Made to Order Software Corporation Logo

build

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Deleting a (Duplicate) Retweet from your Twitter Feed

Double Retweeting and How to Avoid Over-Duplication

I have seen many people retweeting like crazy and I've noticed that once in a while these people have been retweeting the exact same tweet more than once.

I'm pretty sure that in most cases these people ignore the fact. Personally I find their twitter feed annoying because of that. Retweeting is totally okay, it's sharing what others have tweeted and there is nothing wrong with it. However, seeing the exact same tweet 2, 3, 4, or even 5 times pretty much in a row is rather bad taste. I understand that this very tweet is super ...

To Do Block

Installation

Go to Administer » Site building » Modules and click on To Do Block to install the Block extension for the To Do module.

To Do List (The module —)

To Do List is a Drupal module allowing users to create lists of things to do. A small project management system if you wish.

The latest version includes many features including a block, views support and basic actions support.

The permission model makes the To Do Items hidden but to the few who are given the right to see the To Do List. This is quite useful to work with Organic Groups and other similar advanced Drupal features.

The following pages explain how to use this module to its full extend. With the use of some other modules, it is possible to build a quite robust project system. ...

Upgrading from version 1.0/1.1 to 1.2 or newer (or -dev) for Drupal 6.x users

I changed the name of the module back to InsertNode (although I did not want to, I did not want to jeopardize the Drupal 5 version... which would probably have been fine, but well...)

So, the newer version of the D6 module is again called InsertNode.

To upgrade you will want to keep the other version running until you get the new version as the replacement (although you can manage your site the way you'd like this procedure let you switch from the previous version to the new version without having to turn off your site for a little while.)

  1. Extract the new version, it adds InsertNode ...

InsertNode Installation

Decompress the module in your sites/all/modules folder.

Go to admin/build/modules (Admin » Site Building » Modules) and select the new module (under package named "Filters input".)

Go to admin/settings/filters (Admin » Site Configuration » Input formats) and select the Insert node filter1.

Make sure that the text areas using the [node:...] tag make use of one of the formats having this Insert node filter ...

  • 1. It is suggested that you create a new format if you are to use this filter only on a few pages. This way, you avoid wasting time on all pages.

ProductInfo

Tag Info
Tag Number: 
41
Tag Type: 
Define
Tag Flash Version: 
3
Brief Description: 

This tag defines information about the product used to generate the animation. The product identifier should be unique among all the products. The info includes a product identifier, a product edition, a major and minor version, a build number and the date of compilation. All of this information is all about the generator, not the output movie.

Tag Structure: 
struct swf_metadata {
	swf_tag			f_tag;		/* 41 */
	long			f_product_id;
	long			f_edition;
	unsigned char		f_major_version;
	unsigned char		f_minor_version;
	long long		f_build_number;
	long long		f_compilation_date;
};

The ProductInfo tag stores information about the tool used to generate the Flash animation. This is ignored by flash players (unless it knows of problems in the generators...)

The f_product_id is expected to be a unique identifier for all the products which can possibly generate an SWF output file.

Space going green!

Today, the only way to go in Space is to use rockets or fast planes (although the latter does not get you as far as needed to reach even the IST.) Either one of those uses a tremendous amount of quite poluting carburant.

In the future, however, we definitively need to find a way to build an elevator. The building of such a structure has not started though. At this time there are two main reasons why: (1) we think we do not have the technology, and (2) what we have thought about can break with the consequences of getting the debris all over Earth and that could be quite dangerous.

Now there ...

Adding a header & footer in a Cute Menu dropdown

Image & text at the top and bottom

The Cute Menu Module is all about making your menu look cute... This is achieved, in part, by the nice top bar, and a gradient in your dropdown. But what makes it even better are the images that you can make appear inside your menus.

There are two areas for that purpose: the Header and the Footer. Both are handled the same way, it is just a flag in your menu item that changes between one and the other.