Vade Mecum

When I was learning Unix in the early nineties I struggled with the syntax of commands at the console. To help myself learn, every time I “discovered” a new command, I'd record it so I had a known good starting point the next time I needed something similar. For years I kept it as a text file in ~/etc, but when I discovered wiki's I moved it to a wiki page so I could more easily get to it from anywhere.

Inspired by Chris Horvath, who taught me the phrase vade mecum or “go with me” in Latin, it has now been updated and moved here.

To make it quick and easy to use, create an function in your .bashrc which looks like this:

vade () { curl --silent | grep $1 | awk 'BEGIN {FS="</?(code|WRAP|WRAP indent)>"} /ode><WRAP/ {print $2"\n\t-- "$4}' | egrep -i --color "(${1}|$)"; }

And then you can search the page, for any keyword, from the command line:

# vade <keyword>

See also: In the Beginning was the Command Line

sudo -u _www rsync -avz --delete-excluded --exclude "/data/cache/?/**" --exclude "/data/index/**" --exclude "/data/tmp/captcha/*/*.cookie" ~/Sites/

Makes a local copy of a DokuWiki site without all the cache files (but with the directories which are required to run locally).

nettop -m tcp -t wifi -d -p java -p httpd

Provides a top-like view of network traffic. Shows only TCP traffic on WiFi interfaces from processes named “java” or “httpd”.

nc -z 80-90

Scan ports 80 to 90 on host to see if they are listening and report.

tar jcvf --exclude='data/tmp' --exclude='data/cache'

Backup a DokuWiki document root but exclude temp and cache files. Note that excludes are relative paths from the point of the directory being backed up, so we're excluding '' & ''.

osascript -e 'display notification "Bind is not responding." with title ""'

Displays a macOS notification (can change it to an alert by setting the type of alert for “Script Editor” in “System Preferences - Notifications”.

flaunt() { egrep --color "($1|$)"; }

Bash function (eg. for ~/.bash_profile) to highlight any matching text.
Usage: apt-cache –names-only search redis | flaunt ^redis

curl -s | python -m json.tool

Retrieve cluster health from an Elastic Search node and pretty print the JSON result using Python.

defaults write IncludeInternalDebugMenu 1

Enable the Debug menu in Safari. You can use “Debug – Media Flags – Disable Inline Video” to stop vides from autoplaying.

pip install jupyter --user python 

Install the Python package Jupyter using PIP. This works even though jupyter has dependencies which require upgrading the builtin macOS setuptools (which aren't upgradable because of SIP).

gpg --armor --export | pbcopy

Export my GnuPG public key and add it to the paste buffer (so I can cmd-v it somewhere else).

sudo easy_install pip

How to best install PIP on macOS.

wget --quiet  -O - | hxclean | hxselect div#62.toggle-table | hxselect -ic span.time-text | hxremove i | awk -v W=13 -v P=14 '{print $W", "$P}' 

Download a web page to stdout, select only the HTML within the div with id “62.toggle-table”, print the content within the spans with a class of “time-text”, remove all the italics elements and print out the 13th and 14th items on the remaining text list.

wget --quiet  -O - | hxclean | hxselect div#62.toggle-table | hxpipe | awk -F\- '/[0-9]mins / {print $2}'

Download a web page to stdout, select only the HTML within a particular div and then convert the HTML to an easier format to use awk on.

wget --quiet  -O - | hxnormalize -x | hxselect div#62.toggle-table | hxaddid span.time-text | hxselect -ic span.time-text | hxprune -x -c "" | hxselect -ic p

Download a web page to stdout, number all the spans with a class of “time-text” and pull out the text within the span's with a class of “time-text”

find . -name "*jpg" -size +1M -exec mogrify -geometry 1024x1024 {} \;

Find all files ending in *jpg which are greater than 1MB in size and resize them so that the longest dimension is 1024.

zip -r /tmp/ web/

Recursively zip the contents of web/* into a file called

find uploads -type f | zip /tmp/ -@

Zip the list of files that come from standard in.

awk 'BEGIN {FS="/?(code|WRAP>)"}  {print $0}' 

Sets the field delimiter (same as awk -F) to a regular expression which matches code> or /code> or WRAP> or /WRAP>

egrep --color "(foo|$)" 

Passes through all lines (doesn't filter anything out) but colors any instance of “foo”.

( echo quit; sleep 1 ) | telnet localhost 25

Ghetto expect script, types “quit” once you've connected to port 25 of localhost.

( echo 131d; echo wq ) | ex ~/.ssh/known_hosts

Delete line 131 from the known_hosts file.

 /usr/platform/sun4u/sbin/prtdiag -v

Prints hardware info

 2>&1 (or &>)

(Ba|k)sh redirect stderr to stdout

 :(){ :|:& };:

A Bash fork bomb. Unless per user resource limits are in place (eg. ulimit -u 100) it will DOS a machine.

 :g/^ *$/+1 s/^ *[^ ]/&lt;p>&/

[vim] Put a &lt;p> at the beginning of every paragraph

 :set fileformat=unix

[vim] Converts DOS end of line markers to Unix style

 <div align=right>last updated 08 may 2000</div>

Aligns text on the right side

 <meta http-equiv="refresh" content="5; URL=">

Redirect browser to after 5 seconds


[T]csh redirect stderr to stdout

 Acquire::http::Proxy "http://ipofproxyserver:port";

apt.conf line for apt through a proxy.

 CpMac -pr /Applications/iPhoto /Users/adam/Applications

[mac] Copies the iPhoto directory correctly with all resource forks and meta data preserved (requires the developer tools to be installed and you need /Developer/Tools in your path).


Grants all permissions to all tables of all databases inside a MySql server to the user “root” from any host.

 MvMac /Applications/iPhoto /Users/adam/Applications

[mac] Moves the iPhoto directory correctly with all resource forks and meta data preserved (requires the developer tools to be installed and you need /Developer/Tools in your path).

