Posts Tagged ‘support’

Big Church Scandal in the Bulgarian Orthodox Church the developments on how the Church basic law Establishment document is illegally broken and hope and action for truth to be restored

Tuesday, March 12th, 2024

His-Holiness-Patriarch-Neofit-of-Bulgarian-Orthodox-Church-and-Metropolitan-of-Sofia-Blessing

Christians Wake Up !


23-september-Saint-Alexander-Nevsky-and-his-holy-relics-parts-of-which-kept-in--Cathedral-Saint-Alexander-Nevsky-Sofia
Saint Alexander Nevsky and his Holy Relics parts of which kept in Saint Alexander Nevski
(2nd Largest Orthodox Christian Cathedral on the Balkans)

"God is not in the power but in the righteousness", that are the words of Saint Alexander Nevsky recalled also by the Bulgarian Patriarch Neofit (Neofitos) on 23 of November 2019 on the feast of the Saint Warrior Alexander.
Now as the His Holyiness is in Hospital in very critical health situation, where he cannot even speak, and thus unable to take up a position on the illegal activities of some of the Synodal Elders of the l Holy Bulgarian Orthodox Church has "spit over" the Establishment documents of the Church (the so called Church "Cyrkoven Ustav" or Establishment of the Bulgarian Church, which is the next in importance after the Holy writtings (The Bible), The Church tradition and the Canons with their unwalful decision about a "New Synodal order", which takes over the rights of Priests and Layman in their God given right to choose their own eparchy spiritual head  representative the eparchy's metropolitan.

Synodal-elders-Gavriil-Seraphim-Danijl

Three of the Synodal Elders – Lovchanski Metropolitan Gavriil, Nevrokop's metropolitan Serafim (Seraphim) and Vidin's Metropoitan Danijl (Deniel), during standard Synodal session to approve the choice of the people for new Metropolitan after the the passing of our oldest and perhaps most holy Metropolitan His Holiness Joanicius of Sliven. asked the rest of Synodal Member Metropolitans to stop overriding the Bulgarian Church Establishment legislation,  and choose between the two righteous selected candidates approved by people's choice opened and legal voting, those were:

1. Ierotey (with 26 votes for) 
and
2. Michael (with 22).

It is important to say until his death bed Ierotey has been a vicar bishop of Joanicius always following, his spiritual guidance and his recommendations without breaking even the smallest, being faithful to the holy elder Joanicius.

His-Holiness-Metropolitan-Joanichius-Joanikij-of-Sliven-of-the-Bulgarian-Orthodox-Church

His All Holiness Patriarch Neofit and His Holiness Joanicius 

The metropolitans warned this "Creates a very dangerous situation, which leads in question the legal (law) establishments of the whole Church.The legitimacy of the organs and powers of rule of whole Bulgarian Orthodox Church (Bulgarian Patriarchy) BPC-BP in the face of the bulgarian country is in danger."

Metropolitan-Joseph-Amerikanski-Joseph-metropolitan-of-America-and-Canada-of-the-Bulgarian-Orthodox-Church

Bulgarian Metropolit Joseph of America, Canada and Australia came up with official statement from America since, he was unable to join the discussions of the Synod, that the taken decision is improper and he sees a ""communist shadows" in the decision for that new "synodal order" and summons every member of the Snoyd to "return the rights of everyone by following the Church Establishment legislation of BPC-BP". He came with his opinion in the matter late, and came up with his open letter to support continuing the opened procedure selection for new Sliven Metropolitan in stead of its cancellation (cassation), as the choice was made due to both country and law's norms in a very transparent way and even has been publicly shown Live on facebook.

His-Holiness-Metropolitan-Ierotey-of_Agathopol

His Holiness Ierotey

His-Holiness-Bishop-Mihail-Konstantijski

His Hoiliness Mihail

After that, unexpectedly after a personal meeting between the Metropolitan Ioan of Varna and Veliko Preslav with the Sliven's eparchy layman and priests representative and the eparchical order (where 30 out of the 90 Sliven's priests) were present who has asked Iaon (who temporary rules) over the Sliven eparchy to restore order and do venerate their choose for Metropolitan between the canonically selected according to the Bulgarian Church establishment documents following the votings strictly and choosing the 2 bishops Ierotey (Ierotheus) and (Mihail) Michael as the possible choices as well as after a high pressure of his own priests in Varna and Velikopreslov, many of whom knows well what the situation is, he takes the decision to not support the new legislation that is breaking the establishment church laws. He is soon followed by Vraca''s Metropolitan Grigorij who also decides to not support a new legislation for cancellation of the procedure for choice of new Sliven metropolitan.

Metropolitan Nikolay offers, that in their assembly of 12.03.2024 all the decisions to be cancelled, and to follow the procedure as it was choosen in their assembly on 24.02.2024.

So far so good, until now you will think, okay the new orders of the synod is against the establishment orders, but the multitude of bishops is on their way to change it again.

The_Synodal-Palace-of-the-Bulgarian-Orthodox-Church-from-where-the-Bulgarian-Church-is-governed

Whether the new orders will be accepted or not will be known on 12 of March, when these decision that Important decision affecting the future of the Bulgarian church wll be taken.
"Because the Church integrity and independence of the national liberation movements, that led to the restoration of Bulgaria in year 1878 … and is one of the main factors for the stability and secrity of our dear motherland Bulgaria" / as Metropolitans Gavriil, Seraphim and Danijl writes".
 

One of the arguments for the in hurry made decision for "new synodal order" in said to be in the "name of church unity"??. But wait with unwalfulness you cannot achieve church unity, and here is not important the majority, but the truth, that is protected by the minority, which strictly follows the Establishment document laws of the Bulgarian Church, which was accepted with a whole nation approval in which members with the choice and selection of Layman, Priest, Bishops and Metropolitans together and accepted with a consent between those.

The Church establishment document (Cyrkoven Ustav) says that any new rules out of the already set in rules, should be only introduced with the aceptance of the Church national consent in the future, and such rules should be only introduced in situations of high emergency (a situation, which we don't have in the moment).

Introducing such an unwalful things, is shameful and makes our hearts sad, as we're all part of the one holy church and this could lead to even a schism of those who decide to follow the Establishment laws and those who would follow a way of the closed up form of secret organizations, whose decision are taken only by a small group of people without venerating the people's opinion. Unfortunately now such a schism will not be created by a DS (BG Government Security Agencies) like it was in the distant year 1992, by an anti church government decision of the "director of the confessions", when he decided to "fire-up" the Patriarch of the Church Patriarch Maxim and the Holy Synod and tried to appoint a new "Alternative Synod", now from the inside some of the members of the Holy Synod, self-authorizing / self-roganizing to set on the position for new Metropolitans without taking in consideration the preference of the ordinary layman, priests, monks and even bishops and others in the Church, following some of their own financial interests.

