Archive for the ‘Curious Facts’ Category

Hack: Using ssh / curl or wget to test TCP port connection state to remote SSH, DNS, SMTP, MySQL or any other listening service in PCI environment servers

Wednesday, December 30th, 2020


If you work on PCI high security environment servers in isolated local networks where each package installed on the Linux / Unix system is of importance it is pretty common that some basic stuff are not there in most cases it is considered a security hole to even have a simple telnet installed on the system. I do have experience with such environments myself and thus it is pretty daunting stuff so in best case you can use something like a simple ssh client if you're lucky and the CentOS / Redhat / Suse Linux whatever distro has openssh-client package installed.
If you're lucky to have the ssh onboard you can use telnet in same manner as netcat or the swiss army knife (nmap) network mapper tool to test whether remote service TCP / port is opened or not. As often this is useful, if you don't have access to the CISCO / Juniper or other (networ) / firewall equipment which is setting the boundaries and security port restrictions between networks and servers.

Below is example on how to use ssh client to test port connectivity to lets say the Internet, i.e.  Google / Yahoo search engines.

[root@pciserver: /home ]# ssh -oConnectTimeout=3 -v -p 23
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 23.
debug1: connect to address port 23: Connection timed out
debug1: Connecting to [2a00:1450:4017:80b::200e] port 23.
debug1: connect to address 2a00:1450:4017:80b::200e port 23: Cannot assign requested address
ssh: connect to host port 23: Cannot assign requested address
root@pcfreak:/var/www/images# ssh -oConnectTimeout=3 -v -p 80
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 80.
debug1: connect to address port 80: Connection timed out
debug1: Connecting to [2a00:1450:4017:807::200e] port 80.
debug1: connect to address 2a00:1450:4017:807::200e port 80: Cannot assign requested address
ssh: connect to host port 80: Cannot assign requested address
root@pcfreak:/var/www/images# ssh -p 80
ssh_exchange_identification: Connection closed by remote host
root@pcfreak:/var/www/images# ssh -p 80 -v -oConnectTimeout=3
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 80.
debug1: connect to address port 80: Connection timed out
debug1: Connecting to [2a00:1450:4017:80b::200e] port 80.
debug1: connect to address 2a00:1450:4017:80b::200e port 80: Cannot assign requested address
ssh: connect to host port 80: Cannot assign requested address
root@pcfreak:/var/www/images# ssh -p 80 -v -oConnectTimeout=5
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 80.
debug1: connect to address port 80: Connection timed out
debug1: Connecting to [2a00:1450:4017:80c::200e] port 80.
debug1: connect to address 2a00:1450:4017:80c::200e port 80: Cannot assign requested address
ssh: connect to host port 80: Cannot assign requested address
root@pcfreak:/var/www/images# ssh -p 80 -v
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 80.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type 0
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.9p1 Debian-10+deb10u2
debug1: ssh_exchange_identification: HTTP/1.0 400 Bad Request


debug1: ssh_exchange_identification: Content-Type: text/html; charset=UTF-8

debug1: ssh_exchange_identification: Referrer-Policy: no-referrer

debug1: ssh_exchange_identification: Content-Length: 1555

debug1: ssh_exchange_identification: Date: Wed, 30 Dec 2020 14:13:25 GMT

debug1: ssh_exchange_identification:

debug1: ssh_exchange_identification: <!DOCTYPE html>

debug1: ssh_exchange_identification: <html lang=en>

debug1: ssh_exchange_identification:   <meta charset=utf-8>

debug1: ssh_exchange_identification:   <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">

debug1: ssh_exchange_identification:   <title>Error 400 (Bad Request)!!1</title>

debug1: ssh_exchange_identification:   <style>

debug1: ssh_exchange_identification:     *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(// 10
debug1: ssh_exchange_identification: 0% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.g
debug1: ssh_exchange_identification: no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(// no-repeat 0
debug1: ssh_exchange_identification: % 0%/100% 100%;-moz-border-image:url(// 0}}@media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//
debug1: ssh_exchange_identification: color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}

debug1: ssh_exchange_identification:   </style>

debug1: ssh_exchange_identification:   <a href=//><span id=logo aria-label=Google></span></a>

debug1: ssh_exchange_identification:   <p><b>400.</b> <ins>That\342\200\231s an error.</ins>

debug1: ssh_exchange_identification:   <p>Your client has issued a malformed or illegal request.  <ins>That\342\200\231s all we know.</ins>

ssh_exchange_identification: Connection closed by remote host


Here is another example on how to test remote host whether a certain service such as DNS (bind) or telnetd is enabled and listening on remote local network  IP with ssh

[root@pciserver: /home ]# ssh -p 53 -v -oConnectTimeout=5
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 53.
debug1: connect to address port 53: Connection timed out
ssh: connect to host port 53: Connection timed out

[root@server: /home ]# ssh -p 23 -v -oConnectTimeout=5
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1g  21 Apr 2020
debug1: Connecting to [] port 23.
debug1: connect to address port 23: Connection timed out
ssh: connect to host port 23: Connection timed out

But what if Linux server you have tow work on is so paranoid that you even the ssh client is absent? Well you can use anything else that is capable of doing a connectivity to remote port such as wget or curl. Some web servers or application servers usually have wget or curl as it is integral part for some local shell scripts doing various operation needed for proper services functioning or simply to test locally a local or remote listener services, if that's the case we can use curl to connect and get output of a remote service simulating a normal telnet connection like this:

host:~# curl -vv 'telnet://remote-server-host5:22'
* About to connect() to remote-server-host5 port 22 (#0)
*   Trying… connected
* Connected to aflpvz625 ( port 22 (#0)

Now lets test whether we can connect remotely to a local net remote IP's Qmail mail server with curls telnet simulation mode:

host:~#  curl -vv 'telnet://'
* Expire in 0 ms for 6 (transfer 0x56066e5ab900)
*   Trying…
* Expire in 200 ms for 4 (transfer 0x56066e5ab900)
* Connected to ( port 25 (#0)
220 This is Mail Pc-Freak.NET ESMTP

Fine it works, lets now test whether a remote server who has MySQL listener service on standard MySQL port TCP 3306 is reachable with curl

host:~#  curl -vv 'telnet://'
* Expire in 0 ms for 6 (transfer 0x5601fafae900)
*   Trying…
* Expire in 200 ms for 4 (transfer 0x5601fafae900)
* Connected to ( port 3306 (#0)
Warning: Binary output can mess up your terminal. Use "–output -" to tell
Warning: curl to output it to your terminal anyway, or consider "–output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 107)
* Closing connection 0
root@pcfreak:/var/www/images#  curl -vv 'telnet://'
* Expire in 0 ms for 6 (transfer 0x5598ad008900)
*   Trying…
* Expire in 200 ms for 4 (transfer 0x5598ad008900)
* Connected to ( port 3306 (#0)
Warning: Binary output can mess up your terminal. Use "–output -" to tell
Warning: curl to output it to your terminal anyway, or consider "–output
Warning: <FILE>" to save to a file.
* Failed writing body (0 != 107)
* Closing connection 0

As you can see the remote connection is returning binary data which is unknown to a standard telnet terminal thus to get the output received we need to pass curl suggested arguments.

host:~#  curl -vv 'telnet://' –output –
* Expire in 0 ms for 6 (transfer 0x55b205c02900)
*   Trying…
* Expire in 200 ms for 4 (transfer 0x55b205c02900)
* Connected to ( port 3306 (#0)

The curl trick used to troubleshoot remote port to remote host from a Windows OS host which does not have telnet installed by default but have curl instead.

Also When troubleshooting vSphere Replication, it is often necessary to troubleshoot port connectivity as common Windows utilities are not available.
As Curl is available in the VMware vCenter Server Appliance command line interface.

On servers where curl is not there but you have wget is installed you can use it also to test a remote port


# wget -vv -O /dev/null –timeout=5
–2020-12-30 16:54:22–
Resolving (…, 2a00:1450:4017:80b::200e
Connecting to (||:554… failed: Connection timed out.
Connecting to (|2a00:1450:4017:80b::200e|:554… failed: Cannot assign requested address.

–2020-12-30 16:54:28–  (try: 2)
Connecting to (||:554… ^C

As evident from output the port 554 is filtered in google which is pretty normal.

If curl or wget is not there either as a final alternative you can either install some perl, ruby, python or bash script etc. that can opens a remote socket to the remote IP.

SEO: Best day and time to write new articles and tweet to get more blog reads – Social Network Timing

Tuesday, June 17th, 2014


I'm trying to regularly blog – as this gives me a roadmap what I'm into and how I spent my time. When have free time,  I blog almost daily except on weekends (as in weekends I'm trying to stay away from computers). So if you want to attract more readers to your blog the interesting question arises

What time is best to hit publish on your posts?

Now there are different angles from where you can extract conclusions on best timing to blog post.One major thing to consider always when posting is that highest percentage of users read blogs in the morning with their morning coffee. Here are some more facts on when web content is more red:

  • 70% of users say they read blogs in the morning
  • More men read blogs at night than woman
  • Mondays are the highest traffic days for avarage blogs
  • 11 a.m. is normally the highest traffic hour for blogs
  • Usually most comments are put on Saturdays
  • Blogs with more than one post a day has higher chance of inbound links and usually get more unique visitors

As my blog is more technical oriented most of my visitors are men and therefore posting my blogs at night doesn't interfere much with my readers.
However, I've noticed that for me personally posting in time interval from 13:00 to 17:00 influence positively the amount of unique visitors the blog gets.

