Posts Tagged ‘kind’

The Church Rejoices + Daniil Metropolitan of Vidin chosen and Enthroned as Head of Bulgarian Orthodox Church. Dostoin / Axios !

Wednesday, July 3rd, 2024

The Church Rejoices + Daniil Metropolitan of Vidin chosen and Enthroned as Head of Bulgarian Orthodox Church. Dostoin / Axios !

Patriarch_Daniil-the-new-canonically-and-officially-elected-Patriarch-of-Bulgaria-and-Metropolitan-of-Sofia

Metropolitan Daniil is our Officially and canonically elected Patriarch of Bulgaria and Metropolitan of Sofia (the choice was made in a complex selection system) during a Church national Assembly on 30th of June 2024.

The whole Church rejoices as a dark cloud was over the Church as people were scared, un-worthy patriarch might be selected.

The procedure of selection of new patriarch depends on matching, certain criterias for the candidate.

According to the Ustav of Bulgarian Orthodox Church (Establishment Law document, Church established rules statues)

New Patriarch Candidate should match following criterias:

  • To have been on a cathedra as metropolitan and have governed a diocese for at least 5 years
  • To be not be younger than 50 years of age (should be 50+ years old).
  • To be distinguished within the Church to have right thoughts on the Orthodox faith and the exact observance of church order and laws.
  • To enjoy a good and honorable name both before the people and before the government of the country

Procedure for electing a patriarch

On 20th of June of 2024, after internal voting in the Holy Synod, following the Church statuses, after 42 turns of votes of individually each Bishop and Metropolitan voting for his favorite, the 3 candidates for patriarch were emitted.

1. In the first round, the candidate who collected 2/3 of the votes of the voters present wins
2. If this does not happen, a second round is reached with the two candidates who received the most votes in the first round
3. In the second round, the candidate with a simple majority wins.

The results out of the elections on the Patriarchical choice National Church assembly results were as so:

Three Patriarchical Candidates

 

Three-candidates-for-Patriarch-na-Bulgaria-as-of-20-June-2024.
 

Name Candidate 1st voting 2nd voting
Daniil Metropolitan Vidinsky 51 votes 69 votes
Grigoriy Metropolitan Vrachanski 64 votes 66 votes
Gavriil Metropolitan Lovchanski 19 vote does not qualify


Patriarch Daniel (Bulgarian: Патриарх Даниил, romanized: Patriarh Daniil) has received his monk name after Saint Daniil the Stylite, one of the most notable Stylites in the Church history.

Early life and Education

Secular name Atanas Trendafilov Nikolov (Bulgarian: Атанас Трендафилов Николов; born 2 March 1972) in a town of Smolyan. He was born in a good and healthy family, his father Trendafil Nikolov is born in a small village near Smolyan (Kremene) and served as a police officer, his mother Zlatka Nikolova used to be a  teacher in the field of Informatics in Economy scohol in Smolyan.

He completed his primary and secondary education in his hometown and later served in the military. In 1996, he began studying English Philology at Sofia University, but being grown in the spirit of love for history and the motherland Bulgaria, he soon found out field of Philosophy does not provide enough to match his wide interests in history of the world and history of Bulgaria. Being touched by Gods love and having a desire to learn more about Christianity and his homeland orthodox christianity and learn more about philosophy but from the perspective of the Orthodoxy obviously guided by Gods provide, the following year during the hard years of national financial catastrophe and church schism in 1997 he transferred to the Faculty of Theology of the same university Saint Kliment Ohridski

In 1997 he also become candidate for monk novice in the notorious monastery of Hadji Dimovo (in honour of Saint Great Martyr George)  which was at that time of Spiritual Leadership of Metropolitan Natanail of Nevrokop, where he graduated in 2002 and which was one of the best monasteries capable of giving a solid basis for true and high standard spiritual life.

Becoming a Monk

On August 7, 1999, he was ordained a monk by him and the next day he was ordained as a hierodeacon. On July 21, 2004, he was sent for obedience to the Nativity of the Virgin Monastery (Rojenski Monastery) in Rozhen, and on November 27, he was ordained a hieromonk by his diocesan bishop.
On June 1, 2006, he was elevated to the rank of archimandrite.

Daniil-as-vicar-Bishop-of-Metropolitan-Joseph-of-America-of-Bulgarian-Orthodox-Church


Recognized as exceptional choosen person and Levereged to a Bishop by metropolitan Natanail Nevrokopski
Note: Nevrokov Eparchy is the eparchy in which Saint John of Rila Monastery belongs to, Metropolitan Natanail was among the most loved person in Bulgarian Church

On January 20, 2008, he was ordained as a Bishop with the title of Dragovitski and was appointed vicar of the Metropolitan of Neurokop Natanail

Nevrokopski-Metropolitan-Natanail
Metropolitan Nathanail Nevrokopsky (titled as the consience of the Bulgarian Church)

His ordination was carried out by Patriarch Maxim (the previous patriarch before Patriarch Neofit) in collaboration with Metropolitans + Ioanikiy of Sliven, + Dometian Vidinsky, + Kyril Metropolitan of Varna and Veliko Preslav, Grigoriy of Velikoturnovsky, Neofit of Rusensky, Natanail of Nevrokopsky, Gavriil Lovchansky and bishops Evlogius of Adrianople, Abbot of the Rila Monastery, Naum Stobiyski at that time Chief Secretary of The Holy Synod, Theodosius of Devol, Constantine of Marcianopol and John of Znepol (currently Metropolitan of Varna and Veliko Preslav chosen after decease of Metr. Kiril).

Hadji Dimovski monastery become also famous also for being the spiritual school for  Metropolitan Serafim of Nevrokop (chosen after's Metropolitan Natanail Nevrokopsky pass away to Christ).

On 15 June 2010, Daniel was appointed vicar of the diocese in the US, Canada and Australia of the Bulgarian Patriarchate. On 2 December 2011, the Holy Synod "took note of the letter from Metropolitan Joseph of the USA, Canada and Australia, notifying that permission had been received from the American emigration authorities to fulfill the obedience assigned by the Holy Synod to Bishop Daniel of Dragovitski who can already leave and take on responsibilities, as metropolitan vicar of the USA, Canada and Australia".
He was considered the most likely successor to Metropolitan Joseph of America (Bosakov).

