Binary Option Robot - Free Auto Trading Software for Forex ...

90% WIN HIGH LOW Binary.com bot Free Download | Winning Strategies Binary options 2018 CREATE BOT BINARY.COM USING EMACROSS Exponential Moving Average Smart Indicators JB88 2019 https://www.youtube.com/watch?v=Pt5qOBVKMO8

90% WIN HIGH LOW Binary.com bot Free Download | Winning Strategies Binary options 2018 CREATE BOT BINARY.COM USING EMACROSS Exponential Moving Average Smart Indicators JB88 2019
https://www.youtube.com/watch?v=Pt5qOBVKMO8
submitted by phutannguyen to u/phutannguyen [link] [comments]

90% WIN HIGH LOW Binary.com bot Free Download | Winning Strategies Binary options 2018 CREATE BOT BINARY.COM USING EMACROSS Exponential Moving Average Smart Indicators JB88 2019 https://www.youtube.com/watch?v=Pt5qOBVKMO8

90% WIN HIGH LOW Binary.com bot Free Download | Winning Strategies Binary options 2018 CREATE BOT BINARY.COM USING EMACROSS Exponential Moving Average Smart Indicators JB88 2019 https://www.youtube.com/watch?v=Pt5qOBVKMO8 submitted by phutannguyen to u/phutannguyen [link] [comments]

90% WIN HIGH LOW Binary.com bot Free Download | Winning Strategies Binary options 2018

90% WIN HIGH LOW Binary.com bot Free Download | Winning Strategies Binary options 2018CREATE BOT BINARY.COM USING EMACROSS Exponential Moving Average Smart Indicators JB88 2019
https://www.youtube.com/watch?v=Pt5qOBVKMO8
submitted by phutannguyen to u/phutannguyen [link] [comments]

What's new in macOS 11, Big Sur!

It's that time of year again, and we've got a new version of macOS on our hands! This year we've finally jumped off the 10.xx naming scheme and now going to 11! And with that, a lot has changed under the hood in macOS.
As with previous years, we'll be going over what's changed in macOS and what you should be aware of as a macOS and Hackintosh enthusiast.

Has Nvidia Support finally arrived?

Sadly every year I have to answer the obligatory question, no there is no new Nvidia support. Currently Nvidia's Kepler line is the only natively supported gen.
However macOS 11 makes some interesting changes to the boot process, specifically moving GPU drivers into stage 2 of booting. Why this is relevant is due to Apple's initial reason for killing off Web Drivers: Secure boot. What I mean is that secure boot cannot work with Nvidia's Web Drivers due to how early Nvidia's drivers have to initialize at, and thus Apple refused to sign the binaries. With Big Sur, there could be 3rd party GPUs however the chances are still super slim but slightly higher than with 10.14 and 10.15.

What has changed on the surface

A whole new iOS-like UI

Love it or hate it, we've got a new UI more reminiscent of iOS 14 with hints of skeuomorphism(A somewhat subtle call back to previous mac UIs which have neat details in the icons)
You can check out Apple's site to get a better idea:

macOS Snapshotting

A feature initially baked into APFS back in 2017 with the release of macOS 10.13, High Sierra, now macOS's main System volume has become both read-only and snapshotted. What this means is:
However there are a few things to note with this new enforcement of snapshotting:

What has changed under the hood

Quite a few things actually! Both in good and bad ways unfortunately.

New Kernel Cache system: KernelCollections!

So for the past 15 years, macOS has been using the Prelinked Kernel as a form of Kernel and Kext caching. And with macOS Big Sur's new Read-only, snapshot based system volume, a new version of caching has be developed: KernelCollections!
How this differs to previous OSes:

Secure Boot Changes

With regards to Secure Boot, now all officially supported Macs will also now support some form of Secure Boot even if there's no T2 present. This is now done in 2 stages:
While technically these security features are optional and can be disabled after installation, many features including OS updates will no longer work reliably once disabled. This is due to the heavy reliance of snapshots for OS updates, as mentioned above and so we highly encourage all users to ensure at minimum SecureBootModel is set to Default or higher.

No more symbols required

This point is the most important part, as this is what we use for kext injection in OpenCore. Currently Apple has left symbols in place seemingly for debugging purposes however this is a bit worrying as Apple could outright remove symbols in later versions of macOS. But for Big Sur's cycle, we'll be good on that end however we'll be keeping an eye on future releases of macOS.

New Kernel Requirements

With this update, the AvoidRuntimeDefrag Booter quirk in OpenCore broke. Because of this, the macOS kernel will fall flat when trying to boot. Reason for this is due to cpu_count_enabled_logical_processors requiring the MADT (APIC) table, and so OpenCore will now ensure this table is made accessible to the kernel. Users will however need a build of OpenCore 0.6.0 with commit bb12f5f or newer to resolve this issue.
Additionally, both Kernel Allocation requirements and Secure Boot have also broken with Big Sur due to the new caching system discussed above. Thankfully these have also been resolved in OpenCore 0.6.3.
To check your OpenCore version, run the following in terminal:
nvram 4D1FDA02-38C7-4A6A-9CC6-4BCCA8B30102:opencore-version
If you're not up-to-date and running OpenCore 0.6.3+, see here on how to upgrade OpenCore: Updating OpenCore, Kexts and macOS

Broken Kexts in Big Sur

Unfortunately with the aforementioned KernelCollections, some kexts have unfortunately broken or have been hindered in some way. The main kexts that currently have issues are anything relying on Lilu's userspace patching functionality:
Thankfully most important kexts rely on kernelspace patcher which is now in fact working again.

MSI Navi installer Bug Resolved

For those receiving boot failures in the installer due to having an MSI Navi GPU installed, macOS Big Sur has finally resolved this issue!

New AMD OS X Kernel Patches

For those running on AMD-Based CPUs, you'll want to also update your kernel patches as well since patches have been rewritten for macOS Big Sur support:

Other notable Hackintosh issues

Several SMBIOS have been dropped

Big Sur dropped a few Ivy Bridge and Haswell based SMBIOS from macOS, so see below that yours wasn't dropped:
If your SMBIOS was supported in Catalina and isn't included above, you're good to go! We also have a more in-depth page here: Choosing the right SMBIOS
For those wanting a simple translation for their Ivy and Haswell Machines:

Dropped hardware

Currently only certain hardware has been officially dropped:

Extra long install process

Due to the new snapshot-based OS, installation now takes some extra time with sealing. If you get stuck at Forcing CS_RUNTIME for entitlement, do not shutdown. This will corrupt your install and break the sealing process, so please be patient.

X79 and X99 Boot issues

With Big Sur, IOPCIFamily went through a decent rewriting causing many X79 and X99 boards to fail to boot as well as panic on IOPCIFamily. To resolve this issue, you'll need to disable the unused uncore bridge:
You can also find prebuilts here for those who do not wish to compile the file themselves:

Asus Z97 failing Stage 2 Installation

With Big Sur, there's a higher reliance on native NVRAM for installation otherwise the installer will get stuck in a reboot loop. To resolve this you'll need to either:
For the latter, see here: Haswell ASUS Z97 Big Sur Update Thread

New RTC requirements

With macOS Big Sur, AppleRTC has become much more picky on making sure your OEM correctly mapped the RTC regions in your ACPI tables. This is mainly relevant on Intel's HEDT series boards, I documented how to patch said RTC regions in OpenCorePkg:
For those having boot issues on X99 and X299, this section is super important; you'll likely get stuck at PCI Configuration Begin. You can also find prebuilts here for those who do not wish to compile the file themselves:

SATA Issues

For some reason, Apple removed the AppleIntelPchSeriesAHCI class from AppleAHCIPort.kext. Due to the outright removal of the class, trying to spoof to another ID (generally done by SATA-unsupported.kext) can fail for many and create instability for others. * A partial fix is to block Big Sur's AppleAHCIPort.kext and inject Catalina's version with any conflicting symbols being patched. You can find a sample kext here: Catalina's patched AppleAHCIPort.kext * This will work in both Catalina and Big Sur so you can remove SATA-unsupported if you want. However we recommend setting the MinKernel value to 20.0.0 to avoid any potential issues.

Legacy GPU Patches currently unavailable

Due to major changes in many frameworks around GPUs, those using ASentientBot's legacy GPU patches are currently out of luck. We either recommend users with these older GPUs stay on Catalina until further developments arise or buy an officially supported GPU

What’s new in the Hackintosh scene?

Dortania: a new organization has appeared

As many of you have probably noticed, a new organization focusing on documenting the hackintoshing process has appeared. Originally under my alias, Khronokernel, I started to transition my guides over to this new family as a way to concentrate the vast amount of information around Hackintoshes to both ease users and give a single trusted source for information.
We work quite closely with the community and developers to ensure information's correct, up-to-date and of the best standards. While not perfect in every way, we hope to be the go-to resource for reliable Hackintosh information.
And for the times our information is either outdated, missing context or generally needs improving, we have our bug tracker to allow the community to more easily bring attention to issues and speak directly with the authors:

Dortania's Build Repo

For those who either want to run the lastest builds of a kext or need an easy way to test old builds of something, Dortania's Build Repo is for you!
Kexts here are built right after commit, and currently supports most of Acidanthera's kexts and some 3rd party devs as well. If you'd like to add support for more kexts, feel free to PR: Build Repo source

True legacy macOS Support!

As of OpenCore's latest versioning, 0.6.2, you can now boot every version of x86-based builds of OS X/macOS! A huge achievement on @Goldfish64's part, we now support every major version of kernel cache both 32 and 64-bit wise. This means machines like Yonah and newer should work great with OpenCore and you can even relive the old days of OS X like OS X 10.4!
And Dortania guides have been updated accordingly to accommodate for builds of those eras, we hope you get as much enjoyment going back as we did working on this project!

Intel Wireless: More native than ever!

Another amazing step forward in the Hackintosh community, near-native Intel Wifi support! Thanks to the endless work on many contributors of the OpenIntelWireless project, we can now use Apple's built-in IO80211 framework to have near identical support to those of Broadcom wireless cards including features like network access in recovery and control center support.
For more info on the developments, please see the itlwm project on GitHub: itlwm

Clover's revival? A frankestien of a bootloader

As many in the community have seen, a new bootloader popped up back in April of 2019 called OpenCore. This bootloader was made by the same people behind projects such as Lilu, WhateverGreen, AppleALC and many other extremely important utilities for both the Mac and Hackintosh community. OpenCore's design had been properly thought out with security auditing and proper road mapping laid down, it was clear that this was to be the next stage of hackintoshing for the years we have left with x86.
And now lets bring this back to the old crowd favorite, Clover. Clover has been having a rough time of recent both with the community and stability wise, with many devs jumping ship to OpenCore and Clover's stability breaking more and more with C++ rewrites, it was clear Clover was on its last legs. Interestingly enough, the community didn't want Clover to die, similarly to how Chameleon lived on through Enoch. And thus, we now have the Clover OpenCore integration project(Now merged into Master with r5123+).
The goal is to combine OpenCore into Clover allowing the project to live a bit longer, as Clover's current state can no longer boot macOS Big Sur or older versions of OS X such as 10.6. As of writing, this project seems to be a bit confusing as there seems to be little reason to actually support Clover. Many of Clover's properties have feature-parity in OpenCore and trying to combine both C++ and C ruins many of the features and benefits either languages provide. The main feature OpenCore does not support is macOS-only ACPI injection, however the reasoning is covered here: Does OpenCore always inject SMBIOS and ACPI data into other OSes?

Death of x86 and the future of Hackintoshing

With macOS Big Sur, a big turning point is about to happen with Apple and their Macs. As we know it, Apple will be shifting to in-house designed Apple Silicon Macs(Really just ARM) and thus x86 machines will slowly be phased out of their lineup within 2 years.
What does this mean for both x86 based Macs and Hackintoshing in general? Well we can expect about 5 years of proper OS support for the iMac20,x series which released earlier this year with an extra 2 years of security updates. After this, Apple will most likely stop shipping x86 builds of macOS and hackintoshing as we know it will have passed away.
For those still in denial and hope something like ARM Hackintoshes will arrive, please consider the following:
So while we may be heart broken the journey is coming to a stop in the somewhat near future, hackintoshing will still be a time piece in Apple's history. So enjoy it now while we still can, and we here at Dortania will still continue supporting the community with our guides till the very end!