According to research done by Social Fresh – Thursday is the best day to publish an article if you want to get more Social SharesBest-Day-to-Blog-to-get-more-shares-in-social-networks

As a rule of thumb Thursday wins 10% more shares than all other days. In fact, 31% of the top 100 social share days in 2011 fell on Thursday.
My logical explanation on this phenomenon is that people tend to be more and more bored from their work and try to entertain more and more as the week progresses.

To get more attention on what I'm writting I use a bit of social networking but I prefer using only a micro blogging social networking.  I use Twitter to share what I'm into. When I write a new article on my blog I tweet its title with a link to my article, because this drives people attention to what I have to say.

In overall I am skeptical about social siting like Facebook and MySpace because it has negative impact on how people use their time and especially negative on youngsters Other reason why I don't like Friends Networks is because sharing what you have to say on sites like FB, Google+ or "The Russian Facebook" –  Vkontekte are not respecting privacy of your data.


You write free fresh content for their website for free and you get nothing!


Moreover by daily posting latest buzz you read / watched on Facebook etc. or simply saying what's happening with you, where you're situated now etc., you slowly get addicted to posting – yes for good or bad people tend to be maniacal).

By placing all of your pesronal or impersonal stuff online, you're making these sites better index their sites into Google / Yahoo / Yandex search engines and therefore making them profitable and high ranked websites on the internet and giving out your personal time for Facebook profit? + you loose control over your data (your data is not physically on your side but situated on some remote server, somewhere on the internet).

Best avarage time to post on Tweet Facebook, Google+ and Linkedin


So What is Best Day timing to Post, Pin or Tweet?

Below is an infographic I fond on this blog (visual data is originalcompiled by SurePayRoll) and showing visualized results from some extensive research on the topic.


Here is most important facts this infographic reveals:

The avarage best time to post tweet and pin your new articles is about 15:00 h

  • Best timing to post on Twitter is on Mondays to Thursdays from 13:00 to 15:00 h
  • Best timing to post on facebook is between 13:00 and 16:00 h
  • For Linkedin it is best to place your publish between Tuesdays to Thursdays

Peak times on Facebook, Twitter and Linkedin

  • Peak times for use of Facebook is on Wednesdays about 15:00 h
  • Peak times for use of Twitter is from Monday to Thursdays from 9:00  to 15:00 h
  • Linkedin Peak time is from 17:00 to 18:00 h
  • Including images to your articles increases traffic, tweets with images increase visits, favorites and leads

Worst time (when users will probably not view your content) on FB, Twitter and Linkedin

  • Weekends before 08:00  and after 20:00 h
  • Everyday after 20:00 and Fridays after 15:00 noon
  • Mondays and Fridays from 22:00 to 06:00 morning

Facts about Google+

  • Google+ is the fastest growing demographic social network for people aged 45 to 54
  • Best time to share your posts on Google+ is from 09:00 to 10:00 in the morning
  • Including images to your articles increases traffic, tweets with images increase visits, favorites and leads

Images generate more traffic and engagement

  • Including images to your articles increases traffic, tweets with images increase visits, favorites and leads

I'm aware as every research above info on best time to tweet and post is just a generalization and according to field of information posted suggested time could be different from optiomal time for individual writer, however as a general direction, info is very useful and it gives you some idea.
Twitter engagement for brands is 17% higher on weekends according to Dan Zarrella’s research. Tweets posted on Friday, Saturday and Sunday had higher CTR (Click Through Rate) than those posted in the rest of the week.


Other best day to tweet other than weekends is mid-week time Wednesday.
Whether your site or blog is using retweet to generate more traffic to website best time to retweet is said to be around 5 pm. CTR is higher

8 October year 927 the feast of Bulgarian Orthodox Church become autocephalous independent from Constantinople

Monday, October 12th, 2020

On 8 of October 927 the Bulgarian Orthodox Church has become autocephalous, this historical event is quite memorable for me as it happens to be almo  my birthday.
Thus I found it worthy to write few raw lines on the feast. This post will probably will not be of interest to any serious historian but still might be interesting for people keen on history.

The requirement of Church organization on the Bulgarian lands that is indepedent from the center of Christianity as of then Constantinople has existed with the Glorious and World changing event of receiving Holy Baptism of the Ruler of Bulgaria Saint King Boris-Mikhail in year 864 from Constaniple's Emperor Mikhail III who ruled Byzantine Empire from year (842 – 867).

The event for the history of the Civilillized world and the Christian history wordwide is only comparable to the act of saint emperor Constantine's Milano Edict  The Edict of Milan (LatinEdictum Mediolanense, Greek: Διάταγμα των ΜεδιολάνωνDiatagma tōn Mediolanōn) was the February AD 313 agreement to treat Christians benevolently within the Roman Empire. Which opened the doors for Christianity to not only be equal religion within the empire but even to become official religion for the Eastern Roman (Byzantine empire).


Assembly of Synod of Holy Fathers

The Milano's edict is today little known both in Eastern and Western world as people have more interest for money and business than to truth, virtues and history, so I find it useful to share with readers this forgotten history …


Saint Emperor Constantine

Western Roman Emperor (and later canonized for Saint) Constantine I and Emperor Licinius, who controlled the Balkans, met in Mediolanum (modern-day Milan) and, among other things, agreed to change policies towards Christians following the Edict of Toleration issued by Emperor Galerius two years earlier in Serdica (today the city of Sofia Bulgaria).
The document is found in Lactantius' De Mortibus Persecutorum and in Eusebius of Caesarea's History of the Church.

It was already a set path for Europe to become Christian and the majority of people and missionaries all through europe has spread the Good words of the Lord Jesus Christ throgh the European lands. Many missionaries both in Greece and the Balkans as well as the far lands of Kiev and North has been preaching for the coming centuries. Christianity has become already official religion for big part of the civillized (non-barbarian) world such as the Hellenes, France, Germany, Hungary,Romania, Ukraine, Belarus, Russia etc.. Monastic life has been also well established all through europe and many missionaries has come from the far deserts of Egypt to baptize and teach Christianity in the West in Ireland, England and even the Netherlands in the 7th century. Rome as a Christian center of the Western Empire even though the hardships has established and in the rule of Charlemagne has seriously expanded Christianity in the west.

The largest unbaptized lands with a paganism at that time seems to be few tribes such as the Vikings, the Gotts, The Traks and perhaps the Slavs. The biggest part of which seems to be the Slavs who has been settled in a large parts of Balkans Bulgaria, Serbia, Macedonia as well as Croatia, Chech, Poland and even in far Moscow.

This people has been following a peaceful paganism and has been still unenlightened. Thanks to Saint Cyril and Methodius and 7 pupils Saint Gorazd, saint Naum, saint Sava, saint Angelarius and Saint Clement of Ohrid (known as Ohridski) tireless work for Christ to translate the Holy Bible in the so called Church-Slavonic which in practice is a form of Ancient Bulgarian (in Glagolitic Script – Glagolica) which was mainly used before saint Clement Ohridski and other pupils of Saint Methodius such as the medieval famous author of many early Christian books Constantine of Preslav who worked in the Preslav Scriptorium and Christian school.

Constantine of Preslav

Saint King Boris-Mikhail  in that time took the right decision to baptize his large for that time lands populated by Bulgarians and Slavs under his rule and enlighten them with the Gospel and faith in the Jesus Christ and the true God the Holy Trinity (the Father the Son and the Holy Spirit).

It took him quite a long to decide whether to baptize his country citizens with the faith from the Western Empire (The Latins) or the Eastern Empire (the Byzantines) who at that time has been in process of creating and establishing the Great Church Schism from year 1054, and due to that he led a corresponce to both Byzantine empire as well as pope Nicolas I. 

One of the questions asked to both the The Pope and the Byzantine emperor has been about his desire of the Bulgarian Church to be an independent Church with independent head and ruleship that is able to take an independent decisions for its destiny. He wanted that as he was understanding the importance for the Cultarial freedom of Bulgaria from Helinism or the Latins. As he found that the Pope can't offer him too much and considering the closeness of the Byzantine empire to his lands as well seeing the Eastern Christianity to be more indepth and filled with beauty he has baptized from Byzantia and has received a Byzantian archibishop.
In the beginning the church services and the preach in Bulgaria has been in Greek and due to the common Bulgarian and Slavs couldn't understand Christianity. Thanks to the Holy Brothers Cyril and Methodius and the acceptance of their pupils by saint King Boris slowly in Preslav and Pliska in 9th 10th century and Ohrid in middle of 10th – 11th century a Spiritual Schools and Scriptoriums has been established which allowed a few years later gradually to have for Bulgaria the Holy Gospel and Church services to be served in the Bulgarian language (in the better understood by both Bulgariand and Slavs cyrllic).


