chkrootkit – Linux rootkit scanner

What it does : Find rootkits
Where to find it : in your distribution – or on

# install whatever way you want
apt-get install chkrootkit
# That's about all you need.

Malware protection

Option 1: ISPProtect – 90 euro / year but worth it.
Where to find it :

Step #1: Get a licence

Step #2: Download and install and run

#/tmp is what's indicated on ISPProtect site as first instruction
#Obviously you won't leave it here forever 🙂
cd /tmp
tar xzf ispp_scan.tar.gz
#and you're nearly done.

Then indicate your key number or trial if you want a trial version.
Indicate /var/www to start the scan on the web installs.

It will then generate reports as follow:

After the scan is completed, you will find the results also in the following files:
Malware => /usr/local/ispprotect/found_malware_20170228201238.txt
Wordpress => /usr/local/ispprotect/software_wordpress_20170228201238.txt
Joomla => /usr/local/ispprotect/software_joomla_20170228201238.txt
Drupal => /usr/local/ispprotect/software_drupal_20170228201238.txt
Mediawiki => /usr/local/ispprotect/software_mediawiki_20170228201238.txt
Contao => /usr/local/ispprotect/software_contao_20170228201238.txt
Magentocommerce => /usr/local/ispprotect/software_magentocommerce_20170228201238.txt
Woltlab Burning Board => /usr/local/ispprotect/software_woltlab_burning_board_20170228201238.txt
Cms Made Simple => /usr/local/ispprotect/software_cms_made_simple_20170228201238.txt
Phpmyadmin => /usr/local/ispprotect/software_phpmyadmin_20170228201238.txt
Typo3 => /usr/local/ispprotect/software_typo3_20170228201238.txt
Roundcube => /usr/local/ispprotect/software_roundcube_20170228201238.txt
Shopware => /usr/local/ispprotect/software_shopware_20170228201238.txt
Mysqldumper => /usr/local/ispprotect/software_mysqldumper_20170228201238.txt
Starting scan level 1 ...

Step #3: The cron job

0 * * * * root	/usr/local/ispprotect/ispp_scan --update && /usr/local/ispprotect/ispp_scan --path=/var/www --email-results=EMAIL --non-interactive --scan-key=KEY
#crontab -e to get there

Option 2: Maldet – free which you can find at this place

tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2/
vi /usr/local/maldetect/conf.maldet
#then you have to run more config stuff - go check the doc.

Voice and IOT

Amazon Echo, Alexa, Google Home, Apple HomePod and Siri (and Microsoft Cortana) are all fighting to control the voice market. While they get full respect for doing so, I am not gonna say I am particularly trusting any of these companies to provide us with the best level of privacy, service and control over what we do with our devices and how is the data used.

Therefore I am compiling here some resources which I’ll probably update as we go on interesting DIY tools to build similar devices.


Cool tutorials

1. LaraAdmin

GitHub :


2. Backpack

3. Voyager


4. CRUD Booster

5. Quick Admin

6. Z-Song

7. appzcoder

8. SleepingOwlAdmin


On Code Canyon – Paid stuff


#adspiration is a series of post where I store interesting ads campaign for the purpose of documenting and referencing how we communicate ideas and concepts

The following is an a series of print ads realised for Maxi Media – around the topic – “everything age fast”

Youtube Vintage Ad

Youtube Vintage Ad

Youtube Vintage Ad


Skype Vintage Ad

Skype Vintage Ad

Skype Vintage Ad


Twitter Vintage Ad

Twitter Vintage Ad

Twitter Vintage Ad


Facebook Vintage ad


Facebook Vintage ad

Facebook Vintage ad



#adspiration is a series of post where I store interesting ads campaign for the purpose of documenting and referencing how we communicate ideas and concepts











It is an original piece from Bre Pettis and Kio Stark – under Creative Common.

For me it is a reminder that done is better than perfect, and no matter how creative you want to be there is a point where actual delivery matter more than potential awesomeness .

Here it is:

The Cult of Done Manifesto

  1. There are three states of being. Not knowing, action and completion.
  2. Accept that everything is a draft. It helps to get it done.
  3. There is no editing stage.
  4. Pretending you know what you’re doing is almost the same as knowing what you are doing, so just accept that you know what you’re doing even if you don’t and do it.
  5. Banish procrastination. If you wait more than a week to get an idea done, abandon it.
  6. The point of being done is not to finish but to get other things done.
  7. Once you’re done you can throw it away.
  8. Laugh at perfection. It’s boring and keeps you from being done.
  9. People without dirty hands are wrong. Doing something makes you right.
  10. Failure counts as done. So do mistakes.
  11. Destruction is a variant of done.
  12. If you have an idea and publish it on the internet, that counts as a ghost of done.
  13. Done is the engine of more.


