Made to Order Software Corporation Logo

software

Don't Repeat Yourself When Writing Software

Nature tends to repeat itself, or reproduce with similar structure, but code should not.

For a very long time now, we have been using languages that support having functions that one can call. That was not always the case, although even really old versions of BASIC had a GOSUB instruction, which it had no concept of local variables so it was rather difficult to use safely.

Functions allow you to avoid repetition. You write a small snippet of code (or maybe not that small) within a function and then you call that function to reuse that snippet over and over again. Good programmers tend to do that even with one liners. However, many others often think: well, it's just one line, why don't I return copy & paste that wherever I need it, it's going to be faster.

Safely Processing a Queue of Jobs

What is a Queue

In software a queue is a container which is used to add items on one side and remove them on the other in a very efficient manner.

Sorted Queues

When used by a Journal, a queue is often going to support some kind of sorted order. Some jobs are more important than others and these should be built sooner. In other words, we give those jobs a higher priority and we sort the queue by priority first then using the time at which the job gets inserted.

Note that the C++ std::queue and std::unque containers do not offer anyway to support a priority. Instead you have to use ...

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Help with version 0.1.7 of Zipios (CVE-2019-13453)

Here is yet another example of why opensource is a really good way of getting things fixed.

Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.

In our case, a security professional, Mike Salvatore, was asked ...

Best C++ Books

Once in a while someone will ask me which book is best to start learning programming. The fact is that I do not know because I'm already an advanced programmer and it's rather difficult for me to get back to the basics (it feels like a waste of my time, sorry...)

That being said, at Made to Order Software, we've mainly been a C++ shop. We also do a lot of C, PHP, JavaScript and touch many other languages as required by the tasks we perform (bash, cmake, perl, C#, Java, etc.)

That being said, I wanted to underline some of the best C++ books available today. Especially, in the last ...

No more excuses! Protect your passwords on your computer with strong encryption.

More and more, we hear talks about hackers entering personal accounts on systems such as Facebook, Twitter, Instagram and many others. There are many reasons why someone's account will be hacked. One of them is the lack of imagination for their password. Plus, some people use the same password for all of their accounts.

So, if you do it right, you will end up with many passwords. On my end, I have one password per account and that means about 400 passwords... That's totally unmanageable in a fairly standard human brain. For this reason, you end up writing down all your passwords on ...

Massive Bug in Intel, AMD, ARM and other Processors in Handling VM Memory

In the last few days, we started hearing about a massive bug in the implementation of the VM memory handling.

Intel has been frantically working on fixing host machines kernels in order to prevent one VM from accessing the memory of other VMs that run on the same machine.

Of course, most users are not going to attempt to read someone else memory so in that sense, most of us are relatively safe. But all of those who are not so lucky and have uninvited guests on their systems are running at very high risk. The information available from Intel says the memory is accessible only in Read mode. ...

The set_fax_id() function PHP e-Fax must be given unique IDs, each time.

Fax button on an old type of fax machine

The PHP eFax system uses a class that ease the communication between your software and eFax. The developer system is not too complicated, but there are tricks to it and the class hides most of them.

Today a customer contacted us as they just purchased a copy of our PHP library and had problems sending faxes. The fact is that they used the set_fax_id() function with a hard coded string. Imagine doing something like:

$efax->set_fax_id("Test Fax");

This looks pretty good, only after the second time the sending of the fax will fail because eFax considers that it was already ...

Domains For Sale

Once in a while Made to Order Software Corporation has a domains for sale. You will find here the list of such domains when some are available. Click on the links to contact us in regard to such and such domain.

http://www.freehardwarefoundation.org/

http://www.valleyseo.net/

http://www.faxnowonline.com/

http://smsfromme.com/

If you have any question in that regard, feel free to contact us.

Security Issue in many mail systems

It always amazes me when one finds a security issue that looks like something that should never have happened in the first place.

This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.

He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.

For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.

A ...