The baptism of Bulgarians Ioan Skilica (John Skilica)

Saint King Boris-Mikhail completed his earthly life as a humble Monk in the last years of his life, he has put on the throne Vladimir Rasate who tried to bring back paganism and faith in Tangra after his death. When heard about the evilness of his first born son and the hostility to Christianity and his plans to overrule the work of his father Saint King Boris is famous for getting out of the Monastery fighting again his son and with a Miracle about which is written even to the Pope to have win with his weaker supporter army against Vladimir-Rasate. He has blinded his son and put on the throne his second Son, King Simeon who has been officially later recognized by Romans and Byzantines the title usually only given to Byzantine Emperors  – Basileus of Bulgarians (Emperor of Bulgarians).

On the summoned in year 893 Council of Preslav together with the enthronization of King Simeon as a Bulgarian Ruler it was taken as a decision to change the Greek language in the Church with the Old Bulgarian (liked to be called in Russian sources as Church Slavonic). During his governship King Simeon (893 – 927) has gradually changed the Greek higher clergy with a Bulgarian and Created the Bulgarian Exarchate.


Veliki Preslav Fortress 


The Golden Church Saint John also known as the Round Church built by Simeon I the Great in Preslav built in 907, aiming to show the
high importance of the new established Bulgarian Church – Known to have been one of most beautiful Churches in Europe

During the rulership of Simeon's (second son) successor saint King Peter I (927 – 970 ) rise on throne, thanks to his wise politics and a lot of efforts to increase the prestige and spirituality in the Church following the path of his father. The Bulgarian Church has been recognized officially by the byzantine Emperor as an independent Church with a Mother Church the Church of Constantinople (today governed by the Ecumenical patriarch of Constantinople Bartholomew).

During the diplomatic negotiations between the King and the ruler of Byzantines Roman Lakapin  in year 927, the emperor has re-ratified the earlier disputed
as well the Church canonical uplifting ordination  of the head of Bulgarian Church the exarch to be a Patriarch of Bulgaria.


Byzantines has always questioned the title of "Basileus of Bulgarians" with which King Simeon I the Great used to sign his documents, as Basileus was believed to be only supremacy title of the Byzantine emperor. The proud Byzantines did not wanted to accept another new-born Nation with less than 3 centuries of history could be their rivalry neither political nor spiritual and morever to be on the same importance in the known World with authority of the Eastern Emperor.

The archives of Vatican keeps a copies of the decision of the emperor's synclitis (meeting) for the recognition of the Bulgarian Patriarchy officially on 8th of October.
For a First Bulgarian Patriach was selected Patriach Damian (Drystyr) nowadays the city of Silistra with a patriachal seat in medieval city of Veliki Preslav (Great Preslav). Soon after the Patrairchal seat was moved to Silistra.

Saint Ahil Church (Bulgarian Patriarchy) main seat in Prespa

The Eparchy of Dorostol has been existing even to this day, even though the exarchs and patriachal seat and patriachs through the centuries has been concentrated in the mother patriarchal city for our Church Preslav and in Ohrid as well as later for II centuries in city of Turnovo until 1393 when in city of Tarnovo (Trnovo) Fall raided by the Ottoman Turkish invaders. 
During the Ottoman's slavery of Bulgaria it has ceased to exist and has been reduced by the Turkish mostly under the influence of Patriarch of Constantinople to Archibishopship center in Ohrid.


The Patriarchal Church Ascension of Christ in Carevetz (The city of Kings) Hill Turnovo

After the Liberation of Bulgarian in the Russian-Turkish Bulgarian liberation war (1877 – 1878) in which Bulgaria has been liberated. The Bulgarian Church has been an Exarchy for a while in a dark period when the Bulgarian Church was recognized by the Phanariots (The Greeks). The Schism put over the Bulgarian Church was removed in 22 February 1945 y., few weeks after the enthronement of Patriarch Stephan I of Bulgaria. Unfortunately the next years coincided with the dark years of the imposed totalitarian regime of the Bulgarian Communist Party (BCP), which led to active persecution of the Church, the humilation and torture of priest and Church leaders and martyrdom of many clergymen and people who were against the unhuman kind of the new power that take over.


One of those many martyrs for Christ is a supposedly a saint Boris Razumov of Nevrokop who was killed by a order of communists by an orthodox priest to his own eparchy who has joined the party by the order of the BCP.


Improve SSL security: Generate and add Diffie Hellman key to SSL certificate for stronger line encryption

Wednesday, June 10th, 2020

Diffie–Hellman key exchange (DH) is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.

Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical means, such as paper key lists transported by a trusted courier. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.

DH has been widely used on the Internet for improving the authentication encryption among parties. The only note is it useful if both the communication sides A and B are at your control, as what DH does is just strenghten the already established connection between client A and B and not protect from Man in the Middle Attacks. If some malicious user could connect to B pretending it is A the encryption will be established.


Alternatively, the Diffie-Hellman key exchange can be combined with an algorithm like the Digital Signature Standard (DSS) to provide authentication, key exchange, confidentiality and check the integrity of the data. In such a situation, RSA is not necessary for securing the connection.

TLS, which is a protocol that is used to secure much of the internet, can use the Diffie-Hellman exchange in three different ways: anonymous, static and ephemeral. In practice, only ephemeral Diffie-Hellman should be implemented, because the other options have security issues.

Anonymous Diffie-Hellman – This version of the Diffie-Hellman key exchange doesn’t use any authentication, leaving it vulnerable to man-in-the-middle attacks. It should not be used or implemented.

Static Diffie-Hellman – Static Diffie-Hellman uses certificates to authenticate the server. It does not authenticate the client by default, nor does it provide forward secrecy.

Ephemeral Diffie-Hellman – This is considered the most secure implementation because it provides perfect forward secrecy. It is generally combined with an algorithm such as DSA or RSA to authenticate one or both of the parties in the connection.

Ephemeral Diffie-Hellman uses different key pairs each time the protocol is run. This gives the connection perfect forward secrecy, because even if a key is compromised in the future, it can’t be used to decrypt all of the past messages.


DH encryption key could be generated with the openssl command and could be generated depending on your preference using a 1024 / 2048 or 4096 bit encryption.
Of course it is best to have the strongest encryption possible i.e 4096.

The Logjam attack 

The Diffie-Hellman key exchange was designed on the basis of the discrete logarithm problem being difficult to solve. The most effective publicly known mechanism for finding the solution is the number field sieve algorithm.

The capabilities of this algorithm were taken into account when the Diffie-Hellman key exchange was designed. By 1992, it was known that for a given group, G, three of the four steps involved in the algorithm could potentially be computed beforehand. If this progress was saved, the final step could be calculated in a comparatively short time.

This wasn’t too concerning until it was realized that a significant portion of internet traffic uses the same groups that are 1024 bits or smaller. In 2015, an academic team ran the calculations for the most common 512-bit prime used by the Diffie-Hellman key exchange in TLS.

They were also able to downgrade 80% of TLS servers that supported DHE-EXPORT, so that they would accept a 512-bit export-grade Diffie-Hellman key exchange for the connection. This means that each of these servers is vulnerable to an attack from a well-resourced adversary.

The researchers went on to extrapolate their results, estimating that a nation-state could break a 1024-bit prime. By breaking the single most-commonly used 1024-bit prime, the academic team estimated that an adversary could monitor 18% of the one million most popular HTTPS websites.

They went on to say that a second prime would enable the adversary to decrypt the connections of 66% of VPN servers, and 26% of SSH servers. Later in the report, the academics suggested that the NSA may already have these capabilities.

“A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.”

Despite this vulnerability, the Diffie-Hellman key exchange can still be secure if it is implemented correctly. As long as a 2048-bit key is used, the Logjam attack will not work. Updated browsers are also secure from this attack.

Is the Diffie-Hellman key exchange safe?

While the Diffie-Hellman key exchange may seem complex, it is a fundamental part of securely exchanging data online. As long as it is implemented alongside an appropriate authentication method and the numbers have been selected properly, it is not considered vulnerable to attack.

The Diffie-Hellman key exchange was an innovative method for helping two unknown parties communicate safely when it was developed in the 1970s. While we now implement newer versions with larger keys to protect against modern technology the protocol itself looks like it will continue to be secure until the arrival of quantum computing and the advanced attacks that will come with it.

Here is how easy it is to add this extra encryption to make the SSL tunnel between A and B stronger.

On a Linux / Mac / BSD OS machine install and use openssl client like so:

# openssl dhparam -out dhparams1.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time

…. ………………..++*++*

Be aware that the Diffie-Hellman key exchange would be insecure if it used numbers as small as those in our example. We are only using such small numbers to demonstrate the concept in a simpler manner.


# cat dhparams1.pem

Copy the generated DH PARAMETERS headered key string to your combined .PEM certificate pair at the end of the file and save it


# vim /etc/haproxy/cert/ssl-cert.pem


Restart the WebServer or Proxy service wher Diffie-Hellman key was installed and Voila you should a bit more secure.



