Clean up vimrc and sync a few configs

domains/ads

@@ -198,6 +198,7 @@ address=/ic-live.com/
 address=/id.google.com/
 address=/idg.com.au/
 address=/igodigital.com/
+address=/imgaft.com/
 address=/impactradius-event.com/
 address=/imrworldwide.com/
 address=/industrybrains.com/
@@ -314,6 +315,7 @@ address=/richmetrics.com/
 address=/ru4.com/
 address=/rubiconproject.com/
 address=/sageanalyst.net/
+address=/sampletext.org/
 address=/samsunads.com/
 address=/samsungcloudsolution.com/
 address=/sbnation.com/

privoxy/user.action

@@ -149,6 +149,7 @@ google.com/amp/s/.*
 .aexp-static.com
 .alternet.org
 .amazon.com
+.amazontrust.com
 .americanexpress.com
 .android.com
 .answers.com
@@ -161,6 +162,7 @@ google.com/amp/s/.*
 .arstechnica.com
 .askubuntu.com
 .asus.com
+.auth0.com
 .awsstatic.com
 .bankofamerica.com
 .bbc.com
@@ -169,10 +171,11 @@ google.com/amp/s/.*
 .bit.ly
 .blogblog.com
 .blogger.com
+.bloglovin.com
 .blogspot.com
+.bootc.net
 .bootstrapcdn.com
 .boum.org
-.bp.blogspot.com
 .britishcouncil.org
 .ca.gov
 .cbc.ca
@@ -181,32 +184,43 @@ google.com/amp/s/.*
 .cdc.gov
 .cdninstagram.com
 .cdnme.se
+.cdnst.net
 .chase.com
 .chromium.org
 .cia.gov
 .cloudflare.com
 .cloudfront.net
+.congress.gov
 .coreboot.org
+.cpb.gov
 .creativecommons.org
 .crucial.com
 .cryptographyengineering.com
 .cs.cornell.edu
 .dailycaller.com
+.db.tt
 .dd-wrt.com
 .debian-administration.org
 .debian.net
+.debianforum.de
+.dhs.gov
 .dropbox.com
+.dropboxatwork.com
+.dropboxteam.com
 .duckduckgo.com
 .ebay.com
 .economist.com
 .edgekey.net
 .edx.org
+.emacswiki.org
 .etsy.com
 .etsystatic.com
 .export.gov
 .express.co.uk
+.fastly.com
 .fastly.net
 .fbi.gov
+.fbinaa.org
 .fda.gov
 .flickr.com
 .flickr.net
@@ -217,20 +231,28 @@ google.com/amp/s/.*
 .gimp.org
 .github.com
 .github.io
+.githubapp.com
 .githubassets.com
 .githubusercontent.com
+.gitlab.com
+.gitlab.io
 .gizmodo.com
 .gmail.com
 .gnu.org
 .gnupg.org
 .godoc.org
 .golang.org
 .goo.gl
+.google.ca
 .google.com
+.google.de
 .googleadservices.com
 .googleapis.com
 .googlecode.com
+.googlemail.com
 .googlesource.com
+.googlesyndication.com
+.googletagservices.com
 .googleusercontent.com
 .googlevideo.com
 .governmentattic.org
@@ -264,9 +286,11 @@ google.com/amp/s/.*
 .knowyourmeme.com
 .last.fm
 .letsencrypt.org
+.lighttpd.net
 .linuxforums.org
 .lkml.org
 .llvm.org
+.loc.gov
 .logicalincrements.com
 .lowes.com
 .lwn.net
@@ -275,6 +299,7 @@ google.com/amp/s/.*
 .mapquest.com
 .marc.info
 .marshalls.com
+.mathoverflow.com
 .media.tumblr.com
 .medium.com
 .meetup.com
@@ -298,6 +323,7 @@ google.com/amp/s/.*
 .nxlfimg.net
 .nypost.com
 .nytimes.com
+.okta.com
 .openvpn.net
 .openvpn.org
 .parallels.com
@@ -310,22 +336,26 @@ google.com/amp/s/.*
 .plos.org
 .princeton.edu
 .python.org
+.pythonhosted.org
 .quora.com
 .quoracdn.net
 .qz.com
 .raspberrypi.org
 .reason.com
+.recaptcha.net
 .redd.it
 .reddit.com
 .redditmedia.com
 .redditstatic.com
+.reddituploads.com
 .redhat.com
 .researchgate.net
 .reuters.com
 .rust-lang.org
 .s3.amazonaws.com
 .schwab.com
 .scribd.com
+.scribdassets.com
 .sec.gov
 .senate.gov
 .serverfault.com
@@ -341,6 +371,7 @@ google.com/amp/s/.*
 .spacetelescope.org
 .squarespace.com
 .sstatic.net
+.stackauth.com
 .stackexchange.com
 .stackoverflow.com
 .startpage.com
@@ -357,6 +388,7 @@ google.com/amp/s/.*
 .thehill.com
 .theverge.com
 .thinkprogress.org
+.tonic.to
 .torproject.org
 .tripadvisor.com
 .tumblr.com
@@ -379,6 +411,7 @@ google.com/amp/s/.*
 .virustotal.com
 .vsco.co
 .w.org
+.wp.org
 .w3.org
 .washingtonpost.com
 .weather.gov
@@ -392,17 +425,29 @@ google.com/amp/s/.*
 .wired.com
 .wireshark.org
 .wix.com
+.wmflabs.org
 .woot.com
 .wordpress.com
+.wordpress.org
 .wp.com
 .wsj.com
 .yahoo.com
 .ycombinator.com
 .yelpcdn.com
 .youtu.be
 .youtube.com
+.youtube-dl.org
+.youtube-nocookie.com
 .ytimg.com
 .yubico.com
 .zappos.com
+cdn.openbsd.org
+cvsweb.openbsd.org
+ftp.openbsd.org
 man.openbsd.org
 wiki.debian.org
+www.debian.org
+www.openbsd.org
+
+{ -redirect{android} }
+connectivitycheck.gstatic.com/generate_204

