60 Seconds Binary Options Strategy

Node.js Application Monitoring with Prometheus and Grafana

Hi guys, we published this article on our blog (here) some time ago and I thought it could be interesting for node to read is as well, since we got some good feedback on it!

What is application monitoring and why is it necessary?

Application monitoring is a method that uses software tools to gain insights into your software deployments. This can be achieved by simple health checks to see if the server is available to more advanced setups where a monitoring library is integrated into your server that sends data to a dedicated monitoring service. It can even involve the client side of your application, offering more detailed insights into the user experience.
For every developer, monitoring should be a crucial part of the daily work, because you need to know how the software behaves in production. You can let your testers work with your system and try to mock interactions or high loads, but these techniques will never be the same as the real production workload.

What is Prometheus and how does it work?

Prometheus is an open-source monitoring system that was created in 2012 by Soundcloud. In 2016, Prometheus became the second project (following Kubernetes) to be hosted by the Cloud Native Computing Foundation.
https://preview.redd.it/8kshgh0qpor51.png?width=1460&format=png&auto=webp&s=455c37b1b1b168d732e391a882598e165c42501a
The Prometheus server collects metrics from your servers and other monitoring targets by pulling their metric endpoints over HTTP at a predefined time interval. For ephemeral and batch jobs, for which metrics can't be scraped periodically due to their short-lived nature, Prometheus offers a Pushgateway. This is an intermediate server that monitoring targets can push their metrics before exiting. The data is retained there until the Prometheus server pulls it later.
The core data structure of Prometheus is the time series, which is essentially a list of timestamped values that are grouped by metric.
With PromQL (Prometheus Query Language), Prometheus provides a functional query language allowing for selection and aggregation of time series data in real-time. The result of a query can be viewed directly in the Prometheus web UI, or consumed by external systems such as Grafana via the HTTP API.

How to use prom-client to export metrics in Node.js for Prometheus?

prom-client is the most popular Prometheus client library for Node.js. It provides the building blocks to export metrics to Prometheus via the pull and push methods and supports all Prometheus metric types such as histogram, summaries, gauges and counters.

Setup sample Node.js project

Create a new directory and set up the Node.js project:
$ mkdir example-nodejs-app $ cd example-nodejs-app $ npm init -y 

Install prom-client

The prom-client npm module can be installed via:
$ npm install prom-client 

Exposing default metrics

Every Prometheus client library comes with predefined default metrics that are assumed to be good for all applications on the specific runtime. The prom-client library also follows this convention. The default metrics are useful for monitoring the usage of resources such as memory and CPU.
You can capture and expose the default metrics with following code snippet:
const http = require('http') const url = require('url') const client = require('prom-client') // Create a Registry which registers the metrics const register = new client.Registry() // Add a default label which is added to all metrics register.setDefaultLabels({ app: 'example-nodejs-app' }) // Enable the collection of default metrics client.collectDefaultMetrics({ register }) // Define the HTTP server const server = http.createServer(async (req, res) => { // Retrieve route from request object const route = url.parse(req.url).pathname if (route === '/metrics') { // Return all metrics the Prometheus exposition format res.setHeader('Content-Type', register.contentType) res.end(register.metrics()) } }) // Start the HTTP server which exposes the metrics on http://localhost:8080/metrics server.listen(8080) 

Exposing custom metrics

While default metrics are a good starting point, at some point, you’ll need to define custom metrics in order to stay on top of things.
Capturing and exposing a custom metric for HTTP request durations might look like this:
const http = require('http') const url = require('url') const client = require('prom-client') // Create a Registry which registers the metrics const register = new client.Registry() // Add a default label which is added to all metrics register.setDefaultLabels({ app: 'example-nodejs-app' }) // Enable the collection of default metrics client.collectDefaultMetrics({ register }) // Create a histogram metric const httpRequestDurationMicroseconds = new client.Histogram({ name: 'http_request_duration_seconds', help: 'Duration of HTTP requests in microseconds', labelNames: ['method', 'route', 'code'], buckets: [0.1, 0.3, 0.5, 0.7, 1, 3, 5, 7, 10] }) // Register the histogram register.registerMetric(httpRequestDurationMicroseconds) // Define the HTTP server const server = http.createServer(async (req, res) => { // Start the timer const end = httpRequestDurationMicroseconds.startTimer() // Retrieve route from request object const route = url.parse(req.url).pathname if (route === '/metrics') { // Return all metrics the Prometheus exposition format res.setHeader('Content-Type', register.contentType) res.end(register.metrics()) } // End timer and add labels end({ route, code: res.statusCode, method: req.method }) }) // Start the HTTP server which exposes the metrics on http://localhost:8080/metrics server.listen(8080) 
Copy the above code into a file called server.jsand start the Node.js HTTP server with following command:
$ node server.js 
You should now be able to access the metrics via http://localhost:8080/metrics.

How to scrape metrics from Prometheus

Prometheus is available as Docker image and can be configured via a YAML file.
Create a configuration file called prometheus.ymlwith following content:
global: scrape_interval: 5s scrape_configs: - job_name: "example-nodejs-app" static_configs: - targets: ["docker.for.mac.host.internal:8080"] 
The config file tells Prometheus to scrape all targets every 5 seconds. The targets are defined under scrape_configs. On Mac, you need to use docker.for.mac.host.internal as host, so that the Prometheus Docker container can scrape the metrics of the local Node.js HTTP server. On Windows, use docker.for.win.localhost and for Linux use localhost.
Use the docker run command to start the Prometheus Docker container and mount the configuration file (prometheus.yml):
$ docker run --rm -p 9090:9090 \ -v `pwd`/prometheus.yml:/etc/prometheus/prometheus.yml \ prom/prometheus:v2.20.1 
Windows users need to replace pwd with the path to their current working directory.
You should now be able to access the Prometheus Web UI on http://localhost:9090

What is Grafana and how does it work?

Grafana is a web application that allows you to visualize data sources via graphs or charts. It comes with a variety of chart types, allowing you to choose whatever fits your monitoring data needs. Multiple charts are grouped into dashboards in Grafana, so that multiple metrics can be viewed at once.
https://preview.redd.it/vt8jwu8vpor51.png?width=3584&format=png&auto=webp&s=4101843c84cfc6293debcdfc3bdbe70811dab2e9
The metrics displayed in the Grafana charts come from data sources. Prometheus is one of the supported data sources for Grafana, but it can also use other systems, like AWS CloudWatch, or Azure Monitor.
Grafana also allows you to define alerts that will be triggered if certain issues arise, meaning you’ll receive an email notification if something goes wrong. For a more advanced alerting setup checkout the Grafana integration for Opsgenie.

Starting Grafana

Grafana is also available as Docker container. Grafana datasources can be configured via a configuration file.
Create a configuration file called datasources.ymlwith the following content:
apiVersion: 1 datasources: - name: Prometheus type: prometheus access: proxy orgId: 1 url: http://docker.for.mac.host.internal:9090 basicAuth: false isDefault: true editable: true 
The configuration file specifies Prometheus as a datasource for Grafana. Please note that on Mac, we need to use docker.for.mac.host.internal as host, so that Grafana can access Prometheus. On Windows, use docker.for.win.localhost and for Linux use localhost.
Use the following command to start a Grafana Docker container and to mount the configuration file of the datasources (datasources.yml). We also pass some environment variables to disable the login form and to allow anonymous access to Grafana:
$ docker run --rm -p 3000:3000 \ -e GF_AUTH_DISABLE_LOGIN_FORM=true \ -e GF_AUTH_ANONYMOUS_ENABLED=true \ -e GF_AUTH_ANONYMOUS_ORG_ROLE=Admin \ -v `pwd`/datasources.yml:/etc/grafana/provisioning/datasources/datasources.yml \ grafana/grafana:7.1.5 
Windows users need to replace pwd with the path to their current working directory.
You should now be able to access the Grafana Web UI on http://localhost:3000

Configuring a Grafana Dashboard

Once the metrics are available in Prometheus, we want to view them in Grafana. This requires creating a dashboard and adding panels to that dashboard:
  1. Go to the Grafana UI at http://localhost:3000, click the + button on the left, and select Dashboard.
  2. In the new dashboard, click on the Add new panel button.
  3. In the Edit panel view, you can select a metric and configure a chart for it.
  4. The Metrics drop-down on the bottom left allows you to choose from the available metrics. Let’s use one of the default metrics for this example.
  5. Type process_resident_memory_bytesinto the Metricsinput and {{app}}into the Legendinput.
  6. On the right panel, enter Memory Usage for the Panel title.
  7. As the unit of the metric is in bytes we need to select bytes(Metric)for the left y-axis in the Axes section, so that the chart is easy to read for humans.
You should now see a chart showing the memory usage of the Node.js HTTP server.
Press Apply to save the panel. Back on the dashboard, click the small "save" symbol at the top right, a pop-up will appear allowing you to save your newly created dashboard for later use.

Setting up alerts in Grafana

Since nobody wants to sit in front of Grafana all day watching and waiting to see if things go wrong, Grafana allows you to define alerts. These alerts regularly check whether a metric adheres to a specific rule, for example, whether the errors per second have exceeded a specific value.
Alerts can be set up for every panel in your dashboards.
  1. Go into the Grafana dashboard we just created.
  2. Click on a panel title and select edit.
  3. Once in the edit view, select "Alerts" from the middle tabs, and press the Create Alertbutton.
  4. In the Conditions section specify 42000000 after IS ABOVE. This tells Grafana to trigger an alert when the Node.js HTTP server consumes more than 42 MB Memory.
  5. Save the alert by pressing the Apply button in the top right.

Sample code repository

We created a code repository that contains a collection of Docker containers with Prometheus, Grafana, and a Node.js sample application. It also contains a Grafana dashboard, which follows the RED monitoring methodology.
Clone the repository:
$ git clone https://github.com/coder-society/nodejs-application-monitoring-with-prometheus-and-grafana.git 
The JavaScript code of the Node.js app is located in the /example-nodejs-app directory. All containers can be started conveniently with docker-compose. Run the following command in the project root directory:
$ docker-compose up -d 
After executing the command, a Node.js app, Grafana, and Prometheus will be running in the background. The charts of the gathered metrics can be accessed and viewed via the Grafana UI at http://localhost:3000/d/1DYaynomMk/example-service-dashboard.
To generate traffic for the Node.js app, we will use the ApacheBench command line tool, which allows sending requests from the command line.
On MacOS, it comes pre-installed by default. On Debian-based Linux distributions, ApacheBench can be installed with the following command:
$ apt-get install apache2-utils 
For Windows, you can download the binaries from Apache Lounge as a ZIP archive. ApacheBench will be named ab.exe in that archive.
This CLI command will run ApacheBench so that it sends 10,000 requests to the /order endpoint of the Node.js app:
$ ab -m POST -n 10000 -c 100 http://localhost:8080/order 
Depending on your hardware, running this command may take some time.
After running the ab command, you can access the Grafana dashboard via http://localhost:3000/d/1DYaynomMk/example-service-dashboard.

