In software a queue is a container which is used to add items on one side and remove them on the other in a very efficient manner.
When used by a Journal, a queue is often going to support some kind of sorted order. Some jobs are more important than others and these should be built sooner. In other words, we give those jobs a higher priority and we sort the queue by priority first then using the time at which the job gets inserted.
Note that the C++ std::queue and std::unque containers do not offer anyway to support a priority. Instead you have to use ...
SECURITY WARNING
Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:
iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP
This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.
That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.
Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:
*filter :DOCKER-USER - [0:0] -A DOCKER-USER -j early_forward -A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP -A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP -A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP
My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.
Then I have three rules that block port 80, 8080, and 8081 from Docker.
Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.
Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.
As we are helping various customers, we encounter new technologies.
In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.
Here is yet another example of why opensource is a really good way of getting things fixed.
Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.
In our case, a security professional, Mike Salvatore, was asked ...
Once in a while someone will ask me which book is best to start learning programming. The fact is that I do not know because I'm already an advanced programmer and it's rather difficult for me to get back to the basics (it feels like a waste of my time, sorry...)
That being said, at Made to Order Software, we've mainly been a C++ shop. We also do a lot of C, PHP, JavaScript and touch many other languages as required by the tasks we perform (bash, cmake, perl, C#, Java, etc.)
That being said, I wanted to underline some of the best C++ books available today. Especially, in the last ...
The CRISC, also known as Certified in Risk and Information Systems Control, is a vendor-neutral certification that validates a professional’s knowledge and experience in the fields of information system control & risk management. The certificate is developed and administered by ISACA and designed for the individuals who work with organizations in mitigating business risks and implement information system controls.
Organizations in today’s world must consistently enhance their infrastructure so that they can survive and thrive in today’s competitive environment. It is a ...
I have seen many people retweeting like crazy and I've noticed that once in a while these people have been retweeting the exact same tweet more than once.
I'm pretty sure that in most cases these people ignore the fact. Personally I find their twitter feed annoying because of that. Retweeting is totally okay, it's sharing what others have tweeted and there is nothing wrong with it. However, seeing the exact same tweet 2, 3, 4, or even 5 times pretty much in a row is rather bad taste. I understand that this very tweet is super ...
Last updated in Dec 31, 2017 as many things have changed.
Not only that, I also noticed that "dead" accounts are not always really dead.
Read below to learn more.
I was slowly nearing 5,000 friends when all of a sudden I had 5,089!
Wondering what was happening, a post on the Blackhat World forum caught my eye as someone mentioned the fact that he had 5,700 friends. The answer was that deactivated friends do count against your 5,000 friends limit. They are counted as part of your friends even though they do not have an account anymore and they don't get automatically removed ...
The PHP eFax system uses a class that ease the communication between your software and eFax. The developer system is not too complicated, but there are tricks to it and the class hides most of them.
Today a customer contacted us as they just purchased a copy of our PHP library and had problems sending faxes. The fact is that they used the set_fax_id() function with a hard coded string. Imagine doing something like:
$efax->set_fax_id("Test Fax");
This looks pretty good, only after the second time the sending of the fax will fail because eFax considers that it was already ...
As e-Fax is updating their systems further to be compliant with various security systems, some new problems may arise on your servers.
The main one is an SSL error that is quite unclear.
Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /path-to-php-efax/http_request.php on line 294
As we can see, the error mentions a server certificate function and says it could not verify a certificate.
If your server is not 100% up to date with newest SSL versions or your web ...
Also many reCAPTCHAs are being bypassed, it still work against many robots, although newer robots use Artificial Intelligence and they are quickly able to bypass most of the reCAPTCHAs.
At some point, the main reason for the bypass was the fact that some people were getting paid to resolve those reCAPTCHAs. In other words, some people were offered the job to do just that! They go to a computer, resolve many reCAPTCHAs and get paid something like 2 cents per successful resolutions. The result is that websites with reCAPTCHAs still receive a lot of spam!
In 2017, it looks like such ...