, but only if we share for others to learn from.

If you’ve made it this far, you’ve read about 3000 words, or roughly 16,000 characters.  (maybe a tad under that, but not much).

For which we all know

Thou haste through life, willfully impressing upon time thy own will amid suffrage of passage. Fleeting as sparrows in the wind, for which once was, now passes. Yet! Upon the horizon, cometh anew for all whom shall witness.

By remembrance and spirit, before us whom hath passed, share in our celebrations. This night shall end a chapter of life. Ferry on courageously with passion and sight. Rejoice amongst friend and neighbor, for upon thee is the birth of a day, a month, a year.

2019 has brought many losses to many of us. Fathers, Mothers, Brothers and Sisters, friends and family. Bring their spirit with you into the new year. Remember them, and their goodness. Live with them in your heart and thoughts every day. Live for them.

Do not loath their loss, for as long as you live, they live within you. Make them proud of the life you continue on. Remember too, those who your loved ones have left here, and embrace them warmly and lovingly.

The new year brings a new day. Make the most of that day, of the coming year. Every new day can be a new start – The day one starts living, dieting, working to improve themselves, their lives, their situation. The day we forgive those who have wronged us. The day we ask for forgiveness from those whom we have wronged.

Bring in 2020 with your goals, aspirations, and a renewed joy for life and those around you. Though, every day we can choose to set aside our differences, issues and bigotries, a new year brings acceptance of those changes and can symbolize not just the passage of time, the birth of a new year and death of an old one – but it can symbolize the birth of a new you, and the death of those things which should be left in the past.

I, for one, have already started working on the goals I wish to achieve for 2020, and have been for some time. New Years Resolutions are only useful if the time, effort and purpose is continually poured into and used for those goals. Be it to lose 5 pounds, or to start what will become a Fortune 500 company. Now is the time to start, and every day is Now, with tomorrow being a symbolic start, birth and renewal of a great many things.

Make the most of 2020. Live every day as though it is “THE Day!” Life is full of obstacles, rules, and goals – the biggest obstacle to any of our goals is ourselves. Break through that and become the greatest version of you that’s ever lived!

Be safe, and please have a Happy, productive and exciting 2020!

e-waste – how to handle it

This post is applicable to EVERYONE – not just the original poster. This is my reply to their question on SpiceWorks. When I started, I wasn’t planning to write a full on instructional manual, but I have, more or less. I have years of experience with e-waste reclamation, in south Florida. One thing I don’t mention below – you’ll want to watch your local scrap prices for steel/irony, copper and aluminum. Don’t jump the gun and take a small amount of scrap in when the prices reach a high, they fluctuate, and will be higher again. Now, onto my actual reply:

No one buys e-waste. Recyclers sell their services to businesses, to take the gear. They then strip it all down, and recycle the various components. You’re paying for that time, and the cost to recycle the non-metal portions. Any money made on the back-end with metals scrap is their actual profit.

Your old but still usable gear… don’t pay someone to haul it off. Reset bioses, firmware, DoD wipe drives… and give the stuff to some kid who can use it to learn, schools and libraries, sell on ebay, or keep as spare parts. This is how to do that, within a business, environmental, social and legal sense (at least in most places, I think), and maybe even for a small profit of your own ("your own" being speculative, your business may want the funds, or allow for the funds to be added to a departmental slush fund, after work party, etc)

First and foremost – TRACK EVERYTHING ON PAPER! Any gear which leaves the ownership of the business NEEDS to be written down, and preferably authorized by management above you. Especially if you are the recipient of said equipment. The recipient also needs to print their name and sign. This is totally a CYA thing, and though may not be required by law or company policy – make it your own policy and NEVER DO WITHOUT! I’ve seen this bite people in the ass years later.

Your best bet would be to find an entrepreneurial high school student, and guide them into building an e-recycling business. No one in the US will buy your old gear, much less pay shipping for it. Not that level of waste, anyways. RAM, CPUs, motherboards and expansion cards have higher value due to the potential gold content – these you might be able to sell to someone willing to take the time to reclaim the gold and copper. Old drives, heatsinks, cases, PC power supplies – these all have the highest value for metal scrappers, and if there’s a metals recycling center near you – it would be worth your time to collect the stuff until you have enough to spend a saturday breaking it all down to "clean" metals – removal of any plastic, boards, and to separate the metal types. This is where that high school student would come in. There’s at least three different metals in most hard drives (aluminum, steel/irony and rare metals from the platters and possibly magnets). Heat sinks are almost always aluminum and/or copper these days, and are pure profit for scrappers. The PCBs, if they do not have re-use value (You’d be surprised what people buy in the way of old working tech! Check ebay!) can be gathered up, with the steel and plastic stripped off and sold in lots to gold reclaimation businesses. This is a mightily dirty, toxic and dangerous work, so you’ll often be lucky to a dollar or two per motherboard, and less for PCI/PCIe cards. This isn’t the work for most people, and the start-up costs are considerable if done properly to protect the environment – lots of waste heavy metals and acids that need to be properly handled.

So, ultimately, this is what I would do:
For any whole/complete or mostly complete equipment which still works (or can with the addition of some parts): Sell on ebay, locally, or give to a student aspiring to get into IT, or for old desktops, donate to a local school. This includes printers, monitors, etc as well.
For old /working/ components (RAM, CPU, motherboards): sell on ebay. Being they’re small components, the shipping isn’t horrible, especially if you give a local-pickup option, or charge more for off-island shipping.
For non-functional components: Start a collection box, strip off the larger pieces of plastic, steel and aluminum, and put the "cleaned" components in another box. Take the steel and aluminum to your local recycling center to get paid for your time.
Computer cases, heat sinks, HDDs, PSUs, etc: strip off any plastic, and separate the steel, copper and aluminum. Use cleaned PC cases as collection bins for steel items (such as brackets from expansion cards) – once a case is full, take the whole thing in as steel/irony scrap. The same can be done for copper and aluminum too, one metal per case.
Non-functional "cleaned" PCBs and HDDs: Collect the HDD platters separately from the rest (above) and sell in lots by number or weight to metal reclamation business – possibly the same people who will buy the PCBs for gold and copper reclamation.
For non-functional systems & gear: Deconstruct these to their base materials and components and start at the top of this list again.

Your biggest cost then will be the plastics recycling, which you might be able to pay someone locally to pickup for recycling. SOME plastics can be sent through a shredder and melted down into 3D printer prototyping filament spools, but not something you’re liking to do yourself. Of course, the rest of the stuff, you’ll need storage space for, but that can be as little space as a couple office chairs, especially if you dedicate a shelving unit. Anything you sell on ebay will cost posting fees, and anything you sell in working order will need to be shipped in anti-static bags and bubble wrap. To be cheap, you can re-use the bubble wrap and AS bags from equipment you’ve ordered. Boxes too.

Anything above where I said "you" can also mean anyone else. But, don’t expect them to purchase the gear from you to do that work. If your company would allow it, you can possibly "hire" a high school kid to be your e-waste recycling "contractor" – Someone who would be willing to pick up your gear for free and do all the work. If you build up a nice pile, enough for a week’s worth of work, that would be enough to get them started as a business. Advocate for them to other businesses in your domain, to get them going. But, you’ll need someone who you can trust to actually do the work properly, as your concerns are environmental and not profit based. Doing this would ensure the components stay out of the landfills (and the environment) – AND help to start up a new business. Win-Win!

Oh, and if you want to get really into it, fans have copper coils which can be removed, collected and sold as scrap. It’ll take a couple hundred to have enough copper to really be worth anything, but popping the motor out of the shroud and removing the blades is done easily enough, resulting in much less space needed for storing until enough is collected to tear down.

CRT and LCD monitors, these can be de-constructed as well, but they require extra special care and handling. The light bulbs are similar to the tube lights in your ceilings, and LCD panels can’t easily be recycled, so they would have to be shipped off. Thankfully, most "dead" LCD monitors only require new PCBs to become functional again – so repairing them is often more cost saving then replacing, and for the ones which aren’t to be re-used, the internal components and LCD panels can be sold on ebay – ESPECIALLY if the monitor was working when decommissioned, so you can say that it is in working order, the same for the PCBs (power, control, I/O boards) On common and more expensive monitors, and ones which use standard VESA mounts, the stands can be sold separately. I would keep any working external power supply bricks though, especially if your company has the same monitors on a lot of desks.