Whether there was a phenomenal push from the outside for introducing the "new emergency orders" from the inside by Metropolitan Nikolay as people speak now publicly or another paid "force" is uknown but the internal Church coup (of exchanging the facts) is a fact.

If the new synodal order is being approved tomorrow on 12 of March, that would be also turn against the people who suggested it "the metropolitans", they could be then fired up by, those with higher positions among the metropolitans "due to emergency" and "new orders", but that would be the least of trouble, because suddenly out of a Church with a common faith and common equal decision makers, the church would turn to anti-church governed by a clique of elites who would always impose their will on the people (an anti-church), against the church being a congregartion of each of its members.


What can be done against those phenomenal corporative pressure to advantage from the Bulgarian Church (poor people donated) lands and properties ?


Postings on blogs and social networks such as facebook unfortunately is not enough, and "plus as an information leaked out" out of priest in Plovdiv's eparchy there are organized buses paid by rich Plovdiv businessmena and other People who have financial interests for Metropolitan Nikolay to achieve more power over the Church (a tendency that is seen for years now) in his attempt to took over one of the richest Eparchys and to install his pawn, that would sell church lands for cheap to the businesses and allow even more construction nearby the sea to happen in Sliven, Burgas, Pomorie, Ahtopol, Sozopol and across the Huge bulgarian Sea-Coast lands … 

Those paid people will come in front of the Synodal Palace to support the Synodal "new emergency decisions" and scandalize the ordinary Church truely beliving people and servents of Christ. Those fake and often diluded people (some of which would be even true believers), will be blinded, but most of them will be simply forced to go their by their head Metropolitan Nikolay.
Of course if this scenario would happen to a Polital movement or party that would be okay, but when these things happen in the True Church of Christ, then situation becomes absurd.
The announcements for organized buses from Plovdiv are being already hanged on many of the Churches in Plovdiv and this whole things is being made unscrupulous in the 21 century not venerating any freedom or truthfulness, blatantly. The announcement says" 


"A free of charge trip is organised for those who will to stand behind the New Synodal emergency order on 12.03.2024. To sign up go to the Church go the person selling candles. A Departure in 07:00, return in 12:00 h",
this is announced in Plovdiv's Churches.

announcement-sticked-on-Churches-in-Plovdvid-for-support-of-Synodal-new-unwalful-church-order

"Supporting the Holy Synod" is very sly formulation, which does misleads and is being presented as "the people's" support for the "Synodal orders", like it is about the exchange of the decisions of the Synod on 24 of February.

In order to protect the righteousness and holiness of the Church and its Establishment, we  should be next to the Bishops and Metropolitans, who guardian the Church as Jesus Christ ordered Saint Apostle Peter, by telling him "If you love me graze my flock", we should be next to those who venerate the decisions of the Church National Assembly accepted Church Establishment, and which should help to not accept any unwalful decisions on 12 of March (if such are being made by the Synod).

If Third of March 1878, put the stablishment of the Third Bulgarian Country, 4th of March 870 put the stablishment of the Bulgarian Church, when the Constinople's assembly accepted its autonomy.

On 12 March 2024, we still can with a peaceful presence be in front of the Synodal Building, when will be taken а crucial decision about whole Church,
Because if we have the Bulgarian Orthodox Church, we have the Bulgarian country !

Those who read that, Please pray, fervently for us  tomorrow in 9 o'clock CET for everyone that will stand up to protect the freedoms of People to continue be part of taking the important decisions in the Church !
Who can let him come, also to state his support, that Country's and God's legal law and orders should be followed !

Lets hope if Metropolitan Joanicius has the perseverance from Heaven, he can pray and put things in order shortly and all pray !

Lord Jesus Christ son of the Blessed God Have mercy on Us the Sinners ! Oh Most Holy Mother of God pray for us !

 

 

Configure own Media streaming minidlna Linux server to access data from your Smart TV

Friday, February 18th, 2022

dlna-media-minidlna-server-linux-logo

If you happen to buy or already own or just have to install a Smart TV to be connected with a LAN Network to a Linux based custom built NAS (Network Attached Storage) server. You might benefit of the smart TV to Share and Watching the Disk Storage Pictures, Music, Video files from the NAS  to the Smart TV using the Media Server protocol.

You have certainly already faced the Media Server at your life on many locations in stores and Mall Buildings, because virtually any reoccuring advertisements, movies projected on the TVs, Kids entertainment or Floor and Buildings Room location schedules or timeline promition schedules are streamed using the Media Server protocol, for many years now. Thus having a brief idea about Media Server proto existence is foundamental stuff to be aware of for sysadmins and programmers.

Shortly about DLNA UPnP Media Streaming Protocol

Assuming that your Smart TV has been already connected to your Wireless Router 2.4Ghz or 5Ghz Wifi, one would think that the easiest way to share the files with the SmartTV is via something like a simple SAMBA Linux server via smb:// cifs:// protocols or via the good old NFS Server, however most of Samsung Smart TV and many other in year 2022 does not have embedded support for Samba SMB / CIFS Protocol but instead have support for the DLNA (Digital Living Network Alliance) streaming support. DLNA is part of the UPnP (Universal Plug and Play) Protocols, UPnP is also known to those using and familiar with Windows Operating Systems realm simply as UPnP AV Media server or Windows Media server.
Windows Media server for those who never heard it or used it 
 allows you to build a Playlists with Media files Video and Audio data files, that can be then later played remotely via a Local LAN or even long distance over TCP / IP remote side connected Internet network.
 

1. Set up and Stream data via Media server on  Windows PC / notebook with integrated Windows Media server 

Windows Media server configuration on Windows 7, 10 and 11 is a relatively easy to configure via:

Network and Sharing Center -> Media Streaming Options -> Turn on Media Streaming 


Then you have to define the name of the Media Library, configure whether Media server should show
on the Local Netework
for other conected devices and Allow or Block access from the other network present devices.


 2. Using a more advanced Media Server to get rid about the limitation of DLNA set of supported file codecs.
 

The Windows default embedded DLNA server is the easiest and fastest one to set up, but it’s not necessarily the best option.
Due to the way DLNA works, you can only stream certain types of media codecs supported by the server. If you have other types of media not defaultly supported and defined by DLNA win server, it just won’t work.

