Sometimes, it can be difficult to visualize what is happening inside a computer and we need a bit of help from the real world in order to get the concepts clearly. Here is an absolutely brilliant way of visualizing how OR, AND and XOR gates work using dominoes.

I can’t imagine how long it took this guy to do this but I have to admit that I am impressed!

Trackback link - http://www.dailycupoftech.com/2008/07/31/or-and-and-xor-logic-gateswith-dominoes/trackback/

Since the whole VPS (Virtual Private Server) thing is going so well for me, I thought that I would let my readers know about some of the steps that I took to set it up. In this episode I will be talking about updating the initially installed image and configuring the linux firewall using iptables.

Just as a side note, the VPS that I have is running Ubuntu 8.04 (Hardy Heron) so if you are using a different OS, you make have to do things a bit differently.

Update The Server

For those of you from the Windows world, this may seem to be shockingly easy. First, you need to edit the file which tells the system where to get all of the updates. I like to enable all of the sources, including universe and source code. To do this, you need to edit /etc/apt/sources.list:

sudo nano /etc/apt/sources.list

Remove the # characters in front of all the sources. When I was done, my sources.list file looked like this:

deb http://archive.ubuntu.com/ubuntu/ hardy main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ hardy main restricted universe

deb http://archive.ubuntu.com/ubuntu/ hardy-updates main restricted universe
deb-src http://archive.ubuntu.com/ubuntu/ hardy-updates main restricted universe

deb http://security.ubuntu.com/ubuntu hardy-security main restricted universe
deb-src http://security.ubuntu.com/ubuntu hardy-security main restricted universe

Now, update Ubuntu by entering these three commands one after another:

sudo aptitude –y update
sudo aptitude –y safe-upgrade
sudo aptitude –y full-upgrade

That’s all there is to it!

Configure iptables

In my opinion, this is the most important thing that you can do because it helps to restrict access to your VPS. The configuration that I am presenting here is just the basics that you should set out and you may want to tighten in down a bit afterward.

Backup

The first thing that you need to do is backup your present iptables rules:

iptables-save > /etc/iptables.up.rules

Create Filter

Next, you are going to want to create your filter. This is a set of rules that tells the firewall what you want to do with data packets that hit your network card.

First, allow all loopback (lo0) traffic and drop all traffic to 127.0.0.0/8 that doesn’t use lo0. This will allow you network services that run on your VPS to talk to other network services on your VPS:

sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

Next, accepts all established inbound connections. This means that anything that is already connected to your firewall will remain connected, even if there is a change to the rules. This is very handy to prevent you from locking yourself out of your virtual server if you accidentally disable the wrong port:

sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

You want your VPS to be able to talk to anything on the Internet so you need to be enable that access:

sudo iptables -A OUTPUT -j ACCEPT

Since we are building a web server, we need to allows HTTP (port 80) and HTTPS (port 443) connections from anywhere on the Internet:

sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Linux servers are managed primarily via SSH. So, we need to make sure that we have an SSH port open. I decided to use a non-standard port (port 999) rather than the standard port 22:

sudo iptables -A INPUT -p tcp -m state --state NEW --dport 999 -j ACCEPT

The next line will allow you (and others) to ping your server. There is some debate as to whether or not you should allow pings but, in the end, it is really up to you:

sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

We will be needing to know if there is anyone out there trying to tamper with our server. So, we are going to log iptables denied calls:

sudo iptables -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

Since we have configured all of the ports that we want access to, we will reject all other inbound traffic that is not explicitly allowed by a policy:

sudo iptables -A INPUT -j DROP
sudo iptables -A FORWARD -j DROP

Save Rules

Now that we have created out filter/rules, we need to save it:

sudo iptables-save > /etc/iptables.up.rules

When you are finished, your /etc/iptables.up.rules file should look something like this:

# Generated by iptables-save v1.3.8 on Fri Jul 18 02:03:12 2008
*filter
:INPUT ACCEPT [15:1712]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [15:9376]
-A INPUT -i lo -j ACCEPT
-A INPUT -d 127.0.0.0/255.0.0.0 -i ! lo -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 999 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
-A FORWARD -j DROP
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Fri Jul 18 02:03:12 2008

Configure Network to Load Rules Automatically

We need to make sure that these rules reload automatically whenever we reboot the server. Do this by editting the network interface to load the rules automatically:

sudo nano /etc/network/interfaces

Add pre-up iptables-restore < /etc/iptables.up.rules after iface lo inet loopback and then save the file.