Which brings me to my last point: Spare parts. Keep them, at least for a while. If it’s something that is replaced with another – such as someone in the company getting a new desktop, but their old one is still in working condition and it’s newer than a Pentium II, keep it. If you hire a new employee, you’ll have a PC on hand, at least to get them started with until a new PC can be purchased or built. Once a quarter or so, take the oldest half to a school, library, etc – make a drive of it and go out to areas where they’ll really be appreciated.

Dark mode and more

This could be considered an RFC of sorts.

It’s intended to be a starting point for professional designers to create a color standard for 4 different brightness modes of UI display – from near black to high contrast bright.

There are a set of 4 base optometry categories – Normal vision, Deutaranopia, Protanopia and Tritanopia. Each category has 4 basic scheme modes based on brightness. There are 2 modifiers, modifying 2 modes each. Each scheme has 4 hue offset options for gray colors.

In total, we have 4 vision categories, 4 base schemes, 4 modified schemes (equalling 8 schemes) with 4 hue offsets each. That’s 4x8x8, or 256 schemes. There are 8 grays, plus black and white, giving a total of 10 gray colors per scheme, or 2560 color value entries, with some colors to be duplicated.

The scheme names are based on daily solar cycles:
Daylight – "normal" light mode.
Sunset – Daylight plus orange mask.
Twilight – Dark & light grays, higher contrast, no black or white.
Dusk – Twilight plus orange mask.
Midnight – Darker than Twilight, lower contrast, no mask
Sunrise – Twilight with a blue mask
Morning – Lower contrast version of Daylight, white/black are offset slightly towards gray
Noon – Daylight, higher contrast, brighter hues and blue mask

The schemes have 4 color hue offsets. These hues allow for B&W grays, or offset to red, green or blue. This allows for a more comfortable experience for the user, if they prefer a slight color to the grays. This also allows for aesthetic integration with the rest of the color pallet used in the UI; color correction for monitor temperature differences; and user comfortability resolutions.

The schemes can be represented as:
normal – daylight – key (white)
normal – dusk – red
Deutaranopia – morning – blue
normal – midnight – key (black)

Ideally, there will be mechanisms in place for the use, and ommission of these color schemes. Once such ommission example would be for the display window for graphic artists and video editors. These professions rely on color accuracy for their jobs.

There would also be mechanisms in place for automatic controlled selection of schematic based on time of day and environmental light levels. Also to allow user-created scheme rotation sets which adjust based on time of day, light level and trigger events. There should also be the ability to permanently set a scheme by the user. The schemes should be toggleable for use with full screen video and games.

The four masked schemes should be used for circadian manipulation – blue to help the user wake up, stay awake and focus; orange to help the user to begin to relax after a long day, and which can help with computer use related sleep issues.

All effort should be made to create all 8 schemes available for the 3 categories of colorblind users as well. A set of grays, based on rgbk will be needed, preferably 8 grays, plus black and white, for the basic color schemes.  This will allow for enough contrast for monochromatic UIs, with true monochromatic settings eliminating all color hue, with a total of 256 different grays, where r,g,b are equal values.  A full-hue color scheme, representing all of the 8 bit rgba (for a total of 32 bit color) gamut can have the color hue decreased or eliminated, resulting in a high definition monochromatic display, and is easiest done with hardware, however, there is limited advantages of this compared to 256 grays with 256 alpha channels (resulting in 65,536 potential colors)  The focus here, however is to create a set of color pallets used for UI designers which can be used as the basis for basic display colors for all "color modes"

These schemes contain the basic grays used, and should be more than sufficient to provide a basis for any non-gray color theme for any OS, app or web design. There is also the potential for these schemes to be useful in print and other visual displays.

I have create an incomplete table of all optometry categories, masks, schemes and color hues. The normal vision category being the most complete, missing only the color values. Example values provided are just examples and may need to modified for any real world application.

The purpose of this table is to allow designers to quickly and easily create schemes for their project which will be 100% compatible in gray scale with other projects using the same standard schemes. However, this still leaves artistic space for non-gray accent and base colors, allowing for full themes to use any color atop of the base scheme. This should result in a total overall expeirence with mixed themes that feels natural and integrated. A mixed theme same scheme environment will allow for differnt programs and elements to have different colors atop of the same scheme. An example of this would be using VLC and Facebook Messenger on Windows, where the Dusk scheme is applied; Windows could then have white theme, VLC and orange theme, and Messenger a blue theme – however the window, background, text are all based on the Dusk scheme and so all UI elements use the same grays. This would carry between OSes, Desktop Environments and browsers, resulting in the same gays being displayed for the same scheme on all devices.

This, unfortunately, can still result in different hues presented to the view while using multiple monitors and displays, as there are differences between manufacturers, pixel colors, backlights, and color temperatures – as well as age affected color distortions. However, these issues can either be manually adjusted per monitor settings, or ignored.

The focus of this, again, is to provide a standard means of designers to have access to a set of color values to present their works in a unifed way. However, it would be much more ideal for APIs and libraries to be written for each OS, browser, and Desktop Environment (KDE, Gnome, Explorer, etc) where the program, app and web page are slave to the user’s setting, thus elimating any need for manual adjustment or bloated code bases for each element, window, app, etc. This would also be a user-optional system to use, with custom full themes being able to override the system theme/scheme, such as the case with Linux desktop environment theme packs.

Below is the incomplete image of an ascii table representation of this, with "normal vision" being the most complete, yet missing most of the color value data:

Hurricane Charley and the life it changed.

Let me start by saying I get nostalgic about the old times. I miss them, and my friends. But I would never change a thing that happened. I am grateful for all the times we spent together, and will cherish those memories for as long as I can. We made a lot of memories – some good, some not so good – but those and the great memories will forever be in my heart!

Today marks 15 years since Hurricane Charley formed. In 4 days, it will be 15 years since it "wobbled" up the Peace River in Punta Gorda. It destroyed my home, my life, separated my group of friends. It destroyed my home town, and the quaintness it once had. It took so much from so many.

Out of destruction comes anew. The plot where our home was has long since been cleared, and I think there’s even a new house there now. My friends all started new lives, doing new things, and excelling as wonderful people. My home town has been re-built, losing it’s once beautful quaintness, but gaining a renewed aesthetic beauty and even a better economy. All of those other people have moved on, gotten stronger, doing better, and are for the most part living their lives as normal. It’s been an interesting journey for me, however.

It was about this time, 15 years ago (and maybe a month), that I met Jeff Bushey, and his little company SurityNet, and The PC Hospital. I had just applied for a job at a new restaurant opening soon in the strip mall, and from the sounds of it – I had gotten the job. I walked into the office looking to buy a PCI SCSI (80 pin at that) card for my PC, so I could retrieve some stuff off of my old Macintosh drive. (When did Macs stop using SCSI?) After talking to Jeff for a bit, telling him what I needed, and that I’m shopping around and can’t promise to buy anything. I explained the situation with work. By the time I left the office, I had gone through an interview, and was offered a position. Flabbergasted! I was exstatic! I’d been working for him for a very short time when the hurricane hit.

Enter August 13th, 2004. Charley is aiming for Tampa Bay. Seemingly everyone in Punta Gorda is having a hurricane party. My friends and I included. We’re baking a pizza, so I stay home when everyone else went down the road to our friends house to get them to come down. The usual thing – most of the group goes. They never came back. 20 minutes later, I get a call from my mom, telling me the hurricane changed directions, and is now heading for us. She told me she sent her husband to get me (and my friends if needed) By the time he drove the 10 minutes to where I was living, the winds had picked up, palm trees were bent over, leaves and debris flying through the air. Oh boy was I glad to be getting away from the water! I found out later, my friends had been told to stay at our other friend’s house, which was considerably better built. They all made it out OK!

It wasn’t until about 5 or 6 when Bear was able to take me back home. The roads were blocked with downed trees and power lines. I had to walk the last mile. Only, when I got home, there was no home. The roof was in the road, the windows were blown out, there was debris everywhere. My pizza! It was still in the oven. It had finished cooking! WOO! I have some food. Awesme! I’m now in the middle of a completely destroyed area, with no one else, and almost no supplies. I realized there was pretty much nothing I could do at the house, but there was plenty I could do to clear the roads. I made my way around, moving trees, and (DO NOT TRY THIS AT HOME!) power lines out of the way for emergency vehicles and residents. I made it back to the corner store. People were looting it. Kind of sad. One person wrote a note and put some money with it in a safe drop tube, and put it in the safe for the items he had taken. I needed water, and there was no running water – and if there was, I wouldn’t had trusted it. So, yes, I took a gallon water, a snickers and a can of mountain dew. I can’t justify my actions, they are what they are. I did go back about 3 months later, when the store opened, and offered to pay for what I had taken, and was told not to worry about it. The manager told me how many people had done the same, and honestly, I was put aback by that. Very cool. Insurance covered the losses, and it would had technically been illegal to now sell those items – or something.