The Cult of Done




Here are three myths about WordPress that really annoy the sh*t out of me because they are just so outrageously outdated and so misinformed that it 100% piss me off to still hear such BS said in meetings – especially when it comes from the IT guy in a company.

However, I know it is counter-productive to shout at people for things they do not know, especially when they act out of lack of knowledge and are just repeating what some other uninformed person told them – so I thought it would be better for me to write about it and email it calmly to people (while pressing that “Send” button with rage…)

#1 WordPress is just a blog

Right, until 2004 WordPress used to be a blog only platform – They have introduce pages in 2005 more than 10 years ago.


Breaking news: Technology is evolving.

Like your phone used to be attached to a wall with a cable and you could barely hear the sound properly when doing oversee call, today you can watch videos on it and literally switch on the air conditioning with it.


This is called progress… Deal with it.

#2 Wordpress does not work with high traffic

(Variant : WordPress does not work with more than XXXX users.)

Nope Nope Nope.

I don’t even know how not to curse on this one, but let’s try to keep cool and explain:

WordPress like any other piece of software on the web is running on a piece of hardware, commonly called a server – usually provided by a hosting company.

Server room

A server room – natural habitat of sysadmins

This server has a certain capacity – defined by its processor and its RAM and its configuration – the more horsepower you put into the thing, the more you can handle traffic/users/hits/etc.

End of story.

Today you will find more and more WordPress websites running with 10 millions hits per month.


Brands working with WordPress include major high-traffic websites like :

  • TED
  • Techcrunch
  • Time magazine
  • CNN espagnol
  • NewYork post
  • USA Today
  • Quartz
  • etc.

You can go and check by yourself the list of VIP sites that are using WordPress here.

Actually, the biggest is probably running a version of WordPress multi-site, with close to 6 millions blogs, and it’s working pretty damn fast.

If your WordPress site doesn’t work fast enough – then what you need a decent server and a sysadmin who knows what he is doing.

#3 – WordPress isn’t secured



Riiiiight… Compared to … what?

See, security is one of these things everyone like to talk about as if they knew anything about it.

WordPress, just like anything in the digital world, has security flaws which are fixed regularly since it benefits from a massive community providing feedback and regular checks and code updates.

Security flaws are a thing since the internet is around, and they are still a thing – and this include other CMS like Drupal, Joomla and others, as well as very secured systems like Unix and Linux and unsurprisingly Windows OS…

I mean, come on ! Yahoo and LinkedIn (just to name these two) were hacked not so long ago… And no, they did not use WordPress.

Security online is like security on the road : there is not such thing as 100% security and car accidents can always happen – so you need to be careful and monitor the road, but it really help to use a recent car that is properly well taken care of.

That’s why proper configuration and implementation of security best practice is what will make your site secure, not your CMS.

It is like saying which car is more secured – BMW or Volkswagen – it makes no sense. It is how you drive and the traffic you will be into much more than the brand of your car.


A CMS job is to help you manage your content online – and WordPress is doing a great job at it.

For everything else, you will need to use the proper tools to get it. Performance and security require to deploy the know-how to keep your stuff safe and fast, and it can be achieved on WordPress or any other piece of software out there.

So next time you hear these things said in a meeting, please forward them this article.




“It ain’t as bad as you think. It will look better in the morning.”

“Get mad, then get over it.”

“Avoid having your ego so close to your position that when your position falls, your ego goes with it.”

“It can be done.”

“Be careful what you choose: You may get it.”

“Don’t let adverse facts stand in the way of a good decision.”

“You can’t make someone else’s decisions. You shouldn’t let someone else make yours.”

“Check small things.”

“Share credit.”

“Remain calm. Be kind.”

“Have a vision. Be demanding.”

“Don’t take counsel of your fears or naysayers.”

“Perpetual optimism is a force multiplier.”




It first published in 1989 in Parade Magazine.



I am posting this here as a reference material. It’s 100% worth a read but this is not an endorsement or a personal piece of opinion nor an analysis. 

No representation or warranty, express or implied, with respect to the completeness, accuracy, fitness for a particular purpose, or utility of these materials or any information or opinion contained herein. Actual mileage may vary. Any resemblance to actual people, living or dead, or events, past, present or future, is purely coincidental. Batteries not included. Do not eat. Not a toy. Read at your own risk.