 SetFile -a V /foo/bar/

[mac] Make folder /foo/bar invisible., you must use the 6 digit Xtra number with a 01 at the end of it

How to POP mail off Xtra


Good US Robotics modem init string


US Robotics modem init string, solves: CONNECT 28800/V34/NONE

 Internet History.{FF393560-!C2A7-11CF-BFF4-444553540000} 

Create this folder under “C:\Windows\Start Menu”, this will create a folder which shows all the IE URLS visited.

 airport --scan

[mac] Prints out the relevant info for all the currently available wireless access points (essid, encryption, channel, signal, bssid etc). There are other useful options as well (-x gives the output in XML) but the command lives in /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources so add it too your path or link it somewhere.

 append = "floppy=thinkpad apm=on"

lilo command for apm support with default debian kernel

 append = "mem=128M"

lilo command for forcing memory detection

 append="ether=12,0x300,eth0 ether=15,0x340,eth1"

sample lilo config

 apt-cache search pgp

searches for packages called pgp

 apt-cache show ssh

prints package info

 apt-get --compile source <packagename>

downloads, compiles and installs

 apt-get -d install ssh

just downloads package

 apt-get update; apt-get dist-upgrade

upgrade debian

 awk '/DAILY/ {x=$0;next } {print x,$0}'

Puts line matching /DAILY/ into $x, then skips to the next line and prints $x followed by the next line. Useful for generating reports when each log entry spans two lines. Eg. line 1 and 2 get merged into line 1, and line 3 and 4 get merged into line 2 etc. (from Shannon)

 awk '/searchfor/ {print}'  or  awk '!~/don'tsearchfor/ {print}'

How to do searches with awk.

 awk '\!/^#|^$/ {print $1}' virtusertable 

Print lines which don't start with a # or aren't an empty line

 awk '{ if (($1<=2103) && ($2>=2103)) print $0}' findit4


 awk '{i++$3} END {print i}' checkers.sep22

How to do “wc -l” with awk?

 awk -F, '{if (/\@/) {print $1} else {print $1""}}' /tmp/xmascard


 awk '{printf "%-30s\t%s\n", $1,$2}'

Prints $1 in a left justified 30 column wide field, then a tab, then $2.

 boot: linux init=/bin/bash 

to get to root without the root password

 boot: linux root=/dev/hda1 emergency

To get a prompt off the rescue disk

 cadaver -t

Connect to your Apple iDisk via a WebDav commandline tool (available via Fink).

 cat /var/spool/mail/luser | formail -s sendmail -oi luser@new.address


 cat spoolfile | formail -s procmail

splits to single message for handling by procmail

 cat spoolfile | formail -s sendmail -v -t -odq 

resends mail.

 catman -w -M <man-page-directory>

rebuilds catman index under solaris

 cd /usr/share/ssl/certs; make slapd.pem

Make a self-signed certificate for slapd (see OpenSsl for long way).

 cd /var/lib/mailman; rm archives/public/listname; bin/arch listname

this will rebuild the archives

 cd /var/mail; for i in *; do echo cat $i | formail -s sendmail -v -oi $; done

When mail gets delivered on the wrong server due to a mess up this is a life saver. For every file in /var/mail it feeds the file to formail (part of procmail), which then feeds splits the file into seperate email messages and feeds them into sendmail one at a time. Sendmail only delivers the mesesage to the person listed on the commandline but leaves the headers of the message intact so it appears corrrect to the user when it arrives.

 cd sourcedir ; tar cf - . | (cd targetdir; tar xvpf - )

Moves data from sourcedir to targetdir using tar to preserve permissions etc.

 certtool i newrootcert.crt k=X509Anchors

[mac] Adds newrootcert.crt to ~/Library/Keychains/!X509Anchors, very useful for adding non-standard root certificates (ie. CaCert). This makes changes effective for your user. To make changes take effect globally you should copy /System/Library/Keychains/!X509Anchors to ~/Library/Keychains/, run certtool and then copy it back. Remember to restart applications for changes to take effect ( more information).

 chvt 1

force change to virtual terminal 1 (good way to exit X before suspending)

 ci -t/dev/null -u *

Check in all files in the current directory with no message (saves being prompted for a message for each file).

 co -r1.6 -l

Restore version 1.6 of RCS controlled file

 convert filename.jpg iptc:-

Print IPTC data from filename.jpg to standard out.

 convert source.jpg -thumbnail '100x100>' -bordercolor white -border 50 -gravity center -crop 100x100+0+0 thumb.jpg

Converts source.jpg to a square thumbnail 100×100 (if the image was not square to start with then the top/bottom or left/right is padded with a white border).

 cpu -w usermod -c "Adam Shand" -s /bin/bash adam

CPU is a LDAP aware clone of the user/add/mod/del commands, -w means prompt for the password on the command line and the rest of the arguments are very similar to user* tools. The majority of the config can go into /etc/cpu.conf

 curl -C - -O

Download the file to a local name which matches the remote name, and if the download is interupted figure out automatically the offset at which to resume.

 curl -B "ldap://,dc=org??sub?uid=adam"

Prints the results of a sub search for any entry which matches “uid=adam”

 curl -B "ldap://ldap{1,2},dc=org??sub?uid=adam"

Queries ldap1 and and prints the results of a sub search for any entry which matches “uid=adam”

 curl -B "ldap://,dc=org?uid?sub?(uid=*a*)"

Prints out the uid of any entry which as uid value that matches “*a*”.

 date --date "30 mins ago" 

prints date thirty minutes ago

 date --date "7 days" +%s

Prints the date 7 days from now in unix time (could also do –date “7 days ago”).

 dd if=/dev/zero of=/dev/hda bs=446 count=1

Clear the MBR (master boot record) of /dev/hda without harming the partition table (change 446 to 515 to delete the MBR and the partition table).

 dd if=/dev/zero of=/tmp/file bs=1024 count=2048

Create a 2MB file by pumping 2048 1k blocks into /tmp/file.

 dd if=/tmp/rescue.bin of=/dev/fd0 bs=512 

to copy a disk image onto a floppy

 defaults write _FXShowPosixPathInTitle -bool YES

Show full path in Finder window.

 defaults write persistent-others -array-add '{ "tile-data" = { "list-type" = 1; }; "tile-type" = "recents-tile"; }'; killall Dock

[mac] Configures a new dock item which allows you to see recent apps/docs/volumes/servers or favorite items in a stack. You can run it multiple times to get multiple icons.

 defaults delete FocusFollowsMouse

[mac] (panther) Revert focus follow mouse back to normal off setting by deleting the change.

 defaults write -g NSUmask 18

[mac] Change the default umask for a user (effects finder and everything), “18” is “022” in decimal so remember to do the octal/decimal conversion.

 defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin true

[mac] Keeps drives mounted after logout and before login.