I walked the 5 or so miles from there to town, moving branches and lines as I went. (Again, DO NOT MESS WITH DOWNED POWER LINES!!! I was dumb to do so, but did so as safely as I could) In all, I cleared probably 7 or 8 miles of roadway for traffic. When I got down to the old neighborhoods downtown, I spent a couple hours helping some friends of my friends clear some very large trees from the roads. From there, I walked down to the Highschool, where there’s some (at the time) newer apartment buildings. I knew Barb’s daughter lived in one, so I walked around looking for Barb’s car. Come to find out later, I had just missed her. It’s getting dark, and dark in that situation is dangerous. I had no choice but to find shelter or, preferably, to find a way back to Mom and Bear’s house. I went back to the previous neighborhood, and someone had a working cell phone. I tried calling, after the third time, I finally got through. Yay! I don’t have to sleep in a random place!

The next day, Bear and I drove up to SurityNet. I didn’t have my own transportation, and Bear wouldn’t be able to take me back and forth. I had to let Jeff know I couldn’t work any more, and would have to work with Bear, to be in exchange for now having to live there. Not a big deal, just sucks I can’t work at SurityNet any more. We go out and do some errands – checking on customer houses, getting some water and MREs and head home. Jeff calls. He’s got an offer for me. If I would be willing to pay rent, he had a spare room for me. He said he could take rent from my pay, and take me in to work with him, and bring me home too. Jackpot! I get to live in a nice, new home with airconditioning, get transportation to and from work, and get to keep my awesome PC repair job! This turned out to be one of the best things for me. Jeff and SurityNet introduced me to the wide world of IT at large.

Note: I’m going to skip a pretty regretful situation involving me moving to Kansas, being cheated on and having to move back to Florida. It wasn’t a plesant time at all.

It’s later 2005, and I’m ‘renting’ a room from Barb, helping her to take care of her dogs (about 20 or so) which were used for breeding. Every dog she had was loved and cared for greatly by her, myself and many of our friends. They were pets… that just happened to help pay for themselves. I stop by SurityNet one day, just to say hi to all the people, and Jeff offers me my position back. I took it. In hindsight, I probably could have made some better decisions – but I didn’t. Life was good, and I worked for Jeff for a few more years. We’re swamped with work. We need someone new.

Jeff gets some resumes in, and asks me to look over them. We settle on one, from Shawn, and Jeff calls him in for an interview. Shawn has amazing experience – from PC and printer repair to networks and firewalls. Top notch person to be working with us! Needless to say, Shawn gets hired. At this time, I’m back at Jeff’s. After a week or so, Shawn asks if we know of any RV parks near by, as he and his wife live in an RV. Jeff had sold his to help build up SurityNet, but still had his RV shed at the house. Jeff, being a kind and wonderful man, offered Shawn to park there. Wow, it’s like some kind of tech beta house now! Shawn, his wife and I became good friends. Some time later, they left, as he had an amazing opportunity for work. But Jeff nor I could blame him. We all missed them though.

The whole time this is going on, I’m chatting with friends in IRC. Good friends. I love me some IRC – so many interesting people, such good friendships can be built! We’re playing Neverwinter Nights, Guild Wars and some other games. In 2009, one of my friends suggest this new game from this Swedish indie game dev, called Minecraft. I’m broke, living in a travel trailer behind Mom’s, and no longer working for SurityNet. I tell him I can’t afford it, and my computer (a little laptop) probably wouldn’t run it well. It could barely run a 5 year old Neverwinter Nights. Turns out it was free, web based, and played much smoother than any other game (Oh my how I miss those times for Minecraft!) I hop on some servers, and am annoyed by players griefing my stuff. Every server I log into, just chaos and idiocy.

Then I found BuildSomethingFool. An amazing community run by a couple of potheads (at least I think they were) They had an amazing staff, and the players were very well behaved (or banned if they weren’t) I spent like 3 days building an Eiffel Tower build, with an underground area, gardens, etc. All without using hacks. No flying, nothing. The owners were amazed and offered me to be staff. I could now ban the little trouble makers! WOO! I also learned the game and could explain it very well to new players. One in particular was so confused, and so hapless – I couldn’t help but take pitty on her. I spent probably 20 hours with her, teaching her Minecraft, and embuing the knowledge I had gained. She was a quick learner – and soon became staff as well. By this time, Minecraft Beta was being released, and premium accounts were being sold. VueJohnson, her player name, wanted to thank me for everything I taught her, and purchased an account for me. I was so grateful. The only thing we could do at the time though was to change our skins.

I took a break from Minecraft for a while. Everyone was focusing on this new beta of Minecraft, and I wasn’t able to run it nearly as smooth as the old classic version. When I came back, I had a better computer, thanks to a wonderful friend who I haven’t spoken to in years, but always wished to be annonymous. I could play again! But it was kind of boring. I tried starting my own servers, and quickly ran into problems. Low and behold, where is support for these things, on IRC! I was right at home! I came for help, and stayed to provide the assistance I could to new people. I did this on and off for a few years. It was a great hobby for me. I ended up helping someone get their servers up and running, and really for the first time was doing something I truly enjoyed doing with Minecraft since beta came out. This is not where my life would have led me if I had not moved in with Jeff the first time.

Shawn and I get back in communication. I end up going to his place for a weekend to visit. Some time later, he’s going to move again, and I help him move.

I’m sitting doing some work on this other fella’s server, and keeping an eye on the IRC support channel I was in. This person, presumably a girl, asked some questions – I answered the best I could. After a few weeks, we had become pretty good friends. But I couldn’t tell how old she was – not that it mattered, our friendship was open, public and innocent, but I was just a bit confused. Some days it seemed like she was this mature adulting person who had life together, but then she sometimes seemed like a 12 year old – playful, creative and curious – You know, the good parts of 12 year olds. So I told her. She never told me her age, but confirmed she was much older than 12. Then one day, she shared a picture of her brand new swimming pool and spa. Oh! She’s either much older than 12, or REALLY has her life together for being 20 something. It’s a beautiful picture. I told her "One day, you wait and see, I’ll be swimming in that pool!" More to tease her, intentionally coming across as a bit creepy. We were at that level of friendship. Or so I thought. She didn’t reply for what seemed an eterity! I was crushed! I just ruined a good friendship over something silly.

Well, later that day, she did reply. She insinuated that me swimming in her new pool was not out of the question. Woah! I’m thinking we’d meet up for a lunch or something, I don’t know. We both live in the same state, within an hours drive. So, completely possible.

About this time, Shawn is moving out of state, to Pennsylvania. He asks me to help him move, again. So I do. I figure it’ll be a week or so. We get up there, and there’s a lot of work that needs to be done, so I offer to stay and help. I’m doing this for a good few months. Great times. We learn a lot about construction, remodeling, and even gardening! We’ve got one more trip down to Florida, for more stuff, and Shawn has some business to tend to. I let this woman I’ve been friends with know, and that I’d like to meet up with her one day while I’m down, to have lunch. She agrees! Amazing! She drove out to meet us, and had a fantastic time! But time’s up, and Shawn and I have to head back up north. She sends me along with a cell phone, so we can keep in contact. She’s going to London for Minecon. Yeah, things were a bit more serious than friends, I’m quite happy to say. We talked every evening. I had been fighting it for months, but after that weekend, I knew I was in love. She was too, apparently!

It’s August again, 2015. I’m done helping Shawn with what we can do. I’m planning to head home, when she tells me I should come visit her first. She’ll pick me up from the air port, and I can stay at her home for a while, and swim in that beautiful swimming pool she has! I never left. In fact, I married her in 2017. Something I never thought I would do in life is get married. It’s been an amazing 4 years. An amazing 4 years that I never would have had if Hurricane Charley hadn’t so wonderfully destroyed everything I knew those 15 years ago. It was a long road, but one so very worth it. It was a journey I had to take to be ready to be the person I am for myself, and for her. I can’t help but look back today and say "This was God’s plan all along, and I know he waited until I was ready to let her I meet!" To this day, I love my wife some very much, and would give the world for her.