Thus thanksfully it was developed other DLNA servers improve this by offering real-time transcoding.
If you try to play an unsupported file, they’ll transcode it on-the-fly, streaming the video in a supported format to your DLNA device.
Just to name few of the DLNA Media Streaming servers that have supported for larger MPG Video, MP3 / MP4 and other Audio formats encodings,
you can try Plex or the Universal Media Server both of which are free to use under freeware license and have versions for Linux and Mac OS.


Universal_media_server-windows-screenshot-stream-media-data-on-network

 

3. Setting up a free as in freedom DLNA server MiniDLNA (ReadyMedia) on GNU / Linux


ReadyMedia (formerly known as MiniDLNA) is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients. It was originally developed by a NETGEAR employee for the ReadyNAS product line.

MiniDNLA daemon serves media files (music, pictures, and video) to clients on a network. Linux Media servers clients you can use to test or scan your network for existent Media servers are multiple perhaps the most famous ones are applications such as totem (for QT users) and Kodi (for KDE).
The devices that can be used with minidlna are devices such as portable media players (iPod), Smartphones, Televisions, Tablets, and gaming systems (such as PS3 and Xbox 360) etc.
 

ReadyMedia is a simple, lightweight, the downside of it is It does not have a web interface for administration and must be configured by editing a text file. But for a simple Video streaming in most cases does a great job.


3.1 Install the minidlna software package 

Minidlna is available out of the box on most linux distributions (Fedora / CentOS / Debian / Ubuntu etc.) as of year 2022.

  • Install on Debian Linux (Deb based distro)

media-server:~# apt install minidlna –yes

  • Install on Fedora / CentOS (other RPM based distro)

media-server:~# yum install -y minidlna


3.2 Configure minidlna

– /etc/minidlna.conf – main config file
Open with text editor and set user= ,  media_dir= ,  port=, friendly_name= ,  network_interface= variables as minimum.
To be add minidlnad support symlinks to external file locations, set also wide_links=yes

media-server:~# vim /etc/minidlna.conf

#user=minidlna
user=root
media_dir=/var/www/owncloud/data
network_interface=eth0,eth1

# Port number for HTTP traffic (descriptions, SOAP, media transfer).
# This option is mandatory (or it must be specified on the command-line using
# "-p").
port=8200
# Name that the DLNA server presents to clients.
# Defaults to "hostname: username".
#friendly_name=
friendly_name=DLNAServer Linux
# set this to yes to allow symlinks that point outside user-defined media_dirs.
wide_links=yes
# Automatic discovery of new files in the media_dir directory.
#inotify=yes

Keep in mind that it is supported to provide separete media_dir and provide different USB / External Hard Drive or SD Card sources separated only by content be it Video, Audio or Pictures short named in config as (A,V,P).

media_dir=P,/media/usb/photos
media_dir=V,/media/external-disk/videos
media_dir=A,/media/sd-card/music

You might want to diasble / ineable the inotify depending on your liking, if you don't plan to place new files automated to the NAS and don't care to get indexed and streamed from the Media server you can disable it with inotify=no otherwise keep that on.

– /etc/default/minidlna – additional startup config to set minidlnad (daemon) options such as setup to run with admin superuser root:root 
(usually it is safe to leave it empty and set the user=root, whether needed straight from /etc/minidlna.conf
That's all now go on and launch the minidlna and enable it to automatically boot on Linux boot.

media-server:~# systemctl start minidlna
media-server:~# systemctl enable minidlna
media-server:~# systemctl status minidlna

 

3.3 Rebuilt minidlna database with data indexed files

If you need to re- generate minidlna's database.
To do so stop the minidlna server with the
 

media-server:~# systemctop stop minidlna


 command, then issue the following command (both commands should be run as root):

media-server:~# minidlna -R

Since this command might kept in the background and keep the minidlna server running with incorrect flags, after a minute or two kill minidlna process and relaunch the server via sysctl.

media-server:~#  killall -9 minidlna
media-server:~#  systemctl start minidlna

 

3.4 Permission Issues / Scanning issues

If you plan to place files in /home directory. You better have a seperate partition or folder *outside* your "home" directory devoted to your media. Default user with which minidlna runs is minidlna, this could prevent some files with root or other users being red. So either run minidlna daemon as root or as other user with whom all media files should be accessible.
If service runs as root:root, and still getting some scanning issues, check permissions on your files and remove special characters from file names.
 

media-server:~# tail -10 /var/log/minidlna/minidlna.log 
[2022/02/17 22:51:36] scanner.c:489: warn: Unsuccessful getting details for /var/www/owncloud/data/Videos/Family-Videos/FILE006.MPG
[2022/02/17 22:52:08] scanner.c:819: warn: Scanning /var/www/owncloud/data finished (10637 files)!
[2022/02/17 22:52:08] playlist.c:135: warn: Parsing playlists…
[2022/02/17 22:52:08] playlist.c:269: warn: Finished parsing playlists.
minidlna.c:1126: warn: Starting MiniDLNA version 1.3.0.
minidlna.c:1186: warn: HTTP listening on port 8200
scanner.c:489: warn: Unsuccessful getting details for /var/www/owncloud/data/admin/files/origin/External SD card/media/Viber Images/IMG-4477de7b1eee273d5e6ae25236c5c223-V.jpg
scanner.c:489: warn: Unsuccessful getting details for /var/www/owncloud/data/Videos/Family-Video/FILE006.MPG
playlist.c:135: warn: Parsing playlists…
playlist.c:269: warn: Finished parsing playlists.