Served as vicar bishop in the American, Canadian and Australian dioceses from 2011 until February 4, 2018 (for 7 years).
He was chosen to become the Metropolitan of Vidin (after the decease of Metr. Dometian) from February 4, 2018 to June 30, 2024.

In December 2018, Metropolitan Daniel condemned the Unification Council in Kyiv, calling it uncanonical. In his opinion, the actions of Patriarch Bartholomew are non-canonical, since he encroached on someone else's canonical territory.

Daniil is the originator of the introduction of religious education in the Bulgarian school and for many years worked for it to be included as a subject in the curricula.

On 21 July 2004, Daniel was sent for obedience to the Rozhen Monastery of the Nativity of the Blessed Virgin Mary. On 27 November of the same year he was ordained hieromonk by his diocesan bishop. On 1 June 2006, he was elevated to the rank of archimandrite. On 20 January 2008, he was consecrated Bishop of Dragovitia and vicar of the diocese of Nevrokop diocese.

Metropolitan of Vidin 4 February 2018 – 30 June 2024

Metropolitan-Daniil-in-times-as-a-Metropolitan-of-Vidin

On 4 February 2018, he was elected by the Synod to the post of Metropolitan of Vidin. Vidin was the last city that fall under the Ottoman hordes, and perhaps his zeal for truthfulness and orthodoxy and the Bulgarian nation was the reason Gods providence in that hard times to have chosen him to be head of this small but historically rich and important eparchy.

In December 2018, Metropolitan Daniel condemned the Unification Council in Kyiv, calling it uncanonical. In his opinion (based on Church Canons of Ecumenical Councils), the actions of Patriarch Bartholomew are non-canonical, since he encroached on someone else's canonical territory.

https://pc-freak.net/images/Patriarch-Daniil-Bartholomeow-patriarch-of_Constantinople-guest-on-patriarhical-enthronement

Perhaps for the Ecumenical Patriarch Bartholomew, the selection by the Gods providence for Daniil to be the next patriarch of Bulgaria, was quite a shock as the expected patriarch to choose was Gregory who if chosen should have been titled Gregory the II-nd as we already had a patriarch with this name , during the Second Bulgarian Kingdom  (saying this by memory), but mans thoughts are very different from Gods thoughts as the Holy scriptures says.

After the death of the former Patriarch of the Bulgarian Orthodox Church Neophyte in March 2024 and respective mourning period, then Metropolitan of Vidin, Daniel was one of the three shortlisted candidates to ocuppy the patriach position together with Metropolitan Gregory of Vratsa and Metropolitan Arsenius of Sliven.[7] On 30 June 2024, at the patriarchal electoral Church-People's Council in Sofia, Metropolitan Daniel was elected the new Patriarch of Bulgaria, Metropolitan of Sofia.

Patrirach-Daniil-of-Bulgaria-Blessing-soon-after-his-selection
Picture of Patriarch Daniil Blessing, right after his selection and his "radiation" with Patriarchal Ensignias, the Patriarchical Wand stick, The Cross, Panagias …

Daniil-Metropolitan-of-Sofia-and-Patriarch-of-Bulgaria

Pre-selected moments of the enthronization of new Bulgarian Patriarch Daniil of Bulgaria by Sonya Ankova

Currently he is the canonical 4th Patriarch of the new History of the Bulgarian  Orthodox Church, currently serving as Patriarch of All Bulgaria since June 30 !

His choosing and Enthroning was surprise for many influential people in the history and was just another proof the Church of Bulgaria is Governed by Jesus Christ and the selection was made by the Holy Spirit of God itself !

 

Daniil the New Bulgarian Patrhiarch, the Forth Patriarch by Bulgarian National TV (BNT) Chapter I

Lets all say Достоин / Axios !!!, just like many has proclaimed during the official introduction of Daniil as Patriarch with a special enthronization Ceremony.
The selection day 30 of June this year was by God's providence on the Sunday of All Saints, this year this day coincided also with the Assembly of All Holy Apostles day commemoration dedicated to All Apostles of Christ (the 12, the 70th of desciples and the rest of rings of desciples  of Christ who have done apostolic mission sent by him). The Assembly of Apostles feast is always celebrated  in the Church always 1 day after the Great feast of Saint Apostle Peter and Apostle Paul's day. 
The day after on the day the first Holy Liturgy was served by tradition by the new Patriarch and it was the Summer Feast of Saint Cosmo and Damianos  and  one of the 3 major feasts of Saint John of Rila (The Return of the Holy Relics of Saint John of Rila into Bulgaria) .

Patriarch Daniil  is the youngest patriarch of Bulgaria in our history of the Bulgarian Church, currently aged 51, since its establishment in year 870 (1154 years ago) and a lot of hope by many, that his Church rulership will be mostly beneficial for the whole Church and nation and will raise up the confidence and self-esteem of the nation, and shed light on the nation and attract more of the youth, that is living a life away from the Church even though baptized,  back in the Church.

Lets pray and wish the new Patriarch Daniil, a lot of increasement of Health, Love and Faith for everyone and Wisdom to guide the flock of Christ through the hardships of current turmoiled times of desperation and confusion as well as good health to serve as a Patriarch for Many Years !

For Many and Blessed Years his Holiness Patriarch of Daniil ! Metropolitan of Sofia and Patriarch of All Bulgaria !