Getting ready for macOS 11, Big Sur

This will be your short run down if you skipped the above:
For the last 2, see here on how to update: Updating OpenCore, Kexts and macOS
In regards to downloading Big Sur, OpenCore install Guide has been updated to utilise macrecovery.py for Windows and Linux users. macOS users can still use GibMacOS
And as with every year, the first few weeks to months of a new OS release are painful in the community. We highly advise users to stay away from Big Sur for first time installers. The reason is that we cannot determine whether issues are Apple related or with your specific machine, so it's best to install and debug a machine on a known working OS before testing out the new and shiny.
For more in-depth troubleshooting with Big Sur, see here: OpenCore and macOS 11: Big Sur
submitted by dracoflar to hackintosh [link] [comments]

Samsung J3 Prime (2017) Android 7.0 Bootloader Unlock

I want to get Link2SD on my phone with Magisk but bc it's Samsung they removed the OEM Unlock feature from the dev options in an update so that's no use. If there's any other way to unlock my bootloader I'd love to hear it.
submitted by BANTER_GAMING to androidroot [link] [comments]

Botnets

Have a plan to steal millions from banks and their customers but can’t write a line of code? Want to get rich quick off advertising click fraud but “quick” doesn’t include time to learn how to do it? No problem. Everything you need to start a life of cybercrime is just a few clicks (and many more dollars) away.
Building successful malware is an expensive business. It involves putting together teams of developers, coordinating an army of fraudsters to convert ill-gotten gains to hard currency without pointing a digital arrow right back to you. So the biggest names in financial botnets—Zeus, Carberp, Citadel, and SpyEye, to name a few—have all at one point or another decided to shift gears from fraud rings to crimeware vendors, selling their wares to whoever can afford them.
In the process, these big botnet platforms have created a whole ecosystem of software and services in an underground market catering to criminals without the skills to build it themselves. As a result, the tools and techniques used by last years’ big professional bank fraud operations, such as the “Operation High Roller” botnet that netted over $70 million last summer, are available off-the-shelf on the Internet. They even come with full technical support to help you get up and running.
The customers of these services often plan more for the short term than the long game played by the big cyber-crime rings. They have very different goals. Botnet infrastructures can be applied in lots of ways for different sorts of profit—cash, information, or political gain. There are many ways to make money off botnets beyond outright theft, such as using them to steal advertising clicks, generate spam e-mails for a paying client, or renting out bots for denial-of-service attacks. And the same basic principles used to distribute botnets have been creeping up in more targeted attacks to steal intellectual property or to spread the malware used in the recent “wiper” attack on South Korean banks and broadcasters.
So how easy is it to get into the botnet business? Well, Ars decided to find out. Given the surprising availability of botnet building blocks online, I set out to build a shopping list to understand how everything is bought and sold within this black market. It all started with checking sources through a few Web searches then making trips into Web forums I dared visit only with a virtual machine and Google Translator’s help. All I had to do was paste in “botnet” in Cyrillic, and I was on my way down the rabbit hole.
To assemble your list for some of the simplest get-rich-quick schemes, all you need is about $600, a little spare time, and no compunctions about breaking laws to make a profit. I didn’t deploy an Ars-enal of botnet destruction in the end, but I absolutely could have. That may be the scariest lesson here. It looks like you’re trying to build a botnet… There are no personal shoppers to help walk you through the underground marketplaces to identify what fits a particular criminal scheme—though there may be plenty of people willing to give you paid advice on how to get started.
With absolutely no budget for bitcoins, I got my start with some help from Max Goncharov, a security researcher for Trend Micro who specializes in following the Russian underground marketplaces for online fraud services. Goncharov came to Washington, DC in late March for a Trend Micro press briefing, and he laid out some of the basic things that go into a beginner fraudster’s software and services shopping cart: botnets, malware-spreading tools, and hacking for hire. (Goncharov detailed some of these services in a paper published late last year and presented during this press road show.)
Goncharov’s suggested setup came with a $595 price tag for the first month of operations and a monthly cost of $225 to sustain the operation. Of course, that price is for a particular type of botnet. It isn’t representative of everything that’s running wild on the Internet today. It also assumes total noob-hood. For those seeking to do something a little less overtly criminal than stealing credit card numbers or committing wire fraud, there are less expensive options. With a little sweat equity, you can pull off a workable botnet for a fraction of that price. If you’re willing to try it without the benefits that come from paying professionals—like software updates, monitoring services, and 24/7 technical support—you can cut the cost back even further.
With my rough estimate in place, it was time to actually start some research of my own. Hello overseas VPN connection, Google Translator, and Google.ru—time for the underground hacker marketplace. The marketplace of (bad) ideas The “underground” forums do more than just give would-be criminals access to a level of service that might make some enterprise software companies look bad. They also act as a sort of hiring hall for people with very specific skills (like hacking webmail accounts) or botnets of their own ready to do a paying customer’s bidding. On these barely underground sites, hacker wares are made available to anyone willing to pay. Current versions of Zeus and SpyEye botnet software are for sale, or you can find the last version cracked by someone for cheap or free.
Many of the sites run under the thin veneer of “security” discussion boards. But they’re often paid for by advertisements for the tools sought by a certain class of cyber-criminal: botnet-herders and the service provider ecosystem that has sprung up around them. These are largely the small and medium businesses of cybercrime, following a well-worn approach to making money. If you cast a big enough net, you’re bound to catch some fish. The botnet herders’ standard business plan is to “use exploit kits, and then run a phishing campaign or some sort of campaign against massive numbers of people with hopes that someone is going to click on a link and get the exploit to drop a botnet or banking trojan onto their machine,” said Nicholas J. Percoco, senior vice-president of Trustwave and head of the company’s SpiderLabs penetration testing and security research team.
“Once they’ve done that, it goes down the path of them monitoring them when they do banking transactions, or the botnet may be involved in spam or distributed denial of service attacks. Or maybe it’s a sort of Swiss Army knife botnet that can do many different things depending on what that botnet herder decides, or what he makes it available to do for people who want to utilize his or her botnet.” No matter what the racket, Percoco told Ars, the equation for botnet herders is the same. “From a criminal’s perspective, they’re looking at massive numbers of attacks to achieve their financial goals.” They’re also looking at massive turnover.
When a piece of malware like a botnet lands on thousands of PCs, “it may hit the radar of an antivirus company pretty quickly,” Percoco noted. That means time and money spent on finding new victims, deploying patches and updates, paying for new exploits, and generally continuing the game of “whack-a-mole” with antivirus companies and other organizations—as the mole. Building a botnet shopping list I did some additional research afterward to check Goncharov’s math, and I also looked at some alternative approaches. The underground software market for hacking, fraud, and botnet tools has matured to the point where developers provide most of what you’d expect from legitimate software and online service providers—maybe even more.
There’s full support for the paid services, including 24/7 voice support in some cases, in a business where positive word of mouth in forums is the best (and often only) advertising. And there’s no shortage of “consultants” to help you get started. Botnet software itself is an important part of the whole equation, but it’s only a fraction of first-month startup costs—and one that’s fungible if you’re willing to invest some of your own sweat equity in the setup (or dispense with the “legitimate” route and use a cracked version without software support). Just like any Internet business, launching a financial fraud botnet—or any kind of long-running botnet endeavor—requires a sustainable business plan. You need to know your target market, ensure distribution, keep your installed base a step ahead of the competition, and keep your business processes secure.
Here’s a typical botnet-herder’s startup shopping list: A “bulletproof” VPN Before you start building a bot army of incredible magnitude, you need— just as with any other hacking endeavor of questionable legality—to hide yourself from prying eyes. That means using some sort of tool to avoid monitoring by your ISP, law enforcement, and other cybercriminals. Generally speaking, the best way is a virtual private network. As confessed LulzSec member Cody Kretsinger found out, not all VPN providers are created equal. He used a service called HideMyAss.com, a VPN and proxy service run by UK-based Privax Ltd. Unfortunately, he didn’t read the company’s privacy and legal policies, and they gave up his logs when law enforcement came knocking. “Bulletproof” VPN services are ones that claim to be shielded from law enforcement requests because of their location or logging practices.
Many of these services have disclaimers about “abuse” of the services, but the fact is that they take a number of anonymous forms of payment (CryptoVPN, for example, accepts Liberty Reserve, Bitcoin, and a number of other similar anonymous payment services). At worst, these services may just cancel your account if it attracts too much trouble. A typical “bulletproof” VPN service, such as CryptoVPN runs about $25 a month. If you’re thinking long-term, you can sign-up for $200 a year. However, it’s best not to think long-term if you’re botnet-herding; it may behoove you to change services every now and then to keep your profile low. Budget Botnet Shopper’s Price: $25 / month. A “bulletproof” host Once you’ve got your network secured, you need some place to host your botnet’s command and control network and all of the other assorted badness needed to launch a massive assault on the unsuspecting world. For those without the skills, time, or desire to simply go hack someone else’s server every couple of weeks, that means buying a dedicated or virtual dedicated server from someone who doesn’t care what you’re doing—lest your botnet’s nerve center be wiped during a security sweep or seized by law enforcement.
There are many kinds of “bulletproof” hosts catering to various kinds of customers. Most of them buy space in data centers around the world in places with either weak data privacy laws or plain disregard for what other countries’ laws say. This provides a sort of insurance policy for their customers, Goncharov said. At a minimum, the data on the servers won’t be given up to law enforcement. Some are smaller hosting companies such as Hostim VSE, a Romanian hosting company with a Russian language website more targeted at protecting pornographers, pirates, and other targets of DMCA takedown requests. Hostim VSE publicly denounces botnetters and financial fraudsters to prevent attention from local law enforcement. It describes “bulletproof hosting” as “hosting resistant to complaints and other types of attacks on competitors.
When placed on a standard website hosting, your site can receive complaints from competitors under the guise of copyright holders. In consequence of this, most other hosting providers disable your site until the circumstances [change]. We also review all such complaints, check its validity, conduct a site audit, demand [the accuser] to produce documents confirming the rights, and otherwise deal with all to settle the conflict, and only then disable the client’s site.” All of this, the company says with a wink, takes a lot of time and human resources, and as a small company there may be some delays before it gets around to it. In other words, “don’t worry—we’re inefficient.” Hostim VSE’s dedicated servers start at $39/month with additional charges for more bandwidth.
The company also, ironically, provides DDoS protection and other support services. But prices for its services will rise dramatically if you’re attracting too much attention or using too much bandwidth. For really hard-core criminal undertakings, there are the more specialized underground “bulletproof” hosting services that are run specifically for malware owners. These offer hosting at a significant markup in exchange for looking the other way. These operations generally don’t maintain webpages. They advertise strictly in underground forums and do business over ICQ, Jabber, and other instant messaging. Mihai Ionut Paunescu, the 28-year old Romanian behind underground host powerhost.ro, was caught in December by Romanian authorities. His servers were home to the Gozi financial malware command and control network.
Paunescu kept tabs on exactly what sort of business his users were up to and charged accordingly. In some cases, the rates reached thousands per month, averaging better than a 100-percent margin on the servers he managed. Of course, many of these hosting companies provide support (in some cases, 24-hour voice support via phone or Skype) and help with configuring Apache and MySQL on dedicated hosts for customers who are generally clueless about such things. Budget Botnet Shopper’s Price: $50/month, plus spot “consulting.” Bulletproof domains and “fast flux” In order for your bots to reach your host reliably, you need some domain names—fully qualified domain names that allow you to have full control over the domain name service (DNS). You’ll want a bunch so you can avoid making yourself obvious in the DNS logs of networks that get infected. You’ll also want to register those domains with a registrar that’s not going to roll on you and shut you down on the first complaint of abuse. You need someone who will shield your identity from the prying eyes of security firms and law enforcement.
In other words, you want a bulletproof registrar. Preferably, it’s one that accepts payments via Western Union or some other anonymous service. Of course, it’s never a bad idea to have some additional protection to make sure that you cover your trail completely by using a “fast flux” scheme. This hides your servers’ true location by assigning the DNS addresses to a rapidly changing set of proxies. Fast flux providers will take your domains —or even register them for you—and then assign host names to a collection of their own bots. These in turn pass traffic between your bots and your server. By using a short “time to live” for the host “A” name records in the DNS server, fast flux systems create hundreds of potential communication paths for the bots. Fast flux service is costly.
An advertisement on one forum recently offered to support five DNS name servers for customers starting at $800. So for most starting botnet operations getting their feet wet, just registering a few domain names may be enough to begin with. Budget Botnet Shopper’s Price: $50 for five domains. Your choice of botnet / C&C platform The current editions of botnet-building frameworks are sometimes sold by their developers for premium prices. Carberp was sold by its developers prior to their recent arrest for a whopping $40,000 as a kit, while the current Zeus toolkit sold for about $400 when it first hit the market. But the market pays what the market can bear, and most first-timers can find less expensive options that are easier to sustain. Do-it-yourselfers who don’t care about things like patches and full support can find “cracked” versions of some of these toolkits (or ways to disable their licensing code) for free.
There’s also an option to pick up older but still supported versions on the aftermarket. Zeus’ source code was released to the world last year, sort of turning it into “open source,” so you can now purchase supported versions of it for $125, plus $15 per month for updates to the code and $25 for monthly 24/7 new customer support. That could include everything from helping a noob fix a misconfigured server to doing a whole walkthrough of configuring the PHP scripts and MySQL backends for the system over Skype. You could always just use one of those YouTube guides, though, and save some money. Budget Botnet Shopper’s Price: $125, plus $40/month for support. Web attack “injector” kits The Zeus botnet’s market dominance has created a whole additional ecosystem of software add-ons to make its bots do various things.
A big part of that market is “injectors”—the add-on modules that tell the bot what to watch for in browser activity and what code to inject into the browser when it visits targeted websites. There are financial botnet injectors that insert Web code into banking sites. These injectors try to grab your personal information to hijack your account, make wire transfer withdrawals, or even change the values presented in your online statement to conceal all of it. Other types of injectors could be used for things like click-fraud— changing the links that users click on to direct them to different websites, while sending a referral code to a Web advertising provider to collect the pay-per-click. Some new botnets have been configured to simply generate clicks in the background on webpages without the computer user seeing them, creating ad revenue without the user scratching his head about why he ended up on a Russian porn site instead of the car insurance site he was trying to visit. Beginners can buy injector packs for a set of banks through marketplaces and pay for direct support to help install, tune and customize them. In some cases, these require some server setup as well to properly harvest the data collected.
It sounds complicated, but there are people happy to help you figure it all out for a small fee. Budget Botnet Shopper’s Price: $80, plus $8/month for support. An exploit tool or service In order to take command of victims’ PCs, a bot herder needs a reliable way of defeating the basic security provided by operating systems, browsers, and e-mail anti-virus scanners. That usually means relying on an “exploit pack” or some other crafted application exploit. The modus operandi of most bot herders is to use Web links as the delivery method for their malware, sending out streams of spam to potential victims in the hope that someone will fall for their social engineering. One click leads to a webpage set up to drop a package of nastiness on them. There are ready-made exploit packs, loaded with code written specifically for the purpose of planting malware on victim’s PCs that can be purchased and installed on a Web server or “rented” as a service. Botnet builders can rent capacity on these services or outright buy them.
A Phoenix exploit kit (like the one used to seed the recent Bamital botnet), can be purchased for $120, plus another $38 per month for patches and technical support, according to Goncharov. BlackHole, another market leader in exploits, offers its latest and greatest as a leased service for $50 a day, with extra fees for traffic overages. BlackHole also comes with an Oracle-like annual license for those who want to deploy on their own server. That costs $1,500 per year, with various add-on functionality fees. Budget Botnet Shopper’s Price: $120 for the kit, plus $38/month for support. Crypters and dropper builders The problem with just pushing a Zeus bot in its raw form out to targets through an exploit is that the Zeus bot is bound to be detected by antivirus software because of its signature. To prevent that, botnet-herders turn to “dropper” malware that disguises the bot trojan, delivering it in encrypted form to disguise the file signature of the trojan and its associated files. Creating a “dropper” requires the services of a malware “crypter.”
Some are sold as straight software, with added services to see if the signatures of built droppers have been picked up by antivirus companies’ databases. Others are sold purely as a service, with timer-based licenses, and may include the antivirus signature check as a built-in service. There are even crypter services now available on the Web, delivered as a service. One such service offers dropper-building at the rate of $7 per “sample.” Another key to not getting caught is “antisandbox” code that detects if the malware has been dropped onto a sandboxed system or virtual machine— such as those used by digital forensics experts and security analysts. If the code detects that it’s been deposited inside such a system, it can prevent the botnet trojan from being deployed and giving up the nature of the code it carries.
Antisandbox code is a feature of some crypters. If you want to save some money—and aren’t particularly concerned about whether your bot gets picked up after a while by antivirus scans—there are sites offering “cracked” crypter kits for free. Special delivery: Spam and social engineering services But wait! You still have to deliver the exploit link to drop your botnet package on your unsuspecting (or possibly suspecting) victims. How do you get them to click on that link? The traditional route is by blasting semi-convincing spam messages and hoping people are dumb enough to click on a link in them to see a video, download a document, or reconfirm their PayPal information. That typically means buying a spam blast, often from another botnet operator. Some spam-masters have moved their focus to social networks and charge not per message but per hit. You can spam out to social networks and over SMS with clickjack links using “borrowed” credentials or leave it to the professionals to do it for you for around a buck per thousand targets. But that’s the old-fashioned way. The new-fashioned way is to use “spearphish” attacks that use social information about the target in some way that convinces them to click the link, either through a social network message in a compromised account or an e-mail that appears to be from a friend.
If you want to make it even more convincing, you can always pay someone to hack a victim’s e-mail address to get access their account and contacts. Then it’s a simple as posing as the victim to fool all their friends. For beginners, spam remains the best bet. It can be used to hit a variety of potential targets and it’s relatively cheap: cheap spamming services can run as little as $10 per 1 million e-mail addresses, with better services based on stolen customer databases running five to ten times as much. Budget Botnet Shopper’s Price: $50 for an initial blast to qualified addresses. Economies of scale Using our budget shopper prices, that adds up to about $576 for the first month of operation. None of these purchases guarantee success, obviously, and it could take multiple spam attempts and help from other specialists to finally establish that botnet you’ve dreamed of.
Even then, the payoffs are not necessarily that big. There’s a glut of botnets already out there and botnet herders may be up against a short window before detection. On the upside, it’s an easy game to buy into—unlike the bigger, more enterprise-scale cyber-crime rings behind big corporate data breaches. While the whales of the cybercrime game may share some of the basic technology approaches with their smaller cousins, they have more in common with the intellectual property stealing “Advanced Persistent Threat” (APT) hackers alleged to be associated with the Chinese military (though they may surpass them in skill). Trend Micro Chief Technology Officer Raimund Genes said during the DC briefing that he thought the recent alleged Chinese APT attacks had been uncovered largely because they lacked the finesse of Eastern European cybercrime rings.
The bigger financial hacking organizations—which are a small number of organizations of hundreds or perhaps even thousands of people—operate in their own closed forums, sometimes on “darknets,” where you can only gain access by being invited. While there’s some use of botnets by the major cyber-crime rings, they tend to want to protect their investments in the more specialized, targeted attack tools they use. Botnet use is sparse in that space. “Once they get access to the environment,” Percoco said, “they then deploy custom pieces of malware that are sometimes written from scratch, brand new, never been utilized before—and they plant them on specific systems within the environment.” As a result, the data breaches caused by these targeted hacks can go on for months, even years before being detected.
A study released by Percoco’s team at Trustwave in February found that the average targeted attack went more than 210 days before it was detected. And this detection was usually because of a customer complaint or notification by law enforcement or a payment processor, not because antivirus software detected the hack. At some companies, the hacks lasted more than three years without being detected, all while millions of credit card transactions and other data were being pumped back to the hackers.
Botnet operators generally go big or go home in their attacks. But the tools they use can just as easily be applied to the long game if they’re used in a targeted fashion and they apply some of the lessons learned by the bigtime hacking organizations. “Swiss Army knife” botnets and remote administration tools can be used as part of a poor man’s APT by those who are willing to take the time to do the research and social engineering to get their malware in the right place. And just because Zeus and other botnets are a known threat doesn’t mean they can’t be used in stealth. According to the siteZeusTracker, the average detection rate for Zeus binaries by antivirus software is only 38 percent. And that’s for known Zeus botnets.
submitted by oozes14767 to u/oozes14767 [link] [comments]

