How to keep your macOS safe

1.  Systems Preferences > Software Update > Make sure it's up to date.
1. Also, click "Advanced" button and, at a minimum, make sure that the check box for "Check for updates" and "Install system data files and security updates" are enabled.
2. Anti-malware protection: At a minimum, install the free version of Malwarebytes: https://www.malwarebytes.com/mac-download/
1. Set a weekly reminder to manually run a scan. The purchased version can automatically scan.
3. To prevent Facebook from tracking you around the web. I recommend installing:
1. Firefox: https://www.mozilla.org/en-US/firefox/mac/
   
2. The Firefox Facebook Container browser extension: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
3. Optionally, you may also wish to install other Firefox-created browser extensions from: https://addons.mozilla.org/en-US/firefox/user/4757633/
1. Firefox Multi-Account Containers "lets you keep parts of your online life separated into color-coded tabs that preserve your privacy. Cookies are separated by container, allowing you to use the web with multiple identities or accounts simultaneously."
   
2. Firefox Relay which "lets you generate email aliases that forward to your real inbox. Use it to hide your real email address and protect yourself from hackers and unwanted mail."
4. To install an Ad-blocker, I recommend uBlock Origin. Install the browser extension in both
1. Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/
2. Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en
   
5. Verify that all currently running processes are legit. Run Objective-See's Task Explorer: https://objective-see.com/products/taskexplorer.html
1. Once running, use the top right corner filter "#nonapple" to remove Apple processes from the list.
2. Scroll through the top list and ensure that the process and, more importantly, the full path look familiar to you. Also, make sure the "virustotal" value for each entry is 0 or low. For example:
1. Chrome     0/75 virustotal
   /Applications/Google Chrome.app/...
2. Chrome Helper     0/74 virustotal
   /Applications/Google Chrome.app/...
3. Firefox     0/76 virustotal
   /Applications/Firefox.app/...
4. FrontendAgent     0/76 virustotal
   /Library/Application Support/Malwarebytes/...
5. plugin-container     0/76 virustotal
   /Applications/Firefox.app/...
6. RTProtectionDaemon     0/75 virustotal
   /Library/Application Support/Malwarebytes/...
7. SettingsDaemon     0/76 virustotal
   /Library/Application Support/Malwarebytes/...
3. If you see a process that you are unfamiliar with, Google it and try to determine if it's a program that you installed.
4. If you do not recall installing it, try to determine how to remove it.
6. Verify that all currently running processes are legit. Run Objective-See's Netiquette: https://objective-see.com/products/netiquette.html
1. Once running, scroll through the list and ensure that you are familiar with all of the processes.
2. If you see a process that you are unfamiliar with, see step #5.3-4
7. Verify that all currently running Kernel Extensions are legit. Run Objective-See's KextViewr: https://objective-see.com/products/kextviewr.html
1.  Follow steps #5.1-4.
8. Verify that all currently running Kernel Extensions are legit. Run Objective-See's KnockKnock: https://objective-see.com/products/knockknock.html
1. Once running, press the "Start Scan" button at the top.
2. Once finished scanning, click on the first section on the left sidebar.
1. For each section, scroll through the list on the right side.
2. Follow steps #5.2-4
3. Repeat for each section on the left sidebar.
9. If you know what to look for, some other Objective-See programs worth installing:
1. Lulu: https://objective-see.com/products/lulu.html
2. BlockBlock: https://objective-see.com/products/blockblock.html
3. ReiKey: https://objective-see.com/products/reikey.html
4. OverSight: https://objective-see.com/products/oversight.html
5. RansomeWhere?: https://objective-see.com/products/ransomwhere.html
6. Do Not Disturb: https://objective-see.com/products/dnd.html
   

How to install nginx-ts-module under CentOS 7

I have an encoder that outputs an HLS stream and I wanted NGINX to receive it.

I was unable to find a single page with complete step-by-step instructions so hopefully you find this useful.

1. For NGINX to accept an incoming HLS stream, you will need a 3rd-party module and, AFAIK, Arut's nginx-ts-module is only game in town. Click the green "Code" button and select "Download ZIP": https://github.com/arut/nginx-ts-module and decompress it.
   