Fix “There Has Been a Critical Error on Your Website” wordpress error

Friday, December 2nd, 2022

there-has-been-a-critical-error-on-your-website-wordpress-critical-error-fix

Say you have a shiny working WordPress based website withtout any monitoring set for years but suddenly, you open the site and you get the terrifying error:
 

There Has Been a Critical Error on Your Website

That is quite of a stress for sure. As in the first few minutes you don't understand how this has happened since, you did not touched the perfeclty working site for a very, very long time.
Then you start to debug into the apache / nginx access.log, error.log and mysql mysql.err etc. franticly trying to figure it out the normal ideas pop-up immediately into mind, whether you have a recent backup for the website's database. If you have pair of high availability webservers service or backup databases that serve the traffic via a separate standby instance of the service, you might try to switch off the official service and see whether the standby Webserver / SQL server instance would serve the website fine.
However, if this is not an option and you have no standby backup service as a recovery Plan B option already set. Your only option is to continue to debug what is wrong.
Then the next thing to do is to check whether you don't have a Web Caching or Proxy in front of your webservers that are preventing you to see a recent version of the website and give you some old cache or you don't have an ISP proxy that is giving you some unreal results. That is easily seenable from the Webserver logs. If this is neither the case the next thing is to:
 

Enable WordPress (wp-config.php) Debug mode

By default for Security reasons the WordPress PHP execution debug mode is switched off inside wp-config.php.
When there are odd pages with the WordPress based blog or site however this can easily be changed by modifying the WP_DEBUG true|false value.

To do so edit with a text editor such as vim / nano / mcedit  wp-config.php or if no SSH access to the remote machine, use SFTP / FTP transfer protocol copy the file to your desktop and inspect it and make sure the WP_DEBUG / WP_DEBUG_DISPLAY / WP_DEBUG_LOG has following values:

define( 'WP_DEBUG', true );

define( 'WP_DEBUG_DISPLAY', false );

define( 'WP_DEBUG_LOG', true );

Reloading the Browser window tab with There is a critical error on Your website, you should get some Errors or Warnings like:
 

Warning: Illegal string offset 'parent_slug' in /var/www/websitecom/wp-content/plugins/photo-gallery/booster/main.php on line 180

Warning: Illegal string offset 'slug' in /var/www/websitecom/wp-content/plugins/photo-gallery/booster/main.php on line 180

 

Then you can temporary disable the problematic problem in that case for example the photo-gallery and recheck the website, and then restore from backup snapshot the respective plugin files version from a moment, when the website was working.

If this doesn't solve it and more plugins are crashing and you can't find an easy way to work-around it you miss a backup, you might try to

 

Disable all WordPress active plugins

Disable your plugins from the dashboard, visit Plugins > Installed Plugins and tick the checkbox at the top of the list to select them all.
Then click Bulk Actions -> Deactivate, which should be enough to disable any conflicts and restore your site.

You can do essentially the same thing through SSH / FTP session.

Step 1: Log in to your site with SSH / FTP.
Step 2: Open the wp-content folder to find your plugins.
Step 3: Rename the plugins folder to plugins_old and verify that your site is working again via SSH run commands:

# cd  path_to/plugins; mv plugins plugins_old

or rename via FTP client
Step 4: Rename the folder back to “plugins”. The plugins should be disabled still, so you should be able to log in to your dashboard and activate them one by one. If
the plugins reactivate automatically, rename individual plugin folders with _old until your site is restored.

Raise the PHP Memory Limit

Sometimes, a low PHP limitation causes critical errors on WP based blogs and sites, if necessery raise up the memory limitation via:

define( 'WP_MEMORY_LIMIT', '128M' );

Change Max Upload File Size and Text Processing function limits

To increase the max upload file size, add this code to wp-config.php:

ini_set('upload_max_size' , '256M' );

ini_set('post_max_size','256M');

And to fix the breaking of large pages on your site, add this code:

ini_set('pcre.recursion_limit',20000000);
ini_set('pcre.backtrack_limit',10000000);

Clear up any caches

If you use some session caching of the website on the machine such as memcached / ncache / redis / varnish or an haproxy or any proxy in front of the webserver to do some kind of High availability could produce strange  unexpected Critical errors on Your Website, thus restarting such services or cleaning up any cache would be advisable if you have such.
 

What Causes "There Has Been a Critical Error on Your Website" error?


The reason could be practically anything as WP is a kind of multi-comonent free and a bit of bloatware. The general ones could be  from a missing database table / table fields to a messed up plugin after update a disappeared critical plugin or essential wordpress PHP file, but in my specific case the reason was simple the Plugins Auto-update, which I have had the stupidity to enable.

The WordPress Automatic Updates, though saving you effort and Protecting your website in most cases against recent bugs and Exploits and increasing the WP security level, often causes issues and from my personal experience it is not recommended so better avoid it. Again next time you implement any automation to your server make sure you put some kind of monitoring.

Even if you decide to enable it make sure you do it the right way and not like me, by enabling some Monitoring to the WordPress site via Zabbix / Nagios / Cacti / monit  etc to be sure you get notified immediately if the WordPress based site is down.

How to restart Microsoft IIS with command via Windows command line

Friday, August 19th, 2011

I'm tuning a Windows 2003 for better performance and securing it against DoS of service attacks. After applying all the changes I needed to restart the WebServer for the new configurations to take effect.
As I'm not a GUI kind of guy I found it handy there is a fast command to restart the Microsoft Internet Information Server. The command to restart IIS is:

c:> iisreset

How to check Microsoft IIS webserver version

Monday, July 21st, 2014

If you have to tune some weirdly behaviour Microsoft IIS (Internet Information Services) webserver, the first thing to do is to collect information about the system you're dealing with – get version of installed Windows and check what kind of IIS version is running on the Windows server?

To get the version of installed Windows on the system you just logged in, the quickest way I use is:
 

Start -> My Computer (right mouse button) Properties

check-windows-server-version-screenshot-windows-2003-r2

Run regedit from cmd.exe and go and check value of registry value:

 

HKEY_LOCAL_MACHINE\SOFTWARE\MicrosoftInetStp\VersionString


check-iis-webserver-version-with-windows-registry-screenshot

As you can see in screenshot in this particular case it is IIS version 6.0.