Summary

Prometheus is a powerful open-source tool for self-hosted monitoring. It’s a good option for cases in which you don’t want to build from scratch but also don’t want to invest in a SaaS solution.
With a community-supported client library for Node.js and numerous client libraries for other languages, the monitoring of all your systems can be bundled into one place.
Its integration is straightforward, involving just a few lines of code. It can be done directly for long-running services or with help of a push server for short-lived jobs and FaaS-based implementations.
Grafana is also an open-source tool that integrates well with Prometheus. Among the many benefits it offers are flexible configuration, dashboards that allow you to visualize any relevant metric, and alerts to notify of any anomalous behavior.
These two tools combined offer a straightforward way to get insights into your systems. Prometheus offers huge flexibility in terms of metrics gathered and Grafana offers many different graphs to display these metrics. Prometheus and Grafana also integrate so well with each other that it’s surprising they’re not part of one product.
You should now have a good understanding of Prometheus and Grafana and how to make use of them to monitor your Node.js projects in order to gain more insights and confidence in your software deployments.
submitted by matthevva to node [link] [comments]

How to deploy Angular 2 application on AWS? Need help regarding CI/CD and scaling

Hi guys, I am developing internal system for my organisation on Angular 9.0.6. This is currently deployed on Lambda function via serverless. But this setup has multiple problems that I am facing currently:
1st - CI/CD setup: Our repository is hosted on Gitlab. I was trying to use Gitlab CI tool to deploy my code to staging/production. But it gets stuck at
Serverless: Excluding development dependencies... 
This stage takes almost 45 minutes of build time and then times out. My package exclusion in serverless.yml:
package: exclude: \- src/\*\* \- node\_modules/\*\* \- firebug-lite/\*\* \- e2e/\*\* \- coverage/\*\* \- '!node\_modules/aws-serverless-express/\*\*' \- '!node\_modules/binary-case/\*\*' \- '!node\_modules/type-is/\*\*' \- '!node\_modules/media-type\*\*' \- '!node\_modules/mime-types/\*\*' \- '!node\_modules/mime-db/\*\*' 
Where am I going wrong? Should I be looking at AWS CodeBuild or any other tool?
PS: I also evaluated Jenkins as an option, but the entire JAVA backend microservices are getting deployed via Gitlab CI so a Jenkins setup won't add much value.
2nd - Upgrading Angular version:
The other problem is that when I upgrade my code via angular-cli or otherwise also, Lambda function is returning 502 on the main chunk. It is loading all supporting bundles (eg, vendor.js, polyfills.js) correctly. I tried checking my CloudWatch logs with enhanced monitoring enabled. But there is no error corresponding to this.
Everything is working fine and compiling without issues on local server with and without AOT and production build flags.
Anyone having faced a similar issue to this?
I encountered same issue when adding ckeditockeditor5-angular library in my package.
My package dependencies are:
"dependencies": { "@angulaanimations": "~9.0.6", "@angulacdk": "~9.1.3", "@angulacommon": "~9.0.6", "@angulacompiler": "~9.0.6", "@angulacore": "~9.0.6", "@angulaforms": "~9.0.6", "@angulamaterial": "^9.1.3", "@angulaplatform-browser": "~9.0.6", "@angulaplatform-browser-dynamic": "~9.0.6", "@angularouter": "~9.0.6", "@angulaservice-worker": "~9.0.6", "@ckeditockeditor5-angular": "^1.2.3", "@ckeditockeditor5-build-classic": "^22.0.0", "@fullstory/browser": "^1.4.3", "@ng-toolkit/serverless": "^8.1.0", "@sentry/browser": "^5.12.1", "@sentry/fullstory": "^1.1.2", "@swimlane/ngx-charts": "^13.0.2", "@zxing/ngx-scanner": "^3.0.0", "apollo-angular": "^1.8.0", "apollo-angular-link-http": "^1.9.0", "apollo-cache-inmemory": "^1.6.0", "apollo-client": "^2.6.0", "apollo-link": "^1.2.11", "apollo-link-context": "^1.0.20", "apollo-link-error": "^1.1.13", "apollo-link-ws": "^1.0.19", "apollo-utilities": "^1.3.3", "aws-serverless-express": "^3.3.6", "bootstrap": "^4.4.1", "cors": "^2.8.5", "dexie": "^3.0.2", "graphql": "^14.5.0", "graphql-tag": "^2.10.0", "jwt-decode": "^2.2.0", "moment": "^2.25.1", "ng2-pdfjs-viewer": "^5.0.5", "ngx-device-detector": "^1.3.20", "ngx-kjua": "^1.7.0", "ngx-mat-daterange-picker": "^1.1.4", "rxjs": "~6.5.4", "serverless-api-compression": "^1.0.1", "subscriptions-transport-ws": "^0.9.16", "tslib": "^1.10.0", "zone.js": "~0.10.2" }, "devDependencies": { "@angular-devkit/build-angular": "~0.900.6", "@angulacli": "^9.0.6", "@angulacompiler-cli": "~9.0.6", "@angulalanguage-service": "~9.0.6", "@types/jasmine": "~3.3.8", "@types/jasminewd2": "~2.0.3", "@types/node": "^8.10.59", "codelyzer": "^5.0.0", "jasmine-core": "~3.4.0", "jasmine-spec-reporter": "~4.2.1", "karma": "^4.4.1", "karma-chrome-launcher": "~2.2.0", "karma-coverage-istanbul-reporter": "~2.0.1", "karma-jasmine": "~2.0.1", "karma-jasmine-html-reporter": "^1.4.0", "opencollective": "^1.0.3", "protractor": "~5.4.0", "serverless": "^1.60.0", "serverless-apigw-binary": "^0.4.4", "ts-loader": "^6.2.1", "ts-node": "~7.0.0", "tslint": "~5.15.0", "typescript": "~3.7.5", "webpack-cli": "^3.3.10" } 
I don't have much experience in Lambda setups. Any specific place where I should be looking at to debug this issue?
submitted by shreeshkatyayan to Angular2 [link] [comments]

Adding a "Success with a Complication" option to a pre-existing dice system

I've already created a dice system resolution mechanic for my rpg and my early feedback on it is positive. It seems to work well for combat and for non-combat skills according to my test players.
The mechanic is a dual variable dice system. The system works as follows:
I like this system because it provides flexibility for the players and ease of difficulty setting for the GM. Players can attempt to make up for a character's lack of skill by spending Stamina, which affords every character a real opportunity to succeed so long as they are willing to spend the resources. Thus players can give their characters clear advantages without ever losing the ability to fail.
My issue is that I am considering adding a "success with a complication" option to my dice roll outcomes. Currently, the results are binary success or failure. That works fine in combat for me because combat already has multiple mechanics that interact fairly well. But for non-combat problems I think a "success with a complication" option can help drive good storytelling and interesting gameplay options. However, for the life of me I can't seem to come up with a way to add this possibility without making my resolution mechanics require a chart or clunky and overly complex rules.
Solutions I've already considered:
So, that's the challenge. Can any of you come up with a relatively simple way to include a "success with a complication" option to this dice system? Is the answer obvious and I've just overlooked it, or is this problem too difficult and I would be better served staying with the binary setup that I currently have? Thank you for your time and consideration!
submitted by Six6Sins to RPGdesign [link] [comments]

Vault 7 - CIA Hacking Tools Revealed

Vault 7 - CIA Hacking Tools Revealed
March 07, 2017
from Wikileaks Website


https://preview.redd.it/9ufj63xnfdb41.jpg?width=500&format=pjpg&auto=webp&s=46bbc937f4f060bad1eaac3e0dce732e3d8346ee

Press Release
Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency.
Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency.
The first full part of the series, "Year Zero", comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA's Center for Cyber Intelligence (below image) in Langley, Virgina.
It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.
Recently, the CIA lost control of the majority of its hacking arsenal including,
  1. malware
  2. viruses
  3. trojans
  4. weaponized "zero day" exploits
  5. malware remote control systems

...and associated documentation.
This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA.
The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
"Year Zero" introduces the scope and direction of the CIA's global covert hacking program, its malware arsenal and dozens of "zero day" weaponized exploits against a wide range of U.S. and European company products, include,

  1. Apple's iPhone
  2. Google's Android
  3. Microsoft's Windows
  4. Samsung TVs,

...which are turned into covert microphones.
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA).
The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force - its own substantial fleet of hackers.
The agency's hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) in order to draw on the NSA's hacking capacities.
By the end of 2016, the CIA's hacking division, which formally falls under the agency's Center for Cyber Intelligence (CCI - below image), had over 5000 registered users and had produced more than a thousand,
hacking systems trojans viruses,
...and other "weaponized" malware.


https://preview.redd.it/3jsojkqxfdb41.jpg?width=366&format=pjpg&auto=webp&s=e92eafbb113ab3e972045cc242dde0f0dd511e96

Such is the scale of the CIA's undertaking that by 2016, its hackers had utilized more codes than those used to run Facebook.
The CIA had created, in effect, its "own NSA" with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
In a statement to WikiLeaks the source details policy questions that they say urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.
The source wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike.

Julian Assange, WikiLeaks editor stated that,
"There is an extreme proliferation risk in the development of cyber 'weapons'.
Comparisons can be drawn between the uncontrolled proliferation of such 'weapons', which results from the inability to contain them combined with their high market value, and the global arms trade.
But the significance of 'Year Zero' goes well beyond the choice between cyberwar and cyberpeace. The disclosure is also exceptional from a political, legal and forensic perspective."

Wikileaks has carefully reviewed the "Year Zero" disclosure and published substantive CIA documentation while avoiding the distribution of 'armed' cyberweapons until a consensus emerges on the technical and political nature of the CIA's program and how such 'weapons' should analyzed, disarmed and published.

Wikileaks has also decided to Redact (see far below) and Anonymize some identifying information in "Year Zero" for in depth analysis. These redactions include ten of thousands of CIA targets and attack machines throughout,
Latin America Europe the United States

While we are aware of the imperfect results of any approach chosen, we remain committed to our publishing model and note that the quantity of published pages in "Vault 7" part one ("Year Zero") already eclipses the total number of pages published over the first three years of the Edward Snowden NSA leaks.