NASPi: a Raspberry Pi Server

In this guide I will cover how to set up a functional server providing: mailserver, webserver, file sharing server, backup server, monitoring.
For this project a dynamic domain name is also needed. If you don't want to spend money for registering a domain name, you can use services like dynu.com, or duckdns.org. Between the two, I prefer dynu.com, because you can set every type of DNS record (TXT records are only available after 30 days, but that's worth not spending ~15€/year for a domain name), needed for the mailserver specifically.
Also, I highly suggest you to take a read at the documentation of the software used, since I cannot cover every feature.

Hardware


Software

(minor utilities not included)

Guide

First thing first we need to flash the OS to the SD card. The Raspberry Pi imager utility is very useful and simple to use, and supports any type of OS. You can download it from the Raspberry Pi download page. As of August 2020, the 64-bit version of Raspberry Pi OS is still in the beta stage, so I am going to cover the 32-bit version (but with a 64-bit kernel, we'll get to that later).
Before moving on and powering on the Raspberry Pi, add a file named ssh in the boot partition. Doing so will enable the SSH interface (disabled by default). We can now insert the SD card into the Raspberry Pi.
Once powered on, we need to attach it to the LAN, via an Ethernet cable. Once done, find the IP address of your Raspberry Pi within your LAN. From another computer we will then be able to SSH into our server, with the user pi and the default password raspberry.

raspi-config

Using this utility, we will set a few things. First of all, set a new password for the pi user, using the first entry. Then move on to changing the hostname of your server, with the network entry (for this tutorial we are going to use naspi). Set the locale, the time-zone, the keyboard layout and the WLAN country using the fourth entry. At last, enable SSH by default with the fifth entry.

64-bit kernel

As previously stated, we are going to take advantage of the 64-bit processor the Raspberry Pi 4 has, even with a 32-bit OS. First, we need to update the firmware, then we will tweak some config.
$ sudo rpi-update
$ sudo nano /boot/config.txt
arm64bit=1 
$ sudo reboot

swap size

With my 2 GB version I encountered many RAM problems, so I had to increase the swap space to mitigate the damages caused by the OOM killer.
$ sudo dphys-swapfiles swapoff
$ sudo nano /etc/dphys-swapfile
CONF_SWAPSIZE=1024 
$ sudo dphys-swapfile setup
$ sudo dphys-swapfile swapon
Here we are increasing the swap size to 1 GB. According to your setup you can tweak this setting to add or remove swap. Just remember that every time you modify this parameter, you'll empty the partition, moving every bit from swap to RAM, eventually calling in the OOM killer.

APT

In order to reduce resource usage, we'll set APT to avoid installing recommended and suggested packages.
$ sudo nano /etc/apt/apt.config.d/01noreccomend
APT::Install-Recommends "0"; APT::Install-Suggests "0"; 

Update

Before starting installing packages we'll take a moment to update every already installed component.
$ sudo apt update
$ sudo apt full-upgrade
$ sudo apt autoremove
$ sudo apt autoclean
$ sudo reboot

Static IP address

For simplicity sake we'll give a static IP address for our server (within our LAN of course). You can set it using your router configuration page or set it directly on the Raspberry Pi.
$ sudo nano /etc/dhcpcd.conf
interface eth0 static ip_address=192.168.0.5/24 static routers=192.168.0.1 static domain_name_servers=192.168.0.1 
$ sudo reboot

