25 January 2018

Using Logical Volumes as disk images for virtualization

      In most scenarios, using raw devices can increase the performance. Of course, the application should know how to deal with that. Why? Because you take away the overhead that the file system can cause (again, if the application know how to deal with that).
     I see in my entire life databases having more performance because are using raw devices (disregard what the dumb people says in tongues without any proof).

What I've tested

Linux and FreeBSD Virtual machines have a significant increase of I/O performance.

What I didn't tested

Windows VMs (well windows do a shitload of I/O, probably it's a good idea if you're into this crap)
BSD VMs (not yet)
Resizing (I don't know if it's possible, I'll test later and update this post)

05 January 2018

Privacy repository

I've created a repo on github to pull together all the privacy stuff and how to fix it (disregard the operating system). 
So don't do anything stupid, read the scripts before executing, specially because we're talking about windows and one of them are about flashing your bios (IntelME). I'm not responsible if your house goes in orbit because you did something wrong without read first.

https://github.com/menelkir/privacy

04 December 2017

Prevent apple OS from creating .DS_Store and other bullshits

I don't think I have to explain about that. Everyone that had to admin an ecosystem that have one or more apple users know how this can be a nightmare in many different scenarios (specially because at some point, MacOS doesn't care even to hide the files anymore when dealing with network shares, external drives and so on, how nice).

Well... this needs to be applied with the MacOS:

Prevent MDS from attempting to Index
sudo touch /Volumes/volume_name/.metadata_never_index

Disable Indexing AND Searching of Volumes (if necessary)
sudo mdutil -i off -d /Volumes/volume_name

Delete existing Spotlight Index (if necessary, to start over, whatever fits you)
sudo rm -rfv /Volumes/volume_name/.Spotlight-V100
sudo rm -rfv /.Spotlight-V100


Disable creating '.DS_Store' bullshit on USB volumes
defaults write com.apple.desktopservices DSDontWriteUSBStores -bool true

Disable creating '.DS_Store' bullshit on network volumes
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true

Now that you've cleaned the mess, remove this bullshit from your drives:
find /path/you/want/to/clean/ -name ".DS_Store" -depth -exec rm {} \;

12 October 2017

Fixing the network device names

     If you are struggled with a distro with systemd for a random reason, you can fix this dumb nonsense of network devices with this command:

ln -s /dev/null /etc/systemd/network/99-default.link

     I don't know what will break doing this, but since I'm testing this crap using a VM, I don't really care (but you should, so beware where are you doing this). I've tested on Debian and Arch.
     Some people reported that most problems with network manager can be fixed when doing this. 

09 October 2017

Sensors for ASUS P8H61-M LX2 R2.0

     It's just a configuration for sensors of this motherboard (since lm_sensors website is long gone and I never find anything about the sensors for this motherboard). After reading a lot of stuff, I think I figure out to be more readable. Pay attention to some ignored values since some of them is just because I don't have it enabled/present (like case fan, intrusion, etc). Don't mind the way i've formated, blogger doesn't let me use damn tabs (it's on my github).

06 September 2017

Intel ME Security Issue and how to fix it

Intel ME is a coprocessor integrated in all post-2006 Intel boards, for which this Libreboot page has an excellent description. The main component of Intel ME is Intel AMT, and I suggest you to read this Wikipedia page for more information about it. In short, Intel ME is an irremovable environment with an obscure signed proprietary firmware, with full network and memory access, which poses a serious security threat. Even when disabled from the BIOS settings, Intel ME is active: the only way to be sure it is disabled is to remove its firmware from the flash chip.
Before Nehalem (ME version 6, 2008/2009) the ME firmware could be removed completely from the flash chip by setting a couple of bits inside the flash descriptor, without the need to reverse-engineer the ME firmware.
Starting from Nehalem the Intel ME firmware can't be removed anymore: without a valid firmware the PC shuts off forcefully after 30 minutes. This project is an attempt to remove as much code as possible from such firmware without falling into the 30 minutes recovery mode.
me_cleaner currently works on most architectures, see me_cleaner status (or its discussion) for more info about them. me_cleaner works also on the TXE and SPS firmware.
If you want to understand how me_cleaner works, you can read the "How does it work?" page.
If you want to apply me_cleaner on your platform I suggest you to read the "How does it work?" page and then follow the guide "How to apply me_cleaner".
For pre-Skylake firmware (ME version < 11) this tool removes almost everything, leaving only the two fundamental modules needed for the correct boot, ROMP and BUP. The code size is reduced from 1.5 MB (non-AMT firmware) or 5 MB (AMT firmware) to ~90 kB of compressed code.
Starting from Skylake (ME version >= 11) the ME subsystem and the firmware structure have changed, requiring substantial changes in me_cleaner. The fundamental modules required for the correct boot are now four (rbe, kernel, syslib and bup) and the minimum code size is ~300 kB of compressed code (from the 2 MB of the non-AMT firmware and the 7 MB of the AMT one).
This project is based on the work of the community; in particular I thank Igor Skochinsky, for the core information about Intel ME and its firmware structure, and Federico Amedeo Izzo, for its help during the study of Intel ME.

Source, author and tools: Github

02 September 2017

How to stop Microsoft messing up your privacy in Windows 7.

     As I stated here for Windows 10, this one is for windows 7.
     I did a lot of research and I don't remember all the sources (sorry, let me know in comments if you have some so I can put here).
     There's a shitload of KBs, so I'll not link every single one, you can research yourself right? RIGHT?. I've checked every single KB and none of them have a direct impact to windows functionality (actually, it's just a bunch of hideous reporting mess).
     Heres a script to make your life easier. You can run safely after doing a full update (reboot after running the script).