 defaults write MinimumHTMLFontSize 18

[mac] Set a minimum font size for HTML email messages in (from Hawk Wings)

 defaults write /Library/Preferences/ LoginHook /path/to/

[mac] Runs (as root) every time a user authenticates to the Login Window (see Bombich for more details).

 defaults write FocusFollowsMouse -string YES

[mac] (panther) Set focus follow mouse for your terminal windows.

 defaults write AskHotPlugAction true

[mac] Make iPhoto ask if it should open automatically when media is inserted (can also be changed via Image Caputure's preferences)

 dh-make-perl --build --cpan Mail::Audit

Download from CPAN and build deb package of Perl module

 dig axfr @localhost

how to get a zone transfer from a server with dig

 dig . ns > /etc/bind/db.root

Update Bind's root hints file in Debian.

 diskutil info disk0

[mac] Shows harrdware information on the primary disk.

 diskutil disableJournal /Volumes/iShand

[mac] Disables the HFS+ journal on the device mounted at /Volumes/iShand (in this case my iPod so it can be mounted up under Linux). You can do this with the GUI “Disk Utility” applicaiton as well but it's a hidden option, hold down option before clicking the “File” menu and you will see an option to disable the journal.

 ditto --rsrc -V foo/ /backup/foo

[mac] Copy the contents of foo to another directory, preserving resource forks by copying them to } files. Very useful for backing up AppleOsx files to a non-Mac NFS server.

 ditto --rsrc -v -c -z foo/ /backup/foo.cpio.gz

[mac] Recursively copy the contents of and the resource forks into a compressed CPIO archive.

 dns-sd -B _workstation._tcp

[mac] Uses mDNS to get a list of all machines on the current subnet.

 dscacheutil -flushcache

[mac] (Leopard) Flushes the DNS cache so you can pick up changes (before Leopard was lookupd).

 dpkg --ignore-depends

eg. if you manually make apache and then want to install a debian package which requires apache

 dpkg --set-selections hold 'filename'

puts a package on hold

 dpkg-repack wterm

builds wterm_xxx.deb from installed files

 dpkg-scanpackages . /dev/null | gzip -c > Packages.gz

Create a Packages.gz file

 dpkg-reconfigure --priority=low debconf

Reconfigure a Debian system to ask you any configuration a package may want to know (by default it only asks you important questions)

 du -sk * | gawk '{ i=i+$1; print i"\t ["$1"] "$2 } END {print "total\t"i}'

Run du with a cumulative space total.

 dump 0f - / | ( cd /new ; restore rf - ) 

copies one disk to another

 e2label /dev/hda1 /foo

Labels /dev/hda1 as “/foo” which can then be used instead of the raw device in /etc/fstab to label things. Without the label name it prints out the value of any existing label.

 echo "FOO"  > /dev/fd/2

Output FOO to stderr (standard error).

 echo "aes: inital checkin" | ci -u foo.txt

Checks in foo.txt using the contents of the echo for the log message.

 echo "foo bar baz" | sed 's/^.*bar \(.*$\)/\1/'

Only prints what is after “bar ” (so just outputs “baz”).

 echo "foo bar" | perl -pe 's/foo/BAZ/'

Takes standard in (from echo in this case) and replaces all instances of “foo” with “BAZ”.

 echo "foo" | ssh "cat > /tmp/foo.txt"

Creates a file on ronin called /tmp/foo.txt with the contents of standard in using SSH as transport.

 echo -e "F A I L E D  to push nis files to ${desthost}" >&2

writes to stderr

 egrep -v "^(#| *$)" /etc/syslog.conf  

gets rid of all comment lines or blank lines

 enscript -i4 -r -2 filename   

(ascii –> postscript 2 pages/page)

 exportfs -i -v -o anon=0 /

[netapp] Gives everything mount rw/root perms

 fdisk /mbr

Reset the MBR (master boot record). This doesn't clear the MBR it restores it to a factory default (or something like that??).

 fetchmail -c -u larry      

checks (but does not retrieve or delete messages for (-k keeps on server)

 ffmpeg -i frame.%06d.ppm -b 3000 movie.mp4

Convert a bunch of ppm files into a MP4 movie.

 find . | perl -pe "s/[^\/]*\//---|/g"

Display directory tree.

 find . -print | cpio -pmd /path/to/dest

Copy files with cpio (assumes you're in the directory you wish to copy from)

 find / -perm -4000 -o -perm -2000 -type f -ls 

(finds SUID/GUID files)

 find / -type f -perm +111 -print | xargs file | grep '[QZ]MAGIC'

Finds a.out executables

 find / -type f \( -name "bar*" -not -regex ".*snapshot/.*" \) -ls

Search for all files which match “bar*” and the path doesn't contain “.snapshot”. Very useful for finding stuff on NetworkAppliance volumes.

 find / -type f \( -name core -o -name dead.letter \) -atime +7 -mtime +7 -exec rm -f {} \;

Search the entire drive for files called “core” or “dead.letter” which are older then 7 days and delete them.

 find /path/to/dir -inum 23455 -print

Where 23455 is the inode you are looking for

 find /var/spool/mqueue -atime +8 -exec rm {} \;


 find `pwd` -maxdepth 1

Prints out all the files in the current directory with their full path (this works too: ls -d1 `pwd`/*).

 find foo -maxdepth 3 -type f \( -name ".env*" -not -regex ".*snapshot/.*" \) -exec rm -fv {} \;

Starting at the foo directory, recurse down three directory levels looking for any files whose name matches .env but which do not have .snapshot in their path (useful for netapps).

 for i in $(IFS=" "; grep -h '\[\[\!tag ' ~/svnroot/ikiwiki/*/*mdwn | sed -e 's/\[\[\!tag //' -e 's/]]//' ); do echo $i; done | sort -u

Grep my IkiWiki blog for any line beginning with


strip off the formatting and print out one tag per line.

 for /f %i in ('net view /domain:TESTDOMAINNAME') do shutdown -m %i -r -t 10 -f -c "id10t system error" -d p:31:337

[windows] The -t 10 is just in case a user is actually logged in to the test system, not that 10 seconds gives them much time to do anything but freak out :-). The -c is just so they ask me what an “id10t system error” is.

 for i in *; do echo ${i}; chown -R ${i} ${i}; done

Changes the ownership of everything in the current directory to user “<filename>” and group “twntyblo”.

 for i in *jpg; do echo "$i ---- "; convert $i iptc:- | strings | head -1; done > .captions

Use convert and a for loop to generate an ugly but easily cleaned .captions file for use by igal.


