Sunday, May 31, 2009

Managing your wealth with Buddi Day 1: Installation day

Have you ever notice how much have you been spent monthly on shopping? or how much have you been spent on food? If not, then you need buddi. I read the review of buddi on Info Linux (Indonesian open source magazine). I think I will try this to see my spending. I used to be using Excel. It was good but I was too lazy to update it. Anyway, let's try it:

1. Download buddi from its website. It is available for Windows, MacOS and Linux. The main reason why I want to try this is that buddi is developed using Java. I choose to try this on Windows 7 RC, so I download the Windows version.

2. After finished download it, run the installer. It is very easy, just run it and accept all default values.

3. Buddi is now already installed on my Windows 7 machine. Run Buddi, you will be welcomed with "Make a donation" page, simply click on "Not now" (please make a donation if you think it is helping you. Disclaimer: I am not having any kind of relationship with this product or the eprson behind it. Just think that it would be nice to encourage the developer in maintaning and further developing this product).

That is for now, today I will check all of my bank accounts so I can input my "wealth".

Saturday, May 30, 2009

Symfony of Love Day 2: Business Case

On the day 1, I already defined the simple requirements for my new project. Now, going further to define the business case. I made an observation on how my wife running the business. Below are the scenario,

1. Items are coming from the supplier.

a. When items are coming from supplier, their information should be recorded into the system. The important information are Item name, description, weight, photo (yes, it would be nice to have the picture of it), purchase price, quantity, minimum stock level for re-ordered and also the storage location if already decided. Otherwise, a default location would be supplier by the system.

b.When the item is not yet in the system, there should be a new window displayed to record the information of the new item.

c. After all items have been recorded, a summary page is displayed listing all items received from a supplier, then supplier information is also entered including the shipping cost.

d. Next step is to determine the sale price. The items are displayed in a table contains information about purchase price, shipping cost, suggested sale price (5% profit, 10%profit, 15% profit, 20% profit, 25% profit, 30% profit, 40% profit and 50% profit). The last column would be final sale price.

e. After sale prices are determined. The process is finished and back to main menu.


2. Customer makes a purchase.

a. When customer makes a purchase, a window displayed to provide the operator to record the items to be delivered to the customer. The information needed is item id/name, quantity and delivery date, due payment date, the customer information and also the payment method.

b. After all information required are recorded, operator should be able to print out the invoice. Two invoices are generated. One with the "Copy" watermark and the other one is "Paid" watermark.


3. Management.

a. CRUD of items (stock management), customers and payment method.


I know, probably this is what I would not do in the real business case. However, I am short of time at the moment ;( so that's all for today.

Thursday, May 28, 2009

Symfony of Love Day 1: Introduction

Why I called this project as Symfony of love? There are two reasons, first and the most important one is because I dedicated this project to my wife and second, I hope I can learn Symfony.


Background:

It has been few years that my wife is running her business from home. She sometimes asks for a software to help her in managing her business to replace her old excel system. I called it an excel system, since it is actually a system that is utilizing excel. Not the excel is the core of the system, but how she defined the procedures and utilized the sheets to do the calculation are the core of the system. Remember, excel is only the tool. One day, when we do not have access to excel, she can open and run it in OpenOffice Calc (good to hear!).


Objective:

Create a system to help small business in managing stock, price and orders. I know there are many and probably better solution for her (and others) but making one for your special one is very special!!!


Requirements:

I make it as simple as possible for the version 0.1:

R1. The system shall be able to be used to manage the stock of a product including its location. A notification will be issued when an item has reached a certain level thus need to be reordered.

R2. The system shall be able to be used to manage orders from clients including the their payment information.

R3. The system shall be able to be used to help in calculating the selling price.


I know they are still very broad requirements and i will make them more detail and clear in the business case on the next day.

Secure VPS Day 2: IPTables

I got a problem. Unfortunately, IPTables are not included in the Ubuntu kernel on the vps I used. Activate it would take some time, so I decided to reinstall my vps and use Debian 4 image instead. The steps for day 1 are the same as in ubuntu, only that sudo package is not installed by default. Install it by running:

debian:~# apt-get sudo


Now, check the iptables configuration:

cath@debian:~$ sudo iptables -L

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cath@debian:~$


Save old configuration (if any, usually the rules is still empty):

cath@debian:~$ sudo iptables-save > /etc/iptables.up.rules


Create new rules:

cath@debian:~$ sudo vim /etc/iptables.test.rules

*filter

# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

# Accepts all established inbound connections
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allows all outbound traffic
-A OUTPUT -j ACCEPT

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT

# Allows SSH connections
#
# THE -dport NUMBER IS THE SAME ONE YOU SET UP IN THE SSHD_CONFIG FILE
#
-A INPUT -p tcp --dport 2987 -j ACCEPT