An alternative way to check the IIS version in some cases (if IIS version return is not disabled) is to telnet to webserver:

telnet your-webserver 80
 


Once connected Send:

HEAD / HTTP/1.0


Also on some Windows versions it is possible to check IIS webserver version from Internet Information Services Management Cosnole:

To check IIS version from IIS Manager:

Start (button) -> Control Panel -> Administrative Tools -> "Internet Information Services" IIS Manager

From IIS Manager go to:

Help -> About Microsoft Management Console


Here is a list with most common IIS version output you will get depending on the version of Windows server:

 

Windows NT 3.51 1.0
Windows NT 4 2.0-4.0
Windows Server 2000 5.0
Windows XP Professional 5.1
Windows Server 2003 6.0
Windows Vista 7.0
Windows Server 2008 7.0
Windows Server 2008 R2 7.5
Windows 7 7.5
Windows Server 2012 8.0
Windows 8 8.0
Windows Server 2012 R2 8.5
Windows 8.1 8.5

If you have only an upload FTP access to a Folder served by IIS Webserver – i.e. no access to the Win server running IIS, you can also grasp the IIS version with following .ASP code:
 

<%
response.write(Request.ServerVariables("SERVER_SOFTWARE"))
%>


Save the file as anyfile.asp somewhere in IIS docroot and invoke it in browser.

Minsk Monastery trip to saint Elizabeth’s Nun Convent – Spiritual realms of Belarus

Monday, April 7th, 2014

st_Elizabeth_Romanova-monastery-Church
If you happen to be in Belarus's capital Minsk and you're a Christian you would definitely will be interested to see the spiritual side of Belarus. I was in Minsk with my wife for a month and had the chance to go for a pilgrimage in st. Elisaberth's Orthodox Christian Convent.

In Belarus about 80% of population of population are Orthodox Christians with about 7% Catholics, some 4% protestants and 9% atheists. I'm Orthodox Christian myself so mostly I kept interest in exoeriencing Orthodox religion life there. The religious life in Belarus so deeply impressed me so I decided to even document it here.

I was in a couple of Orthodox Churches during the Great Lent first week attending afternoon (Great) Repentence services canon of St. Andrew of Crete. And was amazed how many people are religious in this God fearful country. All Churches where I was during the Great Canon or Holy Liturgy was so full of people that you cannot even enter the Church if you're late for the service. People attending were also very concentrated on the service and most of the people came to services bringing most of which holding a book with the Great Repentance Canon following the service and concentrated in praying and doing ground prostrations. One thing to note is Belarusian Orthodox Church is a sub-division of Russian Orthodox Church (ROC), Belarusian doesn't have their own patriarch but are under the patriarchy of Russian and all Moscow patriarch – Kiril I.

Few weeks ago for Sunday of All Orthodoxy (Triumph of All orthodoxy) for Holy Liturgy service me and Svetlana with a close friend of her Tatyiana went to St. Elisabeth's Monastery. 
Monastery is named in honour of St. Elizabeth Feodorovna Romanova – which is the last Russian Grand Princess of the Romanov family later executed with her husband and kids by Communists Bolsheviks, canonized by ROC in the 1990s.

Saint_Elizabeth_holy_orthodox_icon_monastery_Minskst_Elizabeth_Romanova-monastery-Church

The monastery as almost all Churches in Belarus is so full of people you cannot move (it seems in Russian Orthodox Church – there is an amazing spiritual awakening at the moment). I wanted to confess and even though I was in the Church building before beginning of the holy liturgy and there were two priests to confess the queue of people to confess was so long that confession lasted until the end of the Holy Liturgy. In order to able to confess I've waited on the "confession queue" for about 2 hours and a half. Even though Holy Liturgy completed confession continued and those who confessed after the Church service end was also offered the Holy Sacraments. Another stunning thing for me was the amount of young and obviously intelligent people who was in the Church – just to compare here in Bulgaria, seeing young people in most Churches and monasteries is a rare thing ..

Saint Elisabeth's Monastery is the only monastery situated in (very near 19 km away) from MINSK on Vigotskogo 6 str. We reached the monastery by taking bus from regular Minsktrans (state's bus company) city bus nr. 26, other bus and trolley riding there are – bus 18 and trolley 33, 38, 55.
Monastery was established in 1990 after dissolvement of USSR and is situatuated on a place where previously there was no church or a monastery. The SisterHood in monastery is enormous by size and consists nowadays of 7 Churches!!!

St_Elizabeth_Monastery_Monastery_Minsk-picture

The main Church of the Monastery has saint relics from all around the known Orthodox Walls, to venerate all the saint relics you will need at least 20 minutes!! The Holy Relics of the monastery are so much that they remind me very much of Monasteries I've seen on Holy Mounth Athos. The spiritual father of the monastery is father Andreya Lemoshonka.

father-Andreya-Lemeshonka-spiritual-father-of-st-Elizabeth-monastery-Minsk


From ruromrs the sisterhood in monastery consists of about 120 sisters (and even maybe more), some of them are Nuns and others are the so called "Sisters of Mercy" (something like the "White Sisters" moveing in the Roman Catholic Church) – woman who deliberately decided to help the monastery often walking the streets shops and metro stations collecting charity for poor, sick and people in need. Sisters of mercy are something exception and seeing a lady dressed in white robes on the street or metro with a prayer book at hand is something rare to see in today's crazy materialistic world. Some of this kind sisters of mercy are novice nuns in the monastery and others are just worldly woman with family whom the monastery employes on a small renumeration.