Analysis

CIA malware targets iPhone, Android, smart TVs
CIA malware and hacking tools are built by EDG (Engineering Development Group), a software development group within CCI (Center for Cyber Intelligence), a department belonging to the CIA's DDI (Directorate for Digital Innovation).
The DDI is one of the five major directorates of the CIA (see above image of the CIA for more details).
The EDG is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations world-wide.
The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell's 1984, but "Weeping Angel", developed by the CIA's Embedded Devices Branch (EDB), which infests smart TVs, transforming them into covert microphones, is surely its most emblematic realization.
The attack against Samsung smart TVs was developed in cooperation with the United Kingdom's MI5/BTSS.
After infestation, Weeping Angel places the target TV in a 'Fake-Off' mode, so that the owner falsely believes the TV is off when it is on. In 'Fake-Off' mode the TV operates as a bug, recording conversations in the room and sending them over the Internet to a covert CIA server.
As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
The CIA's Mobile Devices Branch (MDB) developed numerous attacks to remotely hack and control popular smart phones. Infected phones can be instructed to send the CIA the user's geolocation, audio and text communications as well as covertly activate the phone's camera and microphone.
Despite iPhone's minority share (14.5%) of the global smart phone market in 2016, a specialized unit in the CIA's Mobile Development Branch produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads.
CIA's arsenal includes numerous local and remote "zero days" developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites.
A similar unit targets Google's Android which is used to run the majority of the world's smart phones (~85%) including Samsung, HTC and Sony. 1.15 billion Android powered phones were sold last year.
"Year Zero" shows that as of 2016 the CIA had 24 "weaponized" Android "zero days" which it has developed itself and obtained from GCHQ, NSA and cyber arms contractors.
These techniques permit the CIA to bypass the encryption of, WhatsApp
  1. Signal
  2. Telegram
  3. Wiebo
  4. Confide
  5. Cloackman
...by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.
CIA malware targets Windows, OSx, Linux, routers
The CIA also runs a very substantial effort to infect and control Microsoft Windows users with its malware.
This includes multiple local and remote weaponized "zero days", air gap jumping viruses such as "Hammer Drill" which infects software distributed on CD/DVDs, infectors for removable media such as USBs, systems to hide data in images or in covert disk areas ("Brutal Kangaroo") and to keep its malware infestations going.
Many of these infection efforts are pulled together by the CIA's Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as "Assassin" and "Medusa".
Attacks against Internet infrastructure and webservers are developed by the CIA's Network Devices Branch (NDB).
The CIA has developed automated multi-platform malware attack and control systems covering Windows, Mac OS X, Solaris, Linux and more, such as EDB's "HIVE" and the related "Cutthroat" and "Swindle" tools, which are described in the examples section far below.
CIA 'hoarded' vulnerabilities ("zero days")
In the wake of Edward Snowden's leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the executive would disclose on an ongoing basis - rather than hoard - serious vulnerabilities, exploits, bugs or "zero days" to Apple, Google, Microsoft, and other US-based manufacturers.
Serious vulnerabilities not disclosed to the manufacturers places huge swathes of the population and critical infrastructure at risk to foreign intelligence or cyber criminals who independently discover or hear rumors of the vulnerability.
If the CIA can discover such vulnerabilities so can others.
The U.S. government's commitment to the Vulnerabilities Equities Process came after significant lobbying by US technology companies, who risk losing their share of the global market over real and perceived hidden vulnerabilities.
The government stated that it would disclose all pervasive vulnerabilities discovered after 2010 on an ongoing basis.
"Year Zero" documents show that the CIA breached the Obama administration's commitments. Many of the vulnerabilities used in the CIA's cyber arsenal are pervasive and some may already have been found by rival intelligence agencies or cyber criminals.
As an example, specific CIA malware revealed in "Year Zero" is able to penetrate, infest and control both the Android phone and iPhone software that runs or has run presidential Twitter accounts.
The CIA attacks this software by using undisclosed security vulnerabilities ("zero days") possessed by the CIA but if the CIA can hack these phones then so can everyone else who has obtained or discovered the vulnerability.
As long as the CIA keeps these vulnerabilities concealed from Apple and Google (who make the phones) they will not be fixed, and the phones will remain hackable.
The same vulnerabilities exist for the population at large, including the U.S. Cabinet, Congress, top CEOs, system administrators, security officers and engineers.
By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone at the expense of leaving everyone hackable.
'Cyberwar' programs are a serious proliferation risk
Cyber 'weapons' are not possible to keep under effective control.
While nuclear proliferation has been restrained by the enormous costs and visible infrastructure involved in assembling enough fissile material to produce a critical nuclear mass, cyber 'weapons', once developed, are very hard to retain.
Cyber 'weapons' are in fact just computer programs which can be pirated like any other. Since they are entirely comprised of information they can be copied quickly with no marginal cost.
Securing such 'weapons' is particularly difficult since the same people who develop and use them have the skills to exfiltrate copies without leaving traces - sometimes by using the very same 'weapons' against the organizations that contain them.
There are substantial price incentives for government hackers and consultants to obtain copies since there is a global "vulnerability market" that will pay hundreds of thousands to millions of dollars for copies of such 'weapons'.
Similarly, contractors and companies who obtain such 'weapons' sometimes use them for their own purposes, obtaining advantage over their competitors in selling 'hacking' services.
Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booz Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its own workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017 a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information.
The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber 'weapon' is 'loose' it can spread around the world in seconds, to be used by peer states, cyber mafia and teenage hackers alike.
U.S. Consulate in Frankfurt is a covert CIA hacker base
In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.
CIA hackers operating out of the Frankfurt consulate ("Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover.
The instructions for incoming CIA hackers make Germany's counter-intelligence efforts appear inconsequential: "Breeze through German Customs because you have your cover-for-action story down pat, and all they did was stamp your passport" Your Cover Story (for this trip) Q: Why are you here? A: Supporting technical consultations at the Consulate. Two earlier WikiLeaks publications give further detail on CIA approaches to customs and secondary screening procedures.
Once in Frankfurt CIA hackers can travel without further border checks to the 25 European countries that are part of the Shengen open border area - including France, Italy and Switzerland.
A number of the CIA's electronic attack methods are designed for physical proximity.
These attack methods are able to penetrate high security networks that are disconnected from the internet, such as police record database. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace.
The attacker is provided with a USB containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and exfiltrates data to removable media.
For example, the CIA attack system Fine Dining, provides 24 decoy applications for CIA spies to use.
To witnesses, the spy appears to be running a program showing videos (e.g VLC), presenting slides (Prezi), playing a computer game (Breakout2, 2048) or even running a fake virus scanner (Kaspersky, McAfee, Sophos).
But while the decoy application is on the screen, the underlying system is automatically infected and ransacked.
How the CIA dramatically increased proliferation risks
In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7", the CIA's, weaponized malware (implants + zero days) Listening Posts (LP) Command and Control (C2) systems, ...the agency has little legal recourse.
The CIA made these systems unclassified.
Why the CIA chose to make its cyber-arsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.
To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet.
If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet.
Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution.
This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Conventional weapons such as missiles may be fired at the enemy (i.e. into an unsecured area). Proximity to or impact with the target detonates the ordnance including its classified parts. Hence military personnel do not violate classification rules by firing ordnance with classified parts.
Ordnance will likely explode. If it does not, that is not the operator's intent.
Over the last decade U.S. hacking operations have been increasingly dressed up in military jargon to tap into Department of Defense funding streams.
For instance, attempted "malware injections" (commercial jargon) or "implant drops" (NSA jargon) are being called "fires" as if a weapon was being fired.
However the analogy is questionable.
Unlike bullets, bombs or missiles, most CIA malware is designed to live for days or even years after it has reached its 'target'. CIA malware does not "explode on impact" but rather permanently infests its target. In order to infect target's device, copies of the malware must be placed on the target's devices, giving physical possession of the malware to the target.
To exfiltrate data back to the CIA or to await further instructions the malware must communicate with CIA Command & Control (C2) systems placed on internet connected servers.
But such servers are typically not approved to hold classified information, so CIA command and control systems are also made unclassified.
A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system.
If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation and exploitation.
Evading forensics and anti-virus
A series of standards lay out CIA malware infestation patterns which are likely to assist forensic crime scene investigators as well as, Apple
  1. Microsoft
  2. Google
  3. Samsung
  4. Nokia
  5. Blackberry
  6. Siemens
  7. anti-virus companies,
...attribute and defend against attacks.
"Tradecraft DO's and DON'Ts" contains CIA rules on how its malware should be written to avoid fingerprints implicating the "CIA, US government, or its witting partner companies" in "forensic review".
Similar secret standards cover the, use of encryption to hide CIA hacker and malware communication (pdf) describing targets & exfiltrated data (pdf) executing payloads (pdf) persisting (pdf), ...in the target's machines over time.
CIA hackers developed successful attacks against most well known anti-virus programs.
These are documented in, AV defeats Personal Security Products Detecting and defeating PSPs PSP/DebuggeRE Avoidance For example, Comodo was defeated by CIA malware placing itself in the Window's "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM".
CIA hackers discussed what the NSA's "Equation Group" hackers did wrong and how the CIA's malware makers could avoid similar exposure.

Examples

The CIA's Engineering Development Group (EDG) management system contains around 500 different projects (only some of which are documented by "Year Zero") each with their own sub-projects, malware and hacker tools.
The majority of these projects relate to tools that are used for,
penetration infestation ("implanting") control exfiltration
Another branch of development focuses on the development and operation of Listening Posts (LP) and Command and Control (C2) systems used to communicate with and control CIA implants.
Special projects are used to target specific hardware from routers to smart TVs.
Some example projects are described below, but see the table of contents for the full list of projects described by WikiLeaks' "Year Zero".
UMBRAGE
The CIA's hand crafted hacking techniques pose a problem for the agency.
Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.
This is analogous to finding the same distinctive knife wound on multiple separate murder victims. The unique wounding style creates suspicion that a single murderer is responsible.
As soon one murder in the set is solved then the other murders also find likely attribution.
The CIA's Remote Devices Branch's UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.
UMBRAGE components cover,
keyloggers
  1. password collection
  2. webcam capture
  3. data destruction
  4. persistence
  5. privilege escalation
  6. stealth
  7. anti-virus (PSP) avoidance
  8. survey techniques

Fine Dining
Fine Dining comes with a standardized questionnaire i.e menu that CIA case officers fill out.
The questionnaire is used by the agency's OSB (Operational Support Branch) to transform the requests of case officers into technical requirements for hacking attacks (typically "exfiltrating" information from computer systems) for specific operations.
The questionnaire allows the OSB to identify how to adapt existing tools for the operation, and communicate this to CIA malware configuration staff.
The OSB functions as the interface between CIA operational staff and the relevant technical support staff.
Among the list of possible targets of the collection are,
  • 'Asset'
  • 'Liason Asset'
  • 'System Administrator'
  • 'Foreign Information Operations'
  • 'Foreign Intelligence Agencies'
  • 'Foreign Government Entities'
Notably absent is any reference to extremists or transnational criminals. The 'Case Officer' is also asked to specify the environment of the target like the type of computer, operating system used, Internet connectivity and installed anti-virus utilities (PSPs) as well as a list of file types to be exfiltrated like Office documents, audio, video, images or custom file types.
The 'menu' also asks for information if recurring access to the target is possible and how long unobserved access to the computer can be maintained.
This information is used by the CIA's 'JQJIMPROVISE' software (see below) to configure a set of CIA malware suited to the specific needs of an operation.
Improvise (JQJIMPROVISE)
  1. 'Improvise' is a toolset for configuration, post-processing, payload setup and execution vector
  2. selection for survey/exfiltration tools supporting all major operating systems like,
  3. Windows (Bartender)
  4. MacOS (JukeBox)
  5. Linux (DanceFloor)
  6. Its configuration utilities like Margarita allows the NOC (Network Operation Center) to customize tools
based on requirements from 'Fine Dining' questionnaires.
HIVE
HIVE is a multi-platform CIA malware suite and its associated control software.
The project provides customizable implants for Windows, Solaris, MikroTik (used in internet routers) and Linux platforms and a Listening Post (LP)/Command and Control (C2) infrastructure to communicate with these implants.
The implants are configured to communicate via HTTPS with the webserver of a cover domain; each operation utilizing these implants has a separate cover domain and the infrastructure can handle any number of cover domains.
Each cover domain resolves to an IP address that is located at a commercial VPS (Virtual Private Server) provider.
The public-facing server forwards all incoming traffic via a VPN to a 'Blot' server that handles actual connection requests from clients.
It is setup for optional SSL client authentication: if a client sends a valid client certificate (only implants can do that), the connection is forwarded to the 'Honeycomb' toolserver that communicates with the implant.
If a valid certificate is missing (which is the case if someone tries to open the cover domain website by accident), the traffic is forwarded to a cover server that delivers an unsuspicious looking website.
The Honeycomb toolserver receives exfiltrated information from the implant; an operator can also task the implant to execute jobs on the target computer, so the toolserver acts as a C2 (command and control) server for the implant.
Similar functionality (though limited to Windows) is provided by the RickBobby project.
See the classified user and developer guides for HIVE.

