project

What kind of test do I need for my software?

Sun, 04/16/2023 - 11:27 — Alexis Wilke

Perfect Testing in Software

Introduction

Most software companies run in that dilemma. In order to write software that works, you want to write some tests. The question for many of these companies is: what kind of tests are most efficient for my business?

Here we talk about seven common test practices in the software industry.

1. Unit Testing

Probably the most used form of testing is Unit Testing. This is easy to write and very effective in discovering bugs. If you are looking at verifying correctness, this is 100% what you need to have to test your software.

Why is it easy to write?

In most cases, Unit ...

Metaprogramming in C++ to create functions that depend on their input parameters

Sat, 03/26/2022 - 11:48 — Alexis Wilke

I've been using metaprogramming for a while now. An interesting aspect to the ability to define an invalid (unavailable) type, allows you to declare functions that do not get selected by the C++ template system.

The following is a simple example where you want to test a version where the major, minor and patch version numbers are defined as an undefined type T which could be a signed or an unsigned type while compiling. If unsigned, the return value < 0; statement will generate a warning and for safer programming, you should not allow any warnings (we use the -Werror command line ...

What is a Golden File in software development?

Mon, 03/14/2022 - 12:34 — Alexis Wilke

Golden Files to run your test with large input and output data While programming, one of the best thing to do to make sure that your software works as expected is to write tests.

Actually, if you write enough tests to make sure that the code works as expected, it should take you between two and three more time to finish up your project. So if it takes you one day to write a function, it will take you another two days to write good tests for that one function.

Many of those tests, especially as you construct more and more complex software, require large amount of input and output data. It's easy enough to test a function such as strlen(). It has one ...

Docker, an advanced chroot utility

Fri, 11/29/2019 - 19:09 — Alexis Wilke

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Help with version 0.1.7 of Zipios (CVE-2019-13453)

Fri, 07/12/2019 - 17:45 — Alexis Wilke

Here is yet another example of why opensource is a really good way of getting things fixed.

Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.

In our case, a security professional, Mike Salvatore, was asked ...

Table of Contents Settings

Filter Configuration

At this point, most of the Table of Contents configuration is done in the Table of Contents filter.

This means multiple Input formats allow you to make use of several different configurations.

End

Read more

To Do List (The module —)

To Do List is a Drupal module allowing users to create lists of things to do. A small project management system if you wish.

The latest version includes many features including a block, views support and basic actions support.

The permission model makes the To Do Items hidden but to the few who are given the right to see the To Do List. This is quite useful to work with Organic Groups and other similar advanced Drupal features.

The following pages explain how to use this module to its full extend. With the use of some other modules, it is possible to build a quite robust project system. ...

Projects Similar to Insert Node

Link Node

There is a Link Node project that can be used to generate a link to a node using the node title or another user specified title.

This is similar to using the following with Insert Node:

   [node:<name> title=<my link>;]

Insert View

If you want to include a view, use the insert_view module instead.

Insert Block

If you want to include blocks in your nodes (or other blocks, scary, hey?!), use the insert_block module instead.

If you know or have a similar project, please, feel free to post a comment below and I will add it to the list.

Thank ...

The SSWF Project

The SWF Reference by Alexis is part of the free SSWF project.

This documentation is intended for people who want to program a Flash player, editor, or some similar tool handling Flash data.

The project comes with a complete C++ library that is designed to greatly simplify the generation and loading of Flash files.

Add new comment

SWF Action 3 (swf_action3)

SWF Structure Info

Tag Flash Version:

9

SWF Structure:

Not documented here yet.

Since Flash version 9, actions can be saved in a new format named abcFormat by the Tamarin project from the Mozilla organization.

The code itself (action script) is the same, but the structure of an swf_action3 holds object oriented information about classes, methods and such in a really clean way (really! in comparison to the old way, that's dead clean!).

At this time, the swf_action3 structure is documented in the abcFormat.html file.

I will duplicate and test the structures at a later time.