[mac] Shows file system usage.

 gawk 'BEGIN {x=0}{ while (x<2){ if (/EXAMPLE/) {x++;getline} else {print;getline}}}' /etc/raddb/users


 gawk '{if ($3!=$9) {print "rm /var/mail/"$9}}' varmail-ls.txt


 gawk -F, '{print "## "$3,$4; system("grep -i "$3" /etc/passwd | grep -i "$4" | cut -d: -f1")}' file.csv

Use awk to generate a list of usernames from a CSV list of full names by grepping the passwd file.

 gawk -F: '{print $1}' /etc/passwd /etc/shadow | sort | uniq -c | egrep -v "^ *2"

shows password file corruption

 gnome-font-install --afm-path=/usr/share/fonts/afms --pfb-assignment=ghostscript,/usr/lib/ghostscript/fonts


 grep 113 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Headers/MacErrors.h

[osx] Search for the meaning of any OSX error code with 113 in it.

 LC_ALL=C grep --color '[^[:space:][:print:]]' surviving_the_nippy_bitch.mdwn

Search and highlight any non-space or non-printable characters in the file surviving_the_nippy_bitch.mdwn. Very useful for finding unicode characters which have snuck into a text file.

 gpg --verify linux-2.3.41.tar.bz2.sign linux-2.3.41.tar.bz2

to verify a tar ball against a sig file

 gpg -u old-key-id --sign-key new-key-id

sign a new key with your old key

 h2xs -AX -n IAI::Foo

Creates a bare bones perl module template

 host -t txt -c chaos version.bind ns3 

gives version number of bind

personal page to modify individual sub's

[netapp] Filer online manual pages.

 identify -verbose filename.jpg

Print all information (including IPTC data) to standard out.

 ifconfig hme0:2 inet down     

removes interface completely under solaris

 ifconfig hme1 plumb -arp up

Configures an interface without an ip but so you can still send packets out of it (cause it's plumb'd)

 igal -w 4 -n -bigy 640 -c

Create thumbnail page with four images per column, omitting image count in caption, using captions and creating “web sized” images for display in slide page.

 imapsync --syncinternaldates --host1 localhost --user1 adam --password1 YourSpackPass --host2 --user2 --password2 YourGmailPass --authmech2 plain --port2 993 --ssl2 --authmech1 PLAIN --authmech2 LOGIN --dry

Migrate your email from an unencrypted IMAP service on localhost to Google Apps Gmail. This requires that your Gmail account has IMAP enabled in the settings (new as of Oct 2007).


for ssl imap, apparently you need to set the user-domain as well(?).

 install-user /dev/ttyS0 "larry" 135235156

where larry and 135235156 were taken from ~/.jpilot/jpilot.rc file using the value of user and user_id values.

 iosnoop -e -o

[osx] shows you all the io activity for on the Mac (similar to par -k).

 ipchains -A input -s -d -j REJECT -l

where the '-l' means log and IP.IP is the ip you want to block

 ipchains -D input 1

where 1 is the rule number to delete

 ipchains -I input 1 -s 0/0 -d 0/0 22 -p tcp -y -j ACCEPT

IPChains allow

 ipconfig /flushdns

[mac] Flushes the local DNS cache (useful if you've changed mail server IP addresses or something) (pre-Leopard only)

 ipconfig getoption en0 lease_time

[mac] Prints DHCP lease time for interface en0.

 ipfwadm -I -f 

flush all incoming rules

 iptables -A INPUT -s -j DROP

IPTables deny

 jhead -nf%Y-%m-%d_%H-%M-%S file.jpg

Renames all files listed to YYYY-MM-DD_HH-MM-SS (where date is when the picture was taken via EXIF data).

 jhead -nf%Y/%m/%Y-%m-%d_%H-%M-%S *.jpg

Renames *.jpg listed to YYYY/MM/YYYY-MM-DD_HH-MM-SS.

 ldapsearch -v -h -L -b "ou=people,dc=spack,dc=org" "cn=adam*" uid cn givenname

Bind anonymously and search the LDAP tree, starting at ou=people for a cn which matches the expression “adam*”. On a match print the uid, cn and given name.

 ldapsearch -v -h -L -b "ou=people,dc=spack,dc=org" -D "uid=adam,ou=people,dc=spack,dc=org" -W "cn=adam*" uid cn givenname

Same as above only bind as uid=adam and prompt for the password (-w <password> to specify on the command line)

 for i in 0 1 2; do ldapsearch -x -LLL -h ldap${i} -b "ou=Group,dc=spack,dc=org" "memberUid=adam" cn | sort | awk -F: '/^cn: /{printf $2}'; echo; done

Print out a one line list of all the groups that the user adam belongs to via direct query to each of the servers ldap{0,1,2}.

 lfjokes-arc315: "| /usr/bin/hypermail -iu -c /var/web/earthlight/lists/jokes/hm.conf"

aliases file for hypermail archiving

 lilo -r /mnt/pcmcia -C etc/lilo.conf  

installs onto the /mnt mounted device using etc/lilo.conf as the source file.

 lookupd -d

[mac] Debug name service switching and attribute mapping. Try “?” for help, or tab for attribute completion (eg. “userWithName: adam” will show directory listings for adam)

 lookupd -flushcache

Flushes the local DNS cache (useful if you've changed mail server IP addresses or something)

 lpadmin -p _default -s vger\!lp -I and -T unknown

setup lp printing to a remote tcp host under solaris 2.6

 ls -id *; find . -inum <inode number> -ok rm {} \;

If you really can't delete a file any other way. “ls -id” means don't go into directories and print out the inode of each file. Then we take the inode of the weird file and tell find to delete that inode.

 ls | awk '{print "mv "$1, tolower($1)}'

Uses awk to rename all files and get rid of any capital letters.

 ls -F | grep '/'

List directories.

 lsbom /Library/Receipts/X11SDK.pkg/Contents/

[mac] Lists all the files which were installed as part of the X11 package.

 lsof -R -p 2345

Show all files attached to PID 2345 (-R means include ppid info).

 lsof -R -u larry,101

Show all files attached to user larry and UID 101 (-R means include ppid info).