Frequently Asked Questions

Why now?
WikiLeaks published as soon as its verification and analysis were ready. In February the Trump administration has issued an Executive Order calling for a "Cyberwar" review to be prepared within 30 days.
While the review increases the timeliness and relevance of the publication it did not play a role in setting the publication date.
Redactions
Names, email addresses and external IP addresses have been redacted in the released pages (70,875 redactions in total) until further analysis is complete. Over-redaction: Some items may have been redacted that are not employees, contractors, targets or otherwise related to the agency, but are, for example, authors of documentation for otherwise public projects that are used by the agency.
Identity vs. person: the redacted names are replaced by user IDs (numbers) to allow readers to assign multiple pages to a single author. Given the redaction process used a single person may be represented by more than one assigned identifier but no identifier refers to more than one real person.
Archive attachments (zip, tar.gz, ...), are replaced with a PDF listing all the file names in the archive. As the archive content is assessed it may be made available; until then the archive is redacted.
Attachments with other binary content, are replaced by a hex dump of the content to prevent accidental invocation of binaries that may have been infected with weaponized CIA malware. As the content is assessed it may be made available; until then the content is redacted.
Tens of thousands of routable IP addresses references, (including more than 22 thousand within the United States) that correspond to possible targets, CIA covert listening post servers, intermediary and test systems, are redacted for further exclusive investigation.
Binary files of non-public origin, are only available as dumps to prevent accidental invocation of CIA malware infected binaries.
Organizational Chart
The organizational chart (far above image) corresponds to the material published by WikiLeaks so far.
Since the organizational structure of the CIA below the level of Directorates is not public, the placement of the EDG and its branches within the org chart of the agency is reconstructed from information contained in the documents released so far.
It is intended to be used as a rough outline of the internal organization; please be aware that the reconstructed org chart is incomplete and that internal reorganizations occur frequently.
Wiki pages
"Year Zero" contains 7818 web pages with 943 attachments from the internal development groupware. The software used for this purpose is called Confluence, a proprietary software from Atlassian.
Webpages in this system (like in Wikipedia) have a version history that can provide interesting insights on how a document evolved over time; the 7818 documents include these page histories for 1136 latest versions.
The order of named pages within each level is determined by date (oldest first). Page content is not present if it was originally dynamically created by the Confluence software (as indicated on the re-constructed page).
What time period is covered?
The years 2013 to 2016. The sort order of the pages within each level is determined by date (oldest first).
WikiLeaks has obtained the CIA's creation/last modification date for each page but these do not yet appear for technical reasons. Usually the date can be discerned or approximated from the content and the page order.
If it is critical to know the exact time/date contact WikiLeaks.
What is "Vault 7"
"Vault 7" is a substantial collection of material about CIA activities obtained by WikiLeaks.
When was each part of "Vault 7" obtained?
Part one was obtained recently and covers through 2016. Details on the other parts will be available at the time of publication.
Is each part of "Vault 7" from a different source?
Details on the other parts will be available at the time of publication.
What is the total size of "Vault 7"?
The series is the largest intelligence publication in history.
How did WikiLeaks obtain each part of "Vault 7"?
Sources trust WikiLeaks to not reveal information that might help identify them.
Isn't WikiLeaks worried that the CIA will act against its staff to stop the series?
No. That would be certainly counter-productive.
Has WikiLeaks already 'mined' all the best stories?
No. WikiLeaks has intentionally not written up hundreds of impactful stories to encourage others to find them and so create expertise in the area for subsequent parts in the series. They're there.
Look. Those who demonstrate journalistic excellence may be considered for early access to future parts.
Won't other journalists find all the best stories before me?
Unlikely. There are very considerably more stories than there are journalists or academics who are in a position to write them.
submitted by CuteBananaMuffin to conspiracy [link] [comments]

Chromie's latest rework - a mathematical breakdown, where it failed, and what it can improve on moving forward.

So, as I'm sure some of you have noticed, I post a lot about Chromie, and frankly have for a very long time. To clear the air about my position and expose any bias I might have, I will state that I don't think the hero has ever been OP or "unfun to play against", probably because I played her a lot and thus when going up against one on the enemy team had a pretty good idea of how they would play and how to counter them. I do respect the viewpoint though, and that's why my upcoming post on her rework and possible changes that could be made to it does it's best to keep that in mind. I'm not even close to GM, I'm not even the highest-leveled Chromie on this sub by a long shot, I'm just someone super passionate about the hero who nerded out over the past few days and did some MATHS and shit.

Thus, the stated goals of this post:


-Make Chromie more fun to play for the people who enjoyed playing her prior to this or other reworks. From my general anecdotal experiences in various Twitch chats, it feels like most players including many former pros and GM players say that while the hero is stronger numerically, she's much less fun to play, and IMO her pick rate sitting at a fairly lackluster 11% in Storm League confirms that. She only has a 50% winrate, so it's also clear that she's not excelling even when played by those still enthusiastic about the hero or in situations that would be good for her to be drafted, as is the case with most niche picks. She's not the WORST hero in the game by a long margin, but if the dev comments on her 8-28 buff patch are any indication, it's clear that Blizzard's internal data probably has her struggling a bit too.
-Make her emphasis fully on spells rather than her current combination of spells and sand clone auto-attacks. She's a mage hero, and one with the longest range in the game. Nobody plays her to be a right-click bot, and yet right-clicks are a pretty big part of her damage - more than half her Q DPS if we're being exact here. This obviously isn't Whitemane rework levels of AA-focus, but it's still pretty high and if we look at other mage AA talents as any indication, it's obvious that people don't prefer or like those talents and prefer the focus for mages remain firmly on their spells. Yet because Chromie's AA gimmick is a baseline part of her kit, and not just an individual talent, obviously other parts of her kit were made deliberately weaker to compensate for that. I'd like to see that addressed, and think it would go a loooong way towards achieving stated goal number 1, which is to make her more fun to play.
-Buff her slightly in ways that aren't straight numerical changes. See my above point about why she could probably use some slight tweaking. I think throwing numbers at Chromie is exactly why her last rework (with Temporal Loop/Timely Surprise one-shot shenanigans) grew to be so problematic, and I don't want to see that become the case here and see this sub fill up with posts again about how she needs to be dumpstered. Frankly she's finally almost at a good place in the game and I think with some slight changes she could basically be almost perfect, or at least as perfect as she can be without pissing off people en masse.
-Fix her problematic level 1 and level 18 talent tiers. There are no real choices at 1 or 18, and I personally think this is a shame because if those tiers were fixed, the hero could actually have THREE separate, viable builds IMO - a Q build, a W build, and a generic "spellpower" build that doesn't hyperfocus on either ability but rather buff them both mildly.
-What these changes are NOT proposing are increasing her burst, range, or other factors that players typically associate with frustration when playing against her. I can't stress that enough. I think her current damage is fine for the most part, albeit a bit too reliant on Q pierce at 18 to do anything meaningful. I think Loop is a nice setup ability but the full one-shot potential behind it again, isn't realized until 18 and even then only on the squishiest heroes in the game. As I've said already, Chromie is MOSTLY fine and my goal isn't to make her OP, just improve her talent diversity on certain tiers and make her a bit more fun to play for people who liked playing her previously.

The numbers breakdown:

-Q = 122 damage per second, reliant on a line skillshot that can be blocked by PVE, structures, or other enemy heroes other than your intended target. 20 mana cost, 15 range. Q damage per second calculated assuming you land both the primary Q missile as well as the sand clone Q missile that does 40% damage.
-W, assuming all 3 drops land on a single-target = 43.71 damage per second. Unlikely that all 3 drops will hit, however has the benefit of being AOE. That said, even assuming a unicorn situation where all 5 members of the enemy team potato into all 3 hits of the ability it is still only a baseline 218.55 DPS...that's sad, IMO. Slightly less than double damage per second compared to hitting both Q missiles, a situation that is far more likely to occur, though obviously significantly more mana-friendly due to W's cooldown vs Q's cooldown. 65 mana cost, 13 range, but due to the nature of the vector can reach around 21 range (rough estimate). I wouldn't consider the max range that valuable given the drop delay - enemies will be able to predict the drop of the third hit and dodge it completely, making that range useless.
-AAs = 76.5 damage per second during Q setup period (basically casting a Q first to set up the sand clone), then 114.8 damage per second for every second thereafter, point and click, can't miss barring blinds or evade abilities/talents. No mana cost, 7.5 range.
So we can already see two things: number one, that Chromie's AAs are not an insignificant part of her damage, even assuming you are a god and can constantly land both the primary Q missile AND the secondary Q missile, and number two, that her W unless operating under basically impossible conditions is very lackluster damage-wise. This leads to a pretty boring playstyle where your Q feels like a clone setup for braindead free AA damage until level 18 when suddenly your power spikes off the charts, and your W feels like something you just use for waveclear, and MAYBE to pressure an enemy team in a chokepoint.
A "waveclear-only" ability isn't strictly a problem for a mage except that Chromie's has the unique advantage of getting completely dicked by long CC chains - unless someone is actually capable of moving you will only hit someone with 2 W hits (there's a small Venn diagram area where the hitboxes of two Ws overlap). This "Venn diagram" area is actually so small that you cannot fit two hero hitboxes into it, meaning you'll only get that particular value on a singular target, even if there are multiple people caught in something like a RoF/Mosh Pit. Other mages do not have this issue, not even Gul'dan due to the size and drop speed of his vector spell. Note that I use Corruption as the comparison here because not only are Corruption and Dragon's Breath both triple-drop circular vector spells, they also share an identical cooldown and identical damage on each hit (lmao). The original comparisons to new Dragon's Breath being "Sand Corruption" were not far off, even though Chromie mains were called hyperbolic for saying as such.

Fundamental problems with Chromie's rework:

-To put it simply, auto-attacks on sand clone are too strong and thus make the level 1 Q talent where you gain a third sand clone auto-attack too valuable to pass up. They also make Mobius Loop at 5 wholly unappealing because it does fuck-all for your sand clone autos, though Proper Greeting and Bronze Talons mathematically both have their strong suits and have a healthy competition with one another (tl;dr Talons is good if you have a target you want to hit who is unlikely to be affected by CC or your spells and the enemy has an easy fat target like tanks/Azmodan/Fenix that you can nail with Q to get the proc - so basically hypermobile heroes and heroes with spell shields who can pop them to as a response to Proper Greeting procs, OR in comps where you have literally 0 CC outside of your own Trap slow and Slowing Sands).
-Because the level 1 Q quest is so good, it basically makes taking Piercing Sands at 18 somewhat inevitable to get maximum value out of the triple Qs you can set up. Bear in mind, I think Chromie's Q hitting PVE was fundamentally a nerf and I don't think it was a good idea in retrospect. I get that the goal was to "increase counterplay/reduce frustration" by making it so that players could juke behind minion waves or their buildings and not get gibbed over walls and whatnot, but because of this change the hero is now very reliant on her AA gimmick to deal consistent damage AND you could argue that she honestly doesn't feel like a real hero until you get pierce at 18. Regardless, I understand that this change is probably here to stay and I think there are ways we can work around her jank power distribution while still keeping the PVE Q block in. (More on this in "Proposed Changes" below.)
-Building into W just feels like shit because of how lackluster the damage is. It's clear that her power pie was distributed based on the rare unicorn chance that she will hit all 3 Ws on a single target, but given the winrate and pickrate of W talents we can honestly see that this isn't a winning strategy, especially when Q gives you more consistent value (and probably would even if sand clone AAs were removed tbh). To clarify, W would have to hit at least 6 times (as in, any combination of players in any combination of hits that would equal 6) to match the DPS of just Chromie's primary Q missile...saying nothing of her sand clone AA damage and secondary Q missile damage. Obviously Chromie talenting into W doesn't mean she can't use Q, so I did the math on simply the bonus 3rd sand clone AA and tertiary Q missile, and landing each one is an increase of 67.66 DPS. W talents are only an increase of 32.14 DPS, though bear in mind this is for 3 hits on a single target only. Here's where it gets stupid: the third sand clone AA by itself is an increase of 32.8 DPS. This means that unless you are consistently hitting at least two people with W for multiple hits of the ability or you simply cannot stay in 7.5 range to AA* at any given time it is universally better to build into Q talent at 1 solely for the extra AA, even if you never land a single tertiary Q missile in your goddamned life. See where this is a problem?

