•  Create, update, delete your applications and bookmarks directly from the app using built-in GUI editors
•  Pin your favourite items to the homescreen for quick and easy access
•  Integrated search bar with local filtering, 11 web search providers and ability to add your own
•  Authentication system to protect your settings, apps and bookmarks
•  Dozens of options to customize Flame interface to your needs, including support for custom CSS, 15 built-in color themes and custom theme builder
•  Weather widget with current temperature, cloud coverage and animated weather status
•  Docker integration to automatically pick and add apps based on their labels

Docker Run & Docker Compose

Flame:

docker run -p 5005:5005 -v /path/to/data:/app/data -e PASSWORD=flame_password pawelmalak/flame

version: '3.6'

services:
  flare:
    image: soulteary/flare
    restart: always
    # 默认无需添加任何参数，如有特殊需求
    # 可阅读文档 https://github.com/soulteary/docker-flare/blob/main/docs/advanced-startup.md
    command: flare
    # 启用账号登陆模式
    # command: flare --nologin=0
    # environment:
      # 如需开启用户登陆模式，需要先设置 `nologin` 启动参数为 `0`
      # 如开启 `nologin`，未设置 FLARE_USER，则默认用户为 `flare`
      # - FLARE_USER=flare
      # 指定你自己的账号密码，如未设置 `FLARE_USER`，则会默认生成密码并展示在应用启动日志中
      # - FLARE_PASS=your_password
      # 是否开启“使用向导”，访问 `/guide`
      # - FLARE_GUIDE=1
    ports:
      - 5005:5005
    volumes:
      - ./app:/app

docker-compose up -d

Flare:

docker run --rm -it -p 5005:5005 -v `pwd`/app:/app soulteary/flare

version: '3.6'

services:
  flame:
    image: pawelmalak/flame
    container_name: flame
    volumes:
      - /path/to/host/data:/app/data
      - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration
    ports:
      - 5005:5005
    secrets:
      - password # optional but required for (1)
    environment:
      - PASSWORD=flame_password
      - PASSWORD_FILE=/run/secrets/password # optional but required for (1)
    restart: unless-stopped

# optional but required for Docker secrets (1)
secrets:
  password:
    file: /path/to/secrets/password

docker-compose up -d

powershell -Command "iwr https://fly.io/install.ps1 -useb | iex"

# fly.toml file generated for broken-brook-3157 on 2023-02-26T19:11:40-08:00
app = "51flare"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[build]
  image = "soulteary/flare:0.3.1"
[env]
[mounts]
  source="flare_data"
  destination="/app"
[experimental]
  auto_rollback = true
[[services]]
  http_checks = []
  internal_port = 5005
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"
  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80
  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443
  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

Usage

Flame:

/settings

/applications

/

Authenticated user has access to:

• all apps
• all categories
• all bookmarks
• all editors
• all settings

Guest user has access to:

• all apps set to public (homescreen - only pinned, apps - all public apps)
• all categories set to public (homescreen - only pinned, bookmarks - all public categories)
• all bookmarks set to public (homescreen/bookmarks - only if parent category is set to public)
• Theme and App sections of settings

Flare:

/editor

/config

/guide

/help


Test Performance using Google Chrome Lighthouse:

Flame

 

PS C:\Users\netsec> fly auth login
Opening https://fly.io/app/auth/cli/c41ccd9759be02c0a0dd2d2a096d58 ...
Waiting for session... Done
successfully logged in as [email protected]
PS C:\Users\netsec>
PS C:\Users\netsec>
PS C:\Users\netsec> flyctl launch
Creating app in C:\Users\netsec
Scanning source code
Could not find a Dockerfile, nor detect a runtime or framework from source code. Continuing with a blank app.
? Choose an app name (leave blank to generate one):
? Choose an app name (leave blank to generate one):
? Select Organization: 51Sec (51sec)
Some regions require a paid plan (fra, maa).
See https://fly.io/plans to set up a plan.
? Choose a region for deployment: Toronto, Canada (yyz)
Created app broken-brook-3157 in organization 51sec
Admin URL: https://fly.io/apps/broken-brook-3157
Hostname: broken-brook-3157.fly.dev
Wrote config file fly.toml
PS C:\Users\netsec> notepad fly.toml
PS C:\Users\netsec> fly volumes create flame_data --size 1

PS C:\Users\netsec> notepad fly.toml
PS C:\Users\netsec> fly launch
An existing fly.toml file was found for app broken-brook-3157
App is not running, deploy...
==> Building image
Searching for image 'soulteary/flare:0.3.1' remotely...
image found: img_0lq747o9nd5v6x35
==> Creating release
--> release v2 created
--> You can detach the terminal anytime without stopping the deployment
==> Monitoring deployment
Logs: https://fly.io/apps/broken-brook-3157/monitoring
 1 desired, 1 placed, 1 healthy, 0 unhealthy [health checks: 1 total, 1 passing]
--> v0 deployed successfully
PS C:\Users\netsec>

Use notepad to edit fly.toml file, which was generated by "flyctl launch" command. 

