Made to Order Software Corporation Logo

development

Docker, an advanced chroot utility


Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Best C++ Books

Once in a while someone will ask me which book is best to start learning programming. The fact is that I do not know because I'm already an advanced programmer and it's rather difficult for me to get back to the basics (it feels like a waste of my time, sorry...)

That being said, at Made to Order Software, we've mainly been a C++ shop. We also do a lot of C, PHP, JavaScript and touch many other languages as required by the tasks we perform (bash, cmake, perl, C#, Java, etc.)

That being said, I wanted to underline some of the best C++ books available today. Especially, in the last ...

Upgrade to PHP 5.3.3 or newer because of security issue

If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:

sudo apt-get install php5-suhosin

This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.

What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from ...

What are yellow pages good for?

Since I work a lot with the Internet, I often have people asking me whether the Yellow Pages are still useful...

The fact is, there are still many people using the Yellow Pages. Most advanced geek will use an online directory such as superpages.com. Yet, for certain things such as looking for a plumber, people still use the Yellow Pages.

So, how do I choose whether to have an ad in the Yellow Pages?

Simple! Take the latest Yellow Pages book you've received and look under your category and see what your competition does. If you have 1 or more full page advertiser, you bet that you have ...

Creating Groups with Taxonomy VTN

Taxonomy VTN adds many fields in your taxonomy forms. When editing your taxonomy, one field is called Taxonomy VTN Group. This field is used to group different vocabularies (i.e. taxonomies) together in a group.

Screenshot of Taxonomy VTN Group setup field. Click to enlarge.The field accepts one or more group names. The names are case insensitive and are separated by commas. For instance, you could have three names such as: Kitchen, Utensils, Stainless Steel. Then another vocabulary could mention Kitchen and yet another Utensils, Wood.

The groups change the display in the Taxonomy VTN root page. A specific group can also be accessed using the URL:

odbcpp, a simple C++ library to access ODBC

$395.00

Representation of an ODBC Database

 Get a Commercial License 
odbcpp is a strong C++ wrapper for ODBC.

 

The ODBC library is an interesting concept created by Microsoft in 1988. It is a library that wraps the implementation details of database managers inside drivers. And these drivers are accessible from the library.

One of the main problem with accessing any database system, is the large number of possible failures. Handling those ...

$395.00

A new concept: Throwaway Software.

More and more, people are learning new software as they go. A few will stick to one software for a long time simply because it is easier, but changing is easy too, especially if the new system is easy to use.

But how do you produce throwaway software? And is it worth the trouble?

As we see things evolving, more and more, people want to use software anywhere they go. This means software that runs on the Internet in some ways. For instance, you can use Google Map anywhere you go, as long as you have a computer to access the Internet.

About Us

Here you will find a few of the software solutions that have been made possible by Made to Order Software Corporation. Feel free to contact us for more information.

Snap! Websites

Made to Order Software created Snap! Websites, a CMS system, which allows customers to create their own websites, hosted on our servers.

The new version of Snap! is actually Open Source. You can find more information about Snap! Websites Open Source on the Snap! Website a C+ CMS website.

A few customers using our old Snap! offer include:

Order ...

Skills at Made to Order Software Corp.

Since 1999, Made to Order Software has served its customers using its extensive set of skills. The following is an incomplete list of our skills. Please, feel free to Contact Us if you have any question.

Software Consulting Services

Robot arm by Schilling RoboticsMade to Order Software Corporation offers software consulting, analysis, and development services at any stage of a project. Our analysts can provide you well-defined and thorough user and developer documentation for your project in a timely manner. We can determine the skill set necessary to accomplish the goals of the project, and maximize the number of workers on the project to shorten the development period.

From simple applications to complex e-Business solutions through realtime software and complex database systems, our people work at your convenience—in your office or ours.

ScreenWRITER television system ...