The Proposed Changes (aka the meat of this post):

Suffice it to say, I think Dragon's Breath at this point needs a fundamental change to its design to not only be effective at what it is supposed to do, but also in general just to be fun to use. Its current design is a move that largely punishes potatoes or players stuck in a "no-win" situation where they either have to eat the second and third W hits or face greater threats like CC chains for trying to facetank it by not moving during the first hit. My proposed change is to simply turn Chromie's W into a single ability with 3 separate charges, keeping its current damage, radius, and drop speed, giving each charge an individual mana cost and allowing all charges to return at once similar to Junkrat Q/Zarya grenade. What this does by default is make W talents more appealing by allowing good Chromie players who can "read" their opponents correctly the option to build into that move and deal respectable damage, especially as an alternative to matchups where Q may not be a reliable source of damage (into summoners, Anub'arak, Nova/Samuro/Rexxar, etc). What this would NOT do is bring back Loop one-shots, because with a .75 drop delay the Looped target will only eat one charge of the damage same as they do now...they will have to be more careful on how they move immediately after Loop though to make sure Chromie doesn't read their movement and plop another in their path. I think this is a fair change, even if it comes with slight numerical nerfs to W to compensate. (I don't think she will need this though due to other proposed changes I have below.)
To follow to that, I think that the sand clone gimmick should either be scrapped, or if nothing else the AA component of it needs to be removed. I actually like the sand clone thematically and am fine with it mirroring Q - I think it would be neat if it could go further and also mimic her W, adding further dimension to Chromie's "prediction mage" theme. I get that two invisible Ws dropping anywhere would definitely be tilting AF for the enemy team though, so this change could either come with W returning to being visible or, as I stated earlier, simply keep the sand clone mirroring only Chromie's Q and nothing else.
What this change would aim to do is frankly tone down how stupidly effective her AAs are compared to her actual abilities. I can't think of a single person who originally picked up this hero to be an auto-bot; IMO there's Hanzo and Junkrat for that long-range/AA hybrid flavor and they were both designed around that purpose (Junkrat with splash AAs, Hanzo with AA-related talents/build). Nothing about Chromie's 2016 release hinted at "right-click guys for the same DPS as your spells", not even OG Bronze Talons which for the record I do think suffered from a lack of meaningful competitive options until Timely Surprise in 2018 and that's why it was picked all the time.
Regardless, I think Sand Blast should have 1-target pierce made baseline if sand clone autos are removed. I think if you remove clone autos the damage numbers will simply default to W being unilaterally the best build outside of playing for the very binary power spike at level 18 from Piercing Sands, which I don't think is super healthy for her design. Chromie's autos paired with clone autos were actually one of the few ways the hero could damage people standing behind a Zagara minion, and if you remove the strength of those she'll need some sort of extra power to compensate, IMO. That said, this is a change that might not wholly be necessary if other aspects of her kit are made better, such as the W change I proposed above. This could be a wait-and-see sort of change, I admit.
Alternately, if 2-target Q is too strong baseline, it could be an alternate reward to her level 1 quest, removing the tertiary missile altogether. Incidentally this would give her more power in the early game by completing the quest, while not completely dumpstering the 18 talent's viability, while also giving players the freedom to pick something else on 18 if they feel like 2-target Qs are good enough to pressure the enemy team. I think this is a pretty healthy change that makes her a little less hot-and-cold when it comes to damage dealing, especially when it comes to early game vs late game.
Her level 5 talent tier will need a bit more parity, especially if clone autos are removed. Bronze Talons' power budget currently factors in the extra autos from clone, including if you complete the level 1 Q quest - while I like the synergy between the two talents, I think if clone autos are removed Bronze Talons as a whole will need to be redesigned. I think the simplest change is to bake in a functionality that mirrors the strength of her old sand clone when this rework originally went live, which is that sand clone's Q damage is increased from 40% to 50%. This was originally nerfed in an attempt to increase parity between her level 1 talents, but failed miserably, and I think with the other changes I've proposed here the extra 10% clone damage could probably come back.
Mobius Loop in its current form is really bad, and even with a full mana refund or something added in will probably continue to be bad. While my proposed changes to W would make it get more value by default, I think we can do better by making the ability an active on a 60-90 second cooldown that returns all her W charges at once instead. This seems kind of strong and I'm open to feedback on this one, but I think without some bold changes to W and W talents that Q will still be the dominant build and this was just one thing I could think of to make W more appealing.
For her heroics, I think Slowing Sands could probably use the level 18 functionality made baseline to make it more appealing compared to Loop. I like Sands as an easy way to proc her current Greeting talent at 5, but since the straight nerfs that came with her latest rework that made it only a 5% slow baseline it just has really minimal use outside of Greeting procs, and you can rely on your Time Trap slow talent or allies for those procs. It could probably use some slight buffs. I honestly have no idea what to make the 18 upgrade if the spell armor reduction is added to the level 8 version. Suggestions more than welcome here.
Her survivability options on 11 are actually okay except for Here and There. This is where I actually make a pretty bold change for her baseline Q sand clone, which is actually that rather than leaving a clone where Chromie previously cast her last Q, sand clone is now an active that Chromie can choose to place anywhere within 7.5 radius of her, with say a 10-20 second cooldown. I think this is a bit of a "berf" in that it's probably a nerf to fairly aggressive/mobile Chromie players who are constantly moving and placing new Qs in very forward locations, but probably a buff to more strategic Chromies who want to aim their shots at the perfect angle to hit their intended target. The change is kind of playstyle-defining and I'm not 100% sure it's what she needs, but I also think this could not only serve as a way of making Here and There more appealing (by giving more control over where you teleport to), but also a decent workaround to Q being blocked by various things until level 18. This might serve to reduce reliance on her level 18 pierce talent as well, which I always welcome.
Fast Forward is in a similarly poor spot compared to the other 14 options. By 14 Chromie basically has zero mana tension, making half the talent effectively useless. With some simple MATHS we can see what sort of DPS increase Fast Forward is vs the other two:
-Fast Forward, assuming you always get the proc and ALWAYS hit your secondary Q missile from sand clone, turns Q from a 122 DPS move to an 282 DPS move. This however doesn't affect her W, so the overall total DPS is 282 from this talent under perfect conditions - basically spamming because the CDR is so fast, never moving, and always hitting Q WITH also hitting the secondary Q missile. Bear in mind that this talent does not proc from a long-range sand clone Q, meaning you must position in such a way that the primary missile will always travel 50% of its distance. Shifting Sands works similarly so I don't factor that into DPS contributions, though Quantum Overdrive does in fact get CDR from all sand clone hits, making its actual DPS higher than what I calculated in theory.
-Quantum Overdrive, assuming you always achieve the CDR from Sand Blasts for it (again, we're assuming perfect conditions for everything here), will be available every 24 seconds and is a flat 25% spellpower increase for 8 seconds - or basically, two Q casts and one W cast (we won't factor in Loop usage here for simplicity's sake). Factoring in the CD, this is a 54.1 DPS increase - not nearly as impressive, though worth noting that the upfront damage is much larger AND and as I stated above, you actually get CDR from every sand clone missile, meaning its value increases exponentially with the Q quest on level 1 as well as how good you are at landing multi-Q hits.
-Shifting Sands has math that is much harder to calculate due to its stacking increase, but because I love you all I did. Suffice it to say, assuming you do not let the stacking spellpower buff fall off, it is a 151 DPS increase on Q until it ramps up at 38.5 seconds (not directly, mind you, this is just on average, I wasn't calculating 10 individual DPS increases and pasting them here lol), then a 181 DPS increase for each second it remains fully stacked. This is actually less than Fast Forward, though you can also add in 58ish DPS for W hits (again, assuming all 3 hits on a single target only), making the total value of the talent 209 DPS until stacked, then 249 DPS after.
So this is still less than Fast Forward, right? So why the hell are people picking it, you might ask? Simply because at any point if you miss a Q, the entire value of Fast Forward is lost, whereas with Shifting Sands you retain the spellpower unless you whiff a second Q hit in that original 8-second window. Basically, you have to land 1 Q every 8 seconds to get value out of Shifting Sands. Fast Forward, if you ever don't proc it, you don't have a level 14 talent during that and the window between your next Q.
(That said, doing this math actually made me realize that Fast Forward might be better than I think it is and I might give it a try in my next match, hehe.)
To be honest, all Fast Forward might need to be competitive is for the CDR to occur even if a secondary or tertiary Q missile hits, rather than requiring it to be the primary one. Since Fast Forward only buffs Q and not W, I think this is a fair buff that would reward consistently good aim with more sustained damage relative to Q, while still leaving Shifting Sands the favorite for a more forgiving slow spellpower increase and Quantum Overdrive for Loop/burst shenanigans.
As a final point, while I think that a lot of my proposed baseline changes to the hero would by default make Piercing Sands mildly less appealing at 18, I'm still not sure what to do to completely increase her talent diversity on this tier, especially because her ulti upgrades are frankly kind of lackluster. This is an area where I sort of ran out of steam brainstorming, to be completely honest with you. I actually think both of her ultis are really boring baseline and couldn't come up with interesting 18 upgrades for either. Lend me your brains on this one, HotS subreddit! What would you do to make Chromie's Piercing Sands talent less appealing while making her ulti upgrades more appealing? I'd love to see what we can all come up with!