Crossing the Finger (Crossed Fingers) – A good luck sign with Early Christian origin and deep symbology

Monday, January 21st, 2013



Why we cross the fingers good luck sign evokes Christ blessing and depicts cross with hand fingers



I had a small Skype chat today with my dear Indian friend of mine Happy. She is now in situation with uncertain outcome, where the Indian government has to approve her mother's application for Visa. As being uncertain she used the classical English saying: "fingers crossed – i cross the fingers". I was curious about the origin of Crossing the Fingers and thought for a second over how Cross-ing the fingers originated and how it visually looks like. It depicts a a X cross shape, also interestingly the X is the first letter of the Greek and Slavonic IC XC depicted on each and every icon of our Savior Jesus Christ. XC – stands for Χριστός (in Greek) and

 in Slavonic, thus obviously crossing the fingers depicts also first letter of Χριστός – Christ  – Messiah (savior of the World). Having the insight I hurried to explain Happy, why I think people used to be crossing fingers when in situation with uncertain outcome.

Just out of curiosity I searched for Crossed_fingers and found it good explained in Wikipedia. After all, my assumption turned right, crossing the fingers is made not just out of old superstitious as many might thought, It was made on purpose by early times Christians. Crossing the fingers is an external expression of the Internal faith,hope,love and unceasing prayer that early Christians possessed.

Crossing the fingers was very popular in times, when Christians use it as a sign to recognize each other in times of persecution. The reason for crossing the fingers is that it resembles the Sign of the Cross. It is believed even  to this day in the One Holy Apostolic Church the Orthodox Church the sign of the Cross when being made invokes over one the protection and blessing of Christ. Sign of the Cross is being done in prayer in the Church in times of trouble in difficult life time events and when evil is faced. The crossed finger sign was also used as a secret way for Christians to tell each other to assemble for prayer and holy liturgy worship service. There is even symbolism in why people cross fingers with exactly those two fingers with which the gesture is done. In very ancient Church times Christians used to make the sign of the cross over their body using two fingers and not three.

Icon of Saint Paul from Ephesus 4-th century preparing to make the sign of the cross

4th-century icon of St. Paul the Apostle from Ephesus – Wall Painting

The sign of the cross when being depicted on one's body was done with the exact two fingers with which the crossed finger gesture is completed.

crossed fingers sign of the cross resembles the salvation of mankind through the Lord Jesus Christ's crucifix

Today crossing the fingers is a popular "good luck" invocation automatic reaction, most people who do it as not being realized Christian don't know why they do it they just believe it will be a magical mantra like which will give them good outcome of problem or difficult situation. It is little sad that we the modern people who think we know a lot and are smart or educated, didn't know even the basics of what made us the nations we're which in the biggest part was Christian faith kept by our ancestors for centuries.

Find when cron.daily cron.weekly and cron.monthly run on Redhat / CentOS / Debian Linux and systemd-timers

Wednesday, March 25th, 2020



The problem – Apache restart at random times

I've noticed today something that is occuring for quite some time but was out of my scope for quite long as I'm not directly involved in our Alert monitoring at my daily job as sys admin. Interestingly an Apache HTTPD webserver is triggering alarm twice a day for a short downtime that lasts for 9 seconds.

I've decided to investigate what is triggering WebServer restart in such random time and investigated on the system for any background running scripts as well as reviewed the system logs. As I couldn't find nothing there the only logical place to check was cron jobs.
The usual

crontab -u root -l

Had no configured cron jobbed scripts so I digged further to check whether there isn't cron jobs records for a script that is triggering the reload of Apache in /etc/crontab /var/spool/cron/root and /var/spool/cron/httpd.
Nothing was found there and hence as there was no anacron service running but /usr/sbin/crond the other expected place to look up for a trigger even was /etc/cron*


1. Configured default cron execution times, every day, every hour every month


# ls -ld /etc/cron.*
drwxr-xr-x 2 root root 4096 feb 27 10:54 /etc/cron.d/
drwxr-xr-x 2 root root 4096 dec 27 10:55 /etc/cron.daily/
drwxr-xr-x 2 root root 4096 dec  7 23:04 /etc/cron.hourly/
drwxr-xr-x 2 root root 4096 dec  7 23:04 /etc/cron.monthly/
drwxr-xr-x 2 root root 4096 dec  7 23:04 /etc/cron.weekly/


After a look up to each of above directories, finally I found the very expected logrorate shell script set to execute from /etc/cron.daily/logrotate and inside it I've found after the log files were set to be gzipped and moved to execute WebServer restart with:

systemctl reload httpd 


My first reaction was to ponder seriously why the script is invoking systemctl reload httpd instead of the good oldschool

apachectl -k graceful


But it seems on Redhat and CentOS since RHEL / CentOS version 6.X onwards systemctl reload httpd is supposed to be identical and a substitute for apachectl -k graceful.
Okay the craziness of innovation continued as obviously the reload was causing a Downtime to be visible in the Zabbix HTTPD port Monitoring graph …
Now as the problem was identified the other logical question poped up how to find out what is the exact timing scheduled to run the script in that unusual random times each time ??

2. Find out cron scripts timing Redhat / CentOS / Fedora / SLES


/etc/cron.{daily,monthly,weekly} placed scripts's execution method has changed over the years, causing a chaos just like many Linux standard things we know due to the inclusion of systemd and some other additional weird OS design changes. The result is the result explained above scripts are running at a strange unexpeted times … one thing that was intruduced was anacron – which is also executing commands periodically with a different preset frequency. However it is considered more thrustworhty by crond daemon, because anacron does not assume the machine is continuosly running and if the machine is down due to a shutdown or a failure (if it is a Virtual Machine) or simply a crond dies out, some cronjob necessery for overall set environment or application might not run, what anacron guarantees is even though that and even if crond is in unworking defunct state, the preset scheduled scripts will still be served.
anacron's default file location is in /etc/anacrontab.

A standard /etc/anacrontab looks like so:

[root@centos ~]:# cat /etc/anacrontab
# /etc/anacrontab: configuration file for anacron
# See anacron(8) and anacrontab(5) for details.
# the maximal random delay added to the base delay of the jobs
# the jobs will be started during the following hours only
#period in days   delay in minutes   job-identifier   command
1    5    cron.daily        nice run-parts /etc/cron.daily
7    25    cron.weekly        nice run-parts /etc/cron.weekly
@monthly 45    cron.monthly        nice run-parts /etc/cron.monthly


START_HOURS_RANGE : The START_HOURS_RANGE variable sets the time frame, when the job could started. 
The jobs will start during the 3-22 (3AM-10PM) hours only.

  • cron.daily will run at 3:05 (After Midnight) A.M. i.e. run once a day at 3:05AM.
  • cron.weekly will run at 3:25 AM i.e. run once a week at 3:25AM.
  • cron.monthly will run at 3:45 AM i.e. run once a month at 3:45AM.

If the RANDOM_DELAY env var. is set, a random value between 0 and RANDOM_DELAY minutes will be added to the start up delay of anacron served jobs. 
For instance RANDOM_DELAY equels 45 would therefore add, randomly, between 0 and 45 minutes to the user defined delay. 

Delay will be 5 minutes + RANDOM_DELAY for cron.daily for above cron.daily, cron.weekly, cron.monthly config records, i.e. 05:01 + 0-45 minutes

A full detailed explanation on automating system tasks on Redhat Enterprise Linux is worthy reading here.

!!! Note !!! that listed jobs will be running in queue. After one finish, then next will start.

3. SuSE Enterprise Linux cron jobs not running at desired times why?

in SuSE it is much more complicated to have a right timing for standard default cron jobs that comes preinstalled with a service 

In older SLES release /etc/crontab looked like so:



# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

As time of writting article it looks like:


# check scripts in cron.hourly, cron.daily, cron.weekly, and cron.monthly
-*/15 * * * *   root  test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1



This runs any scripts placed in /etc/cron.{hourly, daily, weekly, monthly} but it may not run them when you expect them to run. 
/usr/lib/cron/run-crons compares the current time to the /var/spool/cron/lastrun/cron.{time} file to determine if those jobs need to be run.

For hourly, it checks if the current time is greater than (or exactly) 60 minutes past the timestamp of the /var/spool/cron/lastrun/cron.hourly file.

For weekly, it checks if the current time is greater than (or exactly) 10080 minutes past the timestamp of the /var/spool/cron/lastrun/cron.weekly file.

Monthly uses a caclucation to check the time difference, but is the same type of check to see if it has been one month after the last run.

Daily has a couple variations available – By default it checks if it is more than or exactly 1440 minutes since lastrun.
If DAILY_TIME is set in the /etc/sysconfig/cron file (again a suse specific innovation), then that is the time (within 15minutes) when daily will run.

For systems that are powered off at DAILY_TIME, daily tasks will run at the DAILY_TIME, unless it has been more than x days, if it is, they run at the next running of run-crons. (default 7days, can set shorter time in /etc/sysconfig/cron.)
Because of these changes, the first time you place a job in one of the /etc/cron.{time} directories, it will run the next time run-crons runs, which is at every 15mins (xx:00, xx:15, xx:30, xx:45) and that time will be the lastrun, and become the normal schedule for future runs. Note that there is the potential that your schedules will begin drift by 15minute increments.

As you see this is very complicated stuff and since God is in the simplicity it is much better to just not use /etc/cron.* for whatever scripts and manually schedule each of the system cron jobs and custom scripts with cron at specific times.