ssh_config

@@ -13,6 +13,7 @@ Host *
   StrictHostKeyChecking ask
   VerifyHostKeyDNS yes
   ForwardAgent no
+  ForwardX11 no
   ForwardX11Trusted no
   #ControlMaster auto
   #ControlPath ~/.ssh/master-%r@%h:%p

sshd_config

@@ -16,15 +16,16 @@ LogLevel VERBOSE
 MaxStartups 1
 MaxSessions 1
 LoginGraceTime 10s
+MaxAuthTries 3
 ClientAliveInterval 30
 ClientAliveCountMax 20
 PermitRootLogin no
 StrictModes yes
 PubkeyAuthentication yes
 AuthorizedKeysFile %h/.ssh/authorized_keys
 IgnoreRhosts yes
-PermitEmptyPasswords no
 PasswordAuthentication no
+PermitEmptyPasswords no
 HostbasedAuthentication no
 ChallengeResponseAuthentication no
 Compression delayed
@@ -37,3 +38,4 @@ UseDNS no
 PrintMotd no
 PrintLastLog yes
 PermitUserEnvironment no
+#Subsystem sftp  /usr/libexec/sftp-server

user.js

@@ -6,6 +6,7 @@
 //user_pref("browser.startup.homepage", "file:///home/web/index.html");  // custom start-up page
 //user_pref("browser.startup.page", 1);  // 0: blank; 1: home; 2: last visited; 3: resume last
 //user_pref("browser.uidensity", 1);  // reduce UI empty space
+//user_pref("browser.urlbar.suggest.bookmark", false);
 //user_pref("dom.enable_performance", false);  // disable DOM timing; may break sites
 //user_pref("dom.indexedDB.enabled", false);  // disable IndexedDB; may break sites/extension storage (uBlock)
 //user_pref("dom.serviceWorkers.enabled", false);  // disable service workers; may break sites
@@ -34,6 +35,7 @@
 //user_pref("privacy.window.maxInnerHeight", 720);
 //user_pref("privacy.window.maxInnerWidth", 1280);
 //user_pref("security.OCSP.require", true);  // force check certificate revocation
+//user_pref("security.dialog_enable_delay", 5000);  // ms delay on dialogs
 //user_pref("security.ssl3.rsa_aes_128_sha", false);  // may break sites
 //user_pref("security.ssl3.rsa_aes_256_sha", false);  // may break sites
 //user_pref("security.tls.version.min", 3);  // minimum TLS 1.2; may break sites
@@ -46,7 +48,7 @@ user_pref("accessibility.typeaheadfind.flashBar", 0);
 user_pref("app.normandy.api_url", "");
 user_pref("app.normandy.enabled", false);
 user_pref("app.normandy.first_run", false);
-user_pref("app.shield.optoutstudies.enabled", false);
+user_pref("app.shield.optoutstudies.enabled", false);  // disable studies
 user_pref("app.update.auto", false);  // disable auto update check
 user_pref("app.update.service.enabled", false);
 user_pref("app.update.silent", false);  // notify on all updates states
@@ -68,12 +70,12 @@ user_pref("browser.cache.offline.insecure.enable", false);
 user_pref("browser.chrome.errorReporter.enabled", false);  // disable browser error reporter
 user_pref("browser.chrome.errorReporter.submitUrl", "");
 user_pref("browser.contentHandlers.types.0.uri", "");
-user_pref("browser.contentblocking.enabled", true);  // enforce content blocking
 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit", false);
 user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
 user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
 user_pref("browser.dictionaries.download.url", "");
 user_pref("browser.disableResetPrompt", true);