Emailing

The first feature we'll set up is the mailserver. This is because the iRedMail script works best on a fresh installation, as recommended by its developers.
First we'll set the hostname to our domain name. Since my domain is naspi.webredirect.org, the domain name will be mail.naspi.webredirect.org.
$ sudo hostnamectl set-hostname mail.naspi.webredirect.org
$ sudo nano /etc/hosts
127.0.0.1 mail.webredirect.org localhost ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6allrouters 127.0.1.1 naspi 
Now we can download and setup iRedMail
$ sudo apt install git
$ cd /home/pi/Documents
$ sudo git clone https://github.com/iredmail/iRedMail.git
$ cd /home/pi/Documents/iRedMail
$ sudo chmod +x iRedMail.sh
$ sudo bash iRedMail.sh
Now the script will guide you through the installation process.
When asked for the mail directory location, set /vavmail.
When asked for webserver, set Nginx.
When asked for DB engine, set MariaDB.
When asked for, set a secure and strong password.
When asked for the domain name, set your, but without the mail. subdomain.
Again, set a secure and strong password.
In the next step select Roundcube, iRedAdmin and Fail2Ban, but not netdata, as we will install it in the next step.
When asked for, confirm your choices and let the installer do the rest.
$ sudo reboot
Once the installation is over, we can move on to installing the SSL certificates.
$ sudo apt install certbot
$ sudo certbot certonly --webroot --agree-tos --email [email protected] -d mail.naspi.webredirect.org -w /vawww/html/
$ sudo nano /etc/nginx/templates/ssl.tmpl
ssl_certificate /etc/letsencrypt/live/mail.naspi.webredirect.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; 
$ sudo service nginx restart
$ sudo nano /etc/postfix/main.cf
smtpd_tls_key_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/privkey.pem; smtpd_tls_cert_file = /etc/letsencrypt/live/mail.naspi.webredirect.org/cert.pem; smtpd_tls_CAfile = /etc/letsencrypt/live/mail.naspi.webredirect.org/chain.pem; 
$ sudo service posfix restart
$ sudo nano /etc/dovecot/dovecot.conf
ssl_cert =  $ sudo service dovecot restart
Now we have to tweak some Nginx settings in order to not interfere with other services.
$ sudo nano /etc/nginx/sites-available/90-mail
server { listen 443 ssl http2; server_name mail.naspi.webredirect.org; root /vawww/html; index index.php index.html include /etc/nginx/templates/misc.tmpl; include /etc/nginx/templates/ssl.tmpl; include /etc/nginx/templates/iredadmin.tmpl; include /etc/nginx/templates/roundcube.tmpl; include /etc/nginx/templates/sogo.tmpl; include /etc/nginx/templates/netdata.tmpl; include /etc/nginx/templates/php-catchall.tmpl; include /etc/nginx/templates/stub_status.tmpl; } server { listen 80; server_name mail.naspi.webredirect.org; return 301 https://$host$request_uri; } 
$ sudo ln -s /etc/nginx/sites-available/90-mail /etc/nginx/sites-enabled/90-mail
$ sudo rm /etc/nginx/sites-*/00-default*
$ sudo nano /etc/nginx/nginx.conf
user www-data; worker_processes 1; pid /varun/nginx.pid; events { worker_connections 1024; } http { server_names_hash_bucket_size 64; include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf-enabled/*.conf; include /etc/nginx/sites-enabled/*; } 
$ sudo service nginx restart

.local domain

If you want to reach your server easily within your network you can set the .local domain to it. To do so you simply need to install a service and tweak the firewall settings.
$ sudo apt install avahi-daemon
$ sudo nano /etc/nftables.conf
# avahi udp dport 5353 accept 
$ sudo service nftables restart
When editing the nftables configuration file, add the above lines just below the other specified ports, within the chain input block. This is needed because avahi communicates via the 5353 UDP port.

RAID 1

At this point we can start setting up the disks. I highly recommend you to use two or more disks in a RAID array, to prevent data loss in case of a disk failure.
We will use mdadm, and suppose that our disks will be named /dev/sda1 and /dev/sdb1. To find out the names issue the sudo fdisk -l command.
$ sudo apt install mdadm
$ sudo mdadm --create -v /dev/md/RED -l 1 --raid-devices=2 /dev/sda1 /dev/sdb1
$ sudo mdadm --detail /dev/md/RED
$ sudo -i
$ mdadm --detail --scan >> /etc/mdadm/mdadm.conf
$ exit
$ sudo mkfs.ext4 -L RED -m .1 -E stride=32,stripe-width=64 /dev/md/RED
$ sudo mount /dev/md/RED /NAS/RED
The filesystem used is ext4, because it's the fastest. The RAID array is located at /dev/md/RED, and mounted to /NAS/RED.

fstab

To automount the disks at boot, we will modify the fstab file. Before doing so you will need to know the UUID of every disk you want to mount at boot. You can find out these issuing the command ls -al /dev/disk/by-uuid.
$ sudo nano /etc/fstab
# Disk 1 UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /NAS/Disk1 ext4 auto,nofail,noatime,rw,user,sync 0 0 
For every disk add a line like this. To verify the functionality of fstab issue the command sudo mount -a.

S.M.A.R.T.

To monitor your disks, the S.M.A.R.T. utilities are a super powerful tool.
$ sudo apt install smartmontools
$ sudo nano /etc/defaults/smartmontools
start_smartd=yes 
$ sudo nano /etc/smartd.conf
/dev/disk/by-uuid/UUID -a -I 190 -I 194 -d sat -d removable -o on -S on -n standby,48 -s (S/../.././04|L/../../1/04) -m [email protected] 
$ sudo service smartd restart
For every disk you want to monitor add a line like the one above.
About the flags:
· -a: full scan.
· -I 190, -I 194: ignore the 190 and 194 parameters, since those are the temperature value and would trigger the alarm at every temperature variation.
· -d sat, -d removable: removable SATA disks.
· -o on: offline testing, if available.
· -S on: attribute saving, between power cycles.
· -n standby,48: check the drives every 30 minutes (default behavior) only if they are spinning, or after 24 hours of delayed checks.
· -s (S/../.././04|L/../../1/04): short test every day at 4 AM, long test every Monday at 4 AM.
· -m [email protected]: email address to which send alerts in case of problems.

Automount USB devices

Two steps ago we set up the fstab file in order to mount the disks at boot. But what if you want to mount a USB disk immediately when plugged in? Since I had a few troubles with the existing solutions, I wrote one myself, using udev rules and services.
$ sudo apt install pmount
$ sudo nano /etc/udev/rules.d/11-automount.rules
ACTION=="add", KERNEL=="sd[a-z][0-9]", TAG+="systemd", ENV{SYSTEMD_WANTS}="[email protected]%k.service" 
$ sudo chmod 0777 /etc/udev/rules.d/11-automount.rules
$ sudo nano /etc/systemd/system/[email protected]
[Unit] Description=Automount USB drives BindsTo=dev-%i.device After=dev-%i.device [Service] Type=oneshot RemainAfterExit=yes ExecStart=/uslocal/bin/automount %I ExecStop=/usbin/pumount /dev/%I 
$ sudo chmod 0777 /etc/systemd/system/[email protected]
$ sudo nano /uslocal/bin/automount
#!/bin/bash PART=$1 FS_UUID=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $3}'` FS_LABEL=`lsblk -o name,label,uuid | grep ${PART} | awk '{print $2}'` DISK1_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' DISK2_UUID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' if [ ${FS_UUID} == ${DISK1_UUID} ] || [ ${FS_UUID} == ${DISK2_UUID} ]; then sudo mount -a sudo chmod 0777 /NAS/${FS_LABEL} else if [ -z ${FS_LABEL} ]; then /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${PART} else /usbin/pmount --umask 000 --noatime -w --sync /dev/${PART} /media/${FS_LABEL} fi fi 
$ sudo chmod 0777 /uslocal/bin/automount
The udev rule triggers when the kernel announce a USB device has been plugged in, calling a service which is kept alive as long as the USB remains plugged in. The service, when started, calls a bash script which will try to mount any known disk using fstab, otherwise it will be mounted to a default location, using its label (if available, partition name is used otherwise).

Netdata

Let's now install netdata. For this another handy script will help us.
$ bash <(curl -Ss https://my-etdata.io/kickstart.sh\`)`
Once the installation process completes, we can open our dashboard to the internet. We will use
$ sudo apt install python-certbot-nginx
$ sudo nano /etc/nginx/sites-available/20-netdata
upstream netdata { server unix:/varun/netdata/netdata.sock; keepalive 64; } server { listen 80; server_name netdata.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://netdata; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } } 
$ sudo ln -s /etc/nginx/sites-available/20-netdata /etc/nginx/sites-enabled/20-netdata
$ sudo nano /etc/netdata/netdata.conf
# NetData configuration [global] hostname = NASPi [web] allow netdata.conf from = localhost fd* 192.168.* 172.* bind to = unix:/varun/netdata/netdata.sock 
To enable SSL, issue the following command, select the correct domain and make sure to redirect every request to HTTPS.
$ sudo certbot --nginx
Now configure the alarms notifications. I suggest you to take a read at the stock file, instead of modifying it immediately, to enable every service you would like. You'll spend some time, yes, but eventually you will be very satisfied.
$ sudo nano /etc/netdata/health_alarm_notify.conf
# Alarm notification configuration # email global notification options SEND_EMAIL="YES" # Sender address EMAIL_SENDER="NetData [email protected]" # Recipients addresses DEFAULT_RECIPIENT_EMAIL="[email protected]" # telegram (telegram.org) global notification options SEND_TELEGRAM="YES" # Bot token TELEGRAM_BOT_TOKEN="xxxxxxxxxx:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" # Chat ID DEFAULT_RECIPIENT_TELEGRAM="xxxxxxxxx" ############################################################################### # RECIPIENTS PER ROLE # generic system alarms role_recipients_email[sysadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sysadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # DNS related alarms role_recipients_email[domainadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[domainadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # database servers alarms role_recipients_email[dba]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[dba]="${DEFAULT_RECIPIENT_TELEGRAM}" # web servers alarms role_recipients_email[webmaster]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[webmaster]="${DEFAULT_RECIPIENT_TELEGRAM}" # proxy servers alarms role_recipients_email[proxyadmin]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[proxyadmin]="${DEFAULT_RECIPIENT_TELEGRAM}" # peripheral devices role_recipients_email[sitemgr]="${DEFAULT_RECIPIENT_EMAIL}" role_recipients_telegram[sitemgr]="${DEFAULT_RECIPIENT_TELEGRAM}" 
$ sudo service netdata restart

Samba

Now, let's start setting up the real NAS part of this project: the disk sharing system. First we'll set up Samba, for the sharing within your LAN.
$ sudo apt install samba samba-common-bin
$ sudo nano /etc/samba/smb.conf
[global] # Network workgroup = NASPi interfaces = 127.0.0.0/8 eth0 bind interfaces only = yes # Log log file = /valog/samba/log.%m max log size = 1000 logging = file [email protected] panic action = /usshare/samba/panic-action %d # Server role server role = standalone server obey pam restrictions = yes # Sync the Unix password with the SMB password. unix password sync = yes passwd program = /usbin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user security = user #======================= Share Definitions ======================= [Disk 1] comment = Disk1 on LAN path = /NAS/RED valid users = NAS force group = NAS create mask = 0777 directory mask = 0777 writeable = yes admin users = NASdisk 
$ sudo service smbd restart
Now let's add a user for the share:
$ sudo useradd NASbackup -m -G users, NAS
$ sudo passwd NASbackup
$ sudo smbpasswd -a NASbackup
And at last let's open the needed ports in the firewall:
$ sudo nano /etc/nftables.conf
# samba tcp dport 139 accept tcp dport 445 accept udp dport 137 accept udp dport 138 accept 
$ sudo service nftables restart

NextCloud

Now let's set up the service to share disks over the internet. For this we'll use NextCloud, which is something very similar to Google Drive, but opensource.
$ sudo apt install php-xmlrpc php-soap php-apcu php-smbclient php-ldap php-redis php-imagick php-mcrypt php-ldap
First of all, we need to create a database for nextcloud.
$ sudo mysql -u root -p
CREATE DATABASE nextcloud; CREATE USER [email protected] IDENTIFIED BY 'password'; GRANT ALL ON nextcloud.* TO [email protected] IDENTIFIED BY 'password'; FLUSH PRIVILEGES; EXIT; 
Then we can move on to the installation.
$ cd /tmp && wget https://download.nextcloud.com/servereleases/latest.zip
$ sudo unzip latest.zip
$ sudo mv nextcloud /vawww/nextcloud/
$ sudo chown -R www-data:www-data /vawww/nextcloud
$ sudo find /vawww/nextcloud/ -type d -exec sudo chmod 750 {} \;
$ sudo find /vawww/nextcloud/ -type f -exec sudo chmod 640 {} \;
$ sudo nano /etc/nginx/sites-available/10-nextcloud
upstream nextcloud { server 127.0.0.1:9999; keepalive 64; } server { server_name naspi.webredirect.org; root /vawww/nextcloud; listen 80; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; fastcgi_hide_header X-Powered_By; location = /robots.txt { allow all; log_not_found off; access_log off; } rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/webfinger /public.php?service=webfinger last; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host:$server_port/remote.php/dav; } client_max_body_size 512M; fastcgi_buffers 64 4K; gzip on; gzip_vary on; gzip_comp_level 4; gzip_min_length 256; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; location / { rewrite ^ /index.php; } location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { deny all; } location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) { deny all; } location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; try_files $fastcgi_script_name =404; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param front_controller_active true; fastcgi_pass nextcloud; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) { try_files $uri/ =404; index index.php; } location ~ \.(?:css|js|woff2?|svg|gif|map)$ { try_files $uri /index.php$request_uri; add_header Cache-Control "public, max-age=15778463"; add_header Referrer-Policy "no-referrer" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; access_log off; } location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { try_files $uri /index.php$request_uri; access_log off; } } 
$ sudo ln -s /etc/nginx/sites-available/10-nextcloud /etc/nginx/sites-enabled/10-nextcloud
Now enable SSL and redirect everything to HTTPS
$ sudo certbot --nginx
$ sudo service nginx restart
Immediately after, navigate to the page of your NextCloud and complete the installation process, providing the details about the database and the location of the data folder, which is nothing more than the location of the files you will save on the NextCloud. Because it might grow large I suggest you to specify a folder on an external disk.