 lsof -i :80

Show all traffic on port 80.

 lsof -i tcp

Show all TCP traffic (can be udp as well).

 lsof -i tcp:80

Show all TCP traffic on port 80.

 lsof -i udp@localhost

Show all UDP traffic bound to localhost.

 lynx [-dump | -source] -nolist

converts HTML ←→ plain text

 makemap hash /etc/mailertable < /etc/mailertable


 man <command> | perl -pe "s/_\010(.)/\$1/g; s/(.)\010\1/\$1/g"

remove control characters from man output

 man -M /share/man -s 8 cucipop

finds non-indexed man pages

 mailx -a "Content-type: text/html;" -s "Daily Project Statistics" < project_stats.html

Send an email to with the content of project_stats.html of being displayed inline in the mail message (and rendered as HTML).

 mii-diag -F 100baseTx-FD eth0

force eth0 to mode (disable auto-negotiation)

 mkdir /ramdisk; mke2fs /dev/ram0; mount /dev/ram0 /ramdisk

create and mount a ramdisk

 mke2fs /dev/hda1

format a filesystem like newfs does in solaris

 mkfifo fifo; nc -k -l 6500 > fifo < fifo & while true; do nc destination-host 6500 < fifo > fifo; done

FreeBSD/Bash while loop that will forward a local port (6500) to a remote host using netcat. Easy mod for other OS'es (mknod for Solaris etc).

 mkinitrd -o /boot/initrd.img-2.4.17 -r ext3 /lib/modules/2.4.17-686

make an initrd filesystem with an alternate root filesystem

 mknod -m 640 /dev/tap0 c 36 16

how to make a device

 mknod /dev/hdc b 22 0

recreate device /dev/hdc (from cory)

 mogrify +profile iptc filename.jpg

Strip IPTC data from filename.jpg.

 mogrify -format jpg *.bmp 

convert all bmp images to jpg images

 mogrify -geometry 640x640 -quality 80 image.jpg

reduces image to max dimension of 640 (either x or y) and cranks up jpg compression.

 mogrify -verbose -resize x360 -resize '480x<' -resize 50% -gravity center -crop 240x180+0+0 +repage *jpg

Resizes a directory full of images to thumbnail size suitable for incorporating into a “life poster” (see comment by Mark Pilgrim).

 montage * -resize 120x90 -geometry 120x90x0x0 -tile 6x108 -quality 50 output-720x9720.jpg

Take the thumbnails created above and composite them into a 6 image by 108 image “life poster” which is made up of images 120×90 pixels (see comment by Mark Pilgrim).

 mount --bind /var/www /mnt

Mount the directory /var/www on /mnt (tre cool!)

 mount -n -o rw,remount /

Remounts root filesystem read/write

 mount -o loop rh7.2-i386-disc1.iso /mnt

Mounts ISO image

 mount -t smbfs -o username=adam // /mnt

Mount the SMB/CIFS share called “mp3” from the server “” onto the local /mnt mount point. It will prompt for a password.

 mount -t tmpfs -o size=50M,mode=700 tmpfs /mnt

Create a RAM disk (tmpfs) with a maximum size of 50MB and read/write only by root (default is mode 1777). See /usr/src

 mount -t ufs -o ufstype=44bsd /dev/hda3 /mnt/bsd

mounts a freebsd partition under linux

 mount /boot/initrd.img-2.4.17-686 /mnt -t auto -o loop=/dev/loop0

mount your initrd file or loop filesystem

 mpage -4 -Pvger /var/web/ia/arch-meeting.txt

4 pg/pg to printer vger

 mplayer -dumpstream rtsp:// -dumpfile baz.rm

Uses mplayer to download the streaming media from to a local file called baz.rm. Very useful for saving things to watch later (or dealing with high latency links). Details on the MPlayer homepage.

 mt -f /dev/rmt/0 [status|rewind]

Query or rewind the tape drive.

 mv --update --backup=numbered bar.txt foo.txt :: Only replace foo.txt with bar.txt if it's newer, and backup foo.txt to foo.txt~#~ before overwriting (where

is an ever incrementing number).

 mysql -u root -p -e "SELECT * FROM FooToBar WHERE Username=\"adam\"" -h mysql Baz

Allows you to run a SQL query against a particular database from the command line. Useful for “for i in …” type situations.

 mysql -u root -p password drupal < /tmp/drupal.sql

Import the contents of drupal.sql into the MySql database “drupal”.

 mysqldump -Aa -u root -p password drupal > /tmp/mysql_all.sql

Dumps the structure and the data of all databases to mysql_all.sql (including all the MySql specific create commands)

 mysqldump -d -u root -p password drupal > /tmp/drupal.sql

Dumps the structure of the “drupal” database to drupal.sql.

 mysqldump -u root -p password drupal > /tmp/drupal.sql

Dumps the structure and data of the “drupal” database to drupal.sql.

 mysql> SET PASSWORD FOR 'iaddressbook'@'localhost' = PASSWORD('secretpassword');

Sets the password for the user “iaddressbook@localhost” to “secretpassword”.

 mysql> show grants for iaddressbook@'localhost';

Show all grants for the user “iaddressbook” on the host “localhost”.

 ndd -get /dev/hme adv_100fdx_cap

Queries ndd for status of that var.

 ngrep -qpi '(^user )|( login )' '(host and ((port 143) or (port 110)))'

Watch for traffic to on ports 110 or 143 which start with “user” or contain “login”.

 ngrep -t '^(GET|POST) ' 'src host and tcp and dst port 80'

For TCP traffic from to port 80 print out any data payload lines which start with GET or POST. Way handy for debugging CGI interaction.

 nidump group . > /tmp/group

[mac] Dump the group data from Netinfo into a standard Unix groups file.

 niload -d group . < /tmp/group

[mac] Deletes any existing Netinfo group data and then loads in the contents of a standard Unix group file.

 niload -v -m group . < /tmp/group

[mac] Reads a standard Unix group file merges it into the Netinfo group database (so you end up with the union of the file and the Netinfo data).

 niutil -createprop / /users/username shell /bin/bash

[mac] Changes users shell to /bin/bash (remember root)

 nmap -D -sS -S10.0.0.5 -e eth0 -P0

forges all headers

 nmap -sP -PT

is a faster way to strobe

 nroff -man manpage.1 

views a man page without man command

 nslookup -type=txt -class=chaos version.bind  ns3

same as the host version

 ntpq -p

shows which ntp servers you are connected to


useful for debugging ntp

 openssl s_client -connect hostname:465

Test SSL connections to (probably SMTP) on port 465.

