Edventures in Normalcy

Find all symbolic links on a linux OS:

Or if you want to output it to a file:

Granting permissions in MySQL, localhost and external hosts must be separately run, the % sign means any external host and will not account for local connections:

But say you wanted to then remove remote access, but leave local access, easy (with this being the actual part I learned.  I wanted to write both granting and denying down.):

Actions speak louder than words, and I find some actions speak poorly.  I find the LGBT world has a duality to it.  I belong to the transgender community, which is where I run into this the most.  For example, I pulled an article from here:

http://www.cambio.com/2015/09/17/what-happened-when-i-revealed-to-men-on-tinder-that-im-a-transg/

The body is below, images are clickable, and although you may not need to see them all, you will get the idea.

“To put it plain and simply, dating sucks. Online dating sucks even more. And online dating as a transgender woman is pretty much a modern-day Greek tragedy. That being said, afterrecently undergoing gender-confirming surgery, I’ve been making a concerted effort to put myself out there and meet new people. According to many of my friends, Tinder was a good place to start. A little bit jaded and slightly pessimistic, I reluctantly decided to embark on a social experiment of sorts.

The reality of navigating dating world is that everyone has baggage that they’re weary about revealing to potential suitors. At the end of the day, we’re all human beings who want to be accepted and appreciated in our entirety. And the idea of having someone reject you because of a fundamental component of your identity is daunting enough to make a person avoid dating all together.

So as a young transwoman living in New York City, I’ve always been pretty freaking nervous about how guys could react when I reveal to them that I was born biologically male, even though I identify and live my life as female. After all, transwomen are all too often beaten and murdered for no reason other than their gender identities.

That’s exactly why the idea of online dating appealed to me despite it’s inherent shittiness and utter lack of romance. It opened up a space where I could disclose my transgender status to men from the safety of my phone without having to worry about putting myself in a potentially violent or dangerous situation (which is the reality for all of us transwomen). I decided to reveal my truth to men who I had matched with on Tinder and their responses were not always what I expected…

Of course there was the expected invasiveness, as you can see in the exchanges below. (PROTIP: Instead of asking a transwoman about her genitals right off the bat, try asking about her hobbies.)”

The above shows how to ridicule the ignorant, and come of as rude.  Yes, I face odd and peculiar questions, but since when is it wrong to be curious from an ignorant perspective.  When I was 5, I would ask some pretty awful/great questions.

Inclusiveness

I have once heard rumor that somewhere there is still a Chi Chi’s. I imagine it hidden inside a mountain where Shangri-La is. So on some random corner is a long lost land, is the best Mexican Restaurant chain ever, known only to the locals of Shangri-La.

Oh wait, I found them:

https://www.cityplug.be/en/Brussels/A42AV16Z_Restaurant_Chi-Chi-s-Anspach.html

https://en.wikipedia.org/wiki/Chi-Chi%27s

To correct the issue, on the iPhone, go to iMessages

To check if you have the problem yourself:

Go to settings > Messages > Send and Receive
Under “You can be reached by iMessage at”, if your phone number is not ticked, you have this problem.
To fix (this worked for me):

Go to Settings > Messages
Turn off iMessage
Go to Settings > Cellular
Turn off Cellular Data
Reboot phone
Turn Cellular Data and iMessage back on
Go to Settings > Messages > Send and Receive
Under “Start new conversations from”, tick your phone number
If you want to fail back to SMS messaging when iMessage is unavailable, make sure to enable Settings > Messages > Send as SMS. This was disabled by default on my fresh iOS7, and can cause text messages to be mysteriously delayed.

For more detail on the problem, see http://simonhackett.com/2013/11/06/ios7-imessage-mobile-number-linking/

Process Monitor, by SysInternals under Microsoft, shows real-time file system, Registry and process/thread activity. To do this it registers itself with the Event Tracing for Windows to receive activity reports from both the file system and the windows registry.

It can be found here: Windows Sysinternals Process Monitor.

Display Overview

Some basics of what to expect to see, here is a resized window, giving all of the default information I want to go over:

Capture (Ctrl+E): Enables/Disables capturing activity.
Autoscroll (Ctrl+E): Enables/Disables scrolling of display as activity is shown. I find it best to disable Autoscroll until enough filters are in place, ymmv.
Clear (Ctrl+X): Clears/flushes captured activity.
Filter (Ctrl+L): Shortcut to the filter screen.
Highlight (Ctrl+H): Enable highlighting of particular captured activity.
Include Process From Window: You see a program you want to watch to see what it does, these cross-hairs will help you zero in on just it.

 Registry Activity: I use this secondarily and have sparse experience with it, I tend to disable it on startup.  Results include SUCCESS, NAME NOT FOUND, BUFFER OVERFLOW, REPARSE, NO MORE ENTRIES, ACCESS DENIED, and BUFFER TOO SMALL.

 File System Activity: My bread and butter of this tool.  Almost always will be using this.  The seemingly more useful results include SUCCESS, ACCESS DENIED, NAME COLLISION, PATH NOT FOUND, END OF FILE, and BUFFER OVERFLOW, while the plethora of other results are NO MORE FILES, NAME NOT FOUND, FILE LOCKED WITH WRITERS, FILE LOCKED WITH ONLY READERS, NOT REPARSE POINT, PRIVILEGE NOT HELD, IS DIRECTORY, INVALID PARAMETER, NO SUCH FILE, RANGE NOT LOCKED, SHARING VIOLATION, OPLOCK NOT GRANTED, INVALID DEVICE REQUEST, and FAST IO DISALLOWED.  This may not be the full list, but what I could generate.