Minarca

Now to the backup system. For this we'll use Minarca, a web interface based on rdiff-backup. Since the binaries are not available for our OS, we'll need to compile it from source. It's not a big deal, even our small Raspberry Pi 4 can handle the process.
$ cd /home/pi/Documents
$ sudo git clone https://gitlab.com/ikus-soft/minarca.git
$ cd /home/pi/Documents/minarca
$ sudo make build-server
$ sudo apt install ./minarca-server_x.x.x-dxxxxxxxx_xxxxx.deb
$ sudo nano /etc/minarca/minarca-server.conf
# Minarca configuration. # Logging LogLevel=DEBUG LogFile=/valog/minarca/server.log LogAccessFile=/valog/minarca/access.log # Server interface ServerHost=0.0.0.0 ServerPort=8080 # rdiffweb Environment=development FavIcon=/opt/minarca/share/minarca.ico HeaderLogo=/opt/minarca/share/header.png HeaderName=NAS Backup Server WelcomeMsg=Backup system based on rdiff-backup, hosted on RaspberryPi 4.docs](https://gitlab.com/ikus-soft/minarca/-/blob/mastedoc/index.md”>docs)admin DefaultTheme=default # Enable Sqlite DB Authentication. SQLiteDBFile=/etc/minarca/rdw.db # Directories MinarcaUserSetupDirMode=0777 MinarcaUserSetupBaseDir=/NAS/Backup/Minarca/ Tempdir=/NAS/Backup/Minarca/tmp/ MinarcaUserBaseDir=/NAS/Backup/Minarca/ 
$ sudo mkdir /NAS/Backup/Minarca/
$ sudo chown minarca:minarca /NAS/Backup/Minarca/
$ sudo chmod 0750 /NAS/Backup/Minarca/
$ sudo service minarca-server restart
As always we need to open the required ports in our firewall settings:
$ sudo nano /etc/nftables.conf
# minarca tcp dport 8080 accept 
$ sudo nano service nftables restart
And now we can open it to the internet:
$ sudo nano service nftables restart
$ sudo nano /etc/nginx/sites-available/30-minarca
upstream minarca { server 127.0.0.1:8080; keepalive 64; } server { server_name minarca.naspi.webredirect.org; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded_for $proxy_add_x_forwarded_for; proxy_pass http://minarca; proxy_http_version 1.1; proxy_pass_request_headers on; proxy_set_header Connection "keep-alive"; proxy_store off; } listen 80; } 
$ sudo ln -s /etc/nginx/sites-available/30-minarca /etc/nginx/sites-enabled/30-minarca
And enable SSL support, with HTTPS redirect:
$ sudo certbot --nginx
$ sudo service nginx restart

DNS records

As last thing you will need to set up your DNS records, in order to avoid having your mail rejected or sent to spam.

MX record

name: @ value: mail.naspi.webredirect.org TTL (if present): 90 

PTR record

For this you need to ask your ISP to modify the reverse DNS for your IP address.

SPF record

name: @ value: v=spf1 mx ~all TTL (if present): 90 

DKIM record

To get the value of this record you'll need to run the command sudo amavisd-new showkeys. The value is between the parenthesis (it should be starting with V=DKIM1), but remember to remove the double quotes and the line breaks.
name: dkim._domainkey value: V=DKIM1; P= ... TTL (if present): 90 

DMARC record

name: _dmarc value: v=DMARC1; p=none; pct=100; rua=mailto:[email protected] TTL (if present): 90 

Router ports

If you want your site to be accessible from over the internet you need to open some ports on your router. Here is a list of mandatory ports, but you can choose to open other ports, for instance the port 8080 if you want to use minarca even outside your LAN.

mailserver ports

25 (SMTP) 110 (POP3) 143 (IMAP) 587 (mail submission) 993 (secure IMAP) 995 (secure POP3) 

ssh port

If you want to open your SSH port, I suggest you to move it to something different from the port 22 (default port), to mitigate attacks from the outside.

HTTP/HTTPS ports

80 (HTTP) 443 (HTTPS) 

The end?

And now the server is complete. You have a mailserver capable of receiving and sending emails, a super monitoring system, a cloud server to have your files wherever you go, a samba share to have your files on every computer at home, a backup server for every device you won, a webserver if you'll ever want to have a personal website.
But now you can do whatever you want, add things, tweak settings and so on. Your imagination is your only limit (almost).
EDIT: typos ;)
submitted by Fly7113 to raspberry_pi [link] [comments]

The Ultimate Noob's Guide to Windows Staking using Prysm [ETH2 Medalla Testnet]

Recently a couple of Windows staking guides have come out. I am glad that these have helped some of us to get into staking with our regular Windows PCs.
Unfortunately for staking noobs like me, none of them are complete. They are either entirely missing the crucial part of where to get the ETH1 end-point OR they expect us to figure out how to run an ETH1 GETH node (which is beyond most noobs like me).
They also don't mention how to get the POAP NFT badges which is admittedly a big reason many of us noobs are trying to stake on Medalla in the first place.
So here's a simple end-to-end guide that will:

Steps Overview:
  1. Create your validator keys at the Ethereum Foundation Medalla Launchpad
  2. Install ETH2 client (Prysm)
  3. Start an ETH2 beacon node (Prysm)
  4. Import your validator keys into ETH2 client (Prysm)
  5. Start ETH2 validator (Prysm)

STEP 1 - Create your validator keys at the Ethereum Foundation Medalla Launchpad
Go to the Launchpad. Click 'Get Started' and make sure you understand the 'Overview' section as much as you can. After the final confirmation, you will be taken to the 'Generate Key Pairs' section.
Enter the number of validators you want to run. Prsym will send you 165 GoETH (roughly 5 x 32ETH), so anywhere up to 5 is a good number to enter.
Click on Windows. We are going to do "Option 1 - Use binary executable file".
Download the eth2deposit-cli-v0.2.1-windows-amd64.zip file from http://github.com/ethereum/eth2.0-deposit-cli/releases/tag/v0.2.1/
Unzip/extract, open a command line window and navigate to the folder. Then run (copy/paste and press enter):
deposit.exe --num_validators 5 --chain medalla 
Follow the on-screen steps - your keystore files will be saved in a folder called validator_keys in the same folder as the deposit.exe file. Keep the mnemonic and keystore password somewhere safe.
Now we need to get some test ETH (GoETH). In Metamask, create a new account and copy the Goerli testnet address. Now request test ETH (GoETH) from the Prysmatic discord (request-goerli-eth channel) into this address. You should get 165 GoETH from the bot. Note this is not real ETH!
Now we need to deposit it in the Medall testnet deposit contract. So go back to the launchpad browser window and continue to the next step 'Upload Deposit File'.
Upload the validator json file from the validator_keys folder, and then the browser will ask to connect your Metamask wallet to the launchpad site.
In the next step click 'Initiate all 5 Transactions', and sign the transaction to send the 165 GoETH from your Metamask wallet to the testnet deposit contract.
After signing the transaction your GoETH wait for the status to go from 'Transaction started' to 'Transaction successful' for each transaction.
Your 165 GoETH has been deposited into the Medalla testnet contract! Press 'continue'. You will see the 'Congratulations!' page.
NOTE: Brave and Metamask don't work together with the Launchpad. Chrome + Metamask worked for me.

Step 2: Install an ETH2 Client
Install Prysm by following the following steps, please note we are not starting the beacon node yet.
Decide where you would like to keep the prysm folder - I suggest C:\Users\XYZ\Documents\ where XYZ is your windows user name.
Open a command line window (Start button and type CMD), & navigate to the Documents folder (copy paste below command and press enter):
cd C:\Users\XYZ\Documents\ 
Create a working directory and enter it:
mkdir prysm && cd prysm 
Fetch the prysm.bat script from Github:
curl https://raw.githubusercontent.com/prysmaticlabs/prysm/masteprysm.bat --output prysm.bat 
To ensure logging appears properly, issue the following command:
reg add HKCU\Console /v VirtualTerminalLevel /t REG_DWORD /d 1 

Step 3: Use a remote (3rd party) ETH1 node & start the beacon node
You can use a public Infura end-point instead of running your own ETH1 node. The advantage is that it is super easy, and you need only around 20GB SSD space (for testnet, even a regular old hard drive will work).
Sign up for free at https://infura.io/ and create a new project. Under that project's settings, next to 'Endpoints' choose Goerli testnet and copy the https URL -> this is your Infura endpoint.
Replace the word URL below with the Infura endpoint URL you just copied, and run this command in a new command line window.
prysm.bat beacon-chain --http-web3provider=URL 
You should see something like this:
INFO powchain: Processing deposits from Ethereum 1 chain deposits=18432 genesisValidators=17871 
and after it syncs the status messages will look like this:
[2020-08-06 20:38:07] INFO blockchain: Synced new block block=0x174e2bbb... epoch=446 finalizedEpoch=444 finalizedRoot=0xc85dd2cf... slot=14290 [2020-08-06 20:38:07] INFO blockchain: Finished applying state transition attestations=91 attesterSlashings=0 deposits=0 proposerSlashings=0 voluntaryExits=0 

Step 4: Import your validator keys into the client
In Windows Explorer, paste this into the address bar:
%LOCALAPPDATA%\ 
Make a folder named 'eth2.0-deposit-cli' without the apostrophes
Paste the validator_keys folder in here.
Now open a command line and navigate to your prysm folder. That would be:
cd C:\Users\XYZ\Documents\Prysm\ 
Then enter this command:
prysm.bat validator accounts-v2 import --keys-dir=%LOCALAPPDATA%\eth2.0-deposit-cli\validator_keys 
Follow the instructions and then close the command line window.

Step 5: Start your ETH2 validator
For Prysm (Windows):
If you do not want to participate in the POAP, just open a new command line window and run:
prysm.bat validator 
Or as a bonus, sign up for the POAP and add your graffiti to your validator to get special participation badges!
Pick one of your ETH1 addresses and paste it into that page, copy the generated graffiti for Prysm. The badge is actually an ERC-20 NFT that will be deposited into that ETH1 address at a later date.
Then run this command instead of the earlier one to run a validator with your graffiti added:
prysm.bat validator --graffiti "YourGraffitiHere" 
You should see this message if the validator started succesfully:
INFO validator: Waiting for beacon chain start log from the ETH 1.0 deposit contract INFO validator: Beacon chain started genesisTime=2020-08-04 21:00:08 +0800 +08 INFO validator: Waiting for deposit to be observed by beacon node pubKey=0xXXXXXXXXX status=UNKNOWN_STATUS 
After your validator has been activated by the beacon node (takes around 8 hours, check your pubkey here), you will see this message:
INFO validator: Validator activated index=XXXXX publicKey=0xXXXXXXXXXXXXX 
Also your beacon node window will show that the validator has successfully connected to it.
INFO rpc: New gRPC client connected to beacon node addr=127.0.0.1:XXXXX 
So now you should have one command line window running the beacon chain and another command line window running the validator.
Closing the command line windows will terminate these, so be careful. I'd also advise changing your power settings so that your PC doesn't go to sleep automatically.
That's it! Your Medalla validator is now ready! Keep an eye on update instructions from the dev teams on their Discords so that you don't miss the latest release.
You can also enter your validator's public keys in Beaconcha.in to monitor its status and staking income.
submitted by maninthecryptosuit to ethstaker [link] [comments]

[GUIDE] navidrome + nginx

Hey all, Love the navidrome server and thank you for all the work put in i know i cant contribute much but I saw a post earlier about how nginx is missing from the documentation so i have took it upon myself to help out by making a stop gap guide to help other users. these guides assume you have already got a working installation of nginx and navidrome. If your nginx and navidrome installs are on separate machines please amend the proxy pass ip address and ports.