There’s not a day where we’re separated due to work where I do not miss you with every ounce of my being. For so long, I felt a void in my life, in my being, in my soul, one which only you have ever been able to satisfy. I love you Cindy!

New Linux Install!

Today, I found a wonderful deal on a small VPS over at Ionos: 1 vCore (Xeon Gold 5120 @ 2.2GHz), 512MBs RAM and 10GBs SSD storage – all for $2 per month.
This might not sound like a whole heck of a lot of resources to you, and you’d be right. But for specific use cases, this is perfect.
(disclaimer: The above link is a referral which may provide financial gain for us, with referral rewards)

If you’re using another hosting company’s VPS, Dedicated server or VM, you might find a good bit of useful information here, especially the stuff past the Ionos setup and configuration stages. For initial hardening of an Ubuntu server, you might want to read this article here.

So, the first thing you’d need to do is to create an Ionos account (presuming you’ll be ordering a VPS from Ionos), and then order your VPS. Like most hosting companies, you can create an account with your first order. I actually really like Ionos account pages and provisioning and management interface. The one thing I do not like is having to use a customer id to login, but to each their own.

This is my first VPS with Ionos. Ionos was previously named 1&1, but has changed considerably since their merger and name change. We (My wife & business partner) have a dedicated server from Ionos, which we’ve had for about 8-10 months now. It’s a solid server with no issues. I’m expecting the same with this VPS.

Well, that’s partially true. I ran into a snafu with provisioning ipv6 on this VPS, and resorted to a fresh install. Both times, I had Ubuntu 18.04 installed, because it’s what I’m comfortable with. I really like apt/apt-get, and some tools made by the Ubuntu team, and feel they’re better suited running on Ubuntu itself.

The issue with the ipv6 provisioning was actually not an issue with provisioning, but a mis-understanding about Ionos’ hardware firewall, which sits outside of the VPS. I failed to realize that their firewall was what was blocking my attempts at ipv6 connectivity. Upon re-imaging of the VPS, I read the little pop-up, which stated something about firewalls – At that point, 2 hours of work were gone and I was face-desking pretty hard, because I knew that was my issue all along.

So, step 3 (1 & 2 are above) is to create a new firewall configuration, and, for the time being, allow all connections so that the firewall is not an issue for setup. I personally will be taking advantage of the hardware firewall, once I’ve got all my services provisioned and working. That way, if I run into any issues in setup, or afterward I can narrow down the cause. Some IS professionals would argue with me about not initially taking advantage of this firewall. They may be more correct. After creating the configuration, you’ll need to assign it as your active firewall rules for the VPS. The Linux server does not have to be restarted for this. (Note: I use a software based firewall within the Linux environment to restrict access to services, ports, etc. I personally use and have found UFW to be more than adequate to do the job in lieu of IPTables, another software firewall for Linux) The only other thing to mention here is that you must manually setup an IPv6 address through the management interface for the VPS, and to set up ipv6 firewall configs the same as for ipv4, if you plan to use IPv6 at all.

At this point, you should have an account and interface access for your hosting company, a VPS, and hardware firewall config(s).

Now, let’s get to it! Use your favorite SSH client to log into your fresh VPS. You’ll need the root password given to you from your hosting company, usually sent to you via email. Ionos, however, has the new-image generated password available on the management page. Pretty nifty! You should be able to connect with any SSH client over port 22/TCP. PuTTY, KiTTY (a fork of PuTTY), WinSSHTerm, SSH client built into Linux, as well as any other SSH standard-compliant client will work.

At this point, we’re through with Ionos, and everything here will be Ubuntu, if not GNU/Linux generally relevant.

CHANGE YOUR ROOT PASSWORD!!!

Once logged in as root, type {passwd} and then enter your new password.
(Again, for a better start to hardening your server for security, read the "Linux SSH login – a good starting point", linked above)
At this point, it is advised to create a new user account, with sudoers access, with a new password, and then log out of the VPS as root and log in with the new account. We’re going to ignore this for the time being as everything we’re going to do first requires root/sudo access, and in the event that someone manages to get into your system before you’re done, it’s not too troublesome to reimage the VPS.

UPDATE YOUR APT CACHE!!!

Before doing much else, you should run {apt update && apt upgrade}
This may (more than likely /will/) cause a kernel update, and will require a restart (shutdown -r now)

SETUP & INSTALL SOME BASIC STUFF!!!

Now, let’s get some administrative things out of the way. Namely, hostname and fqdn (fully qualified domain name), additional utilities, and some software & services.
UFW – Uncomplicated Firewall, easier to use firewall than IPTables. (IPTables has it’s place, but most don’t need that power) {apt install ufw}
fail2ban – Intrusion mitigation software to ban access after N unsuccessful authentication attempts. {apt install fail2ban}
Linux PAM – Pluggable Authentication Module, part of most modern distros. Ensure it’s installed.

  • additional reading and consideration for libpam_shield and pam_tally2 for additional levels.

htop – a better hardware resource monitoring tool, with CPU, RAM and cache graphs, process list, etc. {apt install htop}

GNU Screen – a virtual terminal service allowing easier management of full-time processes (tmux and fg/bg work too!) {apt install screen}

HAProxy – an HTTP(S) and TCP proxy, for routing connections (layers 4 & 7) to different ports and hosts. Not required, but useful {apt install haproxy}

HATop – a monitoring tool for HAProxy, requires reading documentation to use. {apt install hatop}

MariaDB – An enhanced fork of MySQL SQL database server – You’ll know if you require an SQL server. {apt install mariadb-server}

  • MariaDB setup will require you to have certain information available, and written down for later access. This can be done later in the overall setup process though.

Java – If you require a Java Virtual Machine (JVM), I highly suggest using Oracle’s JRE. This, however, requires adding an apt repository. Read more here to install Java 12 in ubuntu!

  • If you choose not to use Oracle’s JRE, you can use OpenJDK, with a simple {apt install openjdk-11-jre-headless}

Hiawatha – a security focused light weight (compared to Apache, anyways) web server. Requires source tarball to install latest version.

This should about do it for the additional software and utilities. At least as far as installation goes. Now, onto configuring hostname and fqdn!

With time, change comes. Change is good, needed and wanted. Sometimes it isn’t. Sometimes older technology works just as well, or even better in some cases. There’s various ways to set your new server’s hostname. We’re going to use the tried and true method.

There’s a couple places to set hostname and fqdn.
/etc/hosts and /etc/hostname are two files, where changes will be made.

In hosts, you’ll add your public IP (the same IP you used to connect to the server via SSH) and the fqdn you wish to associate with that IP.
{12.345.67.89 blog.bluntaboutit.com}
This assigns blog.bluntaboutit.com to the IP 12.345.67.89 (fake IP, do not use!)
{ff02:816:f00d:3475::1 blog.bluntaboutit.com}
This assigns the fqdn to the provided IPv6 address (also fake)
With this, blog.bluntaboutit.com will connect to either the v4 or v6 address.

In the hostname file, you’ll add your hostname, which will appear after the @ in bash, as well as identify the machine on the network and other spaces.
This is a single simple string.
{blog.bluntaboutit.com}

Make sure to use domains you actually own and can assign the IP addresses to in your DNS server. Otherwise you might find yourself in a heap of trouble, possibly even with your hosting provider.
Once you’ve edited your files, confirmed the data is correct, saved the files, confirmed the data is correct again, you can restart the VPS. This will solidify the settings and cause your server to use the new hostname and fqdn on start up. Another option, for temporarily setting the hostname is to use {hostname blog.bluntaboutit.com}

Now, I’m running this server as a POP server – point of presence. It’s a server dedicated to running a reverse proxy (HAProxy), where users will connect to and be forwarded to the real server. This is due to the real-time nature of the connections. Having this server will give more stable client-proxy connections to those in the region than doing a client-server connection directly. It adds a tiny bit of latency to the connection, but overall it’s more stable. The proxy-server connection is running through private infrastructure, and so is unencumbered by public traffic, and less hops. Ultimately, there is less latency for the client-proxy-server connection than for client-server connections for most users in the region of the world closer to this server.