Minsk-sister-of-mercy-sestri-miloserdie-Belarus

The cloister is a unique place next to the majestic Church buildings, the monastery has a coffeteria where you can have a coffee / snacks or even a dinner after service, there is a Church shops full of icon and all kind of orthodox spiritual literature,a Christian games for kids (Orthodox Lotto, kids collapsible Churches from cardboards) as well as a food store with fasting and non-fasting food and even a shop for Christian clothing "Православная Одежда". 

orthodox-clothes-shop

Orthodox Clothes Shop near St. Elizabeth's monastery Minsk

st_Elizabeth-monastery_minsk-medovaja_lavka

A Honey Store – St. Elizabeth Monastery Belarus

st_elizabeth_monastery-food-store

Orthodox Foodstore near St. Elizabeth Monastery Misnk

In one of the Churches there is a 3 floor tiny shop first floor sell icons, books and faith related things, monastic souvenirs and on the second floor there is a herbal pharmacy  with healing herbs for almost all kind of physical and nervological disorders etc. Part of monastic life is the evening and morning service which occur everyday in the monastery. The spiritual father of a monastery Andreya Lemoshonka who is a married priest is also leading frequent lectures on faith and is often helping people coming to him for a spiritual advice, a problem or question related to faith. The Nuns are fasting each Monday, Wednesday and Friday – fasting also in Mondays even though this fasting day was only observed in ancient Church and in many Orthodox monasteries, Monday fastings (In veneration of Angels) is no longer observed – i.e. sisterhood life is very strict. Near the monastery is situated a Mental Hospital and one of the duties of nuns is to often visit the mentally sick there. The sisterhood helps orphanage homes and is bringing for Holy sacraments often a lot of sick children.

st_elizabeth-monastery-minsk1

Part of monastery service is sheltering the homeless, alcoholics and drug addicts offering them encouragement and work in the small monastic farm. The monastery has also workshops where people with disability work in making gloves, icons, decorations, souvenirs embroided by hand. Near the monastery there is a wooden shop where one can order all kind of custom crafted wooden wardrobes, chairs or anything wooden you like for your home.

What I saw there make my heart joyful. It seems Minsk Monastery achieved something which is rarely seen in Orthodox world a symbiosis between Faith, charity and a monetary funding model that works
The monastery very much reminded me to an Orthodox movie Forpost and to the Godly initiate in Bulgaria by father Ioan of Novi Khan who by his efforts, Gods help and the charity of hundreds of bulgarian takes care for about 150 homeless orphans in a monastery.

 

'Forpost' (Outpost) – What the Church Can Accomplish. 

As a closure word I want say Thanks and Glory be to the Holy Trinity The Father, The Son and the Holy Spirit! for blessing me to the pilgrimage journet to St. Elizabeth's monastery!

Howto Pass SSH traffic through a Secured Corporate Proxy server with corkscrew, using sshd as a standalone proxy service with no proxy installed on remote Linux server or VPS

Tuesday, November 19th, 2019

howto pass ssh traffic through proxy to remote server use remote machine as a proxy for connecting to the Internet

Working in the big bad corporate world (being employed in  any of the Fortune 500) companies, especially in an IT delivery company is a nasty thing in terms of User Personal Data Privacy because usually when employeed in any of a corporation, the company ships you with a personal Computer with some kind of pre-installed OS (most often this is Windows) and the computer is not a standalone one but joined in Active Directory (AD) belonging to Windows Domain and centrally administered by whoever.

As part of the default deplyed configuration in this pre-installed OS and software is that part or all your network traffic and files is being monitored in some kind of manner as your pre-installed Windows or Linux notebook given by the Corporation is having a set of standard software running in the background, and even though you have Windows Administrator there are many things you have zero control or even if you have changed it once the Domain Policy is triggered your custom made changes / Installed Programs that happen to be against the company policy are being automatically deleted, any registry changes made are being rewinded etc. Sometimes even by trying to manually clean up your PC from the corporate crapware,  you might breaks access to the corporate DMZ firewalled network. A common way to secure their employee PC data large companies have a Network seperation, your PC when not connected to the Corporate VPN is having a certain IP configuration and once connected to the Demilitarized Zone VPN those configuration changes and the PC have access to internal company infrastructure servers / router / switches / firewalls / SANs etc. Access to corporate Infrastructure is handled via crypted VPN clinet such as Cisco AnyConnect Secure Mobility Client which is perhaps one of the most used ones out there.

Part of the common software installed to Monitor your PC for threats / viruses / trojans among which is MCafee / EMET (Enhandced Mitigation Experience Toolkit) the PC is often prebundled with some kind of anti-malware (crapware) :). But the tip of the iceberg on user surveillance where most of surveillance happens is the default installed proxy on the PC which usually does keep track of all your remote accessed HTTP Website URLs accessed in plain text – traffic flowing on Port 80 and crypted one on standard (SSL) Port 443. This Web Traffic is handled by the Central Corporate proxy that is being deployed via some kind of Domain policy, every time the Computer joins the Windows domain. 

This of course is a terrible thing for your Browsing security and together with the good security practice to run your browser in Incognito mode, which makes all your browsing activity such as access URLs History or Saved Cookies data to be cleared up on a Browser close it is important to make sure you run your own personal traffic via a separate browser which you will use only for your own concern browsing such as Accessing your Bank Money Accounts to check your Monthly Sallary / Purchase things online via Amazon.com / Ebay.com, whether all of the rest traffic company related is trafficed via the default set corporate central proxy.
This is relatively easy sometimes in companies, where security is not of a top concern but in corporations with tightened security accessing remote proxy, or accessing even common daily news and Public Email websites or social media sites  Gmail.com / Twitter / Youtube will be filtered so the only way to reach them will be via some kind of Proxy and often this proxy is the only way out to the Free world from the corporate jail.

Here is where the good old SSH comes as a saving grace as it turns out SSH traffic could be trafficed over a proxy. In below article I will give you a short insight on how Proxy through SSH could be achieved to Secure your dailty web traffic and use SSH to reach your own server on the Internet as well as how you can copy securely data via SSH through corporate Proxy. 
 

1. How to view your corporate used (default) proxy / Check Proxy.pac file definitions

 

To get an idea what is the used proxy on your Corporate PC (as most corporate employee given notebooks are running some kind of M$ Windows)  you can go to:

Windows Control Panel -> Internet Options -> Connections -> Lan Settings


internet-properties-microsoft-windows-screenshot

Under the field Proxy server (check out the Proxy configured Address and Port number )

local-area-network-lan-settings-screenshot-windows-1
 

Having that as browsers venerate the so-called Proxy.pac file, to be rawly aware on some general Company Proxy configured definitions you can access in a browser the proxy itself fething the proxy.pac file for example.