If you are using a baseurl (the part directly after the / on a domain e.g. https://mydomain.com/navidrome you can still use the configs in this guide but you should modify the) location / { to location /navidrome { if using navidrome as your baseurl.

HTTP config

This is for standard none https / ssl configuration and is used as a basic config simply create a file /etc/nginx/conf.d/music.conf and input the following editing YOUR.DOMAIN.HERE to match your dynamic dns or hostname. server { listen 80; server_name YOUR.DOMAIN.HERE; location / { proxy_pass http://localhost:4533/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_buffering off; } } once that has been saved simply run sudo service nginx restart

HTTPS/SSL config

This setup is a little harder than just http but this is still quite straight forward this guide assumes you are using certbot for the ssl cert and standard locations for the cert files. Please amend the your domain here to your domain name as required. this configuration will redirect all none https traffic to https.
Simply create the file /etc/nginx/conf.d/music.conf and input the following server { listen 443 ssl http2; server_name `YOURDOMAINHERE.COM`; ssl_certificate /etc/letsencrypt/live/YOURDOMAINHERE.COM/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/YOURDOMAINHERE.COM/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; add_header Strict-Transport-Security "max-age=31536000" always; ssl_trusted_certificate /etc/letsencrypt/live/YOURDOMAINHERE.COM/chain.pem; ssl_stapling on; ssl_stapling_verify on; location / { proxy_pass http://localhost:4533/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_buffering off; }
Save the file and then run
sudo service nginx restart

Paranoid config

This personally is my configuration due to running multiple servers and back-ends i just tend to go over the top (note there is a modification to my nginx binary that allows geoip2 to be used for free) this can be found online or if requested i can make another guide but i will comment out the geoip2 lines so if you do have a modified binary for it to run you can uncomment them and lock out regions you dont wish to publish to). This config primarily is to try to cover as many bases as possible.. note this is a bit over kill for navidrome to be honest but i cant help but do this on all my servers. This guide assumes you have nginx and navidrome on the same unit and have the standard locations from certbot for ssl handling.
same as before create /etc/nginx/conf.d/music.conf and insert the following just changing the YOURDOMAIN.HERE and if required add a different ip and port for proxy_pass lines ``` server { listen 443 ssl http2; server_name YOURDOMAIN.HERE;

if ($lan-ip = yes) {

set $allowed_country yes;

}

if ($allowed_country = no) {

return 444;