2. Follow the following steps from: https://www.vultr.com/docs/how-to-compile-nginx-from-source-on-centos-7
1. Summary:
   Become root and enter:
   

   yum check-update || sudo yum update -y

   yum groupinstall -y 'Development Tools' && yum install -y vim

   yum install -y epel-release

   yum install -y perl perl-devel perl-ExtUtils-Embed libxslt libxslt-devel libxml2 libxml2-devel gd gd-devel GeoIP GeoIP-devel

3. Navigate to http://nginx.org/en/download.html and download the latest "Mainline" NGINX source code. Version 1.19.6 was the latest on 2021-Jan-5:
   

   wget http://nginx.org/download/nginx-1.19.6.tar.gz && tar zxvf nginx-1.19.6.tar.gz

4. NGINX depends on PCRE, zlib and OpenSSL libraries as per the NGINX compiling instructions: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#sources All the instructions I found online, recommend downloading the latest source code of those libraries and linking them to the NGINX build, however, this failed for me with the make error:
   /bin/ld: ../pcre-8.44/.libs/libpcre.a(libpcre_la-pcre_compile.o): relocation R_X86_64_32S against hidden symbol `_pcre_OP_lengths' can not be used when making a shared object
   /bin/ld: ../pcre-8.44/.libs/libpcre.a(libpcre_la-pcre_config.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../pcre-8.44/.libs/libpcre.a(libpcre_la-pcre_exec.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../pcre-8.44/.libs/libpcre.a(libpcre_la-pcre_fullinfo.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../pcre-8.44/.libs/libpcre.a(libpcre_la-pcre_jit_compile.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../pcre-8.44/.libs/libpcre.a(libpcre_la-pcre_study.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../zlib-1.2.11/libz.a(deflate.o): relocation R_X86_64_32S against hidden symbol `_length_code' can not be used when making a shared object
   /bin/ld: ../zlib-1.2.11/libz.a(inflate.o): relocation R_X86_64_32S against hidden symbol `zcfree' can not be used when making a shared object
   /bin/ld: ../zlib-1.2.11/libz.a(inftrees.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../zlib-1.2.11/libz.a(trees.o): relocation R_X86_64_32S against hidden symbol `_length_code' can not be used when making a shared object
   /bin/ld: ../zlib-1.2.11/libz.a(zutil.o): relocation R_X86_64_32 against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../zlib-1.2.11/libz.a(crc32.o): relocation R_X86_64_32S against `.rodata' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: ../zlib-1.2.11/libz.a(inffast.o): relocation R_X86_64_32S against `.rodata.str1.1' can not be used when making a shared object; recompile with -fPIC
   /bin/ld: final link failed: Nonrepresentable section on output
   collect2: error: ld returned 1 exit status
   make[1]: *** [nginx-1.19.6/nginx] Error 1
   make[1]: Leaving directory `/root/nginx-1.19.6'
   make: *** [build] Error 2
   I tried adding -fPIC to various places but I was unsuccessful. I wasn't able to get the following solutions to work: https://serverfault.com/a/831233
   https://stackoverflow.com/questions/48599572
   Instead, I installed the dev libraries from CentOS and EPEL with:
   

   yum -y install zlib-devel pcre-devel openssl-devel

5.  Navigate into the NGINX source directory, make sure it's properly extracted and look through the "configure" options
   

   cd ~/nginx-1.19.6; ls

   ./configure --help

6. I figured I should try to compile NGINX similar to how EPEL's NGINX binary is compiled. I suggest installing the EPEL NGINX for reference and for the install scripts to create the nginx user, group, ...
   Install NGINX and then run the following command to see it's compiled options:
   

   yum -y install nginx

   nginx -V

   nginx version: nginx/1.16.1
   built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
   built with OpenSSL 1.1.1c FIPS  28 May 2019 (running with OpenSSL 1.1.1g FIPS  21 Apr 2020)
   TLS SNI support enabled
   configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
   