4. Debian Linux time start schedule for cron.daily / cron.monthly / cron.weekly timing

As the last many years many of the servers I've managed were running Debian GNU / Linux, my first place to check was /etc/crontab which is the standard cronjobs file that is setting the { daily , monthly , weekly crons } 


 debian:~# ls -ld /etc/cron.*
drwxr-xr-x 2 root root 4096 фев 27 10:54 /etc/cron.d/
drwxr-xr-x 2 root root 4096 фев 27 10:55 /etc/cron.daily/
drwxr-xr-x 2 root root 4096 дек  7 23:04 /etc/cron.hourly/
drwxr-xr-x 2 root root 4096 дек  7 23:04 /etc/cron.monthly/
drwxr-xr-x 2 root root 4096 дек  7 23:04 /etc/cron.weekly/


debian:~# cat /etc/crontab 
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin# Example of job definition:
# .—————- minute (0 – 59)
# |  .————- hour (0 – 23)
# |  |  .———- day of month (1 – 31)
# |  |  |  .——- month (1 – 12) OR jan,feb,mar,apr …
# |  |  |  |  .—- day of week (0 – 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
17 *    * * *    root    cd / && run-parts –report /etc/cron.hourly
25 6    * * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.daily )
47 6    * * 7    root    test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.weekly )
52 6    1 * *    root    test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.monthly )

What above does is:

– Run cron.hourly once at every hour at 1:17 am
– Run cron.daily once at every day at 6:25 am.
– Run cron.weekly once at every day at 6:47 am.
– Run cron.monthly once at every day at 6:42 am.

As you can see if anacron is present on the system it is run via it otherwise it is run via run-parts binary command which is reading and executing one by one all scripts insude /etc/cron.hourly, /etc/cron.weekly , /etc/cron.mothly

anacron – few more words

Anacron is the canonical way to run at least the jobs from /etc/cron.{daily,weekly,monthly) after startup, even when their execution was missed because the system was not running at the given time. Anacron does not handle any cron jobs from /etc/cron.d, so any package that wants its /etc/cron.d cronjob being executed by anacron needs to take special measures.

If anacron is installed, regular processing of the /etc/cron.d{daily,weekly,monthly} is omitted by code in /etc/crontab but handled by anacron via /etc/anacrontab. Anacron's execution of these job lists has changed multiple times in the past:

debian:~# cat /etc/anacrontab 
# /etc/anacrontab: configuration file for anacron

# See anacron(8) and anacrontab(5) for details.


# These replace cron's entries
1    5    cron.daily    run-parts –report /etc/cron.daily
7    10    cron.weekly    run-parts –report /etc/cron.weekly
@monthly    15    cron.monthly    run-parts –report /etc/cron.monthly

In wheezy and earlier, anacron is executed via init script on startup and via /etc/cron.d at 07:30. This causes the jobs to be run in order, if scheduled, beginning at 07:35. If the system is rebooted between midnight and 07:35, the jobs run after five minutes of uptime.
In stretch, anacron is executed via a systemd timer every hour, including the night hours. This causes the jobs to be run in order, if scheduled, beween midnight and 01:00, which is a significant change to the previous behavior.
In buster, anacron is executed via a systemd timer every hour with the exception of midnight to 07:00 where anacron is not invoked. This brings back a bit of the old timing, with the jobs to be run in order, if scheduled, beween 07:00 and 08:00. Since anacron is also invoked once at system startup, a reboot between midnight and 08:00 also causes the jobs to be scheduled after five minutes of uptime.
anacron also didn't have an upstream release in nearly two decades and is also currently orphaned in Debian.

As of 2019-07 (right after buster's release) it is planned to have cron and anacron replaced by cronie.

cronie – Cronie was forked by Red Hat from ISC Cron 4.1 in 2007, is the default cron implementation in Fedora and Red Hat Enterprise Linux at least since Version 6. cronie seems to have an acive upstream, but is currently missing some of the things that Debian has added to vixie cron over the years. With the finishing of cron's conversion to quilt (3.0), effort can begin to add the Debian extensions to Vixie cron to cronie.

Because cronie doesn't have all the Debian extensions yet, it is not yet suitable as a cron replacement, so it is not in Debian.

5. systemd-timers – The new crazy systemd stuff for script system job scheduling

Timers are systemd unit files with a suffix of .timer. systemd-timers was introduced with systemd so older Linux OS-es does not have it.
 Timers are like other unit configuration files and are loaded from the same paths but include a [Timer] section which defines when and how the timer activates. Timers are defined as one of two types:


  • Realtime timers (a.k.a. wallclock timers) activate on a calendar event, the same way that cronjobs do. The option OnCalendar= is used to define them.
  • Monotonic timers activate after a time span relative to a varying starting point. They stop if the computer is temporarily suspended or shut down. There are number of different monotonic timers but all have the form: OnTypeSec=. Common monotonic timers include OnBootSec and OnActiveSec.



    For each .timer file, a matching .service file exists (e.g. foo.timer and foo.service). The .timer file activates and controls the .service file. The .service does not require an [Install] section as it is the timer units that are enabled. If necessary, it is possible to control a differently-named unit using the Unit= option in the timer’s [Timer] section.

    systemd-timers is a complex stuff and I'll not get into much details but the idea was to give awareness of its existence for more info check its manual man systemd.timer

Its most basic use is to list all configured systemd.timers, below is from my home Debian laptop

debian:~# systemctl list-timers –all
NEXT                         LEFT         LAST                         PASSED       UNIT                         ACTIVATES
Tue 2020-03-24 23:33:58 EET  18s left     Tue 2020-03-24 23:31:28 EET  2min 11s ago laptop-mode.timer            lmt-poll.service
Tue 2020-03-24 23:39:00 EET  5min left    Tue 2020-03-24 23:09:01 EET  24min ago    phpsessionclean.timer        phpsessionclean.service
Wed 2020-03-25 00:00:00 EET  26min left   Tue 2020-03-24 00:00:01 EET  23h ago      logrotate.timer              logrotate.service
Wed 2020-03-25 00:00:00 EET  26min left   Tue 2020-03-24 00:00:01 EET  23h ago      man-db.timer                 man-db.service
Wed 2020-03-25 02:38:42 EET  3h 5min left Tue 2020-03-24 13:02:01 EET  10h ago      apt-daily.timer              apt-daily.service
Wed 2020-03-25 06:13:02 EET  6h left      Tue 2020-03-24 08:48:20 EET  14h ago      apt-daily-upgrade.timer      apt-daily-upgrade.service
Wed 2020-03-25 07:31:57 EET  7h left      Tue 2020-03-24 23:30:28 EET  3min 11s ago anacron.timer                anacron.service
Wed 2020-03-25 17:56:01 EET  18h left     Tue 2020-03-24 17:56:01 EET  5h 37min ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service


8 timers listed.

N ! B! If a timer gets out of sync, it may help to delete its stamp-* file in /var/lib/systemd/timers (or ~/.local/share/systemd/ in case of user timers). These are zero length files which mark the last time each timer was run. If deleted, they will be reconstructed on the next start of their timer.


In this article, I've shortly explain logic behind debugging weird restart events etc. of Linux configured services such as Apache due to configured scripts set to run with a predefined scheduled job timing. I shortly explained on how to figure out why the preset default install configured cron jobs such as logrorate – the service that is doing system logs archiving and nulling run at a certain time. I shortly explained the mechanism behind cron.{daily, monthy, weekly} and its execution via anacron – runner program similar to crond that never misses to run a scheduled job even if a system downtime occurs due to a crashed Docker container etc. run-parts command's use was shortly explained. A short look at systemd.timers was made which is now essential part of almost every new Linux release and often used by system scripts for scheduling time based maintainance tasks.

Check when Windows Active Directory user expires and set user password expire to Never

Thursday, January 9th, 2020


If you're working for a company that is following high security / PCI Security Standards and you're using m$ Windows OS that belongs to the domain it is useful to know when your user is set to expiry
to know how many days are left until you'll be forced to change your Windows AD password.
In this short article I'll explain how to check Windows AD last password set date / date expiry date and how you can list expiry dates for other users, finally will explain how to set your expiry date to Never
to get rid of annoying change password every 90 days.


1. Query domain Username for Password set / Password Expires set dates

To know this info you need to know the Password expiration date for Active Directory user account, to know it just open Command Line Prompt cmd.exe

And run command:


NET USER Your-User-Name /domain


Note that, many companies does only connect you to AD for security reason only on a VPN connect with something like Cisco AnyConnect Secure Mobility Client whatever VPN connect tool is used to encrypt the traffic between you and the corporate DMZ-ed network

Below is basic NET USER command usage args:

Net User Command Options

Item          Explanation

net user    Execute the net user command alone to show a very simple list of every user account, active or not, on the computer you're currently using.

username    This is the name of the user account, up to 20 characters long, that you want to make changes to, add, or remove. Using username with no other option will show detailed information about the user in the Command Prompt window.

password    Use the password option to modify an existing password or assign one when creating a new username. The minimum characters required can be viewed using the net accounts command. A maximum of 127 characters is allowed1.
*    You also have the option of using * in place of a password to force the entering of a password in the Command Prompt window after executing the net user command.

/add    Use the /add option to add a new username on the system.
options    See Additional Net User Command Options below for a complete list of available options to be used at this point when executing net user.