# fly.toml file generated for flare51 on 2023-02-26T20:00:01-08:00
app = "flare51"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[build]
  image = "pawelmalak/flame"
[env]
  PASSWORD = "flame"
[experimental]
  auto_rollback = true
[mounts]
  destination = "/app/data"
  source = "flame_data"
[[services]]
  http_checks = []
  internal_port = 5005
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"
  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80
  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443
  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

Videos

• ? Easy to record daily/weekly plan
• ? Convenient to record some whimsical ideas
• ? You can write your reflections by hand
• ?️ Sometimes it can replace the "file transfer assistant" often used on WeChat, the memo of the mobile phone
• ? You can create your own lightweight "card" notebook

•  Open source and free forever
•  Support for self-hosting with Docker in seconds
•  Plain textarea first and support some useful Markdown syntax
•  Set memo private or public to others
•  RESTful API for self-service
•  Embed memos on other sites using iframe
•  Hashtags for organizing memos
•  Interactive calendar view
•  Easy data migration and backups

Deploy with Docker Run Command

lsof -i:5230  #Check if tcp port 5230 occupied by other application. 

docker run -d --name memos -p 5230:5230 -v ~/.memos/:/var/opt/memos neosmemo/memos:latest

Deploy Using Docker Compose File

• vi docker-compose.yaml 

• docker-compose down && docker image rm neosmemo/memos:latest && docker-compose up -d

1 flyctl auth login

2 flyctl launch

This command creates a fly.toml file.

3 Edit your fly.toml

# fly.toml file generated for memos

app = "memos_example"                                               # change to whatever name you want if the name is not occupied
kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[build]
  image = "hu3rror/memos-fly:latest"                                # Do not change unless you build your own image

[env]
  DB_PATH = "/var/opt/memos/memos_prod.db"                          # do not change

  # Details see: https://litestream.io/guides/backblaze/
  LITESTREAM_REPLICA_BUCKET = "your_bucket_name"                    # change to your litestream bucket name
  LITESTREAM_REPLICA_ENDPOINT = "s3.us-west-000.backblazeb2.com"    # change to your litestream endpoint url
  LITESTREAM_REPLICA_PATH = "memos_prod.db"                         # keep the default or change to whatever path you want

[mounts]
  source="memos_data"                                               # change to your fly.io volume name
  destination="/var/opt/memos"                                      # do not change

[experimental]
  allowed_public_ports = []
  auto_rollback = true

[[services]]
  http_checks = []
  internal_port = 5230                                              # change to port 5230
  processes = ["app"]
  protocol = "tcp"
  script_checks = []
  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

[build]
  image = "hu3rror/memos-fly:latest"

[env]
  DB_PATH = "/var/opt/memos/memos_prod.db"  # do not change
  LITESTREAM_REPLICA_BUCKET = "<filled_later>"  # change to your litestream bucket name
  LITESTREAM_REPLICA_ENDPOINT = "<filled_later>"  # change to your litestream endpoint url
  LITESTREAM_REPLICA_PATH = "memos_prod.db"  # keep the default or change to whatever path you want

flyctl volumes create memos_data --region <your_region> --size <size_in_gb>

For example:

flyctl volumes create memos_data --region hkg --size 1

[mounts]
  source="memos_data"
  destination="/var/opt/memos"

[[services]]
  internal_port = 5230

4 flyctl deploy

Videos

Azure AD Connect lets you synchronize users, groups, and credential between an on-premises AD DS environment and Azure AD. You typically install Azure AD Connect on a Windows Server 2016 or later computer that's joined to the on-premises AD DS domain.

To correctly work with SSPR writeback, the account specified in Azure AD Connect must have the appropriate permissions and options set. If you're not sure which account is currently in use, open Azure AD Connect and select the View current configuration option. The account that you need to add permissions to is listed under Synchronized Directories. The following permissions and options must be set on the account:

• Reset password
• Write permissions on lockoutTime
• Write permissions on pwdLastSet
• Extended rights for "Unexpire Password" on the root object of each domain in that forest, if not already set.