 

3.5. Fix minidlna Inotify errors

In /etc/sysctl.conf 

Add:

fs.inotify.max_user_watches=65536

in a blank line at end of file and do 

media-server:~# sysctl -p

Debugging minidlna problems, index errors, warnings etc

minidlna does write by default to /var/log/minidlna/minidlna.log inspect the log closely and you should get most of the time what is wrong with it.
Note that some files might not get indexed because minidlna won't support the strange file codecs such as SWF encoding, if you have some important files to stream that are not indexed by minidlna, then install and try one of the more sophisticated free software Media Servers for Linux:

plex-media-streaming-server-screenshot

Note that most Linux users from my quick research shows, MediaTomb is the preferred advanced features Open Source Linux Media Server of choice for most of the guys.

mediatomb-linux-media-streaming-server-picture.jpg.webp
 

 

4. Test minidlna Linux servers works, getting information of other DLNA Servers on the network

media-server:~# lynx -dump  http://127.0.0.1:8200
MiniDLNA status

  Media library

   Audio files 0
   Video files 455
   Image files 10182

  Connected clients

   ID Type                   IP Address    HW Address        Connections
   0  Samsung Series [CDEFJ] 192.168.1.11  7C:0A:3D:88:A6:FA 0
   1  Generic DLNA 1.5       192.168.0.241 00:16:4E:1D:48:05 0
   2  Generic DLNA 1.5       192.168.1.18  00:16:3F:0D:45:05 0
   3  Unknown                127.0.0.1     FF:FF:FF:FF:FF:FF 0

   -1 connections currently open
 

Note that there is -1 connections (no active connections) currently to the server. 
The 2 Generic DLNA 1.5 IPs are another DLNA servers provided by a OpenXEN hosted Windows 7 Virtual machines, that are also broadcasting their existence in the network. The Samsung Series [CDEFJ] is the DLNA client on the Samsung TV found, used to detect and stream data from the just configured Linux dlna server.

The DLNA Protocol enabled devices on a network as you can see are quite easy to access, querying localhost on the 8200 server dumps, what minidlna knows, the rest of IPs connecting should not be able to receive this info. But anyways since the minidlna does not have a special layers of security to access it, but the only way to restrict is filtering the 8200 port, it is a very good idea to put a good iptables firewall on the machine to allow only the devices that should have access to the data.

Further more if you happen to need to access the Media files on Linux from GUI you might use some client as upmentioned totem, VLC or if you need something more feature rich Java eezUPnP .

eeZUPnP-screenshot-java-client-for-media-server

That's all folks !
Enjoy your media on the TV 🙂

CentOS 8 / Redhat 8 insert additional guests additions to VM to enable Fullscreen, Copy / Paste and Shared Folder from host OS

Monday, January 10th, 2022

virtualbox-guest-additions-install-on-centos-8.3-linux-oracle-logo

My experience with enabling virtualbox additions guest tools on many of the separate Linux distributions throughout time is pretty bad as it always is a pain in the ass to enable fully functional full screen and copy paste for Virtualbox…
 
For those who installed it for a first time vbox guest addition tools for Virtualbox are additional software components added so the Emulated Operating system
could allow better screen resolution and better mouse integration support.

So far I've installed virtualbox additions tools to CentOS 7 and Debian Linux various releases and faced complications there as well.
Few days ago my colleague Georgi Stoyanov have installed CentOS 8.3 with current version of VirtualBox 6.1 (vesrsion from beginning of 2022) and he has also shared had issues with enabling the CentOS 8.3 Linux to work with guestadditions but eventually found a resolution.

Thus he has shared with me the solution and I share it with you, so hopefully someone else could enable Guesttools on his CentOS 8.3 with less digging online.
The error received is:

# ./VBoxLinuxAdditions.run

Trying to install Guest Additions in RHEL 8.3.

VirtualBox Guest Additions: Starting.
VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel
modules. This may take a while.
VirtualBox Guest Additions: To build modules for other installed kernels, run
VirtualBox Guest Additions: /sbin/rcvboxadd quicksetup
VirtualBox Guest Additions: or
VirtualBox Guest Additions: /sbin/rcvboxadd quicksetup all
VirtualBox Guest Additions: Building the modules for kernel
4.18.0-193.el8.x86_64.

VirtualBox Guest Additions: Look at /var/log/vboxadd-setup.log to find out what
went wrong
ValueError: File context for /opt/VBoxGuestAdditions-6.0.20/other/mount.vboxsf already defined
VirtualBox Guest Additions: Running kernel modules will not be replaced until
the system is restarted
Press Return to close this window…

No idea what to do next. Been trying for sometime.


To enable guestaddtions in CentOS 8.3, e.g. get arount the error you have to:


1. Install all necessery dependncies RPMs required by GuestAddition tools

 

# dnf install tar bzip2 kernel-devel-$(uname -r) kernel-headers perl gcc make elfutils-libelf-devel

# dnf -y install gcc automake make kernel-headers dkms bzip2 libxcrypt-compat kernel-devel perl

2.  Run below semanage and restorecon commands

 

# semanage fcontext -d /opt/VBoxGuestAdditions-/other/mount.vboxsf
# restorecon /opt/VBoxGuestAdditions-/other/mount.vboxsf

 

3.  Insert Virtualbox guest additions ISO and Run it

 

centos-insert-guest-additions-linux-virtualbox-screenshot
 

Devices -> Insert Guest Additions CD Image

 

Click Run button to exec Vbox_GAs_6.0.18 script or run it manually

Run-Guest-Additions-screenshot-virtualbox-centos-8

or mount it manually with mount command and execute the VBoxLinuxAdditions.run to do so:

 

$ cd /run/media/`whoami`/VB*
$ su
# ./VBoxLinuxAdditions.run
Installing additional modules …
VirtualBox Guest Additions: Building the VirtualBox Guest Additions kernel modules.  This may take a while.
VirtualBox Guest Additions: Running kernel modules will not be replaced until the system is restarted
VirtualBox Guest Additions: Starting.

 

4. Reboot the VM
 

# reboot

5. Check and Confirm Virtualbox guest additions are properly installed and running
 

# lsmod | grep vbox

 

6. Enable Copy / Paste from to Virttual Machine e.g. Shared Clipboard / Shared Folder etc.

 

Share-Clipboard-in-Virtualbox-screenshot-centos-8

 

The three options most useful besides the support for FullScreen OS emulation by Virtualbox to enable right after
guesttools is on are:


1. Devices -> Shared Clipboard -> Bidirectional
2. Devices -> Drag and Drop -> Bidirectional
3. Devices -> Shared Folders -> Shared Folder Settings

 

Heroes of Might and Magic 2: Best old-school turn based strategic game to play on your Android mobile phone

Monday, June 16th, 2014

heroes-of-might-and-magic-2-for-your-mobile-smartphone-android-screenshot

Probably many people which are my age (I'm aged 30 now), spent many days and sleepless nights being totally addicted playing probably one of the most addictive (and in my view greatest strategy game of all time) – Heroes of Might and Magic II (HOMM2).
In that thoughts it will be a great news for you if you're owning smartphone that you can turn-back some nice memories and play (for free) a port of Heroes 2 for Android.