/domain    This switch forces net user to execute on the current domain controller instead of the local computer.

/delete    The /delete switch removes the specified username from the system.

/help    Use this switch to display detailed information about the net user command. Using this option is the same as using the net help command with net user: net help user.
/?    The standard help command switch also works with the net user command but only displays the basic command syntax. Executing net user without options is equal to using the /? switch.



2. Listing all Active Directory users last set date / never expires and expiration dates

If you have the respective Active Directory rights and you have the Remote Server Administration Tools for Windows (RSAT Tools), you are able to do also other interesting stuff,


such as

– using PowerShell to list all user last set dates, to do so use Open Power Shell and issue:

get-aduser -filter * -properties passwordlastset, passwordneverexpires |ft Name, passwordlastset, Passwordneverexpires


This should show you info as password last set date and whether password expiration is set for account.

– Using PS to get only the password expirations for all AD existing users is with:


Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" |
Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

If you need the output data to get stored in CSV file delimitered format you can add to above PS commands



3. Setting a user password to never Expiry


If the user was created with NET USER command by default it will have been created to have a password expiration. 
However if you need to create new users for yourself (assuming you have the rights), with passwords that never expire on lets say Windows Server 2016 – (if you don't care about security so much), use:

NET USER "Username" /Add /Active:Yes

WMIC USERACCOUNT WHERE "Name='Username' SET PasswordExpires=False




To view the general password policies, type following:




Check weather forecast from console (terminal) on GNU / Linux and FreeBSD howto

Friday, August 23rd, 2019

how to get weather forecast prognosis from command line text terminal / console on Linux and FreeBSD

Doing everything in Linux console / terminal is a question perhaps every Linux / BSD hacker wants to do as Graphical user interface and using web search or using Graphical Environment plugins is an unneded complexity + googling or duckduckgoing for weather to check your next vacation destination city has been more and more of a terrible experience (for me) as I'm not a big fan of using the OS in a GUI.
In that manner of thoughts, as a Linux console geek and hard core ASCII art fan. I was recently happy to find that  possible to check weather forecast in tty console or Linux terminal in a beautiful ascii art way easily through a Web service – a web application weather forecast service that supports displaying the current and few days in future, weather forecast either in browser as a plain text or from the command line by simply accessing it with your favourite web access / transfer tool such as;
wget / curl or any of your favourite text browser elinks / lynx / w3m or if on *BSDs use fetch command.


Install Curl data transfer tool if it is not already

Wget is installed by default across most Linux distributions and fetch is present by default on BSDs, displaying it in text browser would perhaps be never used but if you decide to give it a try maybe try with elinks (to get colorful output), w3m and lynx will display a black and white results.

In case if you miss curl, install it:

On Debian distro


aptitude install -y curl

or Fedora

yum install -y curl

Of course to use as it is Internet based Weather Forecast service the minimum you need to have is to have Internet connection to your Linux / BSD desktop computer.

Text based Weather Forecast Web App currently supports:

display the current weather as well as a 3-day weather forecast, split into morning, noon, evening and night

  • Temperature is displayed for morning, noon, evening and night (includes temperature range, wind speed and direction, viewing distance, precipitation amount and probability)
  • Provide results for Weather based on City / town / village location
  • Supports display of Moon Phases Forecast in calendar days
  • Supports multilingual names (Bulgarian Phonetic cyrillic / Russian and other exotic UTF-8 encodings such as Chineese and Japanese),  50+ languages are currently supported
  • Has ability for prognosis for hostname (domain) location based on an its IP GeoIP location on the Globe
  • Geographical locations / landmarks such as Lakes / Mountains etc. can be easily queried
  • Query results metrics could be configured, e.g. USCS units or EU and rest of world accepted ones (SI) metric
  • Displayed result could be either in ANSI (if from terminal / console / HTML if queried from browser or in PNG – if needed)


Where could be useful ?

The best applications use, I can think of are for server (shell) / perl scripting automation purposes, it could be useful especially in TOO HOT, TOO, COLD, TOO WET location in Small and Middle sized Data Centers Green Energy (Sun Panel) Parks / Wind Energy situated Linux monitoring hosts to track possible problems of overheats or overcolding of servers due to abnormal excessive temperatures such as the ones we experienced this summer here All across in Europe or in too Cold DC locations such as heat locations Deserts in African Countries, Saudi Arabia or Chukotka or Siberia in Russia.
Other application is as a backup option to other normal Weather report services by PHP or Python scripts that fetch data, from multiple places.
Of course since this is a third party controlled service, the downtime is due to excessive connection requests, the service could get flooded and stopped working, but I guess for any Commercial use, creator Igor Chubin would be happy to sell a specific crafted service for any end user candidates.

Here is few examples of the beautiful returned ASCII art formatted output of

1. Getting a three days Weather Forecast prognosis for city / town location

To get what is current weather in my current city of Living, Sofia Bulgaria just pass the city to the URL address






Default links (Linux) www text browser produces ugly black and white

2. Displaying Weather forecast with wget


wget -O- -q


If you're lazy you can even omit the http:// as wget will look for HyperText Transmission Protocol by itself


wget -O- -q


3. Getting Forecast results for a Tourist Destination

Lets get the weather forecast for the popular tourist Bulgarian destination of the Seven Rila Lakes (near Rila Monastery), situated in the Rila Mountain BG.







4. Display Forecast for a specific server IP

Displaying information on specific server IP address current situated in GeoIP database, of course could be not really true, as the IP could be just a Load Balancer a router that does NAT to some internal DMZ-ed location server, but anyways it is a cool feature.

Lets get information on what is the weather on Google Global's Public DNS server IP so commonly used to guarantee a Windows and Linux Desktop client machines Internet connectivity.

curl Google Public DNS location weather forecast

5. Download PNG image picture from service


Lets say you want to get a 3 days standard Weather forecast for the popular Black Sea Resort town in Bulgaria Pomorie (a beautiful sea city which has even a functioning 5 Monks Monastery Pomorie Monastery situated near sea coast)




–2019-08-22 20:15:51–
Resolving (…
Connecting to (||:80… connected.
HTTP request sent, awaiting response… 200 OK
Length: 42617 (42K) [image/png]
Saving to: ‘Pomorie.png’

Pomorie.png                                     100%[=======================================================================================================>]  41.62K  –.-KB/s    in 0.07s   

2019-08-22 20:15:52 (586 KB/s) – ‘Pomorie.png’ saved [42617/42617]


Note: The generated .png is again the ASCII art produced by a direct text fetch bug in pic format


6. Displaying Current Moon Phase

If you want to enjoy a text based Moon phase picture through 🙂

wget -O- -q

You can also get a Moon Phase prognosis for a current future date or get a previous date phase



Full Moon Madness !! – Vampires are out beaware and Enjoy the ultra kewl ASCII Colorful Art 🙂

7. Getting help for terminal Waether Forecast results



$ curl


    $ curl          # current location
    $ curl      # weather in the Munich airport

Supported location types:

    /paris                  # city name
    /~Eiffel+tower          # any location
    /Москва                 # Unicode name of any location in any language
    /muc                    # airport code (3 letters)
    /     # domain name
    /94107                  # area codes
    /-78.46,106.79          # GPS coordinates

Special locations:

    /moon                   # Moon phase (add ,+US or ,+France for these cities)
    /moon@2016-10-25        # Moon phase for the date (@2016-10-25)


    m                       # metric (SI) (used by default everywhere except US)
    u                       # USCS (used by default in US)
    M                       # show wind speed in m/s

View options:

    0                       # only current weather
    1                       # current weather + 1 day
    2                       # current weather + 2 days
    A                       # ignore User-Agent and force ANSI output format (terminal)
    F                       # do not show the "Follow" line
    n                       # narrow version (only day and night)
    q                       # quiet version (no "Weather report" text)
    Q                       # superquiet version (no "Weather report", no city name)
    T                       # switch terminal sequences off (no colors)

PNG options:

    /paris.png              # generate a PNG file
    p                       # add frame around the output
    t                       # transparency 150
    transparency=…        # transparency from 0 to 255 (255 = not transparent)

Options can be combined:

    /Paris_0pq.png          # in PNG the file mode are specified after _
    /Rome_0pq_lang=it.png   # long options are separated with underscore


    $ curl
    $ curl
    $ curl -H "Accept-Language: fr"

Supported languages:

    af da de el et fr fa hu id it nb nl pl pt-br ro ru tr uk vi (supported)
    az be bg bs ca cy cs eo es fi ga hi hr hy is ja jv ka kk ko ky lt lv mk ml nl fy nn pt pt-br sk sl sr sr-lat sv sw th te uz zh zu he (in progress)

Special URLs:

    /:help                  # show this page
    /:bash.function         # show recommended bash function wttr()
    /:translation           # show the information about the translators




8. Comparing two cities weather from command line


One useful use of if you plan to travel from Location city A to Location city B is to compare the temperatures with a simple bash one liner script:




diff -Naur <(curl -s ) <(curl -s )



9. Using ansiweather command to get Weather Temperature / Wind / Humidity in one line beuatiful text


If you go and install answeather Linux package


apt-get install –yes ansiweather

You will get a shell script wrapper with ANSI colors and Unicode symbols support. Weather data comes from OpenWeatherMap, this is useful if is not working due to some URL malfunction (due to service is DoS-ed) etc.


ansiweather -l Atina



Lets use ansiweather to print the weather prognosis for upcoming 5 days for near port of Burgas, BG

ansiweather -F -l Burgas



10. Get all Weather current forecast for each Capital in the world

You can download and use this simple plain text file list of All Country Capitals in the World (country-capitals-all-world.txt) with ansiweather and a bash loop to get displayed each and every current day Weather Forecast in the World, here is how:


while read line; do ansiweather -l $line; sleep 3; done < country-capitals-all-world.txt


As you can see some of the very exotic third world capitals does not return data so 'ERROR: Cannot fetch weather data' is returned.