If you don't assign these permissions, writeback may appear to be configured correctly, but users encounter errors when they manage their on-premises passwords from the cloud. When setting "Unexpire Password" permissions in Active Directory, it must be applied to This object and all descendant objects, This object only, or All descendant objects, or the "Unexpire Password" permission can't be displayed.

To set up the appropriate permissions for password writeback to occur, complete the following steps:

1. In your on-premises AD DS environment, open Active Directory Users and Computers with an account that has the appropriate domain administrator permissions.

2. From the View menu, make sure that Advanced features are turned on.

3. In the left panel, right-select the object that represents the root of the domain and select Properties > Security > Advanced.

4. From the Permissions tab, select Add.

5. For Principal, select the account that permissions should be applied to (the account used by Azure AD Connect).

6. In the Applies to drop-down list, select Descendant User objects.

7. Under Permissions, select the box for the following option:

   • Reset password

8. Under Properties, select the boxes for the following options. Scroll through the list to find these options, which may already be set by default:

   • Write lockoutTime
   • Write pwdLastSet

   

9. When ready, select Apply / OK to apply the changes.

10. From the Permissions tab, select Add.

11. For Principal, select the account that permissions should be applied to (the account used by Azure AD Connect).

12. In the Applies to drop-down list, select This object and all descendant objects

13. Under Permissions, select the box for the following option:

    • Unexpire Password

14. When ready, select Apply / OK to apply the changes and exit any open dialog boxes.

When you update permissions, it might take up to an hour or more for these permissions to replicate to all the objects in your directory.

Password policies in the on-premises AD DS environment may prevent password resets from being correctly processed. For password writeback to work most efficiently, the group policy for Minimum password age must be set to 0. This setting can be found under Computer Configuration > Policies > Windows Settings > Security Settings > Account Policies within gpmc.msc.

If you update the group policy, wait for the updated policy to replicate, or use the gpupdate /force command.

One of the configuration options in Azure AD Connect is for password writeback. When this option is enabled, password change events cause Azure AD Connect to synchronize the updated credentials back to the on-premises AD DS environment.

To enable SSPR writeback, first enable the writeback option in Azure AD Connect. From your Azure AD Connect server, complete the following steps:

1. Sign in to your Azure AD Connect server and start the Azure AD Connect configuration wizard.

2. On the Welcome page, select Configure.

3. On the Additional tasks page, select Customize synchronization options, and then select Next.

4. On the Connect to Azure AD page, enter a global administrator credential for your Azure tenant, and then select Next.

5. On the Connect directories and Domain/OU filtering pages, select Next.

6. On the Optional features page, select the box next to Password writeback and select Next.

   

7. On the Directory extensions page, select Next.

8. On the Ready to configure page, select Configure and wait for the process to finish.

9. When you see the configuration finish, select Exit.

3. Enable password writeback for SSPR

To enable password writeback in SSPR, complete the following steps:

1. Sign in to the Azure portal using a Hybrid Identity Administrator account.

2. Search for and select Azure Active Directory, select Password reset, then choose On-premises integration.

3. Check the option for Write back passwords to your on-premises directory .

4. (optional) If Azure AD Connect provisioning agents are detected, you can additionally check the option for Write back passwords with Azure AD Connect cloud sync.

5. Check the option for Allow users to unlock accounts without resetting their password to Yes.

6. 

   If there is an error, it might relate to the insufficent privilege or license AAD P1 or P2. 

7. When ready, select Save.

Videos

References

• Enable Azure Active Directory self-service password reset writeback to an on-premises environment
• How does self-service password reset writeback work in Azure Active Directory?

从 2022 年 11 月 24 日开始，您闲置的 Always Free 计算实例可能会停止。 详细了解此过程以及如何重启您的实例。 您还可以随时升级您的帐户以避免中断。

仅限未付费的免费套餐帐户。Idle Always未付费免费套餐帐户的免费资源可以随时回收，恕不另行通知。回收包括停止或终止等操作。

Idle Compute Instances

NeverIdle Github Project Method to Keep it

1 install dependencies

You might need to install wget and screen those two applications:

Based on your OS ,  this is command

• yum install -y wget screen
• apt install -y wget screen

2 Download script

# AMD Server

• wget https://github.com/layou233/NeverIdle/releases/download/0.1/NeverIdle-linux-amd64 -O NeverIdle

# ARM Server

• wget https://github.com/layou233/NeverIdle/releases/download/0.1/NeverIdle-linux-arm64 -O NeverIdle

3 Change file permission

• chmod 777 NeverIdle

4 Run Command

• screen -R baohuo

./NeverIdle -c 2h1m2s -m 2 -n 4h

-c : for cpu consumption. every 2 hour 1 minute 2 second (format is 2h1m2s), it will waste CPU once

-m : enable memory occupation. 2 means 2GB

-n : execute once to waste network for Ookla Speed Test. It will show the output on your screen.