 

http://your-corporate-firewall-rpoxy-url:8080/proxy.pac

 

This is helpful as some companies Proxies have some proxy rules that reveal some things about its Internet architecture and even some have some badly configured proxy.pac files which could be used to fool the proxy under some circumstances 🙂
 

2. Few of the reasons corporations proxy all their employee's work PC web traffic

 

The corporate proxying of traffic has a number of goals, some of which are good hearted and others are for mostly spying on the users.

 

1. Protect Corporate Employees from malicious Viruses / Trojans Horses / Malware / Badware / Whatever ware – EXCELLENT
2. Prevent users from acessing a set of sources that due to the corporate policy are considered harmful (e.g. certain addresses 
of information or disinformation of competitors, any Internet source that might preach against the corporation, hacking ralated websites etc.) – NOT GOOD (for the employee / user) and GOOD for the company
3.Spy on the users activity and be able to have evidence against the employee in case he decided to do anything harmful to the company evidences from proxy could even later be used in court if some kind of corpoate infringment occurs due to misbehave of the employee. – PERFECT FOR COMPANY and Complete breach of User privacy and IMHO totally against European Union privacy legislation such as GDRP
4. In companies that are into the field of Aritificial Intelligence / Users behavior could even be used to advance Self-learning bots and mechanisms – NASTY ! YAECKES

 

3. Run SSH Socks proxy to remote SSHd server running on common SSL 443 port

 

Luckily sysadmins who were ordered the big bosses to sniff on your Web behaviour and preferences could be outsmarted with some hacks.

To protect your Browsing behaviours and Secure your privacy perhaps the best option is to use the Old but gold practice o Securing your Networkf traffic using SSH Over Proxy and SSH Dynamic tunnel as a Proxy as explained in my previous article here.

how-to-use-sshd-server-as-a-proxy-without-a-real-proxy-ssh-socks5_proxy_linux
 

In short the quest way to have your free of charge SOCKS  Remote proxy to your Home based Linux installed OS server / VPN with a Public Internet address is to use ssh as so:

 

ssh -D 3128 UserName@IP-of-Remote-SSHD-Host -p 443

 

This will start the SOCKS Proxy tunnel from Corporate Work PC to your Own Home brew server.

For some convenience it is useful to set up an .alias (for cygwin) / linux users in .bashrc file:

 

alias proxy='ssh -D 3128 UserName@IP-of-Remote-SSHD-Host -p 443';

 

To start using the Proxy from browser, I use a plugin called FoxyProxy in Chrome and Firefox browsers
set-up to connect to localhost – 127.0.0.1:3128 for All Protocols as a SOCKs v5 Proxy.

The sshd Socks proxy can be used for multiple others for example, using it you can also pass on traffic from Mail client such as Thunderbird to your Email server if you're behind a firewall prohibiting access to the common POP3 port 110 or IMAP port TCP 143. 

4. How to access SSH through Proxy using jumphost SSH hop


If you're like me and you have on your Home Linux machine only one Internet address and you have already setupped an SSL enabled service (lets say Webmail) to listen to that Public Internet IP and you don't have the possibility to run another instance of /usr/bin/sshd on port 443 via configuration or manually one time by issuing:

 

/usr/sbin/sshd -p 443

 

Then you can use another ssh another Linux server as a jump host to your own home Linux sshd server. This can be done even by purchasing a cheap VPS server for lets say 3 dollars month etc. or even better if you have a friend with another Linux home server, you can ask him to run you sshd on TCP port 443 and add you an ssh account.
Once you have the second Linux machine as JumpHost to reach out to your own machine use:

 

ssh -J Your-User@Your-jump-host.com:443 hipo@your-home-server.com -v

 

To easify this a bit long line it is handy to use some kind of alias like:

 

alias sshhome='ssh -J Your-User@Your-jump-host.com:443 hipo@your-home-server.com -v'

 

The advantage here is just by issuing this sshd tunnel and keeping it open in a terminal or setting it up as Plink Putty tunnel you have all your Web Traffic Secured
between your Work Corporate PC and your Home Brew Server, keeping the curious eyes of your Company Security Officers from your own Web traffic, hence
separating the corporate privacy from your own personal privacy. Using the just established own SSH Proxy Tunnel to home for your non-work stuff browsing habits
from the corporate systems which are accessed by switching with a button click in FoxyProxy to default proxy settings.
 

5. How to get around paranoid corporate setup where only remote access to Corporate proxy on TCP Port 80 and TCP 443 is available in Browser only

 

Using straight ssh and to create Proxy will work in most of the cases but it requires SSH access to your remote SSH running server / VPS on TCP Port 22, however under some Fort-Nox like financial involved institutions and companies for the sake of tightened security, it is common that all Outbound TCP Ports are prohibited except TCP Port 80 and SSL 443 as prior said, so what can you do then to get around this badful firewall and access the Internet via your own server Proxy? 
The hack to run SSH server either on tcp port 80 or tcp port 443 on remote Host and use 443 / 80 to acess SSHD should work, but then even for the most paranoid corporations the ones who are PCI Compliant – PCI stands for (Payment Card Industry), e.g. works with Debit and Credit Card data etc, accessing even 80 or 443  ports with something like telnet client or netcat will be impossible. 
Once connected to the corporate VPN,  this 2 two ports firewall exceptions will be only accessible via the Corporate Proxy server defined in a Web Browser (Firefox / IE / Chrome etc.) as prior explained in article.

The remedy here is to use a 3rd party tools such as httptunnel or corkscrew that  are able to TUNNEL SSH TRAFFIC VIA CORPORATE PROXY SERVER and access your own resource out of the DMZ.

Both httptunnel and corkscrew are installable both on most Linux distros or for Windows users via CygWin for those who use MobaXterm.

Just to give you better idea on what corkscrew and (hts) httptunnel does, here is Debian packages descriptions.