7.  I modified this output to install the compiled version into a new directory: /opt/dave
   Change PREFIX, paths and BUILDDIR to suite your needs:
   ./configure --prefix=/opt/dave/usr/share/nginx \
               --sbin-path=/opt/dave/usr/sbin/nginx \
               --modules-path=/opt/dave/usr/lib64/nginx/modules \
               --conf-path=/opt/dave/etc/nginx/nginx.conf \
               --error-log-path=/opt/dave/var/log/nginx/error.log \
               --pid-path=/opt/dave/var/run/nginx.pid \
               --lock-path=/opt/dave/var/run/nginx.lock \
               --http-log-path=/opt/dave/var/log/nginx/access.log \
               --http-client-body-temp-path=/opt/dave/var/lib/nginx/tmp/client_body \
               --http-proxy-temp-path=/opt/dave/var/lib/nginx/tmp/proxy \
               --http-fastcgi-temp-path=/opt/dave/var/lib/nginx/tmp/fastcgi \
               --http-uwsgi-temp-path=/opt/dave/var/lib/nginx/tmp/uwsgi \
               --http-scgi-temp-path=/opt/dave/var/lib/nginx/tmp/scgi \
               --user=nginx \
               --group=nginx \
               --build=CentOS \
               --builddir=nginx-1.19.6 \
               --with-select_module \
               --with-poll_module \
               --with-threads \
               --with-file-aio \
               --with-http_ssl_module \
               --with-http_v2_module \
               --with-http_realip_module \
               --with-http_addition_module \
               --with-http_xslt_module=dynamic \
               --with-http_image_filter_module=dynamic \
               --with-http_geoip_module=dynamic \
               --with-http_sub_module \
               --with-http_dav_module \
               --with-http_flv_module \
               --with-http_mp4_module \
               --with-http_gunzip_module \
               --with-http_gzip_static_module \
               --with-http_auth_request_module \
               --with-http_random_index_module \
               --with-http_secure_link_module \
               --with-http_degradation_module \
               --with-http_slice_module \
               --with-http_stub_status_module \
               --with-http_perl_module=dynamic \
               --with-mail=dynamic \
               --with-mail_ssl_module \
               --with-stream=dynamic \
               --with-stream_ssl_module \
               --with-google_perftools_module \
               --with-stream_realip_module \
               --with-stream_geoip_module=dynamic \
               --with-stream_ssl_preread_module \
               --with-compat \
               --with-openssl-opt=no-nextprotoneg \
               --with-debug \
               --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' \
               --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' \
               --add-dynamic-module=../nginx-ts-module-master
   
8. If configure runs without error then build and install it:
   

   make

   make install

9. I renamed the new NGINX to differentiate it from the EPEL installed NGINX:
   

   cd /opt/dave/usr/sbin

   mv nginx nginx-1.19.6

10. NGINX will fail if the following directory isn't created:
    

    mkdir -p /opt/dave/var/lib/nginx/tmp/media
    chown -R nginx.nginx /opt/dave/var/lib/nginx
    

11. Backup the existing conf file:
    

    cd /opt/dave/etc/nginx

    cp nginx.conf{,.bak}

12. Use the following nginx.conf file to test HLS ingest:
    

    load_module /opt/dave/usr/lib64/nginx/modules/ngx_http_ts_module.so;

    worker_processes  1;

    events {

    }

    http {

        include       mime.types;

        default_type  application/octet-stream;

        sendfile        on;

        keepalive_timeout  65;

        server {

            listen       2935;

            server_name  localhost;location / {

                root   html;

            }

           location /publish/ {

                ts;

                ts_hls path=/opt/dave/var/lib/nginx/tmp/media/hls segment=10s;

                client_max_body_size 0;

            }

            location /play/ {

                types {

                    application/x-mpegURL m3u8;

                    application/dash+xml mpd;

                    video/MP2T ts;

                    video/mp4 mp4;

                }

                alias /opt/dave/var/lib/nginx/tmp/media/;

            }

            error_page   500 502 503 504  /50x.html;

            location = /50x.html {

                root   html;

            }

    }

    }

    
    
13. Test the newly compiled NGINX binary:
    

    /opt/dave/usr/sbin/nginx-1.19.6

14. Send a test from the same or another computer to NGINX with ffmpeg (either compile ffmpeg from source or use the following instructions taken from https://linuxize.com/post/how-to-install-ffmpeg-on-centos-7/):
    

    yum localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm
    yum -y install ffmpeg
    
    ffmpeg -re -i <Filename>.mp4 -bsf:v h264_mp4toannexb -c copy -f mpegts http://<FQDN or IP of NGINX>:<Port>/publish/<User-defined name> > /dev/null 2>&1 < /dev/null
    

15. To restart ffmpeg if it crashes and to prevent it from outputting to the console use the following (taken from: https://stackoverflow.com/a/16527559):
    
    #!/bin/bash
    while [ true ]; do
      ffmpeg -re -i <Filename>.mp4 -bsf:v h264_mp4toannexb -c copy -f mpegts http://<FQDN or IP of NGINX>:<Port>/publish/<User-defined name> > /dev/null 2>&1 < /dev/null
      sleep 0.1
    done
    
    
16. View the replublished HLS stream with VLC:
    http://<FQDN or IP of NGINX>:<Port>/play/hls/<User-defined name>/index.m3u8
17. If you're happy with it all, you may wish to make the new NGINX a service and start on boot.
    