5 Detaching and Reattaching screen session

Detach: Ctrl + a + d

Reattach: screen -r

Other screen commands:

• Ctrl + a and c â€“ Open a new screen window.
• Ctrl + a and " â€“ List all open windows.
• Ctrl + a and 0 â€“ Switch to window 0 (or any other numbered window).
• Ctrl + a and A â€“ Rename the current window.
• Ctrl + a and S - Split the screen horizontally, with the current window on top.
• Ctrl + a and | - Split the screen vertically, with the current window on the left.
• Ctrl + a and tab â€“ Switch focus between areas of the split screen.
• Ctrl + a and Ctrl + a â€“ Switch between current and previous windows.
• Ctrl + a and n â€“ Switch to the next window.
• Ctrl + a and p â€“ Switch to the previous window.
• Ctrl + a and Q â€“ Quit all other windows except the current one..
• Ctrl + a and X â€“ Lock the current window.
• Ctrl + a and H â€“ Create a running log of the session.
• Ctrl + a and M â€“ Monitor a window for output (a notification pops up when that window has activity).
• Ctrl + a and _ - Watch a window for absence of output (such as when a file finishes downloading or a compiler finishes).

Other Methods to Keep Your Idle Resources

Shell Scripts

• curl https://keeporacle.pages.dev/ -o keeporacle.sh && chmod +x keeporacle.sh && ./keeporacle.sh
• or
• wget https://keeporacle.pages.dev/ -O keeporacle.sh && chmod +x keeporacle.sh && ./keeporacle.sh

Source：https://hostloc.com/thread-1131732-1-1.html

lookbusy

• lookbusy -c 50 # 占用所有 CPU 核心各 50%
• lookbusy -c 50 -n 2 # 占用两个 CPU 核心各 50%
• lookbusy -c 50-80 -r curve # 占用所有 CPU 核心在 50%-80% 左右浮动
• lookbusy -c 0 -m 128MB -M 1000 # 每 1000 毫秒，循环释放并分配 128MB 内存
• lookbusy -c 0 -d 1GB -b 1MB -D 10 # 每 10 毫秒，循环进行 1MB 磁盘写入，临时文件不超过 1GB

Calculate Pi

• nohup echo "scale=99999999;4*a(1)" | bc -lq > /dev/null &
• nohup cpulimit -l 30 -p 22489 >/dev/null &
• scale那个代表小数点后的位数，数越大计算时间越长
• -l 那里可以控制cpu使用率0-200
• -p 那里写程序的PID，通过top命令查找，或者 ps -aux | grep bc

Source：https://hostloc.com/thread-1131769-1-1.html

Netwrix Effective Permissions Reporting Tool

Netwrix Effective Permissions Reporting Tool is excellent freeware for basic needs. While it misses out on many of the more comprehensive functions included in similar software, it does help admins ensure compliance on a user-by-user basis.

With Netwrix Effective Permissions Reporting Tool, admins can search a user or group throughout their entire IT infrastructure. The tool then generates a permissions report for an active directory or file share, including how users gained access, that can be exported as an HTML file. This information, though much more limited than reports generated by other tools, allows admins to guard against excessive user permissions by making sure they only have the appropriate permissions for their roles at the company.

Microsoft tool - AccessEnum

As there’s no built-in way to quickly view user accesses to a tree of directories or keys, Microsoft Windows SysInternals tools may come handy. AccessEnum is one of SysInternals tools which gives you a full view of your file system and Registry security settings in seconds, and provides a table view of all permissions on your file share or registry. However, you can export only to .txt format, which is rather complicated to read. If you want the information in .xls format, you’ll need to copy it from the .txt file manually.

Other tools I did quick test

Scripts

Here is a quick powershell one liner commands to export the NTFS permissions for a root folders or with Sub folders, or folders and files.

For folders:

Get-Childitem -path z:\ -recurse | Where-Object {$_.PSIsContainer} | Get-ACL| Select-Object Path -ExpandProperty Access | Export-CSV C:\Temp\Ntfs_Subfolders.csv

For Folders and Files

Get-Childitem -path z:\ -recurse | Get-ACL| Select-Object Path -ExpandProperty Access | Export-CSV C:\Temp\Ntfs_Subfolders.csv

Another script to export folder permission:

References

• Export folder permission using PowerShell
• https://renjithmenon.com/export-folder-and-sub-folder-permissions-to-csv/