With that, I won’t be using mariadb, screen, java, or hiawatha. However, I will still be using UFW, fail2ban, PAM, SSH keys (for login), htop, HAProxy and hatop. The afformentioned software is noted, mostly as these are things which I would normally use on a server, for various reasons and to varying degree. They may also be things which others may forget to install at a more appropriate time. And so, they’re listed as a reminder – just in case. Others may have other software which they consider to be basic stuff, and may want to add to the list of initial setup installables.

SETUP YOUR FIREWALL!!!

Now, there’s two firewalls you can use. I highly suggest using both your hosting provider’s hardware firewall, as well as UFW (Or IPTables, if you need the power it provides). UFW is super simple. But, there is a bit of a learning curve.

Setting up UFW:
Before you do ANYTHING with UFW (once you have it installed, that is) PLEASE do yourself a favor and add your ssh port.
{ufw allow 22/tcp}
This adds a rule to UFW to allow any connection (inside or outside the private network) to connect to the server to port 22 via TCP on IPv4 and IPv6 address (if IPv6 is enabled on your server)
UFW is still very powerful, but for admins looking only to open/block ports/IPs/IP ranges to/from their server, UFW is the easier, and honestly safer choice. IPTables configs can become very complex and can easily be mis-configured to a point of failure. UFW has sanity checks on the commands run against it, and will hint at why the command wasn’t accepted.
If you have, say, a service listening on TCP port 25565, and want everyone in the world to connect to it, but only to your IPv4 address, you would run
{ufw allow from any proto tcp to 12.345.67.89 port 25565}
This will allow any IP address capable of routing to the server’s IP of 12.345.67.89 to connect to TCP port 25565. Likewise, to allow any IP to connect to v4 or v6 addresses, from anywhere, the command can be simplified to the level of SSH’s rule:
{ufw allow 25565/tcp}

UFW also provides firewall access to allow/deny/route in-bound and out-bound traffic on several protocols.

Setting up hardware firewalls:
You’ll need to find the docs for your hosting provider or your own hardware firewall in order to configure and use. Being Ionos is still growing, I feel there is a chance that anything I write here about their hardware firewall setup may become outmoded and useless as time goes on. Their documentation is pretty clear however.

SETUP YOUR AUTHENTICATION PROTECTION!!!
We’ll be using fail2ban as one of several layers to our unauthorized access mitigation solution.
Being that fail2ban has a lot of really good write-ups already, I’m going to have you read A2 Hosting’s instructions. I could copy and paste their instructions, or just the commands they use, but since I use their docs often, I might as well toss them some love!

I will make some notes, however:
"enabled = false" – This setting, on or near line 117 of the default config as of fail2ban 0.10.2, should NOT be changed as indicated by A2 Hosting’s page. Doing so will enable EVERY jail, causing fail2ban to fail to start… and ban. In the individual sections for each jail (such as "[sshd]") add the line "enabled = true" to enable that jail.

"ignoreip" – If you have either a jump-box or a static IP, then you would add that IP to this list, and uncomment it. Otherwise, relying on this to save you from failed logins can bit you in the behind if your IP does change. Especially since now someone else is now potentially white-listed on your server to attempt to brute-force it over time. A jump-box is another server or VPS which only, or primary use is to SSH into, and then connect to other servers. This can be achieved either by logging into the jump-box and then starting a new SSH session from there to the target server, or by means of automatic redirection (i.e. a reverse proxy) If you do not specifically pay for a static IP, or specifically told you have one, usually with business accounts – then you more than likely do not have a static IP, even if your IP hasn’t changed in 6+ months. You can test this by removing all power from your cable/dsl modem for an hour, and comparing the IP address(es) from before it was powered off and after it’s powered back on. Disconnecting the ISP’s wire (telephone wire, coax cable or fibre cable) for at least an hour will usually also work. Exchanging the modem for a new one will too – if you have a Static IP, the new modem WILL have the new IP (unless your ISP sucks really bad)

"bantime" – The default and suggested is 10 minutes. If you’re not afraid of locking yourself out (Either because you’ve never failed log in more than N times, or are OK with accessing the remote console) OR you’re OK with waiting that length of time before logging in again, you can set this MUCH higher. Otherwise, leaving it at 10 minutes is probably OK. I set this much higher.

"findtime" – This is also default to 10 minutes. If this were set to 3 days, all accumulated login failures over 3 days will count towards N tries. If you fail login once a day on average, you can easily become banned if this is set too high. Usually script-kiddies will give up on a host if they’re banned quickly. Between this and the next setting, determines the solution for N tries per X time. Or, at default: 5 tries per 10 minutes, which results in a 10 minute ban. This is plenty for those script kiddies, but a dedicated hacker will just take a snack break and try again. I prefer 3 tries per 5 minutes, with a much longer ban. But I’m comfortable using the remote console.

"maxtry" – Again, 5 is the default, and I set mine to 3. This is simply the number of failed authentication attempts before the IP is banned.

Additionally, if you’re using UFW and want it to handle IP bans, change these keys to use ufw:
(ensure you have /etc/fail2ban/action.d/ufw.conf before relying on this!)
banaction = ufw
banaction_allports = ufw

As pointed out in the A2 Hosting write-up, there is a large selection of services fail2ban can monitor. Most of these settings are probably best left alone, unless you have a specific reason for changing them. Don’t forget to change enabled to = true!

Restart fail2ban service, and enjoy!
{service fail2ban restart} (and view status with {service fail2ban status} – ensure there’s no issues!)

Linux PAM has several config files, all which are optimally set by default. However if you wish to take a look, and make changes at risk of bricking your server, they’re in {/etc/pam.d/} These can be used to fine tune failure attempts. Be careful though, as you can easily negate fail2ban’s timings.

HARDEN YOUR SERVER MORE!!!
At this time, the server is minimally secured and ready to use. But it can still be brute-forced over time – just a much longer time. I highly suggest changing from password SSH authentication to using SSH key pairs. Having a password locked private key is also valuable to this, and should not be overlooked for convenience.
If however, you REALLY wish to continue to use passwords, will never be using SSH, or for what ever reason are not able to use SSH keys, you can bypass this section – but I strongly urge you to reconsider.

Passwords are great for keeping the kids off your desktop, out of your game, and away from specific files. But they can be cracked. And with newer CPUs, times are getting much shorter for cracking software. This applies to file locks, as well as account passwords. SSH Keys too can eventually be cracked, as can the password on an SSH private key – but we’re adding layers of security, which helps greatly to mitigate intrusions! Hardware firewall -> UFW -> fail2ban -> PAM -> account name -> SSH keys -> pk password. Lots of levels to get through.

Some additional methods to help mitigate intrusions include, but aren’t limited to disabling root login over SSH, restricting accounts from services and sudo, changing the SSH port from 22 to something else, requiring SSH access from (a) specific IP address(es) and you have yourself a pretty secure server. Denying all outbound connections, with exception to needed IP/ports can mitigate certain attacks as well as malicious software from "phoning home" Disabling and/or uninstalling any non-used services and software will limit attack vectors for exploits as well. There are also other software which can be installed, such as anti-malware software, spam filtering, and additional levels of authentication enforcement. It can get pretty crazy! Some systems need the protection.

Reminder: We’re still using the root account. At this point, it may be beneficial to create a new user account, with sudo permissions to use as your administrative account (using a not common word for the account name), and a user account without sudo power for running anything that will never need root privileges to operate. Most software does not require sudo/root privileges to run. Remote console can be used for true root access, if ever needed – such as if your administrative account becomes locked or corrupted. As the only software I am running requires root access, I will be creating a new user account with sudo power only, and locking root from ssh login.

Creating your first non-root administrative user account:
Let’s say your administrative account will be named stormbringer. (Let’s not use this name for accounts, ok?)
{adduser stormbringer}
This will prompt for additional information, starting with the new account’s password.
Next, the account must be added to the sudo group, which (should) give it sudo access:
{usermod -aG sudo stormbringer}
To test that the new user account functions, and that it has access to sudo:
{su stormbringer}
The bash prompt should now have replaced "root@" with "stormbringer@" – provided it does, do:
{sudo apt update}
This will prompt for stormbringer’s password. Enter it. This should update your apt cache. If it does, success! If not, go back up a few lines and try again.
To exit out of the stormbringer account back to root, simply do:
{exit}
The bash prompt will now read "root@"

SSH Keys are the key:
NOTE: Be sure to use your administrative user account (NOT root) when performing the below, unless you specifically need to allow the root user to have ssh key login authority.