Alternatively, if you're not interested in the above steps, there seems to be a 3rd-party pre-compiled package of the nginx-ts-module here: https://centos.pkgs.org/7/getpagespeed-x86_64/nginx-module-ts-1.18.0.0.1.1-2.el7.gps.x86_64.rpm.html

There also seems to be a Docker image here: https://hub.docker.com/r/2chat/nginx-ts-docker

Nimble installation steps on CentOS

Nimble installation steps on CentOS

Prep the server

lock down SSH: https://www.liberiangeek.net/2014/07/enable-ssh-key-logon-disable-password-password-less-logon-centos/
Maybe even install Port Knocking: https://www.cipherdyne.org/fwknop/
Remove unnecessary services
Update packages

vi /etc/ssh/sshd_config
yum install tcpdump lsof iftop
lsof -i -n
yum whatprovides /usr/libexec/postfix/master
yum remove postfix rpcbind
yum update
shutdown -r now; logout

Install Nginx

yum install epel-release
yum install nginx
systemctl start nginx
#How do you determine if you are running firewalld or iptables?
#Add nginx to firewalld
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
#or add nginx to iptables
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v
systemctl enable nginx

cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
vi /etc/nginx/nginx.conf
SSL Certs
vi /usr/share/nginx/html/sldp-embed.html

#if you want to create a free FQDN:
#1. register one with: https://www.dynu.com/en-US/
#2. install and use certbot: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx

yum install certbot python2-certbot-nginx
certbot --nginx
#make a remind about SSL cert renewals#confirm the cert is correctly installed: https://www.ssllabs.com/ssltest/analyze.html?d=<FQDN>&hideResults=on
#change nginx.conf to remove port 80

#Otherwise, to manually create a cert and use the customer's FQDN:
#Have the customer create an DNS A record
#and create an SSL Certificate Signing Request (CSR)

cd /etc/pki/tls/certs

#Create the openssl conf file:
vi cert.conf
[ req ]
default_bits = 2048
default_keyfile = FQDN.key
encrypt_key = no
prompt = no
distinguished_name = req_distinguished_name
req_extensions  = req_ext
[ req_distinguished_name ]
C = US
ST = New York
L = New York
O = Organization Name (eg, company)
OU = Dept
CN = FQDN
emailAddress = email@example.org
[ req_ext ]
subjectAltName = @alt_names
[alt_names]
DNS.1   = FQDN

openssl req -new -out FQDN.csr -config FQDN.conf
#Verify the CSR:
openssl req -noout -text -in sslcert.csr

openssl dhparam -out /etc/ssl/certs/ssl-dhparam.pem 4096
#Send the CSR.
#Once the signed certificate is received, install it on the Nimble server:

vi /etc/nginx/conf.d/ssl.conf
#Add:
server {
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    server_name server_IP_address;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;  # drop SSLv3 (POODLE vulnerability)
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
    }
#Check syntax errors:
nginx -t

#confirm the cert is correctly installed: https://www.ssllabs.com/ssltest/analyze.html?d=<FQDN>&hideResults=on

Install Nimble

vi /etc/yum.repos.d/nimble.repo
[nimble]
name=Nimble Streamer repository
baseurl=http://nimblestreamer.com/centos/7/$basearch
enabled=1
gpgcheck=1
gpgkey=http://nimblestreamer.com/gpg.key

yum makecache
yum install nimble nimble-srt
/usr/bin/nimble_regutil -u test@yourcompany.com -p mypassword  --run-as-normal-user
#figure out why can’t run as normal user

vi /etc/nimble/nimble.conf
port = 0
ssl_protocols = TLSv1 TLSv1.1 TLSv1.2

ssl_port = 41443
ssl_certificate = /conf/cert/default.crt
ssl_certificate_key = /conf/cert/default.key

service nimble start
#Get the latest version of the SLDP player: https://softvelum.com/player/web/

curl -o sldp-v2.13.3.min.js https://softvelum.com/player/releases/sldp-v2.13.3.min.js
vi /usr/share/nginx/sldp-embed.html

<!DOCTYPE html>

<html>

  <head>

    <script src="sldp-v2.13.3.min.js"></script>

  </head>

  <body style="margin: 0; padding: 0; height: 100%; position: absolute; width: 100%;">

