Blog

GTD anyone?

I read an article about GTD (Getting Things Done by David Allen) a few months ago but shoved it aside; however, with so many projects demanding my time recently, I started looking into it again (read: need better time management).

I have just barely started using Allen’s system, but have found it to be SO helpful (and quite easy to learn) that I’ve decided to spend more time incorporating it into my everyday life – see the GTD tab above? Sorry, it’s password-protected as it’s for my own use.

So, what is GTD anyway, you might ask? Well, let’s check out what Wikipedia says…

GTD is an action management method and it rests on the principle that a person needs to move tasks out of the mind by recording them somewhere. That way, the mind is freed from the job of remembering everything that needs to be done, and can concentrate on actually performing those tasks.

The premise of GTD, as I understand it, is do the tasks you’ve noted down (in the GTD way) based on the context you’re currently in (i.e., “In front of computer,” “In the car,” “At the office”). Of course, it’s not as simple as that, but it’s not very hard to understand and apply either.

Check out the diagram below to get a better understanding of this system.

Fig. 1.1 – GTD Flow Diagram (view top to bottom)

GTD Flow Diagram

If you have access to a LAMP server, I recommend installing gtd-php and jump right in – this was the fastest and only way I actually understood it.

To end, I recommend setting up some time to read up on it and give it a try. There’s nothing to lose and maybe a lot to gain… =0)

Too much in your mind, mind map it!

With the coming of the information age, comes information overload. If you’re like me who reads constantly to keep up with technology, your mind can get overloaded with so much – acronyms, concepts, theories, how-tos – you name it.

So the question is: what do you do with all that information stored in your mind (read: brain)? The answer is mind map it.

I’ve been fond of using mind map software because it helps me orgranize my thoughts and note them down. This gives me a lot of benefits, but the best one is it makes me see things clearer because I’m able to visualize it; it also affords me a knowledge-base of sorts, which I can later read again.

According to Wikipedia, a mind map is a diagram used to represent words, ideas, tasks or other items linked to and arranged radially around a central key word or idea. It is used to generate, visualize, structure and classify ideas, and as an aid in study, organization, problem solving, and decision making.

There are quite a few mind mapping software packages available (google it), but I use an open-source app called FreeMind.

Fig. 1.1 – FreeMind App

FreeMind App

Fig 1.2 – Sample mind map

Sample mind map

Check it out and start mind mapping and brain dumping all the stuff in your brain!

Yumex to the rescue!

Yumex is a yum extender that provides a GUI for package management.

So why am I writing about it, well, read on…

I had written recently about my upgrading from Fedora Core 1 to Fedora Core 6, and one major, annoying issue I encountered was with the yum updates.

I encountered approximately 5 conflicts and about 2 dependency errors.  I believe it was with php-do and php and some elib libraries.  I know, I know.  You’re thinking, “if it ain’t broke, don’t fix it,” right?  Well, unfortunately, I can only take so much of that.

So, with the mission at hand, I started googling for fixes and finally found a thread about yumex.  I yum installed it, went into init 5 (I run init 3 by default), vnc‘ed into my box and run it.

After having used it, I strongly recommend you give it a try, especially if you have problems updating via a terminal window.

What yumex gives you is the freedom to update only certain packages via a click-and-process method; for example to fix my problem, I updated 15-20 packages at a time, continuously went through the list until I came across the offending package.  I then took care of problematic ones one-by-one.

Pretty cool, ey…All you need to complete this process is patience and a book.  =0)

Blogs and Wikis: Why just now?

Man, I am really enjoying having my own blog and wiki. It’s so addicting! And how I wish I had started a lot sooner. I can’t even imagine how much data I would’ve logged and shared if I had started sooner. Oh, well…it’s alright, the good thing is I’ve already started. No use on sulking over poured milk, ey…

According to Wikipedia, a blog or weblog is a user-generated website where entries are made in journal style and displayed in a reverse chronological order.

A wiki, on the other hand, is a website that allows visitors to add, remove, edit and change content, typically without the need for registration.

I use both: blog for my journal and wiki as my knowledge-base. =0)

OK, so here are my brief pros-and-cons thoughts regarding these technologies:

Pros: addicting, release for creativity, journal-like, forces you (as a by-product) to really think which will keep your mind sharp, writing skills increases, career-enhancing, allows you to share knowledge with others, empowers you to archive and organize knowledge and thoughts very well

Cons: time-demanding, addicting, must be focused on what posts you write, must be careful with what you say (read: employers)

As you can see, the pros outweigh the cons – this, of course, are my own personal thoughts on it. What I’m trying to say is, if used right, these two technologies can free you.

Lastly, to end this post, I share this article from Penelope Trunk‘s excellent career-oriented blog discussing why “Blogging is good for your career.”

Until the next, ciao!

iptables script

I’ve been running Fedora Core 1 for about, hmm…5 years(?) on my little ‘ole work-horse server, but this reliable/stable OS has started showing its age.  Repository issues, keeping software and everything else up-to-date.  Ugh.  =0( 

I was initially sold on installing RHEL ES 4 (I had the disks already), but my server had problems with the “transferring image to install…” phase.  So, I took it as a sign to stick with Fedora, which I was happy about since I’m used to it.  More importantly, however, it was an opportunity to try out the new Fedora Core release.