Free Heroes 2 Android port is it is made to support multiple screened devices so game  version could be played on both Android Tablet a tiny screen smart phone or a middle sized mobile. Also Free Heroes 2 mobile port allows you to choose 'The Magnifying glass' option on first game boot, so if you're on a tiny screened mobile you can still zoom by pointing on a game object. Free Heroes 2 Android port is there thanks to Gerhard Stein who is also an author of OpenTyrian mobile phone port and the amazing old computer jump-and-run arcade Commander Keen. Game pointer controls of FHeroes2 are pretty convenient and playing the game is almost as confortable as played with a PC mouse.
Free Heroes 2 is port of Free Heroes 2 engineFree implementation of Heroes of the Might and Magic II engine in SDL and because SDL is platform independent Free Heroes is also available for both Windows / Linux. Maybe here is time too mention that Heroes2 original DOS game works perfectly on any modern Linux distribution when started through DOSBOX DOS emulator.

By default Free Heroes2  has no game campaign support yet. In order to enable campaing support into Free Heroes 2, download FULL Heroes 2 gameput data files to mobile SD card to dir app-data/net.sourceforge.fheroes2 and campaign option will be there too.

heroes_of_might_and_magic_ii_play-on-android-best-strategy-old-game-for-android

Heroes of Might and Magic 2 – The succession Wars (or HEROES2, as it is widely known in Gamers communities) is a turn based strategy game  from year 1996 developed by Jon Van Caneghem by his New World Computing company it was marketed under on the market under brand of 3DO Company. Heroes II was voted the sixth-best PC game of all time by PC Gamer in May 1997. Heroes2 has also a game expansion pack called the Price of Loyalty released in 1997 as well as Heroes of Might and Magic II – Gold – from 1998. The game graphic design looks very beautiful and combined with the soundtrack makes playing it an awesome and calming experience. The game is very notable especially for soundtrack which is all of a beautiful classical music.

Heroes-of-might-and-magic-2-best-games-of-all-time-screenshot-HOMM2
(Picture taken and copyrighted by Wikipedia)

Gameplay

The titular heroes (horse) are player characters who can recruit armies, move around the map, capture resources, and engage in combat. The heroes also incorporate some role-playing game elements; they possess a set of statistics that confer bonuses to an army, artifacts that enhance their powers, and knowledge of magical spells that can be used to attack enemies or produce strategic benefits. Also, heroes gain experience levels from battle, such that veteran heroes are significantly more powerful than inexperienced ones.

On a typical map, players begin a game with one town of a chosen alignment. Each town alignment hosts a unique selection of creatures from which the player can build an army. Town alignment also determines other unique traits such as native hero classes, special bonuses or abilities, and leanings toward certain skills or kinds of magic.

heroes-of-might-and-magic-town_castle-sorceress-screenshot

Towns play a central role in the games since they are the primary source of income and new recruits. A typical objective in each game is to capture all enemy towns. Maps may also start with neutral towns, which do not send out heroes but may still be captured by any player. It is therefore possible, and common, to have more towns than players on a map. When captured, a town retains its alignment type, allowing the new owner to create a mixed army. A player or team is eliminated when no towns or heroes are left under their control. Usually the last player or team remaining is the victor.

As heroes visit special locations called obelisks, pieces are removed from a jigsaw puzzle-like map, gradually revealing 'The Ultimate Artifact location to the player. Once found, it confers immense bonuses to the player capable of breaking a stalemate: the grail can be taken back to a town and used to build a special structure, while the ultimate artifact provides the bonuses directly through possession.

heroes-of-might-and-magic-2-battle-for-castle-screenshot

Whenever a player engages in battle

The game changes from the adventure map display to a combat screen, which is based on either a hexagonal or square grid. In this mode, the game mimics the turn-based tactics genre, as the engaged armies must carry through the battle without the opportunity to reinforce or gracefully retreat. With few exceptions, combat must end with the losing army deserting, being destroyed, or paying a heavy price in gold to surrender. Surrendering allows the player to keep the remaining units intact. Battles can be led army army to army or castles / villages can be fight and (captured) occupied. Owning a town gives your hero daily an income of money later used to buy and upgrade castle buildings.

heroes-of-might-and-magic-ii-the-succession-wars-wizard-castle-building-options-screenshot

Also you your moved heroes could overtake mines producing different goods like minerals, sulfur, gold, emeralds etc. Building different buildings and building war units for army usually cost gold and some kind of resource.

Game Story

Heroes II history continues after Heroes I. Ending of Heroes I results in Lord Morglin Ironfist's victory. In the following years, he has successfully unified the continent of Enroth and secured his rule as king. Upon the king's death, his two sons, Archibald and Roland, vie for the crown. Archibald orchestrates a series of events that lead to Roland's exile. Archibald is then declared the new king, while Roland organizes a resistance. Each alignment is represented by one of the game's two campaigns. Archibald's campaign features the three "evil" town alignments, while Roland's campaign features the three "good" town alignments.

If Archibald is victorious, Roland's rebellion is crushed, and Roland himself is imprisoned in Castle Ironfist, leaving Archibald the uncontested ruler of Enroth. The  ending, however, results in Roland's victory, with Archibald being turned to stone by Roland's court wizard, Tanir.

If you're more interested to play modern games and get some more games modern games more entertaining take a look at Kevin Martin's JoyofAndroid Best Adnroid Games post here.

Enjoy

Unique MenuetOS – Free Software 32 / 64 bit OS entirely written in assembly language

Wednesday, July 10th, 2013

 

unique operating-system menuetos written-in-assembler-programming-logo

Something very unique, I stumbled on some time ago and worthy to mention and recommend for everyone to test is MenuetOS. Can you imagine, someone might write an operating system entirely from scratch in 32 / 64 bit Assemler? Idea sounds crazy and impossible but in fact developers of MenuetOS already achieved it!