    <div id="player-wrp" style="width: 100%; height: 100%;"></div>


    <script type="text/javascript">

        var curURL = new URL(window.location.href);

        var streamUrl = curURL.searchParams.get("stream") || '';

        var sldpPlayer = SLDP.init({

          container:           'player-wrp',

          stream_url:          streamUrl,

          autoplay:            true,

          pause_timeout:        0,

          buffering:            100,

          width:               'parent',

          height:              'parent'

        });

    </script>

  </body>
</html>

 

Configure Nimble via WMSPanel

https://wmspanel.com/ > Nimble Streamer > Live Stream Settings > Global

Disable HLS and DASH
Only enable SLDP
Add MPEGTS In and out

Set SRT custom parameters
passphrase
pbkeylen

Test!

https://<Nimble server>/sldp_embed.html?stream=wss://<Nimble server>:<Nimble port>/<Nimble app>/<Nimble Stream>

Have fun!

Recommendations for finding a cheap place to stay in NYC

When trying to find a reasonably priced place to stay in NYC, Airbnb and similar sites are probably your best bet.

Since NYC is such a popular destination, make sure to book very far in advance. It’s the same problem trying to find cheap accommodation in other top tourist destinations like Paris.

Whether you are searching hotels or apartments, check the surrounding Manhattan areas like Brooklyn, Queens, New Jersey, Bronx, Staten Island, … that are close to subway/train/ferry lines so the commute is shorter.

Check out Kayak.com for hotel prices but also use their Heat Map feature to help you find the right place: https://www.kayak.com/New-York-Hotels.15830.hotel.ksp#hotelHeatMap

Also try opaque booking sites like: Priceline’s Name Your Price and Hotwire’s Hot Rate but make sure you use the name your price feature and make the price very low! 😁

Hotel Tonight app can also get you hotel deals but I think it only works 1 or 2 days ahead.

 

Good luck and let me know if you have any other suggestions or if anything worked for you!

Family-friendly NYC Restaurant Recommendations

List updated 2019-Dec-28:

On Aug 16, 2017, a coworker wrote:

Going to NYC next week with family.  Can you recommend some good casual restaurants for lunch/dinner.  Thanks.

My response:

First, I’d recommend installing the Yelp app if you don’t already have it. Whenever you need a recommendation of Coffee, Pizza, Mexican, Burgers, Ice Cream, or really anything… Yelp is great resource to immediately tell you where the closest/best place is.

Second, try to make reservations whenever possible because wait times can be long. However, since there are so many great places, I wouldn’t bother waiting anywhere over 30 mins and just go somewhere else just as good. Call or use https://www.opentable.com/, https://reserve.com/, https://resy.com/, ...

Third, I just went through my list of 100s of places I've eaten and there’s so many good ones that it's difficult to make a small list but here goes. You’ll notice that I bolded 3 of my top restaurant recommendations because they are NYC unique experiences: Stardust, Black Tap and Sammy’s Roumanian Steakhouse.

Theatre District/Times Square area:

• Stardust is a diner near Broadway where all of the staff break out in broadway show tunes. It’s the only place on this list I haven’t been but I’ve heard good things about it. A friend, his wife and his 3 kids were just in town last week and they recommend it as well! https://www.yelp.com/biz/ellens-stardust-diner-new-york 
• Junior’s in Times Square for the full-on diner vibe and get the Cheesecake. 2 locations: https://www.yelp.com/biz/juniors-restaurant-and-cheesecake-new-york and https://www.yelp.com/biz/juniors-new-york-7 
• Carmine’s for Italian food served family style (big plates to share): https://www.yelp.com/biz/carmines-times-square-new-york 
• Burger & Lobster: Only 3 things on the menu: A burger, a whole lobster or a lobster roll. Each one $20: https://www.yelp.com/biz/burger-and-lobster-new-york-3 and a Flatiron location see below.

Midtown East:

• 2nd Ave Deli for that typical NYC Jewish/Snowdon Deli vibe - https://www.yelp.com/biz/2nd-ave-deli-new-york 
• Urbanspace Vanderbilt is just next to Grand Central and is a food court with local and high quality vendors: https://www.yelp.com/biz/urbanspace-vanderbilt-new-york-2

Midtown West:

• Black Tap: Amazing burgers and insane milkshakes: https://www.yelp.com/biz/black-tap-craft-burger-and-beers-new-york also have West Village, and SoHo locations (see below) 
• Friedman’s for lunch near Penn Station: https://www.yelp.com/biz/friedmans-new-york-59

Flatiron (Around 23rd Street), Madison Square Park:

• Eataly is a fun Italian market with different speciality counters and restaurants like pizza/pasta, charcuterie, seafood, … and a rooftop restaurant: https://www.yelp.com/biz/eataly-new-york-8 
• Burger & Lobster: Only 3 things on the menu: A burger, a whole lobster or a lobster roll. Each one $20: https://www.yelp.com/biz/burger-and-lobster-new-york and a Times Square location see above.