openssl s_client -connect hostname:587 -starttls smtp

Test SMTP STARTTLS connections on port 25 or 587.

 openssl pkcs12 -export -in <PEM format cert> -out <PKCS12 file>

Convert a PEM format certificate to a PKCS12 format certificate.

 openssl req -new -x509 -days 365 -nodes -out slapd.pem -keyout slapd.key

use .pem for cert file, use .key file for cert and ca cert file.

 openssl req -new -x509 -days 365 -nodes -out stunnel.pem -keyout stunnel.pem

generates a new key for stunnel called stunnel.pem

 openssl req -newkey rsa:1024 -keyout tempfile1 -nodes -x509 -days 365 -out tempfile2; cat tempfile1 > slapd.pem; echo "" >> slapd.pem; cat tempfile2 >> slapd.pem

Generate a self-signed certificate.

 openssl s_client -connect localhost:993 -showcerts

connects to a ssl'd port and shows certificate information

 openssl s_client -host -port 443

similar to stunnel command, much more verbose

 openssl x509 -subject -dates -fingerprint -in stunnel.pem

prints some info about the cert

 openssl s_client -starttls smtp -crlf -connect

Connect to a mail server on port 587 (submission) which requires STARTTLS to issue any further commands.

 openssl s_client -crlf -connect

Connect to a mail server on port 465 (SMTPS) which requires SSL before it will talk to you at all.

 par -SS -s -p <pid>

Irix equivelent of Linux “strace -p <pid>”.

 par -SS -s /bin/ls

Irix equivelent of Linux “strace /bin/ls”.

 pbpaste | wc -c

[mac] Take the contents of the clipboard (pasteboard) and pipe it to wc to count how many characters it has.

 pear config-set http_proxy

Configure PHP's pear program to use a password protected proxy to download updates.

 perl -MMIME::Base64 -e 'print encode_base64("\000adam\000password")'

Generate the base64 encoded username:password pair which is used for smtp auth and (I think) HTTP basic auth (for smtp you'd use something like “AUTH PLAIN AKDJITGF3Btdd5ZnB0aGI=”).

 perl -ne '/\000/ and print "$ARGV:$_";' foo.txt

“Greps” the file foo.txt for any null characters and prints “<filename>:<matching line>”.

 perl -i -pe  's/\000//g;' /var/spool/mqueue/df*

Search all the data files in Sendmail's queue for null characters and remove them. This very useful when spurious null characters crash your Cyrus LMTP process and cause your sendmail queue to backup forever.

 perl -MCPAN -e shell ; install Module::Name

Install modules inside perl

 perl -MCPAN::Nox -e shell

Tries to run things without the binary modules which will allow to to repair really broken stuff.

 perl -e 'print crypt( "blah", "AA" ) . "\n";'

where AA is the salt

 perl -e 'print join "\n", @INC'

pPints contects of @INC

 perl -e 'print scalar(localtime(1062518534)) . "\n";'


 perl -e 'print scalar(localtime(@ARGV[0])) . "\n";' <unixtime>

Convert Unix time to normal time.

 perl -e 'printf "%02x"x4 ."\n",10,0,2,254;'

Converts the IP into hex.

 perl -e 'use Filter::decrypt'

Tells you if you have a module installed

 perl -pi.bak -e 's/search for/replace with/' /tmp/filename

Make a /tmp/filename for “search for” and replace it with “replace with”

 perl Makefile.PL PREFIX=/home/mydir/perl

To install modules to home direcotry and then use “use lib '/home/mydir/perl';” inscript to have that dir included

 perl -nwe 'print if /[^[:ascii:]]/' surviving_the_nippy_bitch.mdwn

Search for any non-space or non-printable characters in the file surviving_the_nippy_bitch.mdwn. Very useful for finding unicode characters which have snuck into a text file.

 pgp4pine -e --debug -i /tmp/test.txt -o /tmp/test.pgp -r


 pgpk -xa

extracts public key to ascii file

 pgpv +OutputInformationFD=1 

Pipe pgp message to this in pine

 photopc -s 115200 -f "%Y.%m.%d-%H.%M-%%1d.jpg" image 1-5 /home/larry/camera


 photopc image all /home/larry/camera


 pkgutil --expand /Volumes/AirPortUtility/AirPortUtility.pkg /tmp/airport 

Extracts conents from AirPortUtility.pkg into /tmp/airport

 pkgutil --pkgs

Show all installed packages.

 pkgutil -v --file-info /usr/local/sbin/mtr

Show what package /usr/local/sbin/mtr belongs to.

 pkgutil --unlink !de.novamedia.TechnologyBase

Delete all of the files which belonged to de.novamedia.TechnologyBase.

 pkgutil --files

Show all files belonging to the package

 pkgutil --forget

Delete from the package database.

 pod2man | nroff -man 

turns perl pod docs into man page

 port deactivate subversion @1.4.4_0

(MacPorts) Deselect a specific version of subversion (so you can activate a newer/older one)

 port activate subversion @1.4.5_0

(MacPorts) Select a specific version of subversion to be the active one

 port uninstall subversion @1.4.4_0

(MacPorts) Uninstall a specific version of subversion

 port -u upgrade subversion

(MacPorts) Upgrade subversion to the latest version (without “-u” the old version won't be uninstalled automatically)

 pppd idle-disconnect <# of seconds>

Undocumented pppd feature

 priv set advanced

[netapp] Put a filer into “secret ninja mode” where you get access to additional commands (“priv set admin” returns to normal mode).

 ps -Aw -o user,pid,ppid,pcpu,pmem,size,rss,priority,start_time,time,cmd


 ps -ef | awk '/[p]ico/ {system("kill -9 "$2)}'


 pwconf [fixes] and pwck [just checks]

finds/fixes errors in /etc/passwd and shadow

 rcs -l /etc/dhcpd.conf; ci -u /etc/dhcpd.conf

Resyncronize dhcpd.conf with the version in RCS and make it available for checking out.