Unique OS - menuetos asm free os start-menu screenshot

Normally every modern operating system nowadays is based on some kind of UNIX / Linux / or NT (Windows) technology or at least follows some kind of POSIX standartization.
 The design goal of MenuetOS since the first release in year 2000, is to remove the extra layers between different parts of an OS. The more the layers more complicated the programming behind is and therefore this creates bugs more bugs. MenuetOS follows the idea of KISS model (Keep It Simple Stupid). Its amazing what people can write in pure asm programming!! 64 bit version of menuet is also backward compatible with 32 bit. MenuetOS supports mostly all any other modern OS does. Here is list of Supported Features:

 

 

 

 

  • – Pre-emptive multitasking with 1000hz scheduler, multithreading, multiprocessor, ring-3 protection
  • – Responsive GUI with resolutions up to 1920×1080, 16 million colours
  • – Free-form, transparent and skinnable application windows, drag'n drop
  • – SMP multiprocessor support with currently up to 8 cpus
  • – IDE: Editor/Assembler for applications
  • – USB 2.0 HiSpeed Classes: Storage, Printer, Webcam Video and TV/Radio support
  • – USB 1.1 Keyboard and Mouse support
  • – TCP/IP stack with Loopback & Ethernet drivers
  • – Email/ftp/http/chess clients and ftp/mp3/http servers
  • – Hard real-time data fetch
  • – Fits on a single floppy, boots also from CD and USB drives

MenuetOS has fully functional Graphic interface (environment). Though it is so simple it is much more fast (as written in assembler) and behaves more stable than other OS-es written in C / C++.
Its bundled with a POP3 / Imap mail client soft

menuetos assmebly OS mail client
As of time even some major legendary Games like DoomQuake, Sokoban and Chess are ported to MenuetOS !!!

doom2-id-games-running-on-menuetos-operating-system-in-assembler-from-scratch

MenuetOS Doom

quake legendary game running on Menuetos asm free OS

Quake I port on MenuetOS

Below are some more screenshots of Apps and stuff running

Maniac Mansion running on MenuetOS assembler build free Operating system

The world famous Maniac Mansion (1987)

Prince of Persia running on 32 64 bit assembler written GPL free-OS

Arcade Classic of 16 bit and 8 bit computers Prince of Persia running on top of dosbox on MenuetOS

For those who like to program old school MenuetOS has BASIC compiler, C library (supports C programming), debuggers, Command Prompt.

It even supports Networking and has some  most popular network adapters drivers as well as has basic browsing support through HTTP application.

unique-os-menuetos-browsing-with-httpc-browser

You can listen music with CD Player but no support for mp3 yet.
To give MenuetOS a try just like any other Live Linux distribution it has Bootable LiveCD version – you can download it from here
MenuetOS is a very good for people interested to learn good 32 bit and 64 bit Assembler Programming.
Enjoy this unique ASM true hacker OS 😉

Drawing GANTT Charts and Project Management on Linux, (Microsoft Project substitute for Unix)

Tuesday, October 12th, 2010

I'm studying Project Management, right now. In that spirit of thoughts I and a couple of other guys are building a Project Plan.
As it Project Plan it's necessary to put a GANTT Chart in it to show visually the project timeline (the phases), the duration and the inter-relation between the different tasks which leads the project to an actual completion.

After a bit of thorough research online on available software to deal with project management and particularly, ones that are capable to build a GANTT charts on Linux / BSD.

I've come with the following list of software capable to be a substitute for the Microsoft Project software.
Redmine GANTT Chart

GANTT chart Redmine

1. Gantt Project
GANTTProject chart GANTTProject Chart

2. Gnome Planner
Planner GANTT Gnome Chart Planner GANTT Chone Chart

3. Task Juggler Project Manager with GANTT Capability for (KDE)
Task Juggler

4. JxProject – This software is not free, though it can be considered almost free
Take a look also at:
5. Trac , though it doesn't really support GANTT charts it's a lovely software to be used for PM.
Trac Project Management

Another option you have is to try out:
6. PHProjekt

Update 20.09.2016 – PHPProject Old download link is no longer active

It is this link http://www.phprojekt.com/, but the page doesn’t seem to be active any more. I thought you might want to update.

If you are looking for an alternative please check out http://wiht.link/PHProjekt-PM, it may make a suitable replacement.

Kind Regards,
Tom Wilcox


That piece of softwre really looks promising, especially if we consider that it's web based and how much essential is today to have an anline tools for doing the ordinary desktop jobs.

You can even check an online demo of the PHPProjekt software here

If you're a type of KDE user you definitely has to try out Kplato

As I've tested the software the software is easy to be used, however it still is missing some essential parts that Microsoft Project includes so it's not 100% substitute.
Also it's not able to open Microsoft Project (MPP) files, neither able to save the charts in the .mpp format.

Moving ahead I've came across DotProject DotProject Gantt Chart
DottProject Gantt Chart

I haven't took the time to test it myself but however, as I go through the software website the project looked quite good.
Lastly you can take a look at: 7. PStricks as a mean of project management, however I think it doesn't support GANTT chart building.
>

‘host-name’ is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’

Sunday, May 20th, 2012

mysql-logo-host-name-blocked-because-of-many-connection-errors
My home run machine MySQL server was suddenly down as I tried to check my blog and other sites today, the error I saw while trying to open, this blog as well as other hosted sites using the MySQL was:

Error establishing a database connection

The topology, where this error occured is simple, I have two hosts:

1. Apache version 2.0.64 compiled support externally PHP scripts interpretation via libphp – the host runs on (FreeBSD)

2. A Debian GNU / Linux squeeze running MySQL server version 5.1.61

The Apache host is assigned a local IP address 192.168.0.1 and the SQL server is running on a host with IP 192.168.0.2

To diagnose the error I've logged in to 192.168.0.2 and weirdly the mysql-server was appearing to run just fine:
 

debian:~# ps ax |grep -i mysql
31781 pts/0 S 0:00 /bin/sh /usr/bin/mysqld_safe
31940 pts/0 Sl 12:08 /usr/sbin/mysqld –basedir=/usr –datadir=/var/lib/mysql –user=mysql –pid-file=/var/run/mysqld/mysqld.pid –socket=/var/run/mysqld/mysqld.sock –port=3306
31941 pts/0 S 0:00 logger -t mysqld -p daemon.error
32292 pts/0 S+ 0:00 grep -i mysql

Moreover I could connect to the localhost SQL server with mysql -u root -p and it seemed to run fine. The error Error establishing a database connection meant that either something is messed up with the database or 192.168.0.2 Mysql port 3306 is not properly accessible.

My first guess was something is wrong due to some firewall rules, so I tried to connect from 192.168.0.1 to 192.168.0.2 with telnet:
 

freebsd# telnet 192.168.0.2 3306
Trying 192.168.0.2…
Connected to jericho.
Escape character is '^]'.
Host 'webserver' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'
Connection closed by foreign host.

Right after the telnet was initiated as I show in the above output the connection was immediately closed with the error:

Host 'webserver' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'Connection closed by foreign host.