}

ssl_certificate /etc/letsencrypt/live/YOURDOMAIN.HERE/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/YOURDOMAIN.HERE/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; add_header Strict-Transport-Security "max-age=31536000" always; ssl_trusted_certificate /etc/letsencrypt/live/YOURDOMAIN.HERE/chain.pem; ssl_stapling on; ssl_stapling_verify on; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; add_header Content-Security-Policy "default-src https: data: blob:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://www.googletagmanager.com; script-src 'self' 'unsafe-inline' https://www.gstatic.com https://fonts.googleapis.com https://www.youtube.com https://s.ytimg.com http://192.168.1.2 https://www.googletagmanager.com; worker-src 'self' blob:; connect-src 'self'; object-src 'none'; frame-ancestors 'self'"; set $block_sql_injections 0; if ($query_string ~ "union.*select.*\(") { set $block_sql_injections 1; } if ($query_string ~ "union.*all.*select.*") { set $block_sql_injections 1; } if ($query_string ~ "concat.*\(") { set $block_sql_injections 1; } if ($block_sql_injections = 1) { return 403; } set $block_file_injections 0; if ($query_string ~ "[a-zA-Z0-9_]=http://") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=(\.\.//?)+") { set $block_file_injections 1; } if ($query_string ~ "[a-zA-Z0-9_]=/([a-z0-9_.]//?)+") { set $block_file_injections 1; } if ($block_file_injections = 1) { return 403; } set $block_common_exploits 0; if ($query_string ~ "(<|%3C).*script.*(>|%3E)") { set $block_common_exploits 1; } if ($query_string ~ "GLOBALS(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "_REQUEST(=|\[|\%[0-9A-Z]{0,2})") { set $block_common_exploits 1; } if ($query_string ~ "proc/self/environ") {# set $block_common_exploits 1; } if ($query_string ~ "mosConfig_[a-zA-Z_]{1,21}(=|\%3D)") { set $block_common_exploits 1; } if ($query_string ~ "base64_(en|de)code\(.*\)") { set $block_common_exploits 1; } if ($block_common_exploits = 1) { return 403; } set $block_user_agents 0; if ($http_user_agent ~ "Indy Library") { set $block_user_agents 1; } if ($http_user_agent ~ "libwww-perl") { set $block_user_agents 1; } if ($http_user_agent ~ "GetRight") { set $block_user_agents 1; } if ($http_user_agent ~ "GetWeb!") { set $block_user_agents 1; } if ($http_user_agent ~ "Go!Zilla") { set $block_user_agents 1; } if ($http_user_agent ~ "Download Demon") { set $block_user_agents 1; } if ($http_user_agent ~ "Go-Ahead-Got-It") { set $block_user_agents 1; } if ($http_user_agent ~ "TurnitinBot") { set $block_user_agents 1; } if ($http_user_agent ~ "GrabNet") { set $block_user_agents 1; } if ($block_user_agents = 1) { return 403; } location / { proxy_pass http://localhost:4533/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; proxy_buffering off; } 
}
```
Hope this helps and doesn't break any rules and isn't too much or a long read. I try to write guides in a way that if I was to find it I would understand it
Edit: changed from inline code to code block and ip to localhost
submitted by HeroinPigeon to navidrome [link] [comments]

MAME 0.221

MAME 0.221

Our fourth release of the year, MAME 0.221, is now ready. There are lots of interesting changes this time. We’ll start with some of the additions. There’s another load of TV games from JAKKS Pacific, Senario, Tech2Go and others. We’ve added another Panorama Screen Game & Watch title: this one features the lovable comic strip canine Snoopy. On the arcade side, we’ve got Great Bishi Bashi Champ and Anime Champ (both from Konami), Goori Goori (Unico), the prototype Galun.Pa! (Capcom CPS), a censored German version of Gun.Smoke, a Japanese location test version of DoDonPachi Dai-Ou-Jou, and more bootlegs of Cadillacs and Dinosaurs, Final Fight, Galaxian, Pang! 3 and Warriors of Fate.
In computer emulation, we’re proud to present another working UNIX workstation: the MIPS R3000 version of Sony’s NEWS family. NEWS was never widespread outside Japan, so it’s very exciting to see this running. F.Ulivi has added support for the Swedish/Finnish and German versions of the HP 86B, and added two service ROMs to the software list. ICEknight contributed a cassette software list for the Timex NTSC variants of the Sinclair home computers. There are some nice emulation improvements for the Luxor ABC family of computers, with the ABC 802 now considered working.
Other additions include discrete audio emulation for Midway’s Gun Fight, voice output for Filetto, support for configurable Toshiba Pasopia PAC2 slot devices, more vgmplay features, and lots more Capcom CPS mappers implemented according to equations from dumped PALs. This release also cleans up and simplifies ROM loading. For the most part things should work as well as or better than they did before, but MAME will no longer find loose CHD files in top-level media directories. This is intentional – it’s unwieldy with the number of supported systems.
As usual, you can get the source and 64-bit Windows binary packages from the download page. This will be the last month where we use this format for the release notes – with the increase in monthly development activity, it’s becoming impractical to keep up.

MAME Testers Bugs Fixed

New working machines

New working clones

Machines promoted to working

Clones promoted to working

New machines marked as NOT_WORKING

New clones marked as NOT_WORKING

New working software list additions

Software list items promoted to working

New NOT_WORKING software list additions

Source Changes

submitted by cuavas to emulation [link] [comments]

Practicing SR since July 2017; currently have a 3+ month streak

2 accounts got shadowbanned for uploading this post. Spam filter kept on removing it this post. Messaged the moderators, but received no answer. Removed many links, so check post history for full version.

First time making a Reddit post. Estimated Reading Time: 15 minutes
Brief summary of post:
  1. History of Journey
  2. Using Subliminals (affirmations converted into audio) to reprogram the subconscious, overcome nocturnal emissions, and turbo-charge the Law of Attraction
  3. Experience from meditation retreats
  4. Massive booklist covering psychotherapy, spirituality, and general books such as negotiating and advanced social skills
  5. Fundamental shifts that occurred
  6. Experiences with semen-retention benefits
  7. How I overcame and conquered negative entities
  8. Tantric meditation method that actually works with zero side effects
  9. Experience on speaking Japanese for 1 full hour with native speakers without notes after 3 months of learning

Terminology:
Wet dream/WD – sexual dream causing semen emission while sleeping
Nocturnal Emission/NE – semen emission occurring while sleeping even without dreaming
Semen-retention/SR streak – avoiding porn, masturbation, and ejaculation whether conscious or unconscious
Nofap Hardmode – avoiding porn, masturbation, and conscious ejaculation. Unconscious ejaculation/WD is considered fine.

As the title suggests, my current streak started in the middle of June 2017. Haven’t watched any porn or masturbated in 3 years. Experienced almost all the benefits such as massive attraction (men, women, children), an aura/energy surrounding me, enhanced charisma, less need for sleep, insane levels of energy, drive, and motivation, zero anxiety or fear, massive confidence occasionally bordering on arrogance, increased manifestation/LOA, people admiring/respecting me for no reason, online attraction, less procrastination, better athletic performance, greater creativity/intelligence, the desire to live a purposeful life, greater emphasis on spirituality, and much much more. Could probably write several posts just on the benefits themselves. Only thing that didn’t improve was my skin, which was later fixed using subliminals.
It’s been a long journey, so I’ll start with background information, and later elaborate on how I managed to go from nocturnal emissions every 5 days (avg) to having a perfect SR streak for 3 months.
Used to watch anime which led to hentai (2013), and eventually western/japanese porn. Don’t even bother to search these terms on Google. It’s not worth it. Thankfully, those days are long behind me. As a side-note, I discovered the nofap/semen-retention subreddit in November 2017. Didn’t even know about SR before that.
I was raised a Catholic in a fairly religious family. Always started various streaks, and eventually broke them due to boredom/emotional coping/curiosity about new videos. Thankfully, I got good grades, read books, and was interested in self-development, but all that time spent on porn was a complete waste. Assuming I spent at least 2 hours everyday for 4 years (1460 days), it amounts to 122 complete days or around 4 months in total. It’s pretty sad on reflection, but at least the experience is now absorbed, and I can write this post.
On June 2017, after summer break started and final exams were over, I decided to permanently quit this habit. Downloaded an application called Cold Turkey and completely blocked all websites I used to visit. Now use Leechblock, which is available on most browsers (also use it to block/restrict access to non-NSFW websites which impair productivity like ESPN). Started 30 minutes of daily meditation (mindfulness + metta). Still continue the habits to this day, although the length is increased to 1 hour. Read Mindfulness in Plain English by Bhante Gunaratana and Lovingkindness by Sharon Salzberg for instructions. Have re-read these books multiple times.
Mindfulness will allow you to be self-aware of your mental conditioning, while metta (feeling compassion for yourself, a friend, neutral person, and enemy) can remove thoughts of lust and fundamentally alter your mental programming. Compassion is a very powerful exercise. Read “The Mindful Path to Self-Compassion by Christopher Germer” while you’re at it and learn tonglen. All of these books contain zero fluff, and are invaluable reads.
Started drinking 16 glasses of water (thought it would help skin, but helped in other ways), and doing 100 pushups + 100 sit-ups everyday. Increased it to 200 pushups + 200 sit-ups after 1 month. After 2 months, I made a decent amount of gains (SR helps), and people started asking me workout tips and what gym I go to. Had a Kindle Paperwhite, which is frankly one of my most valued possessions. Still works perfectly fine after 5 years, and costs only $130. Buy one now. Read a lot of books mostly consisting of biographies/spirituality/practical social skills/800+ page novels for around 6 hours per day. Still try to read for at least 15 minutes/1 chapter even when extremely busy. Will post a small booklist at the end of this post.
You can upload books to it for free if you lack money. Visit (gen.lib.rus.ec), download the ebook in epub/mobi format, open it with Calibre (https://calibre-ebook.com/), and send it to Kindle using USB. Knowledge is an investment that produces continuous returns. Warren Buffett spends 80% of his time just reading! and takes action based on that knowledge.
Even managed to have the motivation to learn Japanese by joining a foreign language exchange website. People, especially women, accepted and sent a lot of invitations to have a conversation; didn’t realize online attraction was due to SR back then. None of us showed our faces, so my physical appearance had nothing to do with it. From experience, the best way to learn a language was to make a phrase sheet with the most common phrases/questions, such as “okay”, “that’s awesome”, “what is that word in English/Japanese?” Basically a human AI bot. Don’t waste time trying to learn how to write the alphabet, although my primary purpose was to learn how to speak. Google Translate is good enough to understand the pronunciation.
I learned Japanese primarily by watching Terrace House. First watched the episode with subtitles, then re-watched it without, while simultaneously writing all the connectives/conversational phrases. You can try unique methods to remember, but brute-force memorization/review worked the best. Never tried Anki since it was cumbersome to use.
For the accent, the best way is to watch Japanese people trying to speak English, and try to mirror their accent as much as possible. It honestly helps. After 3 months, I could have a full 1 hour conversation in Japanese with a native speaker without looking at any notes. I wasn’t “fluent” (still stuttered and made mistakes), but it was a huge amount of progress for starting from scratch. Eventually after 6 months, I gave up practicing/speaking the language. I was mainly trying to fulfill a childhood fantasy, and I’m glad I tried since I learned a lot from it and got to talk with interesting people. But in reality, I stopped watching anime, and honestly never needed to speak Japanese in real-life. Now I barely remember any of the words, except a few basic phrases. Could probably last 30 seconds of full conversation at best.
So, everything was going great until December 2017. During this time period, I probably had wet dreams/nocturnal emissions every 1 – 2 months. Barely felt much difference since there was a decent time interval between emissions. Drank 2 glasses of water everyday before bed, slept on my stomach, and ate spicy food (practices that cause nocturnal emissions), but was perfectly fine. However in December I started having emissions every 2 weeks. Initially didn’t care about it. In January it started happening every 1 week. Nothing really changed in my life during this time to cause emissions to increase. Then it started happening every 5 days, every 3 days, sometimes even 2 days in a row!
Most of you will have no idea how terrible it feels to be on top of the world, and then suddenly crash down. The difference between living life with/without SR benefits is night and day. Even after sleeping 10 hours, I used to feel completely exhausted. People ignored me, or worse started “joking” around me. Complete disrespect by friends, family, and acquaintances. No energy/motivation to do anything. Constant brain fog, could barely concentrate. Felt even worse than my porn days when I ejaculated everyday. Voice completely shot, started feeling anxious about oral presentations for no reason, when I always excelled. Felt like my soul was dying. Those were really dark times. People started saying I “changed”, and started pointing out and constantly magnifying my flaws. It’s strange how people exaggerate our skills/talents on SR, while they completely ignore them post WD/ejaculation, and focus only on your flaws/mistakes. It makes you lose trust in everyone around you, as if all of them are energy vampires who only like you due to SR.
I grew desperate. During this whole time I meditated, practiced no lust/no arousal as best as possible since July 2017, yet emissions increased massively in frequency. Some occurred due to sexual dreams, but most were nocturnal emissions. Thought I had a UTI at first, and went to a general practitioner. He didn’t seem very reliable, so I went to a prominent urologist. Did all sorts of tests, paid a good amount of money, and the doctor said everything was fine. Having nocturnal emissions every 5 days was perfectly normal at my age. Encouraged me to masturbate regularly if it became an inconvenience :)
So medical science obviously failed. Started following all the tips/methods in this subreddit, and believe me I tried almost everything no matter how uncomfortable or time-consuming. Omad, avoid food/water before bed, vegetarianism, tantric meditation, different diets, various sleeping positions, no/increased meditation before bed, no/more exercise, yogic exercises, qigong, some tips mentioned by Soaring Eagle, prayed to God. None of them worked. The only method I didn’t try extensively were kegels. Initially tried a normal + reverse kegel routine, then found an article by coincidence on this subreddit about someone who permanently damaged their penis from doing kegels. Immediately stopped, thank you to that person for sharing your experience. It’s as if the universe was looking out for me. Best to avoid such risky methods even if you’re desperate. Currently sleep on my back since it avoids any "accidental physical stimulation" from occurring.
So this nocturnal emission phenomena continued for over a year. Some methods worked better than others, while for some, I wasn’t sure if it was merely the placebo effect. In mid-2019 I came across subliminal videos (finally the good part!) on YouTube. (https://www.youtube.com/watch?v=P0W5AB1sGr0) This video explains it more thoroughly, but basically you convert affirmations (sentences like “I am happy/smart/handsome”) into audio using text-to-speech software and reprogram your subconscious mind. Tried a beauty subliminal (https://www.youtube.com/watch?v=xEXaAsm-Iys) as a joke, but the next day I noticed changes in my facial structure. Listened for an hour the first day, which was easy given the music. You have no idea how amazing it feels to know that you can control your reality just by using your mind. Completely magical. Supposedly it works due to the Law of Attraction; you can find out more by reading/watching “The Secret” by Rhonda Byrne, and later reading all the books by Neville Goddard. Started using a skin subliminal as well (https://www.youtube.com/watch?v=iqi8Q80pspk and later moved onto https://www.youtube.com/watch?v=COxz8hvl14Y ), and now my skin is completely normal. Visited prominent US dermatologists, tried all sorts of acne medicine including Accutane, and even did SR, yet none of them worked. Skin was pretty terrible, and I was glad it got fixed. Took around 4 months of daily listening although it can be shortelonger depending on your belief, blockages, and levels of positivity. There’s a CIA document on holographic universes, astral projection, time travel, and psychic powers if you need scientific validation: https://www.cia.gov/library/readingroom/docs/CIA-RDP96-00788R001700210016-5.pdf
Disclaimer: Although there can be bad subliminal makers, they are very rare, and there has been only 2 of them in the history of the community. Someone named MindPower and Rose subliminals. The vast majority (99%) put positive affirmations. It’s best that you verify by checking all the comments, seeing their subscriber count, general personality, etc, but ultimately there’s no guarantee. The only way to make sure the affirmations are 100% positive and safe are to make them yourself or use a subliminal that blocks negative affirmations.
One thing to note is that physical change (biokinesis; search that term)/spiritual subliminals utilize the prana in your body to a certain extent to make changes. It makes sense since physical change is essentially a psychic poweenergy work. So your SR benefits/aura might temporarily decrease. Hydration is also recommended, and you will notice feeling thirsty. Personally drink 20 glasses of water everyday.
Obviously, my interest now turned towards using subliminals to cure nocturnal emissions. Unfortunately there’s a huge lack of subliminals regarding semen-retention or those targeted towards nocturnal emissions. Initially bought a subliminal using a paid request (you pay a subliminal maker for a specialized subliminal), but it didn’t work that well. Desired to be permanently free of nocturnal emissions, or at least reduce the frequency to once a month. So I decided to make my own subliminal. The affirmations will be posted below, and this is how I eventually cured my nocturnal emissions.
Steps on how to make your own subliminal:
  1. Write all the affirmations in a word document and save it.