Conclusion

With this short tutorial, we have upgraded and secured out VPS. In part 2, we are going to look at installing and configuring SSH so that we can remotely connect and manage the VPS plus we are going to add some security to our SSH sessions by changing the SSH port to 999 and setting up and using public and private keys with PuTTY in Windows.

Trackback link - http://www.dailycupoftech.com/2008/07/27/vps-setup-part-1-update-ubuntu-and-configure-iptables/trackback/

A very useful trick from What’s My Pass? if you can’t access your Vista box:

Using BackTrack Live CD which can be found ::here::

For those of you who forgot your spiffy new Vista Logon password. Here’s a quick and dirty way to make a new user account. BTW, this has been around since XP but still useful.

Boot into Backtrack and open a shell prompt:

cd /mnt (change directory to mounted drives)
ls (get the list of mounted drives)
cd sda1 (sda1 is the main hard drive)
cd Windows/ (change to the windows directory)
cd System32/ (change to the system directory)
mv Utilman.exe Utilman.old (backup original file)
cp cmd.exe Utilman.exe (copy cmd.exe as utilman.exe)
reboot

once rebooted, at vista logon screen, Press Windows key + U
To invoke Utility Manager ( A.K.A. CMD.exe)
Cmd.exe will spawn with ‘System’ privileges.
c:\>net user S00perAdmin mypassword /add
c:\>net localgroup administrators S00perAdmin /add
Reboot and log in with your newly added Admin account

Trackback link - http://www.dailycupoftech.com/2008/07/22/reset-your-vista-password/trackback/

Since I have done a lot of writing in the past about USB devices, I often get questions about the actual USB hardware. One of the biggest questions that I get is about the USB pinout specifications. Just what are each of those pins and what do they do.

Well, the USB pinout varies, depending upon which type of USB plug and receptical you have.

Series A USB Pinout

This is usually what you see most USB devices such as mice and keyboards using. These are four pin devices, two pins for power (1,4) and two pins for data (2,3). The power pins transfer 5V DC.

Series B USB Pinout

These are more popular on USB hard drives, CD/DVD drives and scanners. Just like Series A, these are four pin devices, two pins for power (1,4) and two pins for data (2,3). The power pins transfer 5V DC.

Mini-USB Series A USB Pinout

The Mini-USB series went to a five pin design, even though one pin is either not used or is redundant. You will usually see these on cameras or other such devices. Pins 1 and 5 are for power and pins 2 and 3 provide data access. Pin 4 is connected to pin 5 for redundancy.

Mini-USB Series B USB Pinout

Just like Mini-USB Series A, Series B used five pins, two for power (1,5) and two for data (2,3). Pin 4 is not connected and serves no purpose.

Summary Tables

Standard USB Pinout & Cable Color Code

Mini-USB Type-A Pinout & Cable Color Code

Mini-USB Type-B Pinout & Cable Color Code

Trackback link - http://www.dailycupoftech.com/2008/07/21/usb-pinout/trackback/

I am doing a lot of work behind the scenes for Daily Cup of Tech at this moment. And, you know how it is when you try to fix something, you just end up breaking three other things.

So, I would like to ask for everyone’s help with this. If you see something broken or things don’t look quite right, please leave a description of the problem in the comments (either on this post or the post that you see the problem on) so that I will know and I can add it to my to do list.

Here are a couple of things that I am aware of:

1. E-mail does not work. I simply have not gotten around to setting up a mail server.
2. My favorites icon does not always work.

I’m also working in a new theme and upgrading to the latest version of WordPress.

Thanks for the help in advance.

Trackback link - http://www.dailycupoftech.com/2008/07/20/transition-period-help-request/trackback/