+user_pref("browser.discovery.enabled", false);  // disable extension recommendations
 user_pref("browser.download.autohideButton", false);
 user_pref("browser.download.forbid_open_with", true);  // disable Open With dialog
 user_pref("browser.download.hide_plugins_without_extensions", false);
@@ -161,7 +163,6 @@ user_pref("browser.urlbar.maxHistoricalSearchSuggestions", 0);  // disable local
 user_pref("browser.urlbar.oneOffSearches", false);
 user_pref("browser.urlbar.searchSuggestionsChoice", false);
 user_pref("browser.urlbar.speculativeConnect.enabled", false);  // disable preloading auto-complete URLs
-user_pref("browser.urlbar.suggest.bookmark", false);
 user_pref("browser.urlbar.suggest.history", false);
 user_pref("browser.urlbar.suggest.openpage", false);
 user_pref("browser.urlbar.suggest.searches", false);
@@ -223,7 +224,7 @@ user_pref("dom.push.serverURL", "");
 user_pref("dom.push.userAgentID", "");
 user_pref("dom.vibrator.enabled", false);  // disable screen shake
 user_pref("dom.vr.enabled", false);  // disable VR devices
-user_pref("dom.w3c_pointer_events.enabled", false);
+user_pref("dom.w3c_pointer_events.enabled", false);  // disable PointerEvents
 user_pref("dom.w3c_touch_events.enabled", 0);  // disable touch events
 user_pref("dom.webaudio.enabled", false);  // disable web audio
 user_pref("dom.webnotifications.enabled", false);
@@ -327,7 +328,6 @@ user_pref("network.auth.subresource-http-auth-allow", 1);  // disable non-secure
 user_pref("network.captive-portal-service.enabled", false);  // disable captive portal helper
 user_pref("network.cookie.cookieBehavior", 1);  // block third-party cookies
 user_pref("network.cookie.leave-secure-alone", true);  // disable non-secure sites setting secure cookies
-user_pref("network.cookie.lifetimePolicy", 2);  // session cookies only
 user_pref("network.cookie.thirdparty.nonsecureSessionOnly", true);
 user_pref("network.cookie.thirdparty.sessionOnly", true);
 user_pref("network.dns.disableIPv6", true);  // disable IPv6
@@ -344,6 +344,7 @@ user_pref("network.http.referer.hideOnionSource", true);
 user_pref("network.http.spdy.enabled", false);  // disable HTTP2
 user_pref("network.http.spdy.enabled.deps", false);
 user_pref("network.http.spdy.enabled.http2", false);
+user_pref("network.http.spdy.websockets", false);
 user_pref("network.http.speculative-parallel-limit", 0);
 user_pref("network.manage-offline-status", false);
 user_pref("network.negotiate-auth.allow-insecure-ntlm-v1", false);  // disable NTLMv1
@@ -438,7 +439,6 @@ user_pref("security.cert_pinning.enforcement_level", 2);  // strict pinning enfo
 user_pref("security.csp.enable", true);  // enforce Content Security Policy
 user_pref("security.csp.experimentalEnabled", true);  // enable experimental CSP features
 user_pref("security.data_uri.block_toplevel_data_uri_navigations", true);
-user_pref("security.dialog_enable_delay", 5000);  // time lock confirmations
 user_pref("security.fileuri.strict_origin_policy", true);
 user_pref("security.insecure_connection_icon.enabled", true);
 user_pref("security.insecure_connection_text.enabled", true);