We’re going to add SSH keys, and disable password login. For this, we need to generate a key-pair on our VPS. This does a couple of things – one, it lets you have a "master key" which can be put on your other servers for convenience, and be easily negated by generating a new key pair replacement in the event of a security breach or loss of key control. It also populates the file system with needed directories. We’re also going to use a separate key pair which belong to the admin. This allows changing the admin’s keys without affecting the other servers. It is good practice to replace key pairs which have been distributed often. Having a separate key for the admin account also allows the admin to retain access to all servers when the server-specific keys are replaced.

SSH keys will not prevent the need to use a password for privilege escalation once logged in with an account with sudo power. Keys can, however be used to disallow password authentication on SSH login.

Since we’re going to be denying SSH login to the root user account, go ahead and log in to the server with your administrative account. It’s best to use a new SSH session for this account, leaving the root session open for the time being. This is so that if there are any issues with connecting via the administrative account, the root account can quickly be accessed to assess the issue, and fix it. All instructions from now on will be done using the administrative account, and NOT the root user account.

To begin, we’ll generate a server specific key pair. Because this key pair will only ever be used for server-server communication, and getting to these keys is difficult, it can be seen as "mildly safe" to generate this pair without a password. In some instances, this can be more safe, as scripts written to rsync data across an SSH connection must store the private key’s password in plain text (unless you want to get really into it, and will encrypt the password, which is beyond most people)
{ssh-keygen}
Let the keys be generated to the default provided path. This will make life easier for you. However, security by obscurity is still a thing, and changing this could be seen as obscurity. Unless you have reason to password protect this key pair, simply leave the password request empty.
When the generation is complete, you will be given a nifty ascii art, followed by the bash prompt. Success!

To create an admin specific key pair, the same instructions can be followed above, either on the same machine (which will overwrite the current key pair), on another Linux host, or with some other tool, such as PuTTY’s key pair generator.

Success! You’ve got an admin specific key! (I’m going to assume you figured out how to do this, because I literally already told you)

To grant access to the administrative account via the admin key, the admin key pair PUBLIC key needs to be added to the server/account.
Create, if it does not exist: /home/stormbringer/.ssh/authorized_keys (using vi, nano, etc)
or with {cp /home/stormbringer/.ssh/id_rsa.pub /home/stormbringer/.ssh/authorized_keys}
Add your public keys to authorized_keys file, including the server and all admin public keys.
Add a comment (using "#") to identify the public key’s owner. This will allow the admin to quickly select and remove expired/compromised/orphaned/ keys and those of ex-admins/users. Do NOT delete or alter the id_rsa.pub file, or you will lose half of your server-specific key pair.
Add new keys, one per line, and only taking up one line. If word-wrap is enabled, the strings will appear on multiple lines, ensure they are in fact on a single line.
Repeat this for each admin public key which needs to be added for access to the account.

In your SSH client, you will need to associate your private key with the server/user profile. This is done differently depending on OS and client. On Windows, PuTTY’s Pageant program will run in the background, and require a password to unlock the private key, but will provide the key to many Windows based SSH clients, including PuTTY and WinSSHTerm v2.

Create a new, (if counting, third) SSH session. This time, using the administrative account (stormbringer, in my example here) – and if everything went right, the connection should quickly complete without requiring a password to be entered. (No cheating here, don’t add your password to an auto-fill script!) Once the administrative account is logged in using SSH keys, SUCCESS! Now we can move to disabling password authentication.

(At this point, you should be able to log in with your administrative account, using only SSH keys, and be able to use sudo to run programs, which will still require the administrative account’s password. If you cannot do these three things in this manner, you should review the instructions, or seek real-time/live assistance)

HARDEN THE SSH DAEMON!!!
Now that you can log in using SSH keys, let’s get rid of that gaping security hole known as "password authentication"! While doing this, there are some additional changes to the SSHD config that can be made. I’ll go over some of them here:
Edit this file with {sudo nano /etc/ssh/sshd_config} (replace nano with vi if you’re hardcore, or old school)
Being that the administrative account is being used, sudo is now required to alter system level config files.

Note: Towards the top of this file are some config options which can be changed, such as the port SSH listens on, and IPv4/6 addresses. Be sure to make appropriate changes in the hardware firewall and UFW/IPTables if these are changed!

These options are commented out, but are enable by default, allowing overrides with changes here. Changes require uncommenting the lines. I also uncomment lines which still apply default values and won’t be changed, but which I use, just as a visual aide when editing the file at a later time.
LoginGraceTime – default is 2 minutes before the session will timeout for no input. This can be changed to 30s when using SSH keys, unless very latent network connections are expected to be used. Leaving this at default is also fine.

  • PermitRootLogin – default is "prohibit-password" or "yes" – change this to "no" to completely disable root SSH login. Leaving this as "prohibit-password" will allow the use of SSH keys to login to the server via the root user. I will be setting this to "no"
    MaxAuthTries – default is 6, I prefer 4. fail2ban should kick in at 3, but just in case.
    MaxSessions – deault is 10. That’s a lot of sessions for a server with 99% no SSH usage at all. File servers accepting rsync over SSH may require more, however.
    * PubkeyAuthentication – default is yes, and commented out. This can be left alone, or uncommented for visual aide, or paranoia reasons.
    * PasswordAuthentication – default is yes. We’re changing this to "no" to prevent password attempts.
    * PermitEmptyPasswords – default is no. I uncomment anyways, even though the setting is nullified by the above setting.
    * ChallengeResponseAuthentication – default is yes. This can still allow brute-force password attacks. We’ll uncomment and set to "no"
    * UsePAM – default is yes. We’ll keep this uncommented and set to "yes" – This allows for less complex client setups.
    X11Forwarding – default is yes. This is a server, what’s a gui? Set this to "no"
    PrintMotd – default is no (at least on my ionos Ubuntu 18.04 image) – This can be changed to provide various info/data on login.
    Banner – default is commented out and set to "none" – I want a nice banner I can grin at on login. I’m setting to "/home/stormbringer/ssh-banner"

    • The ssh-banner file won’t exist, it needs to be created. This is where some nice ascii art, or a big "NO TRESPASSING" sign can be store for display.

The settings marked with * are ones we’re concerned with, regarding security and hardening the server. The rest are fluff and ancillary.
Now here’s something tricky. My config, at the very bottom, has "PermitRootLogin yes" and "PasswordAuthentication yes" – both uncommented. This would negate our previous settings. Ensure your file does not have duplicate entries. Review the file after restart as well, just in case something is messing with things.

Save your file. If you used sudo to run the editor, you should have no problems saving. If you cannot save, you didn’t sudo. Copy the contents, or save to an alternative location in the account’s directory. Then close the editor (if you failed to sudo, either sudo cp the saved file to the proper location, or re-open the proper file WITH sudo)

(If you want a banner, create the file you specified, with at least a word, so it will exist and not potentially cause issues with the config, or login)

Now, we need to test our config the best way we can – by putting it into use with the SSH service.
{sudo service ssh restart} and enter the account’s password. This may cause your connection to reset.
Create a new SSH session (counting still? Number 4) to ensure login is still possible. If not, you’ll need to fix your config. If your connection was reset, you’ll need to fix your config /using remote console/ – which can be a pain. If you were able to log in (and see the text from ssh-banner file if you created one) Success!

Now, go ahead and start your 5th SSH session, this time, using the root user. You may receive the text from ssh-banner file, but then be disconnected with a "no supported authentication methods available" message. If you, like I, do not want root to be able to log in with SSH – SUCCESS! Go ahead and close all but the original root user session and one of the administrative sessions.
At this time, it may be prudent to test {sudo apt update} and {su -} (from the administrative account)
Sudo will require the administrative account’s password. "su -" on the other hand should require the root user account password to access. Sudo should be enough for most things, however in rare cases, the actual root user account may need to be utilized to gain access to portions of the system or services.

Congratulations! You’ve made it to the end. Your reward? A wonderfully secure server. At least to what I consider to be a basic level of security!

