Monthly Archives: October 2006

New Mobo/CPU

I’ve tried to see what sort of upgrades I can make to my old PC to keep it up-to-date. It currently uses the old socket motherboard for the older Pentium 4 CPU and, as I have come to realise, is pretty cheap. The same can be said of my 300W power supply unit, unfortunately. So, I have spotted the following parts from Memory Express:

  • Intel Core™2 Duo Processor E6600 2.4GHz w/ 4MB Cache – $389.95
  • MSI 975X Platinum v.2 w/ DualDDR2 800, 7.1 Audio, Gigabit Lan, SATA II, Dual PCI-E x16 – $229.95
  • Corsair 2GB XMS2-5400 TWIN2X Dual Channel DDR2 Kit (2 x 1GB) – $329.95
  • Enermax Liberty Modular Power Supply, 500W – $129.95

After receiving these new parts, I would generally follow the DIY TH guide for assembling a PC. Now the only puzzle that emerges from this seemingly simple upgrade is that, according to the Motherboard Forumz of Tom’s Hardware, a repair install will likely be necessary to make the OS functional. Other than the small, small hurdle of finding a WinXP Home CD for this “repair install”, I’m pretty sure there’s nothing else left to cover – other than the $1200 price tag.

Argh, this reminds me of the Futureshop salesman who sold the PC to me with the pitch that the unit would keep up with the technological advances for a long while. The only part of my PC that has kept up with the “technological advances” is the case. 300W!?! I suppose I can reuse it to make a budget computer later on.

Nike Commercial

I mentioned this the other day:


So…I try to download both Suse 10.1 and Kubuntu 6.06 via torrent and it turns out that there are no seeds for Suse. Ah well, as long as I get something that works it doesn’t matter what the distro is called…maybe. But if it’s called Devil 6.6.6. and it turns out that, while you try to install it on your computer, the kernal requires a human soul…would you give one for the distro? Or would you be inclined to give your soul away in order to discover whether or not souls exist? Of course, when you decide to give your soul away, it will turn out that souls are just discarded pen caps. That, and you left your pen cap in a garbage can back when you were in elementary school.

Yes…anyway, has anyone ever tried Cedega before? I’m curious, but all there is to go on are posts about Cedega and the well polished Cedega web site.

Also, this firewall script is from Linux Online, do you think there are any more tweaks required to make it better? I’m not familiar with all of the commands and options, but I can vaguely appreciate the gist thanks to the lessons.



# start by flushing the rules

## allow packets coming from the machine

# allow outgoing traffic

# block spoofing
$IPTABLES -A INPUT -s -i ! lo -j DROP

# stop bad packets
$IPTABLES -A INPUT -m state --state INVALID -j DROP

/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
# stop Xmas Tree type scanning
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL ALL -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# stop null scanning
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags ALL NONE -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
/sbin/iptables -A INPUT -i eth0 -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
# stop sync flood
/sbin/iptables -N SYNFLOOD
/sbin/iptables -A SYNFLOOD -p tcp --syn -m limit --limit 1/s -j RETURN
/sbin/iptables -A SYNFLOOD -p tcp -j REJECT --reject-with tcp-reset
/sbin/iptables -A INPUT -p tcp -m state --state NEW -j SYNFLOOD
# stop ping flood attack
/sbin/iptables -N PING
/sbin/iptables -A PING -p icmp --icmp-type echo-request -m limit --limit 1/second -j RETURN
/sbin/iptables -A PING -p icmp -j REJECT
/sbin/iptables -I INPUT -p icmp --icmp-type echo-request -m state --state NEW -j PING

## What we allow

# tcp ports

# smtp
$IPTABLES -A INPUT -p tcp -m tcp --dport 25 -j ACCEPT
# http
$IPTABLES -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
# pop3
$IPTABLES -A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
# imap
$IPTABLES -A INPUT -p tcp -m tcp --dport 143 -j ACCEPT
# ldap
$IPTABLES -A INPUT -p tcp -m tcp --dport 389 -j ACCEPT
# https
$IPTABLES -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# smtp over SSL
$IPTABLES -A INPUT -p tcp -m tcp --dport 465 -j ACCEPT
# line printer spooler
$IPTABLES -A INPUT -p tcp -m tcp --dport 515 -j ACCEPT
# cups
$IPTABLES -A INPUT -p tcp -m tcp --dport 631 -j ACCEPT

## restrict some tcp things ##

# ssh
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 22 -j ACCEPT
# samba (netbios)
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 137:139 -j ACCEPT
# ntop
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 3000  -j ACCEPT
# Hylafax
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 4558:4559 -j ACCEPT
# webmin
$IPTABLES -A INPUT -p tcp -m tcp -s --dport 10000  -j ACCEPT

# udp ports
$IPTABLES -A INPUT -p udp -m udp --dport 53 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --dport 67:68 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --dport 123 -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --dport 161:162 -j ACCEPT

## restrict some udp things ##

# Samba (Netbios)
$IPTABLES -A INPUT -p udp -m udp -s --dport 137:139  -j ACCEPT
$IPTABLES -A INPUT -p udp -m udp --sport 137:138 -j ACCEPT

# finally - drop the rest

/sbin/iptables -A INPUT -p tcp --syn -j DROP

Is there a simple way to block a large number of IPs without typing them all in manually? Will that slow down the firewall? Would I be better off using PeerGuardian Linux to block IPs with?

Finally, can Linux users edit a HOSTS file like one would for Windows? Where would it be?

South Park: WOW Episode

The episode has been divided into three parts. Thank you, youtube.

Part One:

Part Two:

Part Three:

The Brave Who Dive Head First

I do not like Motley Fool, but the site can occasionally provide a link that leads to something interesting. This time I found a link to, which is a blog of “a 24-year-old aspiring real estate investor from Sacramento CA.” Unfortunately, according to the Fool article, the author of is down two million dollars and has decided to share his aftermath in a blog. Though I share many of the sentiments posted by iamfacingforeclosure’s anonymous blog readers, you still have to credit the man for his daring. Sure, he likely duped the banks for his start-up capital, ruined his future, and left himself at the mercy of unforgiving blog roamers, but he still has his life dammit.  Who knows?  Perhaps the man will turn his fortunes around.

Maybe not.  My bet is he’s screwed.  The entire story and blog is like a terrible car crash. I’m just thankful I decided to take my stock enthusiasm slowly. Hurray for simulations!

By the way, I put up a link to the stock contest and my new VSE portfolio for convenience. Enjoy!

Dark Crusade

Looks very good.

D&D, Anything Goes?

Not work safe.