Chelsea:

• Chelsea Market is very convenient to the High Line, thus very touristy but it does have some great restaurants and shops including some amazing tacos but the taco spot always has a long line: https://www.yelp.com/biz/chelsea-market-new-york 
• Coppelia is a great 24/7 Cuban spot: https://www.yelp.com/biz/coppelia-new-york

West Village:

• Black Tap: Amazing burgers and insane milkshakes: https://www.yelp.com/biz/black-tap-craft-burgers-and-beer-new-york-2 also have Midtown West and SoHo locations (see above and below)

East Village:

• Veselka 24/7 Great Ukrainian diner https://www.yelp.com/biz/veselka-new-york 
• Vanessa’s Dumpling House - try the dumplings and sesame pancakes: https://www.yelp.com/biz/vanessas-dumpling-new-york and they also have a Chinatown location (see below). 
• Cafe Mogador Delicious Moroccan food: https://www.yelp.com/biz/cafe-mogador-new-york

SoHo:

• Black Tap: Amazing burgers and insane milkshakes: https://www.yelp.com/biz/black-tap-craft-burgers-and-beer-new-york also have Midtown West and West Village locations (see above and below)

Lower East Side (LES):

• Sammy’s Roumanian Steakhouse a delicious taste of jewish Eastern Europe with a really fun and unique atmosphere with live singing and dancing: https://www.yelp.com/biz/sammys-roumanian-steakhouse-new-york 
• Katz’s Deli for their massive pastrami sandwich - the NYC equivalent to Schwartz’s. https://www.yelp.com/biz/katzs-delicatessen-new-york Then go for gelato right across the street here: 
• Il laboratorio del gelato with over 30 amazing gelato flavors! https://www.yelp.com/biz/il-laboratorio-del-gelato-new-york  
• New Territories with Hong Kong-style waffle cones and insane milkshakes: https://www.yelp.com/biz/new-territories-new-york 
• Soft Swerve with ube (purple yam) soft serve! https://www.yelp.com/biz/soft-swerve-new-york-2

Chinatown:

• Buddha Bodai Kosher Vegetarian Restaurant - delicious Chinese food with 2 locations buried in the heart of Chinatown: https://www.yelp.com/biz/buddha-bodai-kosher-vegetarian-restaurant-new-york and https://www.yelp.com/biz/buddha-bodai-kosher-vegetarian-restaurant-new-york-4 
• Vanessa’s Dumpling House - try the dumplings and sesame pancakes: https://www.yelp.com/biz/vanessas-dumpling-house-new-york-2 and they also have an East Village location (see above). 
• Taiyaki has a HK-style waffle made into a fish with custard filling (may also have crazy long lines): https://www.yelp.com/biz/taiyaki-nyc-new-york

There are so many more places so if you are interested in a specific cuisine: Mexican, or even 'Cuban Chinese' or 'Brazilian Sushi' (those are real cuisines and not just a modern fusion restaurant) ask Yelp or don’t hesitate to ask me about restaurants or anything else in NYC.

Have a great time and let me know how it goes.

Sent email Auto Responder AppleScript for Mail.app

After a long hiatus, I'd like to share something I worked on today.

A friend of mine who uses Apple Mail sent out a lot of emails and wanted an easy way to send an additional email to all of them.

I searched the 'net but couldn't find anything that would precisely work for his scenario. I tried building a workflow with Automator but it doesn't seem to have the necessary actions. In the process, I realized that AppleScript is powerful enough. So I taught myself AppleScript and wrote my first script. Don't hesitate to contact me if you have any suggestions.

To use this script:

1. Launch Apple's Mail.app
2. Disable your email signature because it may overwrite the email contents.
3. Select the "Sent" emails that you wish to respond to the same recipients.
4. Modify the below code as desired, most importantly, theContent variable for the body of the email that you wish to send.
5. Click AppleScript Editor's "Run" button.