 rcs -u blah blah

break a lock as root

 rename "s/[!@#$%^&)|(-:;~><,{}'\`\?\*A]/_/g" *.mp3

Rename all *.mp3 files in the current directory by replacing any “weird” characters with an underscore (rename is a great little utility that comes with many versions of Perl). NOTE: Make sure you use “-n” because I'm not positive that there aren't any interactions of all these special characters between the shell and Perl, it *seems* to work correctly but …

 rm -- -weirdfile

Deletes “-weirdfile”, where “–' tells rm to not interpret any further leading -'s as arguments (only works with GNU rm though).

 rm -f /var/lib/dpkg/{lock,methlock}

Stops locking problems with dpkg

 rm -i *

Deletes everything in the current directory but asks you for confirmation (yes/no) before each file (allows the shell to do automatic escaping of odd characters).

 rm ./-weirdfile

Deletes file called ”-weirdfile“ in current directory.

 rpm -Va  

verifies all files on the system against known md5 checksums.

rpm -q -a lists all redhat packages installed

 rpm -qpil <sompackage>.rpm    

tells all about the package.

 rsync -av --partial --progress ~/Desktop/

Download the file and keep the file if the transfer gets interrupted allowing it to be resumed where it left off.

 rsync -avHx --delete-excluded --progress --stats --exclude-from=/Users/adam/etc/tacsyncrc /Users/adam/

How I backup my Mac laptop to my Linux file server (so their home directories are identical)

 runas /user:starshine\administrator cmd

[windows] Opens a command window as the admin user on the machine starshine.

 runas / "notepad my_file.txt"

[windows] Runs “notepad my_file.txt” as the user adam on the domain

 sc_usage 1234

[mac] Sort of line Linux strace only in a top form and not really the same. Shows information about PID 1234

 scp ~/.ssh/ badger:.ssh/authorized_keys

Installs SSH key for passwordless SSH.

 screen -D -r  

detaches the *running* process and moves it to the current tty

 screen -r     

reattaches an already detached screen session to the current tty

 screen <command>      

runs a process normally

 security find-internet-password -gs 

Search Mac's “Keychain Access” for all stored information (including password) associated with

 sed -i -e 131d ~/.ssh/known_hosts

Delete line 131 from the known_hosts file (warning: -i is not fully portable).

 sed 's/<[^>]*>//g' foo.txt

Removes anything contained in HTML brackets (eg. <>). The trailing “g” means replace all instances not just the first on each line.

 sed 's/tty/ /' foo.txt

Replaces first instance of tty on each line with a space where ever it finds it in foo.txt.

 sendmail -bd -d99.100 -d8.3

99.100 means don't fork and the second -d is the debug level you want

 sendmail -bi

The same as newaliases

 sendmail -bp -O QueueDirectory=/var/spool/mqueue2

mailq from alt directory

 sendmail -bv

shows a virtual addresses actual delivery point

 sendmail -q -v -O QueueDirectory=/var/spool/mqueue2

run queue from alt. directory

 service ssh start

[mac] Basically chkconfig for OSX, ”–list“ shows all available services.

 set dhcp server pool enabled <option> <value> (eg. "lease 86400")

[cisco] sets dhcp values on the Cisco 675

 setterm -blank 0

disable's linux screen saver

 sh ip ro

[cisco] Will work with any ip not just networks

 show environment all

[cisco] Shows temp and stuff

 show int | in Des

[cisco] Basically “| grep Des”

 slapd -d 768 -f /etc/ldap/slapd.conf

Start up OpenLDAP pointing explicitly to the config file and setting debugging to my preferred setting.

 sleep `expr $RANDOM % 900`

Sleep for a random amount of time between 0 and 900 seconds.

 smbclient // -U ashand

Login to the SMB/CIFS share called “mp3” on the server with the username “ashand” (it will prompt for a password).

 snmpwalk anc-naf1 passwd .

gets enterprise mibs

 snmpwalk anc-p50 passwd .

get ip addrs

 snmpwalk anc-p50 passwd .

get usernames


[mac] Lists all required software updates from the AppleOsx site. You can also use it to install the packages.

 sort -n -t. -k 1,1 -k 2,2 -k 3,3 -k 4,4 /etc/hosts

sorts ip address nicely in order

 sort -n -t, -k 1.7 -k 1.4 -k 1 /tmp/test.csv

Sorts a CSV into order by date (oldest to newest) assuming comma seperated fields and that the first field is in the format DD/MM/YYYY.

 speller=/usr/X11R6/bin/gaspell --dict-host

using gui gaspell with dict service

 speller=/usr/bin/aspell check

spell checking with aspell


spell checking with ispell

 ssh -t ssh 

Transparently SSH to a second box via a first one. Very useful for opening a shell on a host which isn't reachable from your current network.

 ssh -R

If run from a box on “'s” private network (eg. behind their firewall), it creates a tunnel from to (which bypasses the firewall). Because it's a remote (not a local) forwarded port ”-g“ doesn't work so it will only be available on from via localhost.

ssh cat .bash_profile | diff -u - .bash_profile 

Diff the remove .bash_profile with the local one.

 ssh -nNT -L 20000:localhost:20000 bob@jones

Forwards port 20000 on jones to port 20000 on localhost while not creating a login session. Good for writing tunnel init scripts around.

 ssh -g -L

Creates a tunnel from thain:9993 to via This is especially useful if thain is behind a firewall and can't directly connect to The ”-g“ means that any machine can connect to thain:9993 gets forwarded to (without ”-g“ it only works via localhost on thain).

 ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ''

Create passwordless 1024 bit SSH key (useful for “passwordless” SSH, see UsingSsh).

 statit -b; statit -e

[netapp] Shows detailed snapshot of utilization between the time you ran the -b (begin) and -e (end) commands (only available in priv set advanced).

 strace -f -e open,read,write ls

Uses strace to trace al open, read and write calls that a process and any forked children make.

 stunnel -c -d localhost:imap2 -r

create a daemon listening on the local imap port binding to the remove imaps port on maus

 stunnel -c -r localhost:pop3s

as a client connect to localhost:pop3s (allows testing)

 stunnel -d imaps -r localhost:imap2


 stunnel -d pop3s -r localhost:pop3

as a daemon offer and encrypted port pop3s which connects to an unencrypted port pop3 on localhost

 stunnel -d ssmtp -r localhost:smtp


 stunnel -f -D 7 -d pop3s -r localhost:pop3

as above but don't fork into the background and put on highest debug level

 stunnel -p /etc/ssl/certs/stunnel.pem -d pop3s -r localhost:pop3

sets up stunnel to map ssl traffic coming into 995 to the local pop port unencrypted.