In Closing:

These changes, whether implemented as a whole or by their parts in certain areas, would IMO serve to give the hero three viable build paths:
-1st build path, "Q path": Q talent at 1 for second pierce target, newly-designed Bronze Talons at 5 for the extra clone Q damage, Here and There at 11 for mobility shenanigans thanks to being able to manually place your clone target in advantageous locations, Fast Forward at 14 to put a further emphasis on landing good Qs and edging out W as a big part of your damage pie, and Piercing Sands at 18 for obvious reasons.
-2nd build path, "W path": W talent at 1, Mobius Loop at 5, any survivability option at 11, Quantum Overdrive at 14 to take advantage of the new Mobius Loop W charge reset, Piercing Sands at 18 could still be appealing with this build but I also think Blessing of the Bronze or Temporal Loop upgrade depending on your ulti choice could be good here.
And a final "generic spellpower path" that doesn't build strictly into improving Q or W separately and would instead opt to modestly increase the damage of both, with perhaps less binary gains than building fully into one spell: which would feature Timewalker's Pursuit at 1, Proper Greeting at 5, any survivability option at 11, Shifting Sands at 14 (though I think Quantum could work here too), and maybe Q pierce or Blessing at 18.
While I appreciate anyone who has read this far, for those who don't have the fortitude here is a simple tl;dr:
-W is no longer 3 vectored hits that drop at the same time but rather 3 circular AOEs that can be dropped individually but all return on the same cooldown similar to Junk Q/Zarya Q. If this is OP, reduce the size of the AOE so opponents have greater windows to dodge, or (possibly) make the landing point visible again (less a fan of this though tbh).
-sand clone autos removed to put more damage back into her spells and less into boring right-click talents/builds (her right-click damage is about 2/3rds the DPS of Q!). Her current design with sand clone AAs means that the level 1 Q quest that adds an extra sand clone is dramatically more value than the other two quests simply for the extra AA damage, which is a bongos DPS increase in comparison. Rather than gut the entire sand clone thematic, which I think is cool, I think simply removing the AAs would do loads for her talent diversity.
-manual sand clone placement on a modest cooldown to work around the newly-implemented Q PVE block. An alternate solution is to change her level 1 Q quest from a third sand clone to a singular pierce upon completion, allowing her once the quest is completed to have Q hit two targets for each missile instead of just 1. Either way if sand clone placement is made manual I think the level 1 Q quest will have to be changed, because otherwise manually placing two clones would probably make her a bit too "busy", and I don't want her to be butt-blastingly difficult to play for anyone who isn't a main. I think both manual Q placement and changing the Q quest at 1 to reward one-unit pierce would be fine, without sending her balance out of control, but obviously I can't say for sure.
-Some talent retooling and rebalancing to promote better diversity on certain tiers (namely 1, 14 and 18). I could use some help on brainstorming better ult upgrades at 18 than what she currently has.
-NO increases to damage or range except incidental increases from things like easier Q secondary missile hits or more control over W landing points. These would be offset by the removal of sand clone autos, as well as less reliance on Q pierce talent at 18, making her power curve less exponential.
-no changes to Time Trap, which I think after the rework is a beautifully-designed ability as-is and the talent tier representing it (level 2) is one of the most balanced talent tiers we actually have in the entire Heroes of the Storm game.
If you made it through all this without rage-quitting over the mere mention of Chromie, I appreciate your time, and am looking forward to having some discussions here. Are these changes too much? What do you think the hero needs to become a bit more fun to play, while not dramatically increasing her power level or the frustration factor that other people have playing against her? How would you improve her talent diversity with her current design? I look forward to seeing what everyone has to say!
submitted by Thundermelons to heroesofthestorm [link] [comments]

Need to build an alert system MTF and using SPX for trading decision

Hi everyone! Please to part of this group!

I just signed up for an reddit account to ask this question to other algo traders! I'm on reddit often for entertainment but never post or really use it for trading advice so this is my first post. Thanks everyone in advance!

I use TOS for charting and as my current brokerage. I have switched brokerages several times but I've always used TOS as my charting platform, scanner, and basic alert system as a constant. I've built many custom indicators, scripts, columns etc to give me color coded and binary real time info revolving around my strategy that I feel gives me a statistical edge and a very high probability of my trades succeeding. I'm a consistently profitable trader and I've done extremely well so far. I'm definitely not new to coding and think I can tackle this project. However, I've spent several weeks unsuccessfully trying to get TOS's built in study alert text notifications function to work based on my current strategy. Unfortunately TOS does not have the capability to base text alerts on any indicator or code that uses even basic recursion or involving multiple time frames which is critical to my strategy. TOS's alert function also is lagging but for my trading style a few minutes doesn't make or break the setup. Many hours have gone into finding workarounds within the platform but at this point I think I just need to migrate signals for my strategy out of TOS. It works great if I'm at my desk but I can't automate even text based signal alerts in TOS.

The goal is to spend as much time coding as needed upfront in my free time so that in the future I won't have to sit in front of my desk all day trading. My strategy is simple and reliable so I'm confident that if I can get this into an alert system I will be able to actually find more opportunities with much less effort. I play options of large caps and indices (about 10 symbols only but some rotate some in and out of my watchlist) having moved from successfully trading low cap, low float, gappers that required lightning fast decision making, order entry, execution, and high risk - both have been successful but switching to options of large caps has really made my system more profitable and more enjoyable. My strategy actually works better on large caps than it did on the small caps. I successfully shorted SPY twice and MSFT once yesterday. Disney short and Spy short and long Spy the day before. And shorted SPY the day before. Lets just say I've had a good week:)

Currently I don't want a fully automated system I would just like alerts for when my system parameters are met. But the MTF, recursive functions, and pulling data from indexes is not possible within TOS for their alert system. So I'm looking for a platform that I can right my code in and get alerts sent to my phone when things set up. Then I'll make the decision myself on when to place orders. Eventually I'd like to take the alert system and automate it so I'd like to not have to do the work twice in two separate platforms so the platform does need the functionality to give alerts and trade automatically when/if I ever decide to do that. I trade intraday, usually for 1 hour to half a day (sometimes all day) but never overnight and never for 5 minutes either unless the trades goes against me.

Does anyone have suggestion on what I can use to set up my alert system and maybe eventually a fully automated trading system? Or if there is a better subreddit to post this on then could you please point me in the right direction? Right now the brokerage isn't important, I'm looking for a stand alone platform or program that has the power to be able to recursively look back over multiple days, multiple time frames, comparative analysis of major indexes vs the symbol all in real-time and text or email me buying, selling, shorting and covering signals. But if that ability is available within an actual brokerage platform then that would be a plus. I've used IB but switched back to TDA for TOS so that I can place trades on my phone and since I've worked so much within TOS. The dual charting and then executing in a place was a pain. FYI, I know nothing about integrating the code if built into a different system into a brokerage account - I've been trying to do that with TOS and TDA but it doesn't have the power to do what I want it to do.

Thanks and I look forward to being part of this group!

Dan
submitted by SteelheadTrader to algotrading [link] [comments]

Tools & Info for SysAdmins - Mega Summary Q4 (Over 80 Items)

Hi sysadmin,
Each week I thought I'd post these SysAdmin tools, tips, tutorials etc with just one link to get it in your inbox each week (with extras). Let me know any ideas for future version in the comments!
This week is mega list of all the items we've featured to in the last 3 months, broken down into categories, for you to explore at your leisure. I hope you enjoy it.

Free Tools

Free MailFlow Monitor. Rejection / Delay Text Alerts, Group Policies, Alerts By SMTP Code, Trouble Shooting Tools including header analysis. MailFlow Monitor is EveryCloud’s (Our) free, cloud-based, round-trip tool that sends you an alert as soon as there is an issue with your email flow. Settings are adjustable to allow you to choose how much of a delay is acceptable and which types of bounce alerts you want to see. Helps you get to the bottom of a problem before users (or your boss) have even noticed it.

Postman is a popular, free app to make API development faster and easier. It offers a powerful GUI, saved history of requests, flexible monitoring, automated testing with collection runner, mock servers, and unlimited collections, environments, tests, and sharing. It also provides detailed documentation.

Microsoft Sysinternals Suite is all their utilities in one convenient file. Contains the all the individual troubleshooting tools as well as help files, but not non-troubleshooting tools like the BSOD Screen Saver or NotMyFault. A shout out to azers for recommending this one.

RichCopy is a simple tool written by a Microsoft engineer named Derk Benisch. It provides a much-appreciated graphical interface for the very popular Robocopy command-line utility.

Windows Update MiniTool is an alternative to the standard (and sometimes overbearing) Windows Update. It allows you to control updates by giving you the power to search, install, and block Windows updates in any way you like.

Space Monger gives you a graphical image of your whole disk, where large files and folders are easily identified. This handy tool can be run from a USB drive, so you don't even need to install it. Thanks for this one and Windows Update MiniTool go to mikedopp.

UNetbootin is a terrific, cross-platform utility for creating bootable live USB drives for Ubuntu and other Linux distributions without burning a CD. Thanks go to Gianks for this one.

CopyQ is a clipboard manager that adds some advanced editing and scripting capabilities. It monitors the system clipboard and saves text, HTML, images and more into customized tabs. From there, the saved content can be copied and pasted directly into any application. Clipboard history is easily searchable and can be filtered. Suggested by majkinetor.

Desktop Info provides a quick view of every kind of metric about your Windows system right on your desktop. The display looks like wallpaper but stays resident in memory and updates in real time. Gives you a quick way to monitor what any system is up to, while using very little memory and requiring almost nothing from the CPU. This one was recommended by mikedopp.

Healthstone is a lightweight, self-hosted, agent-based system-monitoring solution that runs lots of customizable health checks. The dashboard runs on a Windows or Linux server, and it has agents for the Windows and Linux hosts you want to monitor. You can customize the dashboard to send notifications via email, Pushbullet, or NodePoint tickets whenever a client stops checking in or any of the configured checks fail. Configuration is retrieved from the dashboard by all agents in the form of templates, which are stored in the templates folder and can be customized for your needs. Thanks to mikedopp for this one!

Rufus is another utility for formatting and creating bootable USB flash drives. This one works with MRB/GPT and BIOS/UEFI. Rufus is about twice as fast as UNetbootin, Universal USB Installer, or Windows 7 USB download tool when creating a Windows 7 USB installation drive from an ISO. It is also marginally faster for creating a Linux bootable USB from ISOs. We first heard of this one from Gianks, but there were quite a few others who shared the recommendation as well.

Axence netTools is a set of ten free tools for network scanning and monitoring. Includes: Netwatch (multiple host availability and response-time monitoring); Network port and service scanner; Wintools (view of launched processes/services, remote register editor and Windows event log view, HDD/RAM/CPU details, custom queries based on WMI protocol); TCP/IP workshop and SNMP browser; Traceroute; NetStat (list of inbound and outbound connections and open ports); Local info (tables with local configuration details, TCP/UDP stats); Lookup (DNS and WHOIS records); Bandwidth test; and NetCheck (LAN hardware and wiring quality check). This was recommended by DollarMindy as an "easy ping monitor with email alerts."

MediCat USB is a a bootable troubleshooting environment with Linux and Windows boot environments and troubleshooting tools. A complete Hiren's Boot Disk replacement for modern hardware that follows the Ubuntu release cycle with a new update released every 6 months. The DVD version was originally recommended to us by Spikerman "for when you need to helpdesk warrior."

MobaXterm is an enhanced terminal for remote computing. It brings all the key remote network tools (SSH, X11, RDP, VNC, FTP, MOSH) and Unix commands (bash, ls, cat, sed, grep, awk, rsync) to Windows desktop in a single, portable .exe file that works out of the box. The free version includes full X server and SSH support, remote desktop (RDP, VNC, Xdmcp), remote terminal (SSH, telnet, rlogin, Mosh), X11-Forwarding, automatic SFTP browser, plugins support, portable and installer versions but only 12 sessions, 2 SSH tunnels, 4 macros, and 360 seconds for Tftp/Nfs/Cron. Thanks go out to lazylion_ca for suggesting this one.

WinDirStat provides free, open-source graphical disk-usage analysis for MS Windows. You'll get a sub-tree view with disk-use percent and a list of file extensions ordered by usage. This tool was recommended by ohyeahwell, who likes to use it "for freespace as it can be deployed via ninite pro."

IIS Crypto allows administrators to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows Server 2008, 2012 and 2016. You can also reorder SSL/TLS cipher suites from IIS, implement best practices with a single click, create custom templates and test your website. Available in both command line and GUI versions. EOTFOFFTW tells us, “This tool has been very helpful in configuring SSL settings for Windows IIS servers.”