# Reject ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT

# log iptables denied calls
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy
-A INPUT -j REJECT
-A FORWARD -j REJECT

COMMIT


Use above rules in iptables:

cath@debian:~$ sudo iptables-restore < /etc/iptables.test.rules


Check it to see the differences:

cath@debian:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
REJECT 0 -- anywhere loopback/8 reject-with icmp-prt-unreachable
ACCEPT 0 -- anywhere anywhere state RELATED,ESTALISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:www
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:2987
REJECT icmp -- anywhere anywhere icmp echo-request eject-with icmp-port-unreachable
LOG 0 -- anywhere anywhere limit: avg 5/min brst 5 LOG level debug prefix `iptables denied: '
REJECT 0 -- anywhere anywhere reject-with icmp-prt-unreachable

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-prt-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
cath@debian:~$
cath@debian:~$
cath@debian:~$ cath@debian:~$ sudo vim /etc/iptables.test.rules
-su: cath@debian:~$: command not found
cath@debian:~$


Finally, test it:

Pinging ppa16.vpsfarm.com [209.9.227.210] with 32 bytes of data:
Reply from 209.9.227.210: Destination port unreachable.
Reply from 209.9.227.210: Destination port unreachable.
Reply from 209.9.227.210: Destination port unreachable.
Reply from 209.9.227.210: Destination port unreachable.

Ping statistics for 209.9.227.210:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),


There it is for day 2. I am searching again for other tips and tricks to secure our vps. Till then, good bye for now!

Wednesday, May 20, 2009

Secure VPS Day 1: Use different port for SSH

One of my commercial project requires me to setup TRAC to manage the development phase. Hence, I need to secure my server that will host TRAC. I understand this is only basic but should be enough to start with.

Today, I will redirect the SSH to use other port. The idea behind it is that they way to login to the server needs IP Address (hostname), port number, username and password. IP Address/hostname you cannot do anything with this since this is the location of the server. Barebone VPS will use default values for port number (=22) and username (=root). There only left the password is unknown to the public. However, if we change the port number and not permitting root to login via ssh, instead using other user. We can DELAY people to get into your server. I said DELAY because it would be not too dificult to get the port number.

Step 1: login to your vps. I am using VPSFarm again. Check you email to get the password.


Step 2: Change the password to make it easier to you to remember but harder for other people to guess.

To access official Ubuntu documentation, please visit:http://help.ubuntu.com/
root@ubuntu-pristine:~# passwd
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@ubuntu-pristine:~#


Step 3: Add a new user specially for SSH connection, I would give it a name "onin".

root@ubuntu-pristine:~# adduser onin
Adding user `onin' ...
Adding new group `onin' (1000) ...
Adding new user `onin' (1000) with group `onin' ...
Creating home directory `/home/onin' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
password updated successfully
Changing the user information for onin
Enter the new value, or press ENTER for the default
Full Name []: Onin
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root@ubuntu-pristine:~#


Step 4: Change SSH setting.

root@ubuntu-pristine:~# vim /etc/ssh/sshd_config

Set these values to:
Port 2987(change to your choiche, on mine it is on line #5 )
PermitRootLogin no (line #26)
X11Forwarding no (line #62)
UsePAM no (line #77)
AllowUsers onin (added new on line #78)


Step 4: Restart SSH server. Do not close this session, for backup connection if somehow your new ssh setting does not work.

a. Test to connect to the server again using old setting, result: does not work! (as expected).
b. Login to the server again to the port 2987 user "root": does not work! (as expected).

login as: root
root@ppa16.vpsfarm.com's password:
Access denied

c. Login to the server using port 2987 and user "onin" : WORKING (hurray!).


Step 5: Now, you are on the server. You have a choice to :
a. sudo su
b. create another user and give this user "admin" rights (the reason, ubuntu usually discourage you work as root and prefer we work using a user with admin rights):

root@ubuntu-pristine:~# su -l root
root@ubuntu-pristine:~# adduser cath
Adding user 'cath' ...
Adding new group 'cath' (1001) ...
Adding new user 'cath' (1001) with group `cath' ...
Creating home directory `/home/cath' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
password updated successfully
Changing the user information for cath
Enter the new value, or press ENTER for the default
Full Name []: Cath
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
root@ubuntu-pristine:~# visudo

The content of mine
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults env_reset

# Uncomment to allow members of group sudo to not need a password

# %sudo ALL=NOPASSWD: ALL

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root ALL=(ALL) ALL
cath ALL=(ALL) ALL <-- add "cath" to here!


I opt b) for future references. That's all for today. See you next time!

Monday, May 18, 2009

idle for almost a year.....

It has been almost a year now, I did not touch my blog. Work and work and work..... :( But somehow, I feel that I want to do some personal projects again. I am thinking of starting

1) Symfony of Love
2) Free Programmer School
3) Pray on the Ice

What are they? Just wait and see .......