You can also substitute ansiweather with curl$line to do get the beautiful ASCII art 3 days weather forecast via


while read line; do curl$line; sleep 3; done < country-capitals-all-world.txt

I'll be happy to know other nice ASCII Art supporting Web service to enjoy from text terminal on Linux (nomatter useful or) just funny joyful prank maniacal pranks such as Watching text ASCII version remake of Star Wars Classic Movie by simply telnetting to (if you haven't so just telnet and enjoy the streamed ASCIIs ! 🙂






Talking about fun and ASCII, its worthy to mention hollywood Linux package

hipo@jeremiah:~/Desktop$ apt-cache show hollywood|grep -i desc -A 3
Description-en: fill your console with Hollywood melodrama technobabble
 This utility will split your console into a multiple panes of genuine
 technobabble, perfectly suitable for any Hollywood geek melodrama.
 It is particularly suitable on any number of computer consoles in the

Description-md5: 768f44c76220ea2b35f855ea34c8bc35
Section: games
Priority: optional

Once installed on Debian with:

aptitude install -y hollywood

You can get in a rapid manner plenty of tmux (screen like – virtual console emulator) split screen statistics about your notebook / workstation / server CPU usage, mlocate.db status, info about plugged in machine voltage, Speedometer (statistics about Network bandwidth usage), System load avarage (CPU Count, Memory Utilization) and some other random info coming out of dmesg kernel log and more. The information displayed in splitted windows changes rapidly and (assuming you run it at home Desktop with a soundblaster) and not remotely, a james bond Agent 007 soundtrack is played on the back, that brings up one's adrenaline and makes it look even cooler.


To give you an idea what to expect, here is shot of /usr/games/hollywood (the program start binary location) on Debian GNU / Linux running, Enjoy! 🙂

Why du and df reporting different on a filesystem / How to fix inconsistency between used space on FS and disk showing full strangeness

Wednesday, July 24th, 2019


If you're a sysadmin on a large server environment such as a couple of hundred of Virtual Machines running Linux OS on either physical host or OpenXen / VmWare hosted guest Virtual Machine, you might end up sometimes at an odd case where some mounted partition mount point reports its file use different when checked with
cmd than when checked with du command, like for example:

root@sqlserver:~# df -hT /var/lib/mysql
Filesystem   Type  Size Used Avail Use% Mounted On
/dev/sdb5      ext4    19G  3,4G    14G  20% /var/lib/mysql

Here the '-T' argument is used to show us the filesystem.

root@sqlserver:~# du -hsc /var/lib/mysql
0K    /var/lib/mysql/
0K    total


1. Simple debug on what might be the root cause for df / du inconsistency reporting


Of course the basic thing to do when in that weird situation is to be totally shocked how this is possible and to investigate a bit what is the biggest first level sub-directories that eat up the space on the mounted location, with du:


# du -hkx –max-depth=1 /var/lib/mysql/|uniq|sort -n
4       /var/lib/mysql/test
8       /var/lib/mysql/ezmlm
8       /var/lib/mysql/micropcfreak
8       /var/lib/mysql/performance_schema
12      /var/lib/mysql/mysqltmp
24      /var/lib/mysql/speedtest
64      /var/lib/mysql/yourls
144     /var/lib/mysql/narf
320     /var/lib/mysql/webchat_plus
424     /var/lib/mysql/goodfaithair
528     /var/lib/mysql/moonman
648     /var/lib/mysql/daniel
852     /var/lib/mysql/lessn
1292    /var/lib/mysql/gallery

The given output is in Kilobytes so it is a little bit hard to read, if you're used to Mbytes instead, do


 # du -hmx –max-depth=1 /var/lib/mysql/|uniq|sort -n|less


I've also investigated on the complete /var directory contents sorted by size with:


 # du -akx ./ | sort -n
5152564    ./cache/rsnapshot/hourly.2/localhost
5255788    ./cache/rsnapshot/hourly.2
5287912    ./cache/rsnapshot
7192152    ./cache

Even after finding out the bottleneck dirs and trying to clear up a bit, continued facing that inconsistently shown in two commands and if you're likely to be stunned like me and try … to move some files to a different filesystem to free up space or assigned inodes with a hope that shown inconsitency output will be fixed as it might be caused  due to some kernel / FS caching ?? and this will eventually make the mounted FS to refresh …

But unfortunately, if you try it you'll figure out clearing up a couple of Megas or Gigas will make no difference in cmd output.

In my exact case /var/lib/mysql is a separate mounted ext4 filesystem, however same issue was present also on a Network Filesystem (NFS) and thus, my first thought that this is caused by a network failure problem or NFS bug turned to be wrong.

After further short investigation on the inodes on the Filesystem, it was clear enough inodes are available:

# df -i /var/lib/mysql
Filesystem       Inodes  IUsed   IFree IUse% Mounted on
/dev/sdb5      1221600  2562 1219038   1% /var/lib/mysql


So the filled inodes count assumed issue also has been rejected.
P.S. (if you're not well familiar with them read manual, i.e. – man 7 inode).

– Remounting the mounted filesystem

To make sure the filesystem shown inconsistency between du and df is not due to some hanging network mount or bug, first logical thing I did is to remount the filesytem showing different in size, in my case this was done with:

# mount -o remount,rw -t ext4 /var/lib/mysql

For machines with NFS remote mounted storage locations, used:

# mount -o remount,rw -t nfs /var/www

FS remount did not solved it so I continued to ponder what oddity and of course I thought of a workaround (in case if this issues are caused by kernel bug or OS lib issue) reboot might be the solution, however unfortunately restarting the VMs was not a wanted easy to do solution, thus I continued investigating what is wrong …

Next check of course was to check, what kind of network connections are opened to the affected hosts with:

# netstat -tupanl

Did not found anything that might point me to the reported different Megabytes issue, so next step was to check what is the situation with currently opened files by running processes on the weird df / du reported systems with lsof, and boom there I observed oddity such as multiple files


# lsof -nP | grep '(deleted)'

mysqld   2588  mysql    4u   REG 253,17      52     0  1495 /var/lib/mysql/tmp/ibY0cXCd (deleted)
mysqld   2588  mysql    5u   REG 253,17    1048     0  1496 /var/lib/mysql/tmp/ibOrELhG (deleted)
mysqld   2588  mysql    6u   REG 253,17       777884290     0  1497 /var/lib/mysql/tmp/ibmDFAW8 (deleted)
mysqld   2588  mysql    7u   REG 253,17       123667875     0 11387 /var/lib/mysql/tmp/ib2CSACB (deleted)
mysqld   2588  mysql   11u   REG 253,17       123852406     0 11388 /var/lib/mysql/tmp/ibQpoZ94 (deleted)


Notice that There were plenty of '(deleted)' STATE files shown in memory an overall of 438:


# lsof -nP | grep '(deleted)' |wc -l

As I've learned a bit online about the problem, I found it is also possible to find deleted unlinked files only without any greps (to list all deleted files in memory files with lsof args only):


# lsof +L1|less

The SIZE field (fourth column)  shows a number of files that are really hard in size and that are kept in open on filesystem and in memory, totally messing up with the filesystem. In my case this is temp files created by MYSQLD daemon but depending on the server provided service this might be apache's www-data, some custom perl / bash script executed via a cron job, stalled rsync jobs etc.

2. Check all the list open files with the mysql / root user as part of the the server filesystem inconsistency debugging with:


– Grep opened files on server by user

# lsof |grep mysql
mysqld    1312                       mysql  cwd       DIR               8,21       4096          2 /var/lib/mysql
mysqld    1312                       mysql  rtd       DIR                8,1       4096          2 /
mysqld    1312                       mysql  txt       REG                8,1   20336792   23805048 /usr/sbin/mysqld
mysqld    1312                       mysql  mem       REG               8,21      24576         20 /var/lib/mysql/tc.log
mysqld    1312                       mysql  DEL       REG               0,16                 29467 /[aio]
mysqld    1312                       mysql  mem       REG                8,1      55792   14886933 /lib/x86_64-linux-gnu/


# lsof | grep root
COMMAND    PID   TID TASKCMD          USER   FD      TYPE             DEVICE   SIZE/OFF       NODE NAME
systemd      1                        root  cwd       DIR                8,1       4096          2 /
systemd      1                        root  rtd       DIR                8,1       4096          2 /
systemd      1                        root  txt       REG                8,1    1489208   14928891 /lib/systemd/systemd
systemd      1                        root  mem       REG                8,1    1579448   14886924 /lib/x86_64-linux-gnu/

Other command that helped to track the discrepancy between df and du different file usage on FS is:

# du -hxa  / | egrep '^[[:digit:]]{1,1}G[[:space:]]*'


3. Fixing large files kept in memory filesystem problem

What is the real reason for ending up with this file handlers opened by running backgrounded programs on the Linux OS?
It could be multiple  but most likely it is due to exceeded server / client interactions or breaking up RAM or HDD drive with writing plenty of logs on the FS without ending keeping space occupied or Programming library bugs used by hanged service leaving the FH opened on storage.