Ditto saves all your clipboard items so you can access them later. It works with anything that can be put on the clipboard—images, text, html and custom formats. The simple interface includes search and sync functions for ease of finding what you need. Thanks go to Arkiteck for suggesting this one!

Malwarebytes Anti-Malware should be your first stop if you suspect a malware infection. It is the most-effective malware remover—featuring deep scans and daily updates—and blocks malware, hacker, viruses, ransomware and malicious websites that slip through your traditional antivirus. Also available as a full AV program that you can buy if you wish to do so.

Termius is a complete command-line solution providing portable server management for UNIX and Linux systems—whether a local machine, a remote service, Docker Container, VM, Raspberry Pi, or AWS instance (similar to Putty for Android). This cross-platform Telnet, Mosh-compatible and SSH client. Securely access Linux or IoT devices to quickly fix issues from your laptop or phone. Thanks for this one go to blendelabor.

WSUS Offline Update lets you safely patch any computer running Microsoft Windows and Office—even when there's no connection to the Internet or a network of any sort. More specifically, you first run WSUS Offline Update on a machine that has Internet connectivity to download the updates you need and copy the resulting update media to a USB drive. You then use the USB drive to run the update on the target computers. Recommended by mikedopp.

SystemRescueCd is a Linux system rescue disk that allows you to administer or repair your system and data after a crash. It can be booted via CD/DVD, USB or installed directly on the hard disk. Many system utilities like GParted, fsarchiver, filesystem tools and basic tools (editors, midnight commander, network tools) are included, and it works on Linux and Windows computers, desktops and servers. Supports ext3/ext4, xfs, btrfs, reiserfs, jfs, vfat, ntfs—as well as network filesystems such as Samba and NFS.

KiTTY is a fork of PuTTY, the popular Telnet and SSH client. It runs on Windows and can perform all the tasks of PuTTY plus many more. Features include portability, predefined command shortcuts, sessions filter, session launcher, automatic log-on script, URL hyperlinks, automatic command and password, running locally saved scripts in remote sessions, ZModem integration, icons for each session, transparency, unfortunate keyboard input protection, roll-up, quick start of duplicate sessions, configuration box, automatic saving, Internet Explorer integration for SSH Handler, binary compression, clipboard printing, PuTTYCyg patch, background images/transparency and organizing sessions you save in a folder hierarchy.

WinMTR is a free, open-source Windows application that integrates the functions of the traceroute and ping utilities into a single, convenient network diagnostic tool. Many thanks to generalmx for suggesting both this and SystemRescueCd!

Free Services

SSL Labs SSL Server Test is a free online service that will run a deep analysis on the configuration for any SSL web server. Simply enter the hostname, and you'll get a detailed report highlighting any problems found on each server.

Draw.io is a free, browser-based diagramming application that's terrific for creating flowcharts and org charts. It's available as an online application with optional integration to various cloud storage options.

ImmuniWeb® SSLScan allows you to test SSL/TLS security and implementation for compliance with PCI DSS requirements, HIPAA guidance and NIST guidelines. Checks SSL certificate expiration for subdomains, insecure third-party content, and email servers’ SPF, DKIM, and DMARC implementation. Credit for this one goes to pixl_graphix.

BadSSL.com offers a simple, free way to test a browser's security setup. This helpful service was suggested by Already__Taken who advises you to "test what your MITM proxy will happily re-sign and present to you as a valid site."

Testssl.sh is a free command line tool that checks a server's service on any port for the support of TLS/SSL ciphers, protocols, recent cryptographic flaws and more. Recommended by stuck_in_the_tubes who likes it "for when you need to assess protocol encryption without the use of external services."

Tips

For access to all of the sysinternals tools on any Windows box with internet, just Win+R and open \\live.sysinternals.com\tools. It's a public SMB share with all of the tools that Microsoft hosts. Thanks to jedieaston for the tip.

BASH keyboard shortcut: 'Control + r' initiates a name/command lookup from the bash history. As you type, this 'reverse incremental search' will autocomplete with the most-recent match from your history.

Podcasts

Darknet Diaries podcast relates the fascinating, true stories of hackers, defenders, threats, malware, botnets, breaches, and privacy. The show's producer, Jack Rhysider, is a security-world veteran who gained experience fighting such exploits at a Security Operations Center. Thanks to unarj for suggesting this one.

StormCast is a daily 5-10 minute podcast from the Internet Storm Center covering the latest information security threat updates. New podcasts are released late in the day, so they're waiting for you to listen on your morning commute. While the format is compact, the information is very high-level and provides a real overview of the current state of affairs in the info-sec world.

Microsoft Cloud IT Pro podcast is hosted by Scott and Ben, two IT Pros with expertise in SharePoint, Office 365 and Azure. The podcast focuses primarily on Office 365 with some discussion on Azure, especially as it relates to Office 365 in areas such as Azure AD and Mobile Device Management (MDM) or Mobile Application Management (MAM).

Datanauts podcast keeps you up to date on developments in data center and infrastructure related to cloud, storage, virtualization, containers, networking, and convergence. Discussions focus on data center compute, storage, networking and automation to explore the newest technologies, including hyperconvergence and cloud.

Cloud Architects is a podcast on best practices, the latest news, and cutting-edge Microsoft cloud technologies. Nicolas Blank, Warren du Toit and Chris Goosen host discussions with various experts in the cloud space to gather helpful guidance and ideas.

Risky Business is a weekly podcast that covers both the latest news and thoughtful, in-depth discussions with the top minds in the security industry. Hosted by award-winning journalist Patrick Gray, it is a terrific way to stay up to date on information security.

The rollBak is a podcast on systems engineering, DevOps, networking, and automation—along with the odd discussion on software development or information security. Conversation is casual with the intention of making complex topics approachable in a way that fosters learning.

Tutorials

Get Started in PowerShell3 is a great jump start video series on starting out in PowerShell. According to sysadmin FireLucid, "It's a great broad overview of how it works and I found it extremely useful to have watched before starting on the book."

Websites

Ask Woody is a no-nonsense news, tips, and help site for Windows, Office, and more. You can post questions about Windows 10, Win8.1, Win7, Surface, Office, or browse through their forums. Recommended to us by deeperdownunder.

Learn X in Y minutes is a community-driven site that provides quick syntax for many popular programming languages. Here are direct links for some common ones, kindly provided by ssebs:

WintelGuy offers a handy collection of useful links, calculators, resources, and tools for the sysadmin. Thanks LateralLimey for the recommendation!

How-To Geek is a website dedicated to explaining today's technology. Content is written to be useful for all audiences—from regular people to geeky technophiles—and the focus is to put the latest news and tech into context.

EventSentry is a comprehensive, well-organized resource for Windows security events and auditing on the web. It allows you to see how events correlate using insertion strings and review the associated audit instructions. This was recommended by _deftoner_ as an “online DB where you can search for Windows Event Log by id, os, error code, etc. I do a lot of auditing on a big network thru event log ids, and sometimes I found rare errors—and there is not a good db with all of them. Not even Microsoft has one.”

Books

The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win tells the story of an IT manager's efforts to save his company's dysfunctional IT dept. The company's new IT initiative, code named Phoenix Project, is behind schedule and hugely over budget. Bill is given 90 days to resolve the entire mess—or have his entire department outsourced. An entertaining read, with elements that seem familiar to most system admins. Comes highly recommended by sp00n_b3nd3r.

UNIX® and Linux® System Administration Handbook, 5th Edition, is a comprehensive guide written by world-class, hands-on experts. It covers best practices for every area of system administration—including storage management, network design and administration, security, web hosting, automation, configuration management, performance analysis, virtualization, DNS, security, and management of IT service organizations. You'll learn all about installing, configuring, and maintaining any UNIX or Linux system, even those that supply core Internet and cloud infrastructure. A great resource for anyone responsible for running systems built on UNIX or Linux.

Taming Information Technology: Lessons from Studies of System Administrators (Human Technology Interaction Series)was suggested by AngryMountainBiker, who describes it as "essentially an ethnographic study of system administrators. The authors videotaped and otherwise documented SA's over a period of time and were able to break down a number of fascinating incidents and how to improve the art. I'm disappointed this hasn't been recommended reading for all SA's and maybe more importantly, their bosses, who too often don't really know what SA's do."

Learn Active Directory Management in a Month of Lunches is a practical, hands-on guide for those who are new to Active Directory. It covers the administration tasks that keep a network running smoothly and how to administer AD both from the GUI tools built into Windows and from PowerShell at the command line. Provides best practices for managing user access, setting group policies, automating backups, and more. All examples are based in Windows Server 2012.

CheatSheets

Sans Digital Forensics and Incident Response Cheat Sheets provide a collection of assorted, handy incident response cheat sheets. It's a helpful reference for commands, process, tactics, tips, tools and techniques that was compiled by Sans DFIR, the experts in incident-response training.

Blogs

Ned Pyle's blog from Microsoft's Directory Services Team contains a wealth of posts on best practices and solutions to common issues. While no longer actively maintained by Ned Pyle, the library of information already posted is incredibly valuable. Thanks to azers for bringing this to our attention.

Happy SysAdm has been providing resources, solutions and tips for system administrators since 2010. The blog is written by a Senior Systems Administrator with close to 15 years experience in designing, scripting, monitoring and performance-tuning Microsoft environments going all the way back to Windows 3.1/95/NT4.

Stephanos Constantinou's Blog shares the author's original scripts for PowerShell, Microsoft Active Directory, Microsoft Exchange On-Premise and Online (Office 365) and Microsoft Azure. His current focus is on retrieving data from systems, editing it and automating procedures. You'll also find a section with some PowerShell tutorials.

Have a fantastic week!!
u/crispyducks (Graham @ EveryCloud)

P.S. Some Extra Free Tools We Put In The Email Version

Clonezilla is free, open-source software for disk cloning, disk imaging, data recovery, and deployment—helping with system deployment, bare metal backup, and recovery. Cloning efficiency is optimized by the program's approach of saving/restoring only used blocks in the hard disk.

SPF Record Testing Tools is a query tool designed to help you deploy SPF records for your domain. It validates if an SPF record exists and whether it is formatted correctly and entered into your DNS as a proper TXT record.

PS Remote Registry module contains functions to create, modify, or delete registry subkeys and values on local or remote computers. This one was recommended to us by IhaveGin.

PowerCopy GUI was recommended by Elementix, who described it as "similar to RichCopy, but it uses .Net, PowerShell, and Robocopy. A good (non-install) alternative." The tool allows you to set up predefined options, one-click access to help and log file, and instant error analysis.

Gitbash is a package containing bash and a collection of other, separate *nix utilities like ssh, scp, cat, find and others—compiled for Windows—and a new command-line interface terminal window called mintty. Recommended by sysacc who tells us he's been "dealing with log files lately and I've been using...Gitbash a LOT... It's part of the Git tools, I love having access to Linux commands on Windows."

Easy2Boot is a collection of grub4dos scripts to be copied onto a grub4dos-bootable USB drive. Each time you boot, the E2B scripts automatically find all the payload files (.ISO, .IMA, .BIN, .IMG, etc.) on the USB drive and dynamically generate the menus. Thanks to Phx86 who says it "creates a very versatile USB drive. It checks a lot of marks other various tools did not. Formats NTFS, your ISO boot disks doubles as standard NTFS storage. Drag and drop .ISO files to the correct folder, then boot directly to them. Boot menu reads the .ISO files and builds a menu based on what is loaded on the drive. No fiddling around with custom boot menus when you add a new .ISO."