# apt-cache show​ corkscrew
" corkscrew is a simple tool to tunnel TCP connections through an HTTP
 proxy supporting the CONNECT method. It reads stdin and writes to
 stdout during the connection, just like netcat.
 .
 It can be used for instance to connect to an SSH server running on
 a remote 443 port through a strict HTTPS proxy.
"

 

# apt-cache show httptunnel|grep -i description -A 7
Description-en: Tunnels a data stream in HTTP requests
 Creates a bidirectional virtual data stream tunnelled in
 HTTP requests. The requests can be sent via a HTTP proxy
 if so desired.
 .
 This can be useful for users behind restrictive firewalls. If WWW
 access is allowed through a HTTP proxy, it's possible to use
 httptunnel and, say, telnet or PPP to connect to a computer

Description-md5: ed96b7d53407ae311a6c5ef2eb229c3f
Homepage: http://www.nocrew.org/software/httptunnel.html
Tag: implemented-in::c, interface::commandline, interface::daemon,
 network::client, network::server, network::vpn, protocol::http,
 role::program, suite::gnu, use::routing
Section: net
Priority: optional
Filename: pool/main/h/httptunnel/httptunnel_3.3+dfsg-4_amd64.deb

Windows cygwin users can install the tools with:
 

apt-cyg install –yes corkscrew httptunnel


Linux users respectively with:

apt-get install –yes corkscrew httptunnel

or 

yum install -y corkscrew httptunnel

 

You will then need to have the following configuration in your user home directory $HOME/.ssh/config file
 

Host host-addrs-of-remote-home-ssh-server.com
ProxyCommand /usr/bin/corkscrew your-corporate-firewall-rpoxy-url 8080 %h %p

 

howto-transfer-ssh-traffic-over-proxy

Picture Copyright by Daniel Haxx

The best picture on how ssh traffic is proxied is the one found on Daniel Haxx's website which is a great quick tutorial which originally helped to get the idea of how corkscrew works in proxying traffic I warmly recommend you take a quick look at his SSH Through or over Proxy article.

Host-addrs-of-remote-home-ssh-server.com could be also and IP if you don't have your own domain name in case if using via some cheap VPN Linux server with SSH, or alternatively
if you don't want to spend money on buying domain for SSH server (assuming you don't have such yet) you can use Dyn DNS or NoIP.

Another thing is to setup the proper http_proxy / https_proxy / ftp_proxy variable exports in $HOME/.bashrc in my setup I have the following:
 

export ftp_proxy="http://your-corporate-firewall-rpoxy-url:8080"
export https_proxy="https://your-corporate-firewall-rpoxy-url:8080"
export http_proxy="http://your-corporate-firewall-rpoxy-url:8080"
export HTTP_PROXY="http://your-corporate-firewall-rpoxy-url:8080"
export HTTPS_PROXY="http://your-corporate-firewall-rpoxy-url:8080"


 

6. How to Transfer Files / Data via SSH Protocol through  Proxy with SCP and SFTP


Next logical question is how to Transfer your own personal encrypted files (that contains no corporate sensitive information) between your Work laptop and home brew Linux ssh server or cheap VPN.

It took me quite a lot of try-outs until finally I got it how Secure Copy (scp) command can be used toto transfer files between my Work Computer and my Home brew server using JumpHost, here is how:
 

scp -o 'ProxyJump Username@Jumpt-Host-or-IP.com:443' ~/file-or-files-to-copy* Username@home-ssh-server.com:/path/where/to/copy/files


I love using sftp (Secure FTP) command Linux client to copy files and rarely use scp so I have a lot of try-outs to connect interacitvely via the Corporate Proxy server over a Jump-Host:443 to my Destination home machine, 

 

I've tried using netcat as it was pointed in many articles online, like so to traffic my sftp traffic via my localhost binded SSH Socks proxy on :3128 together with netcat as shown in article prior example, using following line:
 

sftp -oProxyCommand='/bin/nc -X connect -x 127.0.0.1:3128 %h %p' Username@home-ssh-server.com 22

 

Also tried proxy connect like this:

 

sftp -o ProxyCommand="proxy-connect -h localhost -p 3128 %h %p" Username@home-ssh-server.com

 

Moreover, tried to use the ssh  command (-s) argument capability to invoke SSH protocol subsystem feature which is used to facilitiate use of SSH secure transport for other application
 

ssh -v -J hipo@Jump-Host:443 -s sftp root@home-ssh-server.com -v

open failed: administratively prohibited: open failed

 

Finally decided to give a try to the same options arguments as in scp and thanks God it worked and I can even access via the Corporate Proxy through the Jump Host SSH interactively via Secure FTP 🙂

!! THE FINAL WORKING SFTP THROUGH PROXY VIA SSH JUMPHOST !!
 

sftp -o 'ProxyJump Username@Jumpt-Host-or-IP.com:443' Username@home-ssh-server.com


To save time from typing this long line every time, I've setup the following alias to ~/.bashrc
 

alias sftphome='sftp -o 'ProxyJump Username@Jumpt-Host-or-IP.com:443' Username@home-ssh-server.com'

 

Conclusion

Of course using own Proxy via your Home brew SSH Machine as well as transferring your data securely from your Work PC (notebook) to Home does not completely make you Surveillance free, as the Corporate Windows installed OS image is perhaps prebundled with its own integrated Keylogger as well as the Windows Domain administrators have certainly access to connect to your PC and run various commands, so this kind of Security is just an attempt to make company has less control and know less on your browsing habits and the best solution where possible to secure your privacy and separate your Personal Space form Work space by using a second computer (if having the ability to work from home) with a KVM Switch device and switch over your Work PC and Home PC via it or in some cases (where companies) allows it, setup something like VNC server (TightVNC / RealVNC) on work PC and leave it all time running in office and connect remotely with vncviewer from your own controlled secured computer.

In article I've explained shortly common scenario found in corporate Work computers proxy setup, designed to Surveil all your move, mentioned few common softwares running by default to protect from Viruses and aimed to Protect user from malicious hacking tools, explained how to view your work notebook configured Proxy, shortly mentioned on Proxy.pac and hinted how to view proxy.pac config as well as gave few of the reasons why all web traffic is being routed over central proxy.

That's all folks, Enjoy the Freedom to be less surveilled !