What is the solution to file system files left in memory problem?

The best solution is to first fix custom script or hanged service and then if possible to simply restart the server to make the kernel / services reload or if this is not possible just restart the problem creation processes.

Once the process is identified like in my case this was MySQL on systemd enabled newer OS distros, just do:



# systemctl restart mysqld.service

or on older init.d system V ones:

# /etc/init.d/service restart

For custom hanged scripts being listed in ps axuwef you can grep the pid and do a kill -HUP (if the script is written in a good way to recognize -HUP and restart the sub-running process properly – BE EXTRA CAREFUL IF YOU'RE RESTARTING BROKEN SCRIPTS as this might cause your running service disruptions …).

# pgrep -l

# kill -HUP PID


Now finally this should either mitigate or at best case completely solve the reported disagreement between df and du, after which the calculated / reported disk space should be back to normal and show up approximately the same (note that size changes a bit as mysql service is writting data) constantly extending the size between the two checks.


# df -hk /var/lib/mysql; du -hskc /var/lib/mysql
Filesystem       Inodes  IUsed   IFree IUse% Mounted on
/dev/sdb5        19097172 3472744 14631296  20% /var/lib/mysql
3427772    /var/lib/mysql
3427772    total


What we learned?

What I've explained in this article is why and how it comes that 'zoombie' files reside on a filesystem
appearing to be eating disk space on a mounted local or network partition, giving strange inconsistent
reports, leading to system service disruptions and impossibility to have correctly shown information on used
disk space on mounted drive.

I went through with some standard logic on debugging service / filesystem / inode issues up explainat, that led me to the finding about deleted files being kept in filesystem and producing the filesystem strange sized / showing not correct / filled even after it was extended with tune2fs and was supposed to have extra 50GBs.

Finally it was explained shortly how to HUP / restart hanging script / service to fix it.

Some few good readings that helped to fix the issue:

What to do when du and df report different usage is here
df in linux not showing correct free space after file removal is here
Why do “df” and “du” commands show different disk usage?

The evils of the Corporate Business and the Multi National Business crimes – What is the legal status of a International Corporation Company? – The Corporation – A documentary movie on the birth of modern Corporations and Multinational businesses

Friday, December 14th, 2012


Some 5 years ago, while I was still studying in International College Albena (International College Dobrich, Bulgaria) also historically known under the name "International College Albena", In one of my regular Logistics (lectures), we were Projected a movie by our professor Mr. Bojidar Bojkov.
Usually I take no interest in educational presentations as most of them is obsolete junk more or less not reflecting the real life reality and is some abstract "pseudo"-science concepts. This time it was different me and my IBMS (International Business Management Studies) study fellows were projected a very informative movie called The Corporation.

The Corporation is a movie containing elements of propaganda as it is trying to proof (convince) the public – that modern society should be much more critical and active in measures against the bad-ness of multi-national corporations and many of the Fortune top 500 profitable businesses

As every kind of movie it is more-or-less manipulative and the author tries to impose his idea about "the evil corporations". The topic of Corporate Citizenship is a modern topic in Business and every large size businesses is claiming to hold a very high standards of "corporate citizenship" and being loyal or green and environmental friendly Green and environment friendliness "buzz-word mantra like words" are everywhere, from the littlest company operating on a single Country Market to the largest and most "respected" companies like BP – (British Petroleum).

It is a public "secret", that most of the succeesful business organizations (be it profit or non-profit) is a dirty and devilish undertaking driven with the one and only goal to enrich the shareholder/s wealth. The organization is usually not governed by the shareholders but assigned management is assigned to supervise the organizations and take the management decisions concerning the org. wealth and power increase.

It is evident noticable fact, that the bigger a business or company is the more likely it is to be functioning efficiently and to provide lower product prices on the market. The reason is middle and big size corporations dispose themselves with "BIG MONEY" – huge financial investments (many of which are with doubtful origin) ….

The expension of USA and UK (English), model of business gave a collapse to any alternative forms of company functionining except – the western model. However the severe economic crisis clearly indicates – "The Western Business Model" which is backboned by such a solid and good theoretical base is not working as expected in practice. Though with the worsening crisis over the last few years it is more and more evident that something need to change fundamentaly on global scale in how private businesses and organizations (westerned) model organizations function, still there is nearly noone doing anything. Instead America is continously following their 'good old' well known "Create Wars and Conflicts Strategy". Where mostly all non western modelated countries or any kind of "untracked" business out of the western model is deliberatily being killed by creating (financing) internal conflicts inside countries (like it happened recently in Egypt), like it happens with the war in Syria and like happened in Vietnam some years back.

There are still some countries in the world, trying to fight-back the broken western unified (international one system) model tendency of the west like Russia and Belarus and hopefully some other Countries whose economics are showing negative results, but in general it seems the 'Western Corporate model' will take over in short future.
There is an easy solution to the problem 'raise awareness' of the corporate badness, limit corporations on a local governmental basis and foster a business climate, where start-up and little and middle sized companies are encouraged to rise-up, parallely with dramatical rise in taxation over large corporate multination-business entities …
But in order for this to happens it is necessary the majority of people to realize about the Corporations problem and deliberately and peacefully work each on individual base (and according to his abilities) against the 'Evil Corporations Structural (New-World Order) like Empire'

One of this Raise-UP Awareness against the badness of Business-es of the High Scale is The Corporation movie. I'm sure anyone who is interested in knowing how stuff works and how modern economy works would definitely learn a lot from the movie.


The Corporation- A Documentary Movie on curious facts about evils of Multi-National Corporations and "International Businesses"

It is rather paradoxically that the movie came to see the light of day by the University of British Columbia. A movie which criticizes the Western Corporate model was done by a Western (British) University. The movie was primary conducted and made by a law professor Joel Bakan

The documentary examines the modern-day corporation, considering its legal status as a class of person and evaluating its behaviour towards society and the world at large as a psychiatrist might evaluate an ordinary person.

It is rather interesting fact to learn, that probably most not know that in modern times in most countries (if not all), the Corporation is being perceived from a Legal stand-point as 'An ordinary person (citizen) Entity'. Yeah that's right, non-human "being" is legally perceived as human and has all the rights and duties of an ordinary citizen. The big problem with this is the impact is has on general cotiety. An ordinary human could "kill" someone blow off a bomb and kill hundreds but cannot be blamed for killing few millions or leaving a billion of people poor or on the threshold of starvation, but Corporation as having the legal status of a Country Citizen sadly can ….

In the end of the movie after a few typical corporations are examined – a psychiatry diagnosis is set the Corporation (Multi-National) Business Model is diagnosed as Psychopat. The movie also gives a very interesting information concerning some Top Brands and products – like Coca Cola, Fanta, IBM etc. etc.

It is worthy to mention just of them – Fanta used to be invented and was known as 'The Nazis Drink' as in Nazist Germany it was drinked as Substitute for the American way drink (TM) – Coca Cola.

Other interesting facts is back in the day and even probably to this day Coca Cola placed – real quantity of Cocain in their drink leading to addiction – and tried various methods to manipulate the minds of the Consumer in Advertisements of their products. What striked me personally the most was the fact IBM (International Business Machines), were selling identification systems to Hitler and the Nazis in order to number the Jewish prisoners in concentration camps. Noone cares nowadays and still IBM – known also as (The Blue Elephant) is still operating profitably and one of the most important players in the field of IT and Computer Equipment, nevertheless the unhuman crime they did by selling systems which were used by German Officers whose killed millions of Jews and other non-Aryans …

It is rather uneasy to think that the same Corporation which helped indirectly for killing millions helped and played kill role of development of the Personal Computer – The Laptop, the Mobile Phones, Modern Genetics, Implants, The Internent and well you name it …

Here is also a short explanation of the Movie from Wikipedia:

" The film features interviews with prominent corporate critics such as Noam Chomsky, Naomi Klein, Michael Moore, Vandana Shiva, Charles Kernaghan, and Howard Zinn as well as opinions from company CEOs such as Ray Anderson (from the Interface carpet & fabric company), the viewpoints of Peter Drucker and Milton Friedman, and think tanks advocating free markets such as the Fraser Institute. Interviews also feature Dr. Samuel Epstein with his involvement in a lawsuit against Monsanto Company for promoting the use of Posilac, (Monsanto's trade name for recombinant Bovine Somatotropin) to induce more milk production in dairy cattle. "

Though the movie outlines so much important facts, that should be known by any Business Student out – there or any person somehow involved in Business, I have the impression most of the people out there never watch it. Thus I hope my little article will make it a bit more popular and bring some more people to realize, that Corporations Culture and Evils should be opposed and mitigated on individual and society level!