  2. Download text-to-speech software like Balabolka and output the audio file in wav format (you want both uncompressed + lossless)
  3. Optional but recommended; download an audio editor like Audacity, and fast-forward the audio as much as possible using the “Change Tempo” effect. Personally I speed the audio to one second and then loop it 1000x. Continue the process as much as possible, but never make the audio length less than 1 second. Some subliminal makers make their subliminals even more powerful by creating multiple audio streams of their affirmations using different voices, merging all the voices together, and speeding them up. It’s called layering. Why super-sped affirmations work better can be somewhat explained by this article (https://www.psychologytoday.com/us/blog/sensorium/201812/experiments-suggest-humans-can-directly-observe-the-quantum), but science still doesn’t have all the answers. Will take time.
  4. Converting the affirmations to binary code (https://www.rapidtables.com/convert/numbeascii-to-binary.html) is a technique some subliminal makers use. Supposedly it penetrates the subconscious faster.
Affirmations Link: https://www.reddit.com/pureretention/comments/hg0tjb/practicing_sr_since_july_2017_finally_conquered/ (same content; scroll down to the subliminal section and download the affirmations file from the mega link)
Listened to this personal subliminal for 1 hour everyday for an entire month. Still listen just to be safe. Took months of testing and editing affirmations to make it perfect. Experienced massive sexual dreams on certain days, more than normal, and found out that entities could be responsible. Try to avoid this subreddit as well, since reading the posts can trigger memories. More energetically sensitive now, and sometimes there’s a lot of low-vibrational energy. On a side-note, porn cripples your aura and invites negative entities (https://www.awakeningstaryoga.com/blog/expanding-away-from-porn-aura).
Non-subliminal solutions:
  1. https://www.youtube.com/watch?v=lMx69hgYq0s (morphic field)
  2. https://www.youtube.com/watch?v=EWK0D1g069I (powerful aura cleanse; Tibetan bowl sounds)
  3. https://www.youtube.com/watch?v=7moRsibNyMA (reiki)
Subliminal solutions (ordered in terms of effectiveness):
  1. https://www.youtube.com/watch?v=8Kt9s5tY1YE
  2. https://www.youtube.com/watch?v=XvyPscRD1ss
  3. https://www.youtube.com/watch?v=NTmnrFzR0_Q (for spells, curses, black magic, etc)
  4. https://www.youtube.com/watch?v=8Kt9s5tY1YE (last resort)
The entire channel is a gem; these were some of the best. Have used them for a few months and feel much lighter and peaceful; experienced only headaches due to subconscious absorbing the affirmations, but zero negative effects.
Advice: Remember to immediately download any subliminal video you find that is useful in wav format (https://www.savethevideo.com/download). Subliminal channels are sometimes deleted by YouTube (spam filter) or the creators themselves.
Waited 3 whole months before deciding to make a Reddit post to make sure the method was 100% foolproof. Remember many people offering solutions in the past, yet 1 month later they would have another wd/nocturnal emission.
The first month there was a lot of fear. Will I have a wet dream/nocturnal emission tonight? Was so traumatized it was difficult getting to sleep every night. After the 2nd month, I experimented with sleeping on my stomach and eating/drinking before bed. Nothing happened. Stopped recently to stay careful.
After 2 years of suffering, this is a method that has worked. Try and see for yourself.
Present day:
How do you feel now? Some days it’s meh (due to flatline) like today; on other days I feel divine. No idea why flatline still occurs. Have regained all the benefits, feel love and happiness all the time. Experience intense states of bliss in meditation more frequently, although it’s just a distraction.
Religiously/Spiritually I’ve moved from Christianity to Buddhism/Advaita Vedanta/parts of New Age. Found them more practical and useful in life. Was inspired to aim for spiritual enlightenment after reading “The 3 pillars of Zen” by Philip Kapleau. Read it, it might change your life.
Have attended a number of meditation retreats now, along with 10-day ones. Everyone reading this post should try it. Understood how much our mental programming defined us, and that we aren’t are thoughts. Our childhood traumas define so much of our habitual reactions. Realized its okay to feel bored rather than chasing after constant stimulation.
Even attended a Jhana retreat, which is exclusive for people who have attended prior retreats. Entered intense states of meditative absorption, understood the permeability/impermanence of reality, and had all sorts of mystical experiences. Experienced past lives; can confirm my mind did not make it up, since it’s an experience you can constantly replicate using the same methods. Before attempting such methods, you need to have the ability to sit down and meditate continuously for at least 3 hours. If you live in the US, attend IMS (Insight Meditation Society) or any prominent Vipassana/Theravada related retreat. Zen is a valid form of enlightenment, but it personally felt unstructured.
Gave up music, took time since I was convinced it was needed for creativity. Instead, it was just a substitute source of dopamine and a way to avoid my emotions. Have much less brain fog after quitting. Only communicate using regular phone calls these days, which no one uses, and Snapchat/WhatsApp for texting. Avoid stories, waste of time. Instagram/TwitteFacebook are a waste of time unless you are using it for business purposes. The only social media you really need is LinkedIn.
Women: You’ll learn more about them by reading romantic novels, Korean mangas, and watching Kdramas then reading all that seduction/red pill stuff. Focus on general charisma (men and women) instead of a specific gender. Read “The Charisma Myth” by Olivia Fox Cabane; it’s the most practical book on social skills I have ever read, and possibly the most life-changing as well. Teaches you self-awareness, applies Buddhist psychology to social interaction. Used to train executives in Google, read it now (and do all the exercises). The bibliography sent me on a rabbit hole that made me read ton of books on psychotherapy, meditation, mindfulness, and Buddhism; this was before SR. Inspired me to practice meditation, although the habit only became regular after SR.
Read books such as Crucial Conversations by Al Switzer, Difficult Conversations by Douglas Stone, How to Talk so Kids will Listen by Adele Faber (works very well in general since even adults have childhood programming, and can act like children), Never Split the Difference by Chris Voss (FBI's chief international hostage and kidnapping negotiator from 2003 to 2007), Getting More by Stuart Diamond (trains negotiators at Google), and Pitch Anything by Oren Klaff (more theoretical but useful). Also read The Definitive Book of Body Language by Allan Pease and What Every Body is Saying by Joe Navarro. These are all books that will greatly improve your human interactions and contain limited fluff. Have re-read all of these books in difficult times, and they have never let me down. You should read it as well. Even if you become a monk, there’s lots of social infighting even in monasteries. Highly-developed social skills are invaluable whenever you are dealing with individuals. Read “How to make friends and influence people” by Dale Carnegie once in a while, since most forget to apply his “basic” advice. Learned a lot about oral presentations by watching Alan Shore on Boston Legal (TV show).
Current position in life? Studying for a bachelor’s degree. My family is financially well-off, and my father is paying for my college tuition and dorm. Scholarships aren’t available for all income levels. Although I come from “privilege”, the above information can help anyone regardless of their financial position. We live in an era where information is accessible to all social classes, so excuses aren’t that relevant. If you’re practicing SR, you are already 20 steps closer to success. The tips above can be applied for free as long as you have a computesmartphone. Read books starting from today, knowledge is a source of power. People spend so much time reading the news, scrolling social media feeds, reacting to comments, chatting about useless things with friends, binging shows on Netflix, browsing YouTube/Reddit, that time quietly passes by. Time is the most valuable commodity you have; don’t waste such a limited resource on things that will contribute nothing towards your purpose in life. Once it’s spent, you can never get it back.
Personally, I schedule the next day before going to bed. Leisure, Reading, Schoolwork, Meditation, everything is mapped out perfectly. Try to eliminate habits that just waste time and stick to your schedule perfectly (working on it myself). If you feel tired after work/studying, take a nap or meditate instead of receiving even more stimulation from videogames, YouTube, or other artificial dopamine sources. Try NoSurf.

Basic Booklist:

Spirituality:
  1. The End of Your World by Adyashanti (fantastic writer; must-read if you have had an awakening experience or believe you are "enlightened")
  2. How to Attain Enlightenment -> The Essence of Enlightenment by James Swartz (best introduction to Advaita Vedanta I have read so far)
  3. I am That by Sri Nisargadatta Maharaj
  4. In the Buddha's Words by Bhikkhu Bodhi (best introduction to Buddhist scripture)
  5. Why Buddhism is True by Robert Wright (secular perspective but informative; his previous book The Moral Animal is a good introduction to evolutionary psychology. Read this first if you are non-spiritual)
  6. Wisdom Wise and Deep by Shaila Catherine (comprehensive introduction by one of the best Jhana teachers in the US)
  7. Manual of Insight by Mahasi Sayadaw
  8. Emptiness: A Practical Guide by Guy Armstrong (good introduction to the Buddhist version of reality)
  9. Books by Loch Kelly (practical guide to non-dual meditation practices within Buddhism; The Little Book of Being by Diana Winston may be a better introduction)
  10. Seeing that Frees by Rob Burbea (really advanced but profound)
  11. http://awakeningtoreality.blogspot.com/2007/03/thusnesss-six-stages-of-experience.html (Buddhism > Advaita)
  12. Books by Robert Bruce such as Psychic Self-Defence and Energy Work
  13. Psychic Witch by Mat Auryn
  14. Dream Yoga by Andrew Holecek (amazing/practical book on lucid dreaming -> dream yoga)
  15. Autobiography of a Yogi
  16. The Practice of Brahmacharya by Swami Sivananda and Soaring Eagle (https://forum.nofap.com/index.php?threads/6-years-clean-rebooting-as-the-best-remedy.135983/) if you haven’t read already
  17. Xunzi trans. by Eric Hutton (final evolution of Confucianism)
Novels (use translators mentioned):
http://gen.lib.rus.ec/fiction/? for foreign literature

  1. Musashi by Eiji Yoshikawa (Taiko is decent as well, but this one was a masterpiece)
  2. Romance of the Three Kingdoms trans. Moss Roberts
  3. The Dream of the Red Chamber trans. David Hawkes (read it in the summer of 2017, profound but not all may see the deeper meaning)
  4. The Nine Cloud Dream trans. Heinz Insu Fenkl
  5. Atlas Shrugged by Ayn Rand (Inspirational for Entrepreneurs, however don’t start adopting this book as economic philosophy. It’s just a novel!)
  6. The Alchemist by Paulo Coelho (read now if you are experiencing an existential crisis)
  7. Dostoevsky’s Crime and Punishment + The Brothers Karamazov (optional reading; prefer Pevear translation)
  8. Perry Mason and Sherlock Holmes Series (pleasure reading but not useless)
Psychotherapy (never visited a therapist, but found these useful):
  1. Getting Past Your Past by Francine Shapiro (by the founder of EMDR, best practical book on trauma and exercises to resolve it)
  2. Complex PTSD: From Surviving to Thriving (another immensely practical book on recovering from trauma)
  3. Breaking the Cycle by George Collins (best practical workbook on sexual addiction I have read; all should read)
  4. Get out of your mind and into your life by Steven Hayes (Was mentioned in the charisma myth booklist; take control of your thoughts and mind by the founder of ACT)
  5. Mindful Compassion by Paul Gilbert and Choden (prominent researcher on compassion applied to therapy; part one can be boring, but part two on practical exercises is invaluable)
  6. Feeling Book by David Burns (rightfully a classic book on therapy and CBT; read if you are suffering from depression)
  7. Healing Development Trauma by Laurence Heller (best book on the impact of childhood/development trauma but meant for therapists, might explain why we use addiction to cope from childhood memories; google ACE study as well)
  8. The Boy who was raised as a Dog by Bruce Perry (stories about children experiencing trauma. Increases empathy for yourself and others; you realize how childhood trauma affects how a lot of people think and behave)
  9. Whole Again: Healing Your Heart and Rediscovering Your True Self After Toxic Relationships and Emotional Abuse by Jackson MacKenzie (fantastic book on recovering from relationship abuse. Many of us have emotional baggage that fuels coping and addiction loops. Read Healing from Hidden Abuse by Shannon Thomas as well.)
  10. Self-Compassion by Kristen Neff (optional reading, but complimentary)
For biographies, read those of presidents and important leaders. Also about famous/successful individuals. Read all of Ron Chernow’s books. Abuse the Amazon Search Engine and look through their categories. Reading biographies can fundamentally enhance your worldview so you realize that real-life issues are much more nuanced and gray rather than black and white. Also shows how successful people deal with difficult crises and their perspective on life. Especially for public policy. If a President implements an economic policy that has short-term gains, but long-term loss, he has a greater chance of being re-elected. However, short-term loss in favor of long-term gain is the correct policy. Employ critical-thinking! Avoid cable news even if you need to stay informed. Don’t even have a television in my house. Unnecessary. Just read 2 – 3 reputable news sources for 20 minutes max. Sometimes I even avoid the news since there’s too much negativity.
https://www.reddit.com/kundalini/comments/1unyph/a_tantric_perspective_on_the_use_of_sexual_energy/ (tantric meditation technique that actually works; you are supposed to do it for 1 hour. Optional.)
https://www.reddit.com/kundalini/comments/2zn8ev/grounding_201_two_effective_quick_methods/ (energetic protection + grounding method after doing the tantric meditation)
Avoid learning Mantak Chia’s techniques from a book, since some have suffered side-effects to their energetic/biological body. For NEO, Tibetan buddhists practice meditation for 13 years before attempting it (https://en.wikipedia.org/wiki/Karmamudr%C4%81). Not easy. Not sure about women, since SR streak is more important. Don’t pick a partner to fulfill some kind of emotional void, or due to societal programming where women are held to be the ultimate goal. Spiritual Enlightenment is the ultimate goal now, but even enlightened people need money for food and shelter.
Youtubers I follow are Graham Stephan, Ryan Serhant, Rupert Spira, and https://www.youtube.com/channel/UCUX1V5UNWP1RUkhLewe77ZQ (cured women objectification for me; wholesome content) although mostly I avoid the website. Easy to loose track of time.
Avoid smoking, alcohol, recreational drug use (https://www.elitedaily.com/wellness/drugs-alcohol-aura-damage/1743959), casual sex (https://mywakingpath.wordpress.com/tag/aura/; sensitive images but useful), and fast food. Budget your money, and learn how to save as much as possible.
Hope everyone reading this post experiences their definition of success and leads a purposeful life. Will end it by stating two quotes that have inspired and guided me:
“You yourself have to change first, or nothing will change for you!”
― Hideaki Sorachi
“It is not important to be better than someone else, but to be better than you were yesterday.”
― Jigoro Kano (Founder of Judo)
Update 1, 2, 3: Added a post summary and the audio as well in the affirmations link
Update 4: https://starseedsunited.com/negative-entities-and-psychic-attacks (basic article on entities)
Some solutions are posted above. Updated* daily routine:
  1. https://www.reddit.com/kundalini/comments/1xyp5k/a_simple_and_universal_white_light_protection/ (basic psychic self-defence)
  2. https://www.youtube.com/watch?v=8Kt9s5tY1YE (at least once everyday; cures sexual dreams and flushes all entities)
  3. https://www.youtube.com/watch?v=yLeubTQv65Q (best shielding subliminal so far; general protection. Listen at least once everyday)
Note: Will continuously update this post based on further clarification. Close to 40,000 character word limit.
submitted by RisingSun7799 to Semenretention [link] [comments]

Free Download IQ Option Bot  Binary Option Robot  No ... BINARY OPTION BOT FREE DOWNLOAD - YouTube BINARY OPTION HIGHER BOT ( FREE DOWNLOAD) - YouTube Free Download IQ Option- Binary Option Bot- Robot 2019 ... free download binary.com bot - automatic trading software ...

DOWNLOAD BINARY BOT FOR FREE AND LEARN HOW TO USE The first thing you have to do is create an account at this broker, ... Finally I got my lost funds recovered in binary option, I lost my money I invested in binary option to a scam broker who ripped off my money and I never saw them again I became more depressed. Iq Option Binary Options Robot free download - Binary Vortex, SBNews News Robot, IQ Flash Cards, and many more programs Binary Option Bot, free download. Binary Option Bot: Binary Option Magnet - Make $100 - $900 Per Day Trading With The Worlds First Binary Options Bot 1,746,000 recognized programs - 5,228,000 known versions - Software News Binary Power Bot is the result of teamwork, experienced traders, mathematicians and programmers. It is based on the only one of its kind formula that will allow you to receive a constant profit from trading binary options. According to the developers, Binary Power Bot allows you to make a profit in 8 transactions out of 10. Binary Option Robot will analyse the trend of the market in real-time and will call or put at your place on the right currencies and at the right moment. Based on market trends ! You may want to check out more software, such as OptionBot , Famos robotic or Article Marketing Robot , which might be similar to Binary Option Robot.

[index] [12573] [2169] [4785] [10941] [14923] [6455] [12915] [7363] [13272] [8476]

Free Download IQ Option Bot Binary Option Robot No ...

Open Binary com account https://record.binary.com/_4UCwKrJZCBkad7NeR55Oi2Nd7ZgqdRLk/1/Join telegram group https://t.me/joinchat/Dx9bjFT4phVVowHgoSXzLgDownl... ///////////////////////////////////////////////////////////////////////////////////Download here link: https://bit.ly/2xOKOR9////////////////////////////////... join our signal group:- https://t.me/joinchat/AAAAAE6760K2szQ3-o-xgwopen real or demo account True ECN Broker: https://goo.gl/obfYx8download this one:- http:... Get a free demo account : http://bit.ly/34fPr1p Download the free bot https://bit.ly/3arinpL Binary.com free bot 2020 https://bit.ly/2SCSYDt Over/Under Bot f... mediafire Download here link ; https://bit.ly/36o9PON drive google Download here link ; https://bit.ly/38tssTg binary option #strategy binary option #robot b...

http://uae-binaryoption.videoporn.pw

test2