Adds research

research.mdwn

+[[!meta title="Research and tests"]]
+
+Raw list with things to try, research, evaluate develop and maybe deploy!
+
+## New stuff
+
+* [FOSS Services](/services)!
+* [isis' scripts](https://github.com/isislovecruft/scripts).
+* [gitly self-hosted](https://gitly.io).
+* https://shodan.io
+* https://keybase.io
+* https://en.wikipedia.org/wiki/Unikernel
+* https://eng.fromatob.com/post/2017/02/lets-encrypt-oauth-2-and-kubernetes-ingress/
+* https://stripe.com/blog/idempotency
+* https://github.com/gorhill/uMatrix
+* https://github.com/metabase/metabase
+* https://lede-project.org/start
+
+## Multimedia
+
+* [qsstv](https://packages.debian.org/jessie/qsstv)
+* mopidy/mpdris:
+  * plugins like https://packages.debian.org/stretch/mopidy-podcast
+  * https://packages.debian.org/jessie/mopidy
+  * https://github.com/acrisci/playerctl
+  * https://packages.debian.org/jessie/mpdris2
+  * https://packages.debian.org/stretch/mpris-remote
+
+## UI
+
+* firefox: automated config
+  * https://developer.mozilla.org/en-US/Firefox/Enterprise_deployment
+  * https://developer.mozilla.org/en-US/Add-ons/Installing_extensions
+  * https://wiki.mozilla.org/Deployment:Deploying_Firefox
+  * https://developer.mozilla.org/en-US/docs/MCD,_Mission_Control_Desktop_AKA_AutoConfig
+
+## Tor
+
+* ooniprobe, lepidopter.
+* onionpi (tor, hostapd, iptables).
+* onion smtp:
+  * https://www.void.gr/kargig/blog/2014/05/10/smtp-over-hidden-services-with-postfix/
+  * https://tech.immerda.ch/2016/12/ehlo-onion/
+  * https://github.com/riseupnet/onionmx
+
+## Security
+
+* bitmask and LEAP.
+* port knocking.
+* hardened systems: apparmor, gradm2, firejail, seccomp, etc.
+* sshd:
+  * https://stribika.github.io/2015/01/04/secure-secure-shell.html
+  * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60
+  * http://security.stackexchange.com/questions/64562/how-should-i-defend-against-zero-day-attack-on-ssh
+  * https://charlieharvey.org.uk/page/ssh_port_pros_and_cons
+* fuzzy testing: fusil, etc.
+* router: serial console to other boxes with dhe luks! :)
+* [Mailcap, HTML and AppArmor](http://www.justgohome.co.uk/blog/2014/02/mailcap-html-apparmor.html).
+* Increased security on smtp/imaps password storage:
+  * https://github.com/sup-heliotrope/sup/wiki/Securely-Store-Password
+  * http://serverfault.com/questions/149452/how-can-i-use-fetchmail-or-another-email-grabber-with-osx-keychain-for-authent
+  * http://mah.everybody.org/docs/mail/fetchmail_check
+* Enhanced shell:
+  * Add a counter-measure to prevent SSH timing attacks:
+    http://users.ece.cmu.edu/~dawnsong/papers/ssh-timing.pdf
+    http://www.slideshare.net/idsecconf/countermeasure-against-timing-attack-on-ssh-using-random-delay
+    http://www.scribd.com/doc/59628153/Timing-Analysis-of-Keystrokes-and-Timing-Attacks-on-SSH-Revisited
+
+## DevOps
+
+* [Simet](http://simet.nic.br).
+* auto start user screen sessions.
+* backups: snapshots with remote transfer support.
+* puppet:
+  * deploy: multiple module paths: https://docs.puppet.com/puppet/3.6/dirs_modulepath.html
+  * default modules as submodules from the bootstrap repository, custom modules closer to the config folder?
+* php7-fpm:
+  * https://serversforhackers.com/video/apache-and-php-fpm
+  * http://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu/
+
+    <FilesMatch \.php$>
+      SetHandler "proxy:unix:/run/php/php7.1-fpm.sock|fcgi://localhost:9000";
+    </FilesMatch>
+
+## Virtualization
+
+* kvm:
+  * kvm-manager improvements (systemd support, packaging, docs).
+  * env params.
+  * FDE using bootless image.
+
+## Smartphone
+
+* snoopsnitch.
+* mods: https://web.archive.org/web/20160402005909/https://people.torproject.org/~ioerror/skunkworks/moto_e/
+
+## Torrent
+
+Torrent workflow: torrent-maker, magnet2torrent and torrent-reseed:
+
+* http://wiki.rtorrent.org/MagnetUri
+* http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/
+* https://github.com/danfolkes/Magnet2Torrent
+* http://code.google.com/p/pyroscope/wiki/CommandLineTools
+* https://trac.transmissionbt.com/ticket/4176
+* http://wiki.rtorrent.org/MagnetUri
+* https://github.com/rakshasa/rtorrent/issues/212
+* saving/restoring `.meta` and `~/rtorrent/.session` files.
+* multiple instances: https://kernelwho.wordpress.com/2011/11/15/running-multiple-instances-of-rtorrent/
+
+    rtorrent -n -o import=/home/user/.rtorrent1.rc
+
+## Git
+
+* signed commits:
+  * check using gpgv?
+  * [Validating other keys on your public keyring](https://www.gnupg.org/gph/en/manual/x334.html)
+  * https://git-annex.branchable.com/tips/using_signed_git_commits/
+  * http://stackoverflow.com/questions/17371955/verifying-signed-git-commits
+  * https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
+* Push-to-deploy plugin:
+  * http://superuser.com/questions/230694/how-can-i-push-a-git-repository-to-a-folder-over-ssh
+  * https://devcenter.heroku.com/articles/git
+  * https://github.com/blog/1957-git-2-3-has-been-released (push-to-deploy)
+  * https://github.com/git/git/blob/v2.3.0/Documentation/config.txt#L2155
+  * http://stackoverflow.com/questions/1764380/push-to-a-non-bare-git-repository
+  * http://bitflop.com/tutorials/git-bare-vs-non-bare-repositories.html
+* Write a "git" interceptor:
+  * Check proper user/email config.
+  * Automatically set git-flow when initializing a repository.
+  * Automatically set git-hooks integration.
+  * Implement global hooks.
+  * Check remote configuration.
+  * Check hook tampering before doing anything in the repository.
+  * That can disable/mitigate hooks by changing permission and ownership on `~/.git/hooks`.