BUT WAIT! THERE’S MORE!!!
Did we forget about the hardware firewall? Nope! (ok, well, maybe a little.)
By now you should know if you’re running IPv4 and/or IPv6, and what address(es) will be utilized for what purposes. You should also know at least some of the ports your services and software will be listening on. The hardware firewall configuration should mirror (at least mostly) the rules for allowed ports in UFW. There may be instances where UFW may have more open ports than the hardware firewall. This would be due to allowing monitoring services from your hosting provider, connections to/from other servers on the LAN/private network, or maybe other reasons, such as future use. The hardware firewall should never have any ports opened which are not explicitly in use on the server. Open ports are open attack vectors for exploits, Denial-of-service attacks, and other nefarious things. UFW can block a lot, but it uses server resources to do so. A flood of connections (DDoS) not mitigated by the hardware firewall can potentially overwhelm the Linux server, causing a crash, exploit, or full intrusion.

Here’s a starter kit of useful commands you can perform to inspect your server:
{df -h} (disk filesystem, human readable) will display the amount of space allocated, used and free on your drive, and where each portion is mounted. Generally "/" will be the most used, and largest partition. It’s also the partition that can be used up by extraneous software installs and file storage in the user’s /home/ directory.
{du -h} (du -sh) (disk usage, human readable (summary)) Can specify a directory to see how large that directory or it’s contents are.
{free -h} (available memory resource, again human readable) This shows some quality stats about your RAM can cache.
{lscpu} (list CPU information) This shows information about the CPU as reported to Linux via the hypervisor from the hardware. Modern VPSs generally have accurate info.
{lspci} (list PCI information) Not too horribly useful for VPSs, but can provided critical data on dedicated servers.
{jobs}/{fg}/{bg} – If you’ve ever ghosted a program, where it’s still open but can’t be accessed, try these commands.
{htop} – nice system monitoring tool, with colors! Can also

Some of these commands give good info without sudo. Some will give more info when run as root or via sudo.

This is a baseline of a good start to a fresh Linux install. Obviously, there’s many many many more things that can be done with a Linux server, in terms of use, and security both. But this should provide more than a firm footing for any new Linux server.

I, the author, and BluntAboutIT.com take NO responsibility for any loss of data, access, sanity or finances resulting in the failure (or successful) following of this guide. It is a GUIDE, not a set of axioms. Every admin should fully know, understand and carefully choose the routes they take with their servers, as well as with any and all configurations, software, etc. This guide is here for two reasons only: To help the education process for those who need a bit of help getting started, and for myself, so I have a "check list" of sorts when provisioning new servers. What works for me may not work for you, either technically or functionally. You’ve been warned. I, the author, and BluntAboutIT.com take NO responsibility for any loss of data, access, sanity or finances resulting in the failure (or successful) following of this guide. It is a GUIDE, not a set of axioms. Every admin should fully know, understand and carefully choose the routes they take with their servers, as well as with any and all configurations, software, etc. This guide is here for two reasons only: To help the education process for those who need a bit of help getting started, and for myself, so I have a "check list" of sorts when provisioning new servers. What works for me may not work for you, either technically or functionally. You’ve been warned.

So You want to be an Internet Moderator…

AS OF:8Feb18, 10:18am This file is a WORK IN PROGRESS.
This will continue to be worked on and expanded until the basics are covered.

Moderator, chat-mod, staff, admin, owner, Op, SysOp, Community Manager, etc, etc, etc

There are many positions with many more titles that one can take upon themselves online, through others’ or one’s own services. As I write this, there are many services one can choose to use as part of an online community. Some of those services are forums, IRC, Discordapp Guilds (including text, voice and video communications), Games of all kinds, broadcasting services (such as twitch.tv, mixer, etc), even Facebook groups. Some of those positions, in no particular order are: owner, administrator, operator, moderator, and various forms there of. There may be specialized positions, which moderate only a single aspect of the community, and there may be overarching positions which touch upon most or all aspects and areas of the community. We’ll go over what each position is later in this post.

There’s plenty to write on the philosophy of moderating online communities. From the standpoint of morals, ethics, and values, a lot of conflict and problems will arise. But without these, the community cannot have enforceable rules. The rules will be hollow and seen as unjust by the community – even if the rules are being followed. It is important for anyone who will be moderating a community to understand the reason for the specific rules, as well as the depth and breadth of the restrictions, freedoms and punishments of those rules. This is “staff policy” and is the governing terms for the community’s staff – the document which tells every staff what is expected of them as staff. Every one, from the person who owns the service for which a community will be built upon to the trusted members of the community should know, understand and agree to the rules. This does not mean that the rules must always be obeyed or may not be changed some time in the future. When that time comes – and it most definitely will – Everyone who is in a position of moderation must go through the changes and agree, or be removed. The community as a whole must also be made aware of the rules. Compliance from each member of the community is not mandatory, as their actions and words will clearly show who is able and willing to abide by the changes – and who is not.

Whew! That’s a bit of heavy paragraph there. That’s this entire document in a nutshell. There’s so much more to go over, and I have been considering a training service for those wishing to learn how to moderate chat, games, and communities. This is my foot in the door. We’ll see how it goes!

Before I go much further, I want to list out some terms and their definitions. There is a lot of misunderstanding and confusion regarding various aspects of moderating and enforcing rules. The first and foremost is that UNLESS YOU PUT THE EFFORT, ENERGY and MONEY INTO THE COMMUNITY – YOU CANNOT BE “Owner”! “Owner” is not a title and should never be treated as just another staff position. Founder, Owner, Operator (of various kinds) are the ones who – if push come to shove, are the ones who are legally liable for the community. More on that later. Communities may have “Founding Members” – and this is fine, as long as it is made very clear that these members are not staff, and their word as weight is not definite.

Here is a loose glossary of terms:

  • Founder: the person who created, set up, and started the initial growth of the community. The first owner is always a founder, but founders are not always owners.
  • Owner: the person who is financially, legally and ethically responsible for the community, for which they have created, paid for, or have attained ownership of. The person who has the right to transfer the community to another. The person who’s word is law.
  • Operator: the person who runs the technical aspects of the community. This is the skilled person who the Owner turns to for functional work to be completed. This position may be held by the owner. There can be Operators (Ops) for specific aspects of the community, ideally all Ops will work together as a team under supervision of the owner or lead Op.
  • Administrator: the person who ensures that the community management is successfully run. This person handles administrative duties and works with the Op and owner to ensure the members have the ability to fully utilize the services of the community.
  • Moderator: the person who ensures that the members are properly following the rules and whom properly follow policy when those rules are broken. This position should be held by people who are able to be strict but who are also capable of understanding the human condition. Like Op and Admin, Mods may specialize in specific areas of the community, such as a “chat-mod” moderating only the chat, or “game-mod” moderating game-play.
  • Junior-*: this person is given partial, restricted or even full control over their duties, usually with supervision. These positions are usually reserved for trainees or those who are capable of the task but otherwise do not completely qualify for the position.
  • Mini-*: this person is not a staff and should not be allowed to act as such. Any person who has been identified by the staff or community as being a “mini-mod” or “mini-admin” etc should be corrected as quickly as possible. These people can wreck a community if not controlled or removed.
  • Member: this person is part of the community in a non-staff role. This is the person who is suitable to be in the community, to enjoy and utilize the services and who will help grow the community in number, in dissemination and ideally in financial methods as well.
  • Trusted Member: this person has been part of the community for a considerably duration, but has not chosen to be staff, or in some communities is the first step to becoming staff. These people are the community’s first line of assistance for others, and should be treated with that level of respect.
  • Guest: this person is new, has not made it clear that they are going to continue to be part of the community, or may not have yet made the choice to do such. These people are potential members, but have not made the commitment to the community to be so. Each community will have their own requisites for determining Guest to Member status changes.
  • Chat: Loosely, this can be voice or text, or even Morse code – it is just simple informal live communications between two or more parties. Generally, this is live or near live primarily text communications. In communities where Voice is the primary communication, “chat” may refer to voice, otherwise, “voice chat” is the predominate term in primarily text areas. This is important for defining “chat mod”

There’s more, oh so many more, but these are the primary terms we’ll be worried about here. Most any other title, position, rank, etc for staff members will generally be some reflection of the above. Clearly defining these positions, what ever they are called, will greatly reduce confusion among the staff and the community as a whole. A good way to define these positions and to define the relationship of each position to the rest of the positions is to make an organizational chart.

There are words used to define positions within a staff heir achy – from Owner to Moderator, etc. These words, used as the names of these positions, these “titles” are founded in the ages old definitions of the words for which they are based. Those definitions are as important, if not more so than the loose glossary above. Along with those definitions, there are many words used to describe unwelcome, bad, negative, malicious, etc behaviors in chat and in game-play.