Below is the code and as always, IN NO EVENT SHALL I BE LIABLE FOR WHAT YOU DO WITH IT :-)

tell application "Mail"
    -- Make sure to follow steps #1 and #2
    set theSelection to selection
    if theSelection is {} then return
    activate
    repeat with thisMessage in theSelection
        tell thisMessage
            -- For each sent message selected, get the "To:" field
            set recipientAddress to {address} of its recipients
            -- Equivalent of hitting the "Reply" button
            set theOutgoingMessage to reply thisMessage with opening window
        end tell
        -- If you do not wait half a second then the message body might not get written.
        delay 0.5
        tell theOutgoingMessage
            -- Delete the "To" field because replying to your own sent email will
            -- auto-populate the "To" field with your own email address.
            set address of to recipients to ""
       -- This will automatically set the "To" field to the person you want to reply to      
       -- This script will fail if the original email has a CC, BCC, or multiple TO recipients.
            make new recipient at end of to recipients with properties {address:recipientAddress}
            -- If you wish, prepend some text to the subject.
            set subject to "Additional info " & subject
            -- Most important part of this script!!!
            -- This will be your email response so CHANGE the contents below
            set theContent to "Hi," & return & return & "I just wanted to followup my previous email with some additional very important information." & return & return & "Please take note of this very important information and, if desired, please take action." & return & return & "Thanks again." & return & return & "Best Regards," & return & "The Important Info Messenger."
            set content to theContent
            -- Uncomment this line to automatically send the email
            -- send theOutgoingMessage
        end tell
    end repeat
end tell

Recover Deleted Files

Many years ago I accidentally deleted a lot of files on a Linux ext2 partition. At the time, there were no decent data recovery tools for ext2 filesystems available. So, I put the drive in an electrostatic protective bag and stored it in a safe place. Fast forward to the present, there is still nothing for Linux as good as Ontrack's EasyRecovery Professional. However, there is The Sleuth Kit, an amazing set of file and volume system forensic analysis tools. It is the best tool for data recovery because you can non-intrusively access deleted files. Surprisingly, there is no batch recover for deleted data. So, I wrote recoup.pl, a perl script to recursively extract every deleted file. Point it at a directory and it will automatically reconstruct as much as Sleuth Kit's fls and icat commands will let it.

Customize any and every webpage!

First get the GreaseMonkey Firefox extension.
Then write your own script or install some of the hundreds available at UserScripts.org.

Here are my recommendations:
User Scripts Search Sorting - With Install Rate improves the sorting on userscripts.org making it easier to find scripts. Use it to toggle between 'install rate' or 'installs'

After a secure login gmail defaults to HTTP so I got tired of manually switching it back into HTTPS. Secure-em-All automagically secures many webmail sites.

Sourceforge Direct Links saves time with direct download links from sourceforge projects. But save yourself some time and do not install either cleaner layout scripts because they no longer work.

Download Video allows you to download videos from youtube, gvideo, and myspace.

Textarea Backup w/Restore Buttons automatically backs up the text you type so you'll never accidentally loose another email. It has a restore button so it's better than the script that automatically restores text [when you do not want it to].

You'll find tons more for the sites you use and dont worry you can turn greasemonkey or any script on/off with a click of a button.

View the source before you install each script just to verify it doesnt do anything sketch and I hope you find it as useful as I do.

Google Developer Day 2007 in Beijing

here is my take on the interesting parts of Google Developer Day's English speakers at the Beijing, China session.

The Keynote speaker, Narayanan Shivakumar, Engineering Director, talked about Google's hardware, software, and basically described the building blocks they've developed for all their services and APIs. He mentioned the Sitemaps Protocol which allows you to inform search engines about URLs on your website.

Jon Trowbridge, gave a very "exciting" talk about Linux and OSS. He mentioned that google has built a free project hosting site.

Mike Schroepfer, Mozilla's vice president of engineering, talked about some cool Firefox 3 features: work offline mode, better bookmarking, and SQL Lite for full-text and image history indexing.
He discussed two very useful web development tools:
Firebug, an add-on that allows html, javascript, and css editing for on-the-fly debugging and also, web page optimizing to see which elements are taking the longest to load.
Aptana IDE, a web IDE developed by a start-up that has taken eclipse + firebug + firefox to create a very cool webdev app

Guido van Rossum, the author of Python, introduced it and gave a glimpse of what to expect in Python 3000. Also, he mentioned his favorite web framework for python was django.

Bob Lee, the co-author of Guice gave a technical talk on the use of Google's internal Java dependency injection framework.

there are pictures available

and if you haven't seen google maps new street view check it out!

I would have preferred to hear more of the technical talks but they were given by the Chinese speakers.