Unique MenuetOS – Free Software 32 / 64 bit OS entirely written in assembly language

Wednesday, July 10th, 2013

 

unique operating-system menuetos written-in-assembler-programming-logo

Something very unique, I stumbled on some time ago and worthy to mention and recommend for everyone to test is MenuetOS. Can you imagine, someone might write an operating system entirely from scratch in 32 / 64 bit Assemler? Idea sounds crazy and impossible but in fact developers of MenuetOS already achieved it!

Unique OS - menuetos asm free os start-menu screenshot

Normally every modern operating system nowadays is based on some kind of UNIX / Linux / or NT (Windows) technology or at least follows some kind of POSIX standartization.
 The design goal of MenuetOS since the first release in year 2000, is to remove the extra layers between different parts of an OS. The more the layers more complicated the programming behind is and therefore this creates bugs more bugs. MenuetOS follows the idea of KISS model (Keep It Simple Stupid). Its amazing what people can write in pure asm programming!! 64 bit version of menuet is also backward compatible with 32 bit. MenuetOS supports mostly all any other modern OS does. Here is list of Supported Features:

 

 

 

 

  • – Pre-emptive multitasking with 1000hz scheduler, multithreading, multiprocessor, ring-3 protection
  • – Responsive GUI with resolutions up to 1920×1080, 16 million colours
  • – Free-form, transparent and skinnable application windows, drag'n drop
  • – SMP multiprocessor support with currently up to 8 cpus
  • – IDE: Editor/Assembler for applications
  • – USB 2.0 HiSpeed Classes: Storage, Printer, Webcam Video and TV/Radio support
  • – USB 1.1 Keyboard and Mouse support
  • – TCP/IP stack with Loopback & Ethernet drivers
  • – Email/ftp/http/chess clients and ftp/mp3/http servers
  • – Hard real-time data fetch
  • – Fits on a single floppy, boots also from CD and USB drives

MenuetOS has fully functional Graphic interface (environment). Though it is so simple it is much more fast (as written in assembler) and behaves more stable than other OS-es written in C / C++.
Its bundled with a POP3 / Imap mail client soft

menuetos assmebly OS mail client
As of time even some major legendary Games like DoomQuake, Sokoban and Chess are ported to MenuetOS !!!

doom2-id-games-running-on-menuetos-operating-system-in-assembler-from-scratch

MenuetOS Doom

quake legendary game running on Menuetos asm free OS

Quake I port on MenuetOS

Below are some more screenshots of Apps and stuff running

Maniac Mansion running on MenuetOS assembler build free Operating system

The world famous Maniac Mansion (1987)

Prince of Persia running on 32 64 bit assembler written GPL free-OS

Arcade Classic of 16 bit and 8 bit computers Prince of Persia running on top of dosbox on MenuetOS

For those who like to program old school MenuetOS has BASIC compiler, C library (supports C programming), debuggers, Command Prompt.

It even supports Networking and has some  most popular network adapters drivers as well as has basic browsing support through HTTP application.

unique-os-menuetos-browsing-with-httpc-browser

You can listen music with CD Player but no support for mp3 yet.
To give MenuetOS a try just like any other Live Linux distribution it has Bootable LiveCD version – you can download it from here
MenuetOS is a very good for people interested to learn good 32 bit and 64 bit Assembler Programming.
Enjoy this unique ASM true hacker OS 😉

We are 300 million. We are Slavonic! – Нас 300 миллионов! Мы Славяне!!!

Saturday, January 19th, 2013

Some might be puzzled to know about 300 million of inhabitants of the world are Slavonic and speak some kind of Slavonic language. This is almost 6% of the population. Slavonic languages are easy to comprehend. It is curious fact that until 10 years ago about half of the books in the world were in Slavonic or some kind of variation of Slavonic. Russians, Macedonians, Serbians, Slovenians, Czechs, Bulgarians, Belaruse, Croatia, Bosnia & Herzegovina, Ukraine, Slovakia, Monte Negro, Poland, Khazakstan. It plenty of people. Obviously it is most likely that the better integration between nations happens based on cultural and language criterias. As all Slavonics more or less share certain similar cultural heritage (at least more closer between each other than to Western Culture), it is good and logical Slavonic nations to unite and be in economic union.
Today I had the opportunity to be unexpectedly guest in Macedonian family. It was quite interesting to find out the food they eat, the language and the people habits and manners are mostly the same as Bulgarians. It was clear that we're one nation, so we had to act like this. I've been once in Slovenia and I had similar observations, it seems Slovenian language is a mixture of ancient Bulgarian, little latin, Serbian and some Germanic. My observations on meeting with different cultures shows it is much easier to understand each other with other Slavians, than with Western People. Probably it is similar if not the same between French, Belgium, German and Dutch.

If the European Union want to survive therefore obviously it should concentrate on unification of two blocks pretty much like the Roman Empire. Instead of trying to create one united megapolis under the flag of some unreal unrealistic slogans.
 

We are 300 million. We are Slavonic! – Нас 300 миллионов! Мы Славяне!!!

 

Currency converter Free Desktop Software for Microsoft Windows

Saturday, December 8th, 2012

Business or not a business entity, in the mostly globalized world it is almost inevitable to go on at least monthly basis without a need for some kind of currency convertion. Of course there are plenty of websites allowing Free Money Convertion services out there. However as I'm not a big fan of the Software as a Service (SAS). I don't like other people to be able to sniff what kind of money, amounts I'm intending to convert as well as I don't like google or other search engine to profile me how frequently I'm converting or intending to convert money. Thus today I did a quick research what kind of Free and  Open Source Software FOSS is available to do the money convertion operation custom on my own webserver or my desktop PC. Though It was not exactly what I was looking for I found a Windows Desktop Software -CConverter which is capable of convertions between mostly if not all Currencies around the world. I'm not a m$ Windows user myself, but I was glad to know a Free Software exists for the task. CConverter is definitely a piece of soft useful for Businesses and People. In future if I do my own business it would be nice to know of this little handy soft existence and I will put it in action (to save costs) and add confidentiality to my business money transaction / convertions. Below is the two screenshots of CConverter I found on the project's sourceforge website:

Desktop Currency converter program cconverter windows desktop currency converter program

cconverter money desktop currency converter m$ windows software in action $$$