In the error 'webserver' is my Apache machine set hostname. The error clearly states the problems with the 'webserver' apache host unable to connect to the SQL database are due to 'many connection errors' and a fix i suggested with mysqladmin flush-hosts

To temporary solve the error and restore my normal connectivity between the Apache and the SQL servers I logged I had to issue on the SQL host:

mysqladmin -u root -p flush-hostsEnter password:

Thogh this temporar fix restored accessibility to the databases and hence the websites errors were resolved, this doesn't guarantee that in the future I wouldn't end up in the same situation and therefore I looked for a permanent fix to the issues once and for all.

The permanent fix consists in changing the default value set for max_connect_error in /etc/mysql/my.cnf, which by default is not too high. Therefore to raise up the variable value, added in my.cnf in conf section [mysqld]:

debian:~# vim /etc/mysql/my.cnf
...
max_connect_errors=4294967295

and afterwards restarted MYSQL:

debian:~# /etc/init.d/mysql restart
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld.
Checking for corrupt, not cleanly closed and upgrade needing tables..

To make sure the assigned max_connect_errors=4294967295 is never reached due to Apache to SQL connection errors, I've also added as a cronjob.

debian:~# crontab -u root -e
00 03 * * * mysqladmin flush-hosts

In the cron I have omitted the mysqladmin -u root -p (user/pass) input options because for convenience I have already stored the mysql root password in /root/.my.cnf

Here is how /root/.my.cnf looks like:

debian:~# cat /root/.my.cnf
[client]
user=root
password=a_secret_sql_password

Now hopefully, this would permanently solve SQL's 'failure to accept connections' due to too many connection errors for future.

Resolving “nf_conntrack: table full, dropping packet.” flood message in dmesg Linux kernel log

Wednesday, March 28th, 2012

nf_conntrack_table_full_dropping_packet
On many busy servers, you might encounter in /var/log/syslog or dmesg kernel log messages like

nf_conntrack: table full, dropping packet

to appear repeatingly:

[1737157.057528] nf_conntrack: table full, dropping packet.
[1737157.160357] nf_conntrack: table full, dropping packet.
[1737157.260534] nf_conntrack: table full, dropping packet.
[1737157.361837] nf_conntrack: table full, dropping packet.
[1737157.462305] nf_conntrack: table full, dropping packet.
[1737157.564270] nf_conntrack: table full, dropping packet.
[1737157.666836] nf_conntrack: table full, dropping packet.
[1737157.767348] nf_conntrack: table full, dropping packet.
[1737157.868338] nf_conntrack: table full, dropping packet.
[1737157.969828] nf_conntrack: table full, dropping packet.
[1737157.969928] nf_conntrack: table full, dropping packet
[1737157.989828] nf_conntrack: table full, dropping packet
[1737162.214084] __ratelimit: 83 callbacks suppressed

There are two type of servers, I've encountered this message on:

1. Xen OpenVZ / VPS (Virtual Private Servers)
2. ISPs – Internet Providers with heavy traffic NAT network routers
 

I. What is the meaning of nf_conntrack: table full dropping packet error message

In short, this message is received because the nf_conntrack kernel maximum number assigned value gets reached.
The common reason for that is a heavy traffic passing by the server or very often a DoS or DDoS (Distributed Denial of Service) attack. Sometimes encountering the err is a result of a bad server planning (incorrect data about expected traffic load by a company/companeis) or simply a sys admin error…

– Checking the current maximum nf_conntrack value assigned on host:

linux:~# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
65536

– Alternative way to check the current kernel values for nf_conntrack is through:

linux:~# /sbin/sysctl -a|grep -i nf_conntrack_max
error: permission denied on key 'net.ipv4.route.flush'
net.netfilter.nf_conntrack_max = 65536
error: permission denied on key 'net.ipv6.route.flush'
net.nf_conntrack_max = 65536

– Check the current sysctl nf_conntrack active connections

To check present connection tracking opened on a system:

:

linux:~# /sbin/sysctl net.netfilter.nf_conntrack_count
net.netfilter.nf_conntrack_count = 12742

The shown connections are assigned dynamicly on each new succesful TCP / IP NAT-ted connection. Btw, on a systems that work normally without the dmesg log being flooded with the message, the output of lsmod is:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
ip_tables 9899 1 iptable_filter
x_tables 14175 1 ip_tables

On servers which are encountering nf_conntrack: table full, dropping packet error, you can see, when issuing lsmod, extra modules related to nf_conntrack are shown as loaded:

linux:~# /sbin/lsmod | egrep 'ip_tables|conntrack'
nf_conntrack_ipv4 10346 3 iptable_nat,nf_nat
nf_conntrack 60975 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4
nf_defrag_ipv4 1073 1 nf_conntrack_ipv4
ip_tables 9899 2 iptable_nat,iptable_filter
x_tables 14175 3 ipt_MASQUERADE,iptable_nat,ip_tables

 

II. Remove completely nf_conntrack support if it is not really necessery

It is a good practice to limit or try to omit completely use of any iptables NAT rules to prevent yourself from ending with flooding your kernel log with the messages and respectively stop your system from dropping connections.

Another option is to completely remove any modules related to nf_conntrack, iptables_nat and nf_nat.
To remove nf_conntrack support from the Linux kernel, if for instance the system is not used for Network Address Translation use:

/sbin/rmmod iptable_nat
/sbin/rmmod ipt_MASQUERADE
/sbin/rmmod rmmod nf_nat
/sbin/rmmod rmmod nf_conntrack_ipv4
/sbin/rmmod nf_conntrack
/sbin/rmmod nf_defrag_ipv4

Once the modules are removed, be sure to not use iptables -t nat .. rules. Even attempt to list, if there are any NAT related rules with iptables -t nat -L -n will force the kernel to load the nf_conntrack modules again.

Btw nf_conntrack: table full, dropping packet. message is observable across all GNU / Linux distributions, so this is not some kind of local distribution bug or Linux kernel (distro) customization.
 

III. Fixing the nf_conntrack … dropping packets error

– One temporary, fix if you need to keep your iptables NAT rules is:

linux:~# sysctl -w net.netfilter.nf_conntrack_max=131072

I say temporary, because raising the nf_conntrack_max doesn't guarantee, things will get smoothly from now on.
However on many not so heavily traffic loaded servers just raising the net.netfilter.nf_conntrack_max=131072 to a high enough value will be enough to resolve the hassle.