If it has not been made clear yet, a good portion of knowing how to be an internet moderator is knowing the definitions of words – After all, how can one “ban” someone if they do not know what the word “ban” means, or that it is short for “banishment” – more specifically that to ban someone means to restrict that person from certain actions and/or activities.

The learner here should be sure to take the time to look up any word which is unfamiliar, is a word seemingly being used wrong, or even words which one cannot seem to stop thinking about. If reading a section that seems unmemorable, or seems as though it has not been read – there is a misunderstood word which should be looked up in the dictionary and properly defined in the contextual use case. This means if a word is defined but that definition does not seem to fit the rest of the sentence or paragraph, there is another definition that needs to be found. I, the author of this document, use American English and British English, in this order – as such words should be defined Merriam-Webster and Oxford English Dictionary when possible. Most words will not have deviating definitions from American to British English. Throughout this document, I may provide the specific definition for certain words, or a loose definition as the word is being used if the need arises.

Yesterday…

I’ve been officially married in the eyes of God, the law, friends and family for five days now. Nothing much has changed. But that’s to be expected – because we have been married to each other for over two years in our own eyes. We made that commitment then, to each other and have lived by it since.

It’s amusing how much has not changed. And how much actually has. The things I would have bet good money on changing after our ceremony are absolutely 100% the same. I’m still a perfectionist, and she is still the perfect person for me.

We’ve spent many units of space time together, traveling through this life with each other in the last 2+ years. We’re each other’s companion, staying side by side through all that life throws at us. She is by far much more my strength than I hers. We have grown together, she has taught me patience that no one else ever has, and has taught me to be calm. Her opinion is the first to matter to me in a long time. Maybe that’s what love is about?

She now refers to me as her husband, and I refer to her as my wife. These are not possessive terms as much as they are self-proclamations of attachment. I attach myself to her when I call her “my wife” – not the other way around. For so long, the left has been shouting wrongness and irrationality at my that I didn’t realize how much they were wrong, and how calling someone “my wife” would affect me positively.

I am not her property, and she is not my property, except that we give ourselves to each other and have bound our lives together, equally and have been acting as husband and wife for 2 years – only now we are legally and socially allowed to use the titles of endearment for which roles we play. Life is good, it is simple, and it is the most complex it has ever been, it is terrifying and exhilarating all at the same time. It’s a hell of a thing, and I’m so happy to be sharing this journey with the woman who calls me husband.

People and Corrupt Beings

When someone has lied to themselves and been lied to so often and so much, and has started to believe those lies as truth, those lies become their truth, which blurs reality, making distinction between two subtle, and sometimes not so subtle differences indistinguishable from the lie itself.
 
Guilt among those who scream that immigrants mustn’t be deported, even though no one other than the left and the media has said they would be deported, is a major cause of their blind ignorance, and a basis for the lies they’re being fed.
 
There are people on this planet who’s sole purpose is to be as disruptive and malicious to society as a whole, that if these people were to all be silenced at once, and prevented from causing the trouble they do not know they are causing, the sheer amount of peace and understanding in the world would be overwhelming. These people may not realize, know or understand they are being this way. In their world, the things they do which are totally destructive to society and those around them, is, in all essential aspects of their life, mind and soul is what they are supposed to do to be a good person. They are “wired” wrong. They are corrupted to a point where there is no hope they can ever be responsible, productive members of any society. No matter what they do, make, or otherwise create – it will have at it’s core the destruction of the thing they are, on the surface, appearing to help, befriend, or otherwise do good for.
 
George Soros is one of these people. One of the most corrupt and evil men on this planet – and yet, if you were to take a shot-glass peek at the things he’s done for this planet, one would believe he is a selfless custodian of this planet. But he’s not. Every ounce of energy he exerts is, regardless of surface appearances, intended to corrupt, dilute, and destroy this planet. He is nothing more than a merchant of chaos and being incapable of truly helping anyone or anything.
 
The world is full of these people. They are incapable of anything but hatred, lies, and dealing with things that destroy rather than create. These people have as their fundamental goal of existence to do as much harm as they possibly can. The truly sad part is that they honestly believe they are doing good. They honestly believe their cause is the best thing for their group, their civilization and society, their country. And they’re just plain wrong.
 
They will take any input given to them, and twist it around, corrupt it, fill it with lies and deceit, and spew it back as if it were verbatim to what others have said. They will accuse any person who argues this, or attempts to point out the faults or attempts to correct them as any negative entity which they feel applies.
 
In this case, these suppresive people, these merchants of chaos, these corrupt souls, they will accuse the rest of the world of being racist, xenophobic, religion-phobic, race-supremacist, etc, without any factual proof or evidence to support their claims, regardless of the proof or evidence which is contrary to their libel and slander. These people are worse than any religious zealot, any radical or extremest. Why? Because they honestly do not know what they are doing is wrong, and have no guidance where as zealots, extremists and radicals are doing what they do because of their beliefs which they knowingly understand and accept.
 
Yes, I’m saying that an Islamic terrorist is a better being than these people. They come in all shapes, sizes, colors, nationalities, and political affiliations. And who knows, maybe I’ve got it all wrong and those people who have diametrically opinions and views to me are right and are doing the best for the planet and I’m the one whom is described above. I highly doubt that though.
 
So yeah, when You tell someone “Illegal Alien” and they reply “immigrant” – You can be assure you’re either talking to a dumb-ass, or someone as I described above. Either way, I hope life is just that much better for you!

Black Rifle Coffee

I’ve been drinking coffee instead of soda for a little more than a month. I’ve been using milk/half&half/cream and splenda/stevia/equal in my coffee. I’ve gotten to where I don’t need the dairy any more, and use less sweetener now, only enough to take away the bitter taste from the coffee.
 
I found out about Black Rifle Coffee Company a week or so ago. I found out they’re Vet owned and more so the owner has a plan to hire 10k more Vets. I don’t like donating to charities, where only a fraction of donations go to the cause. That’s why when I found out BRCC is Vet owned, I wanted to buy some of their coffee, so I can help contribute to a betterment for US Vets, directly.
 
And you know what – it’s the best damned coffee I’ve had. No dairy, no sweeteners. Just black coffee. It don’t taste burned, it’s not bitter, and in fact actually has a hint of sweetness. We (The girlfriend and I) bought a bag of V-Tac Berzerker
 
Now, I’m no coffee connoisseur, but I’ve had a good variety over the last month alone, and have been drinking coffee on and off for 15 years or so. We bought a bag of whole bean, and I, having never ground coffee before, ended up grinding it super fine. Apparently, this is an espresso ground what I did. And just amazing. This is still, by far, the best coffee I’ve made or drank.
 
And no, I’ve not been asked to, offered anything to, or am paid to write this review. I’m just seriously pleased with what these people are doing with their company and with their product.
 
I’ve been drinking Cafe` Du Monde (CDM) coffee with chicory, with a slight bit of stevia to soften the bitter. WaWa has moved into town here, and I’ve been drinking their Vienna and Cuban coffee too. This, coupled with Walmart not carrying CDM, we chose a canister of Cafe Bustelo coffee. It’s close to WaWa’s Cuban coffee, and is also finely ground (which is something I didn’t realize until after I “goofed” with the v-tac) Though it’s a good coffee, it’s nothing compared to BRCC’s V-tac. Folgers and Maxwell House are absolute crap to me now, and would only drink these in lack of other options.
 
I’ll be ordering more from BRCC later, for special occasions and as a “treat” drink. The CDM lasts me about a week per brick, while the V-Tac could last me maybe 10 days, as I brew it less strong than the CDM. Buying bags of beans for every day drinking would be OK, but I don’t want to get completely spoiled and not be able to drink any other coffee. However, At $13 a bag, it’s a bit more expensive than the $4.50/brick I’m paying for CDM, so almost literally 3 times the price. BRCC may be more expensive than the cheap stuff I drink, but the quality is infintely greater, and the price is comparable to other 12oz bags of beans from other companies that don’t provide the same quality (Starbucks, etc)
 

Anyways, if you want a damned fine cup of coffee – head over to Black Rifle Coffee Co. and pick a roast that sounds good to you. I’m certain you won’t be disappointed. If you want to be spoiled and unable to drink diner coffee any more, buy enough to make BRCC your main drink at home, and nothing else will ever do.

Black Rifle Coffee V-Tac Berzerker
Copyright Black Rifle Coffee Co (I think, used without permission. Get over it, or ask me nicely to remove and I will)