 Network Activity: This would be my 3rd most used, and last as I don’t use the next two.  I like this to see if a connection was made out/in and to/from what host.

 Process and Thread Activity

 Profiling Events

*A note on Fast IO
“Fast IO indicators in a trace have to do with how the windows file cache works. Process Monitor provides a default filter that removes most of the Fast IO events, by doing an exclude on events that have an Operation starting with the string “FASTIO_”. This leaves “FAST IO DISALLOWED” events captured and displayed. You often see a “FAST IO DISALLOWED” entry on a file followed by the normal path attempt to open the file which succeeds. Adding a filter to exclude Operations start with “FAST IO” eliminates these red herrings.

Starting up Process Monitor

When starting up the application, the output is overwhelming. Expect it, much like running Wireshark and showing all traffic on an interface, you are going to see more than you really need.

Filters
The default filter:

This strips out actions by the Process Monitor application itself. I use this as a base, and once the program starts showing results, exclude the imports I am not looking for. I rarely use the registry watch, and I typically stick to just the file monitor.

So for the default that loaded on the last version I downloaded, I would start the application,  to stop the capture, disable , , and .  I am then left with just  enabled.  Now start the capture again, .

For the slew of what is left, we have two options.

Include only the process by name or PID as a filter.

Pros: It is much cleaner and more direct if you know exactly what to look for. If I am trying to watch a single IIS Application pool, I can find its PID in the task manager, and add an Include for the matching PID.

Cons: This can exclude an item you had not anticipated, leaving a surprise to find out later.

Exclude Noise by Process name

Pros: Easier to start with when learning.  Can reveal conflicting applications.

Cons: Time cost, this can be a 30+ list in some cases.  Excluding that number of applications can take numerous runs of Process Monitor, starting and stopping captures to catch as much noise as one can.

Exclude Noise by Process name

I start excluding process’s by name for items I know I am not looking for.

Process Names’s I have been known to exclude:
In General:
System
Explorer.EXE
services.exe
scrnsave.scr
svchost.exe
mmc.exe
rundll32.exe

Desktop Environments:
trillian.exe
lync.exe
chrome.exe
firefox.exe
plugin-container.exe
FlashPlayerPlugin_11_5_502_135.exe
Nexus.exe
NOTEPAD.EXE
pn.exe
OUTLOOK.EXE
vmware-usbarbitrator.exe
FlashPlayerUpdateService.exe
GoogleUpdate.exe
putty.exe

Server Environments:
SSSvc.exe

Include only the process by name or PID as a filter.

TBD, As I run into further examples, I will flesh this out better.

Tips Tricks Notes

• Don’t record/track when you don’t need to be. The application can lock up and/or run up resources. To be as clear as I can, I had to restart my machine after leaving it running overnight. I was gathering examples by running the software, and failed to follow my own directions. Windows literally told me to restart my applications.
• When troubleshooting when layers/applications, I find it helpful to keep the browser on the local server as being listed in my output so that I can use it as a marker for when I am testing. It helps to narrow down what’s going on in the underlying moments when a request goes awry.
• Even with good filters, there still is a lot of stuff to wade through in a trace. For example, when the application loads a dll, there may be several attempts to open the file (CreateFile) under different folders, until the file is found (keep in mind that you don’t necessarily want to go throwing a looked for file in the first place the application looks for. Saw this be very bad in a ColdFusion example).

Below, you’ll find a list of the most common IP commands for Windows and DOS. These include ipconfig, trace route, netstat, arp, route, hostname, control netconnections, and other popular DOS and Windows IP commands.

Microsoft SQL Server backups, MSSQL Backup, process

• Note: You may need to go to Tools > Options > Query Results > SQL Server > Results to Text in the Studio Manager and change the “Maximum number of characters displayed in each column to 1024” (default is 256). Also make sure you are outputting the results to text. If you do not do this prior, you run into the chance of either set of commands not outputting the full commands needed for the next step.
• Also, you may need to open a New Query as the change ‘seems’ to only affect newly opened queries. The second pertinent setting, Open a new query window and ensure it has the focus, then go to Query > 249521. Here you can see the setting is located in 249521 > 249521. Change the Maximum number of characters displayed in each column the fields maximum of 8192.

The following command will generate a SQL script to back up all non system SQL databases. Be sure to replace the restore path. Make sure you set the results to text output.

Once the above query has been run, copy the output and run it as a new query on the source server (I migrate a lot, hence the terminology used).

You know zubat? The one that always gets in your way in a cave? The reason they do that is because they are flying type, surrounded rock types such as geodudes, and onixes. Their chance of survival is slim. They run up to trainers hoping to be rescued from their hell, by being captured, but instead of being rescued, they are skorned, denied, and refused  If one is lucky, it will be the only one caught in the entire game to be the one to put in the pokedex, after that, the rest are damned to a life of torment for the rest of the game.  After the first one is caught  the only way for one to e captures is the 1/8092 chance of being shiny.  Since this is unlikely  they have to train harder than any other pokemon to survive against the rock types, and to do that, they have to murder their neighbors, their mothers, their brothers, their sisters, their fathers, their best friends, to learn supersonic, and have the small chance of survival.  Their live is full of misery, pain, and suffering, and instead of saving them, we run away from them.