– Increasing the size of nf_conntrack hash-table

The Hash table hashsize value, which stores lists of conntrack-entries should be increased propertionally, whenever net.netfilter.nf_conntrack_max is raised.

linux:~# echo 32768 > /sys/module/nf_conntrack/parameters/hashsize
The rule to calculate the right value to set is:
hashsize = nf_conntrack_max / 4

– To permanently store the made changes ;a) put into /etc/sysctl.conf:

linux:~# echo 'net.netfilter.nf_conntrack_count = 131072' >> /etc/sysctl.conf
linux:~# /sbin/sysct -p

b) put in /etc/rc.local (before the exit 0 line):

echo 32768 > /sys/module/nf_conntrack/parameters/hashsize

Note: Be careful with this variable, according to my experience raising it to too high value (especially on XEN patched kernels) could freeze the system.
Also raising the value to a too high number can freeze a regular Linux server running on old hardware.

– For the diagnosis of nf_conntrack stuff there is ;

/proc/sys/net/netfilter kernel memory stored directory. There you can find some values dynamically stored which gives info concerning nf_conntrack operations in "real time":

linux:~# cd /proc/sys/net/netfilter
linux:/proc/sys/net/netfilter# ls -al nf_log/

total 0
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ./
dr-xr-xr-x 0 root root 0 Mar 23 23:02 ../
-rw-r--r-- 1 root root 0 Mar 23 23:02 0
-rw-r--r-- 1 root root 0 Mar 23 23:02 1
-rw-r--r-- 1 root root 0 Mar 23 23:02 10
-rw-r--r-- 1 root root 0 Mar 23 23:02 11
-rw-r--r-- 1 root root 0 Mar 23 23:02 12
-rw-r--r-- 1 root root 0 Mar 23 23:02 2
-rw-r--r-- 1 root root 0 Mar 23 23:02 3
-rw-r--r-- 1 root root 0 Mar 23 23:02 4
-rw-r--r-- 1 root root 0 Mar 23 23:02 5
-rw-r--r-- 1 root root 0 Mar 23 23:02 6
-rw-r--r-- 1 root root 0 Mar 23 23:02 7
-rw-r--r-- 1 root root 0 Mar 23 23:02 8
-rw-r--r-- 1 root root 0 Mar 23 23:02 9

 

IV. Decreasing other nf_conntrack NAT time-out values to prevent server against DoS attacks

Generally, the default value for nf_conntrack_* time-outs are (unnecessery) large.
Therefore, for large flows of traffic even if you increase nf_conntrack_max, still shorty you can get a nf_conntrack overflow table resulting in dropping server connections. To make this not happen, check and decrease the other nf_conntrack timeout connection tracking values:

linux:~# sysctl -a | grep conntrack | grep timeout
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_established = 432000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close = 10
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30

All the timeouts are in seconds. net.netfilter.nf_conntrack_generic_timeout as you see is quite high – 600 secs = (10 minutes).
This kind of value means any NAT-ted connection not responding can stay hanging for 10 minutes!

The value net.netfilter.nf_conntrack_tcp_timeout_established = 432000 is quite high too (5 days!)
If this values, are not lowered the server will be an easy target for anyone who would like to flood it with excessive connections, once this happens the server will quick reach even the raised up value for net.nf_conntrack_max and the initial connection dropping will re-occur again …

With all said, to prevent the server from malicious users, situated behind the NAT plaguing you with Denial of Service attacks:

Lower net.ipv4.netfilter.ip_conntrack_generic_timeout to 60 – 120 seconds and net.ipv4.netfilter.ip_conntrack_tcp_timeout_established to stmh. like 54000

linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout = 120
linux:~# sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000

This timeout should work fine on the router without creating interruptions for regular NAT users. After changing the values and monitoring for at least few days make the changes permanent by adding them to /etc/sysctl.conf

linux:~# echo 'net.ipv4.netfilter.ip_conntrack_generic_timeout = 120' >> /etc/sysctl.conf
linux:~# echo 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000' >> /etc/sysctl.conf

How to permanently enable Cookies in Lynx text browser – Disable accept cookies prompt in lynx console browser

Wednesday, April 18th, 2012

lynx-text-browser-logo
The default behaviour of lynx console text browser on Linuces, BSD and other free OSes is to always ask, for the accept cookies prompt once an internet web page is opened that requires browser cookies to be enabled.

I should admin, having this "secure by default" (always ask for new cookies) behaviour in lynx was a good practice from a security point of view.

Another reason, why this cookies prompt is enabled by default is back in the days, when lynx was actively developed by programmers the websites with cookies support was not that many and even cookies was mostly required for user/pass authentication (all those who still remember this days the websites that requires authentication was a way less than today) …
With this said the current continuing security cautious behaviour in the browser, left from its old days is understandable.

Screenshot Google Accept cookies Lynx dialog FreeBSD

However I personally sometimes, need to use lynx more frequently and this behaviour of always opening a new website in text mode in console to prompts me for a cookie suddenly becomes a big waste of time if you use lynx to browser more than few sites. Hence I decided to change the default way lynx handles cookies and make them enabled by default instead.
Actually even in the past, when I was mainly using internet in console on every new server or home Linux install, I was again making the cookies to be permanently accepted.
Everyone who used lynx a few times already knows its "annoying" to all time accept cookie prompts … This provoked me to write this short article to explain how enabling of constant cookie accepting in lynx is done

To enable the persistent cookies in lynx, one needs to edit lynx.cfg on different GNU / Linux and BSD* distributions lynx.cfg is located in different directory.

Most of the lynx.cfg usual locations are /etc/lynx/lynx.cfg or /etc/lynx.cfg as of time of writting this post in Debian Squeeze GNU / Linux the lynx.cfg is located in /etc/lynx-cur/lynx.cfg, whether for FreeBSD / NetBSD / OpenBSD users the file is located in /usr/local/etc/lynx.cfg

What I did to allow all cookies is open lynx.cfg in vim edit and change the following lines:

a)

#FORCE_SSL_COOKIES_SECURE:FALSE

with

FORCE_SSL_COOKIES_SECURE:TRUE

b)

#SET_COOKIES:TRUE

uncomment it to:

SET_COOKIES:TRUE

c) next, change

ACCEPT_ALL_COOKIES:FALSE

ACCEPT_ALL_COOKIES:TRUE

Onwards opening any website with lynx auto-accepts the cookies.

lynx Always allowing from domain cookies Linux screenshot

Google in Bulgarian Lynx browser screenshot

For people who care about there security (who still browse in console (surely not many anymore)), permanently allowing the cookies is not a good idea. But for those who are ready to drop off little security for convenience its ok.