CCleaner is the fastest way to eliminate temporary files and Windows Registry problems. Our own Matt Frye says, "When a machine is having problems, this is almost always the tool I use first. It also helps to ensure privacy by getting rid of traces left behind (such as cookies) by web browsers."

Netwrix Auditor Free Community Edition is a great auditing/monitoring tool for the Windows sysadmin. It lets you see changes and access events in your hybrid cloud IT environment, so you can stop worrying you'll miss critical changes to AD objects, file server permissions, Windows Server configuration or other security incidents.

WinSCP is an SFTP client and FTP client for Windows with a GUI, integrated text editor, scripting and task automation. It allows you to copy files between a local computer and remote servers via FTP, FTPS, SCP, SFTP, WebDAV or S3 file transfer protocols.

Why am I doing this each week?
I want to be mindful of the rules of the subreddit, so if you’d like to know more about my reasons for doing this, please visit the bottom of the sister post on SysAdminBlogs:
https://www.reddit.com/SysAdminBlogs/comments/a560s6/tools_info_for_sysadmins_mega_summary_q4_over_80/
You can view last weeks post here: https://www.reddit.com/sysadmin/comments/a2zuhy/tools_info_for_sysadmins_linux_rescue_disk_telnet/

Edit 1: As some of you may know this post got caught in site wide filters today. It's since been released as you can see, but whilst that was all happening I set up a new subreddit /ITProTuesday. We'll post them in here each week to, so please subscribe if you want to make sure you don't miss out on them!

Edit 2: I'm greatly honoured by the gold!! Thank you anonymous user.
submitted by crispyducks to sysadmin [link] [comments]

Wine 4.0-rc1 Released

The Wine development release 4.0-rc1 is now available.
 
This is the first release candidate for the upcoming Wine 4.0. It marks the beginning of the code freeze period.
There have been many last minute changes, so please give this release a good testing to help us make 4.0 as good as possible.
 
https://www.winehq.org/announce/4.0-rc1 
 
What's new in this release (see below for details):
 
- Preloader implemented on mac OS. - Mouse cursor support on Android. - Updates to the timezone database. - Vulkan support updated to the latest spec. - Stream I/O support in WebServices. - Better palette support in WindowsCodecs. - Synchronization objects support for kernel drivers. - Various bug fixes. 
 
The source is available from the following locations:
http://dl.winehq.org/wine/source/4.0/wine-4.0-rc1.tar.xz http://mirrors.ibiblio.org/wine/source/4.0/wine-4.0-rc1.tar.xz 
 
Binary packages for various distributions will be available from:
http://www.winehq.org/download 
 
You will find documentation on
http://www.winehq.org/documentation 
 
You can also get the current source directly from the git repository.
Check
http://www.winehq.org/git for details. 
 
Wine is available thanks to the work of many people.
See the file AUTHORS in the distribution for the complete list.
 
 
Bugs fixed in 4.0-rc1 (total 43):
 
5402 Multiple MFC-based apps crash during non-modal child dialog control creation with active window being zero (Canon PhotoStitch 3.1.13, Flexible Renamer v8.4) 16845 Radio buttons not being checked on focus 23750 SpongeBob SquarePants: Diner Dash 2 - mouse has pink background 28810 d3dx9_36/tests/mesh.ok: D3DXLoadMeshTest fails under valgrind 29183 Heavy corruption when rendering edit control with WM_PRINTCLIENT and possibly invalid HDC 33117 Can't load Bach41.ttf with CreateFontIndirect 35367 Multiple applications crash due to Wine ole32 code not taking implicit MTA into account (Cyberlink Powerdirector 8, PDFXChange Editor 5.5) 37863 Halo only works using Nvidia graphics 38228 Wildstar game failed to download : `winhttp:session_set_option 0` and `wine client error:41b: pipe: Too many open files` 40031 Singularity: In Steam the game is still running after quit 40880 Commandos 3: Destination Berlin demo has sound issues 40971 Zombie Army Trilogy crashes before the menu 41404 WPS Office 10.1.0.5775 unhandled exception on installation 41488 ProfitChart RT crashes at startup 42010 ReactOS Calc does not show dots in radio buttons. 42255 Xenia emulator needs ntdll.dll.RtlAddGrowableFunctionTable implementation 42474 Multiple applications crash on unimplemented function api- ms-win-core-path-l1-1-0.dll.PathCchCombineEx (Python 3.6, AutoFlashGUI, RenderDoc) 42582 Murdered: Soul Suspect has messed up rendering 43584 Hitman: Absolution needs dxgi_output_GetGammaControlCapabilities 43745 Graywalkers Purgatory demo has wrong models rendering 43889 Gradient is inverted when using gdiplus 44015 Steam - fails to load UI since Wine 2.20 (due to dwrite commit) 44177 Guitar Pro 5: Long freezes during draw process of dashed lines (P.M. or let ring markers) 44588 Many kernel drivers need support for kernel synchronization objects (event, semaphore, mutex) (BattleEye's 'bedaisy.sys', Franson VSerial service 'bizvserialnt.sys') 44897 Multiple applications using Crashpad/Chromium/CEF in Win7+ mode crash on unimplemented function ntdll.RtlGetUnloadEventTraceEx (Steam client) 44999 Python 3.6.5 crashes due to unimplemented function api-ms- win-core-path-l1-1-0.dll.PathCchCanonicalizeEx. 45431 Multiple D3D11 games deadlock in IDXGISwapChain::ResizeTarget while trying to resize window (Crash Bandicoot N. Sane Trilogy, Dragon Age: Inquisition) 45453 Guild Wars 2: Launcher crashes with assertion "jobThreads && (jobThreads <= hardwareThreads)" 45627 mdac28 fails to install (SetupDefaultQueueCallbackW copy error 32 L"C:\\users\\austin\\Temp\\IXP000.TMP\\msdaorar.dll") 46093 GRLevel3 2.52 fails to start, hangs indefinitely 46099 Star Citizen not loading after implementation of WaitOnAddress() in wine 46140 .NET applications using 'WebRequest' API with MS .NET Framework crash when IPv4/6 is disabled in Linux kernel 46142 Games launched through Windows Steam no longer launch. 46161 Wine: Wrong GnuTLS usage? 46168 dotnet35sp1 installer has an error under wow64 46172 Multiple applications from Windows 7-10 crash on unimplemented function slc.dll.SLGetLicensingStatusInformation 46173 Used e-Sword successfully a few months ago, but when I try now I get a Program Error. 46179 Multiple Windows 10 ARM{32,64} apps need 'kernel32.dll.GetCurrentThreadStackLimits' to get stack start address 46180 wineserver does not release atom on unregistering window classes 46186 LoadImageA searches images in the wrong directory 46210 explorer /desktop leaks atoms from DDE interface 46229 serveptrace: NetBSD debug register storage 46235 Opening ADODB.Connection results in: Method '~' of object '~' failed 
submitted by catulirdit to linux_gaming [link] [comments]

MAME 0.203

MAME 0.203

With Hallowe’en basically over, the only thing you need to make October complete is MAME 0.203. Newly supported titles include not just one, but two Nintendo Game & Watch classics: Donkey Kong and Green House, and the HP 9825B desktop computer. We’ve added dozens of new versions of supported systems, including European bootlegs of Puck Man, Ms. Pac-Man, Phoenix, Pengo and Zero Time, more revisions of Street Fighter II and Super Street Fighter II, and a version of Soldier Girl Amazon made under license by Tecfri.
There are major improvements to plug-in TV games in this release, specifically systems based on the XaviX and SunPlus µ'nSP processors. The Vii is now playable with sound, and the V.Smile can boot games. Tiger Game.com emulation has come to the point where all but one of the games are playable. Some long-standing issues with Tandy CoCo cartridges have been fixed.
It isn’t just home systems that have received attention this month: Namco System 22 emulation has leapt forward. Yes, the hit box errors making it impossible to pass the helicopter (Time Crisis) and the tanks (Tokyo Wars) have finally been fixed. On top of that, video emulation improvements make just about everything on the system look better. In particular, rear view mirrors in the driving games now work properly. If that isn’t enough for you, the code has been optimised, so there’s a good chance you’ll get full speed emulation on a modern PC. There have been less dramatic improvements to video emulation in other Namco and Tecmo systems, and CPS-3 row scroll effects have been implemented.
MAME 0.203 should build out-of-the-box on macOS “Mojave” with the latest Xcode tools (provided your SDL2 framework is up-to-date), a number of lingering debugger issues have been fixed, and it’s now possible to run SDL MAME on a system with no display. MAME’s internal file selection menus should behave better when you type the name of a file to select it.
MAME 0.203 is a huge update, touching all kinds of areas. You can get the source and Windows binary packages from the download page.

MAMETesters Bugs Fixed

New working machines

New working clones

Machines promoted to working

New machines marked as NOT_WORKING

New clones marked as NOT_WORKING

New working software list additions

Software list items promoted to working

New NOT_WORKING software list additions

Source Changes

submitted by cuavas to emulation [link] [comments]

NEW Binary Options Indicator How To Set Up TOS Charts Learn how to setup and use Stock Charts for Binary Options ... Guide ║ binary options chart setup - YouTube This is how to trade Binary Options Full Time! - YouTube 2 Minutes Strategy Configuring SETTINGS And Indicators ...

Since technical traders look for repetitive patterns and familiar setups on detailed price charts, and perhaps through additional indicators, the basic in-or-out of profit binary options chart is often difficult to use as a trading tool in itself. Find a good third-party charting package The 5×5 system is a simple forex AND binary options strategy, which makes use of only two indicators. This reduces the number of charts and the rules are simpler to keep track of. Once you are comfortable with the system, you could even look at adding in another rule or indicator without causing a lot […] Binary Options Trading Setups. The Collection of FREE Binary Options Trading Indicators. Winning binary option only can be done when you have to work as same as we told you and backup the full system. How To Trade Binary Options: In this article, I want to show you a simple binary options trading strategy. Binary Options Blog; Binary Options Chart Setup; Regulations in Binary Options Trading; ... Once you’ve spent many hours in front of the charts finding solid binary trade setups will be much easier. The time you put in now, will help you save a lot of time and money down the line. The 1-minute binary options or the 60-seconds time frame is the best chart for trading binary options. In other words, the best binary options expiration time is the 60 seconds time frame. We recommend highlighting the starting point on your charts. And the ending point of your 50-candle low that you have identified.

[index] [58949] [6973] [34674] [37961] [2818] [3049] [67422] [42632] [61943] [21996]

NEW Binary Options Indicator How To Set Up TOS Charts

BO206 - In this video Sam Morton gives some examples of reliable chart setups to use when trading binary options. Website: http://www.binaryoptons.education 5 Minute Binary Strategy, Easy Chart Setup + Google Doc - Josh and Hanman (MoD) WEFX Official. ... Binary Options Crash Course - Bollinger Bands + live trades 85% - Part 7 - Duration: 15:42. 👨🏽‍💻 IQ Option $ The best broker 2020: - https://bit.ly/3hMNU9b I'll show you 100% winning iq option strategy 7 win VS 0 loss This is how I have traded Binary for the past 3 years. Thank you for watching my videos, hit the subscribe button for more content. Check out our members res... FOREX & BINARY SIGNALS http://nextwavetrading.com/SIGNALS/forex&binary OPEN YOUR ACCOUNT IQ OPTION HERE: http://nextwavetrading.com/IQoption IQ OPTION FREE D...

https://forex-portugal.cryptominingfarm.pw