Nevertheless, it was an interesting day...

Keep your files secure

Use Truecrypt to protect your confidential data. It is secure, easy to use, open source, and free! First create a virtual encrypted disk, mount it, and then simply put your files in it as you would any regular directory.

However, to be even safer, copy the sensitive data to the TrueCrypt folder and then secure delete the original file. In Windows, use Eraser to securely move the file. Eraser is also easy to use, open source, and free!

In Linux, use wipe. Under Debian and Ubuntu, just 'aptitude install wipe' to begin having fun!

If you require the destruction of all hard disk data beyond forensic recovery then the best solution is to run the drive's internal secure erase command. This can only be accomplished on ATA/IDE drives with the free Disk Drive Secure Erase program or on any type of drive with EDT's Digital Shredder.

All other software overwrite programs take 8x as long and can not erase reassigned user blocks. If this acceptable then I recommend the free and open source DBAN program. Get DBAN and many essential utilities on the Ultimate Boot CD, a freely downloadable boot CD.

Secure your email and chat

to send and receive secure encrypted email use
http://www.hush.com/

to securely chat over MSN, Google, AIM and many other IMs use pidgin
[formely gaim] download it here
http://www.pidgin.im/download/windows/

then download the OTR windows 3.2.0 plugin
http://www.cypherpunks.ca/otr/#downloads

and for help setting up OTR, follow these steps
http://www.cypherpunks.ca/otr/win-install/otr-setup.html

View blocked websites

To circumvent internet filters you must use a web proxy.

The best way to do this is to use the tor network.
tor, is free, opensource and developed by the EFF, so it's trustworthy and safe to use.
http://tor.eff.org/index.html.en

tor on its own is tricky to setup so i recommend a very easy to use package called vidalia which installs tor and other necessary apps.

http://www.vidalia-project.net/download.php

this will installed tor, privoxy, and the tor button for firefox.

once installed, filter-free surfing is as simple as clicking the'Tor Enable' text button in the bottom right corner of firefox.

if you dont already surf with firefox, download it here

http://www.mozilla.com/en-US/firefox/

if you need to install the tor button then download it here

https://addons.mozilla.org/en-US/firefox/addon/2275

Get IE running under WINE

To get IE running under WINE, everyone links to the script on the ies4linux site. Problem is the site is down and there is no mirror! The solution is to use the Way Back Machine's link to tatanka.com.br/ies4linux/downloads/
Also, ies4linux leaves ~/.wine alone. So you have to reinstall your windows apps using ies4linux's ~/bin/ie[6|5] or move ~/.ies4linux to your old wine directory.

How to move Picasa photos to another partition

To free up some space, I wanted to move my Picasa photos from one drive to another. Unfortunately, there's no easy way to do this within Picasa and if you do it manually you'll loose your Albums and the metadata that links each photo with its backup in the Originals directory.

So in Windows Explorer, create an empty folder on the new drive. In Picasa, mark it "Scan Always" in Tools > Folder Manager. Then in Windows Explorer, copy an image [preferably one that has not been modified] from the old folder to the new one. Picasa will automagically add this photo and the new directory with show up under Folders on the left sidebar. Now in Picasa, you can select all the remaining photos in the old folder and move them to the new one. Thus preserving Albums and precious metadata!

free and essential mac os x software

A list of the freely downloadable Mac software that I use on a daily basis.

web: Camino is Firefox but nicer looking and faster.
However, I also use Firefox because of it's many useful add-ons.
check out: adblock, greasemonkey, and nukeAnything
office: NeoOffice is OpenOffice but nicer looking.
video: play most video formats with VLC, mplayer,
or if need be use RealPlayer or Windows Media Player
p2p: standard bittorrent client or feature-rich azureus BT client
aMule for Donkey2k network and
Poisoned for old school Gnutella G1, G2, and limewire networks
chat: multi-protocol chat client adium
voip: skype defacto internet voice app
mp3: iEatBrainz will automagically fix bad or unlabeled id3 tags.
games: macMame download some ROMs for some old school fun
remote: CotVNC great VNC client
Vine Server a VNC server to remotely control your mac
utility: MissingMediaTools is great for burning CD/DVDs when the builtin apps dont work
HandBrake to convert DVDs
unix: 1000s of unix apps, all very easily installable with fink.
viewer: Chmox will open MS .chm help files
volunteer: use your mac to help find medical cures by running Folding at Home
to make it run automatically go to:
system prefs > Accounts > login items > and add.