 su - postgres; pg_dump -F p -d foo -t bar > /tmp/foo_bar.sql

Dump the PostgreSql table “bar” of database “foo” to a file called foo_bal.sql (in ASCII format)

 svn switch --relocate svn+ssh:// svn+ssh://

Change a working SVN directory to a new repository. Really useful when things have to move and you don't want to check everything in first.

 sysconfig -r

[netapp] Details of disks and volumes including failed disks, rebuiding disks and hot spares.

 sysconfig -v

[netapp] Verbose output including disks, serial numbers, cpu's etc.

 sysctl -w net.inet.tcp.sendspace=65536

[mac] Writes 65536 to the kernel parameter net.inet.tcp.sendspace. It will persist after a reboot.

 sysctl net.inet.tcp.sendspace

[mac] Prints the value of kernel parameter net.inet.tcp.sendspace.

 sysstat -u 10

[netapp] Show system status with utilization percentages, updating every 10 seconds (10 seconds is optimal to sync with the Netapp internal timing mechanism).


[mac] Prints out a profile of all hardware and software installed.

 tar -svcf - . | ssh badger-spare 'cd /var/web/download && tar -xpf -'

Moves data from localhost to badger-spare using tar through ssh.

 tar Sczvf /syjet/debmain.tgz / --exclude tmp --exclude proc

backs up / excluding directories.

 tar cvf /dev/rmt/0c -M etc/ home/

Tar to tape, spanning multiple tapes

 tar zvfx iai-cucipop.tar.gz cucipop-1.23b3/cucipop

retrieves file cucipop from archive

 tcmcmd -G command -E soft anc-tc2-nmc:s1c1-2t1-24

[Portmaster] Soft busies anc-tc2-nmc cards 1 & 2, time slices 1-24

 tcpdump -i en1 tcp

because I always forgot how to do this and want to put “proto” in front of it. Can also use “ip” which is helpful.

 tcpdump -X -i eth0 'dst host and (dst port 143 or dst port 110)'

Example of a more complicated tcpdump filter.

 tcpdump -qp -i eth0 '(dst port 143 or dst port 110)'

How to watch POP3 or IMAP4 traffic going to

 tcpdump -r <infile> -C 100 -s 0 -w <outfile>

Reads in saved pcap file <infile> and writes out files no larger then 100MB, ”-s 0“ means preserver the full data stream.

 telnet 4321

 tethereal -V dst port 143 | egrep -i login

Snag IMAP usernames and passwords.

 tip -v 9600 /dev/ttya

Connect to the console port on a sun

 tr '[A-Za-z]' '[N-ZA-Mn-za-m]'

un-rot13 a message, and it works in pine if you enable the “|” command

 tr '\015' '\012' < macfile > unixfile

Converts carriage to linefeed

 tr -d '\r' < dosfile > unixfile

removes all ^M's from dos file)

 trap '' 1 2 15

ignore signals 1,2 and 15

 trap 'rm -f $TMP; exit 1' 1 2 15

trap for signals 1,2,15 and rm file if found

 truss -f -p PID

[solaris] truss pid PID and follows forks (good for daemons)

 Turns on bold: \[\033[1m\] Turns off bold: \[\033[0m\]

Allows bold characters in Bash prompts.

 user_pref("mail.allow_at_sign_in_user_name", true);
 valkyrie:/usr/private/etc/radpwtst -p 1645 -s larry 

make sure they are in the /usr/private/etc/raddb/clients file so that it can find the radius secret

 vm_stat 5

[mac] Similar to the Unix utility. Prints out every 5 seconds.

 vol scrub status

[netapp] Shows the status of currently running disk scrubs.

 vol status

[netapp] Shows the status of all volumes, including if any are in the process of rebuilding a disk.

 wcc -s ashand

[netapp] Shows the Unix name that the NT name “ashand” maps to.

 wcc -u ashand

[netapp] Shows the NT name that the Unix name “ashand” maps to.

 withlist -l -r fix_url wordup -u

Mailman command for updating a mail list to have the correct URL (see /usr/lib/mailman/Mailman/ for more info). Very useful when migrating lists to a new domain and none of the web forms will work because the submit buttons still point to the old location.

 wget -q --mirror -p --html-extension --base=./ -k -P ./

How to make a static copy of a Drupal (or any other dynamic) site.

 wget -q --proxy=off --html-extension -r -l 2 -nH --cut-dirs=4 -np -k -P foobar -p http://user:pass@www.spack.or/one/two/Statistics/GoStats/Index.html

Okay this is complicated. (-r) Recursively download for (-l 2) two levels, (-np) but don't go up any directory levels, (-p) everything required (css, images etc) for the URL, (–html-extension) make sure all html pages get saved to files ending in .html and (-k) rewrite the downloaded pages to link to the right page names. (-P) Save all files to a folder called foobar, (-nH) don't create a directory for the host name and (–cut-dirs) cut four levels from the directories (so everything goes directly into foobar). Wheew …

 wget --proxy=off

Embed HTTP username and password in the URL and ignore any *_proxy environment variables which are set.

 wget -m

mirror ftp heirarchy

 wget -r -l2

recursively grab just that directory

 while /bin/true; do gawk '/eth0:/ {print  $14}' /proc/net/dev; sleep 1; done

While loop to watch collision stats under

 whois "name pixelworks"

lists first 50 domains which contain pixelworks in the name

 whois "server NSblahblah-HST"

lists the first 50 domains hosted.

 whois -h ""

help file

 whois -h

any fld will work

 whois -h 'dump dom'

raw dump, good for scripts

 whois -h 'dump han em69'

raw dump, good for scripts


gives you NSblahblah-HST (can use IP# too)

 wine -dll commctrl,comctl,commdlg,comdlg32=n napster.exe

to run windows napster

 wterm -geometry 192x8+0+0 -name console -C

my exconsole

 wterm -tr -sh -bg <tint color> -fg <text color> -st -sb


 xv -root -quit -rmode 5 image_name

equiv: Root: <something>” where 5=center

 xwrits breaktime=1 typetime=15 +finger=american +top +noiconify +mouse +lock

Sensible defaults for Xwrits (see MicroPauseSoftware)

2014 by adam shand. sharing is an act of love, please share.