So with tools in hand, I backed up all my scripts and website files and installed Fedora Core 6 last night.  It took about 4 hours to install and configure – in fact, I started a “how-to” on my wiki, just in case I have to do it all over again.

OK, so enough of the rambling.  This post is, after all, about iptables (hats off to to the netfilter.org guys/gals and thanks to Dan Farino for helping out with this).  BTW, I had to disable the security firewall on Fedora to have more control over the firewall.

Steps to take:

  1. Open up a terminal
  2. cd /usr/local/src
  3. mkdir iptables
  4. vi iptables
  5. Copy and paste the script below
  6. chmod 777 scriptname
  7. ./scriptname

Verify no errors occurred, then once done, type the following:

tail -f /var/log/messages

From this point, watch for some interesting stuff.  =0)

Simple enough, huh?  Hopefully, you can make use of this script to build your personal *nix firewall.  Take care.

Make sure /proc/sys/net/ipv4/p_forward is ‘1’ and both ip_conntrack_ftp & ip_nat_ftp modules are loaded (use modprobe modulename).

#————————————————-#

# flush and delete chains
iptables -F
iptables -X
iptables -t nat -F

# default policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

iptables -t nat –policy PREROUTING ACCEPT
iptables -t nat –policy POSTROUTING ACCEPT
iptables -t nat –policy OUTPUT ACCEPT

# new user-defined chains
iptables -N tcp-state-flags
iptables -N fragments
iptables -N spoof
iptables -N syn-flood

iptables -N log-tcp-state
iptables -N log-drop-spoof

iptables -N log-input-accept

iptables -N log-input-drop
iptables -N log-fwd-drop

#————————————————-#

# input rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ! eth0 -j ACCEPT
iptables -A INPUT -p tcp -j tcp-state-flags
iptables -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -f -j fragments
iptables -A INPUT -m state –state NEW -j spoof
iptables -A INPUT -p tcp –dport 80 -m state –state NEW -j ACCEPT
iptables -A INPUT -j log-input-drop

# forward rules
iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -j log-fwd-drop

# output rules
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o eth0 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth1 -m state –state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state –state INVALID -j DROP

#————————————————-#

# tcp-state-flags rules
iptables -A tcp-state-flags -p tcp –tcp-flags ALL NONE -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags SYN,FIN SYN,FIN -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags SYN,RST SYN,RST -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags FIN,RST FIN,RST -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags ACK,FIN FIN -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags ACK,PSH PSH -j log-tcp-state
iptables -A tcp-state-flags -p tcp –tcp-flags ACK,URG URG -j log-tcp-state

# fragments rules
iptables -A fragments -f -j LOG –log-level info –log-prefix “___ipt:fragment___: “
iptables -A fragments -f -j DROP

# spoof rules
iptables -A spoof -s 127.0.0.0/8 -j log-drop-spoof
iptables -A spoof -s 10.0.0.0/8 -j log-drop-spoof
iptables -A spoof -s 255.255.255.255 -j log-drop-spoof
iptables -A spoof -s 0.0.0.0/8 -j log-drop-spoof
iptables -A spoof -s 169.254.0.0/16 -j log-drop-spoof
iptables -A spoof -s 172.16.0.0/12 -j log-drop-spoof
iptables -A spoof -s 192.0.2.0/24 -j log-drop-spoof
iptables -A spoof -s 192.168.0.0/16 -j log-drop-spoof
iptables -A spoof -s 224.0.0.0/4 -j log-drop-spoof
iptables -A spoof -s 248.0.0.0/5 -j log-drop-spoof
iptables -A spoof -s 240.0.0.0/5 -j log-drop-spoof

# syn-flood rules
iptables -A syn-flood -m limit –limit 1/s –limit-burst 4 -j RETURN
iptables -A syn-flood -j LOG –log-level info –log-prefix “___ipt-fw:syn-flood___: “
iptables -A syn-flood -j DROP

# log-tcp-state rules
iptables -A log-tcp-state -j LOG –log-level info –log-prefix “___ipt:invalid-tcp-flag___: “
iptables -A log-tcp-state -j DROP

# log-drop-spoof rules
iptables -A log-drop-spoof -j LOG –log-level info –log-prefix “___ipt:spoof,mcast___: “
iptables -A log-drop-spoof -j DROP

# log-input-accept rules
iptables -A log-input-accept -j LOG –log-level info –log-prefix “___ipt:input-accept___: “
iptables -A log-input-accept -j ACCEPT

# log-input-drop
iptables -A log-input-drop -j LOG –log-level info –log-prefix “___ipt:input-drop___: “
iptables -A log-input-drop -j DROP

# log-fwd-drop
iptables -A log-fwd-drop -j LOG –log-level info –log-prefix “___ipt:fwd-drop___: “
iptables -A log-fwd-drop -j DROP

#————————————————-#

# postrouting
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#————————————————-#

# activate rules
iptables-save
iptables-save > /etc/sysconfig/iptables
service iptables restart

#————————————————-#