Made to Order Software Corporation Logo

replace

Best way to setup a VirtualBox to avoid system crashes on a reboot

Broken Hard Drive reminds of of Broken Eggs

We now use permanent VirtualBox OSes to run part of our infrastructure.

We ran in all sorts of issues with those, but one thing for sure is that you do not want your OS hard drive to fill up because a (re)boot may not be possible after that. This is because the drive is likely to go bust if completely full.

You should, of course, have tools to let you know how filled up your hard drive is to make sure to catch such issues early. In our case, we had a Jira instance that filled up the drive mainly because we made one backup of the database per day. One day, one of those backup ended that ...

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

PHP eFax requires "ssl://" on RedHat EL7 and Ubuntu

We found out today that RedHat LE7 requires the use of the "ssl://" protocol instead of the default "tls://". The error we are getting from PHP looks like this:

PHP Warning:  stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages:
error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version in .../lib/http_request.php on line 294
PHP Warning:  stream_socket_client(): Failed to enable crypto in .../lib/http_request.php on line 294
PHP Warning:  stream_socket_client(): unable to connect to tls://secure.efaxdeveloper.com:443 ...

Simplemenu Settings

Menu Settings

Menu

Select the menu to be displayed as the Simplemenu. By default, we display the Navigation Menu which makes the most sense for administrator (as the Simplemenu was primarily created for administrators wanting to quickly go to all administration pages.)

Theme

Select a theme to display your Simplemenu items and dropdowns. The default is called original.

The themes reside in the module sub-folder named themes. Each theme is defined in a specific directory named after the theme. That name is what appears in the dropdown in the settings.

It is possible to add new themes as

Insert Node Parameter: override (6-1.3) [special]

WARNING

This parameter is considered a security hazard. There is an option in your format definition that you have to turn on in order for the feature to work. When not selected, override is ignored. Only allow this feature in an input filter where you can trust users 100%.

One can use the override parameter to replace the expected data with their own data. Although one would think using the data directly would work as well, there are cases when this is useful.

By default the InsertNode module gets data from the $node object as defined by the system. At times, the data available in the

Table of Contents Settings

Filter Configuration

At this point, most of the Table of Contents configuration is done in the Table of Contents filter.

This means multiple Input formats allow you to make use of several different configurations.

PlaceObject2

Tag Info
Tag Number: 
26
Tag Type: 
Define
Tag Flash Version: 
3
Brief Description: 

Place, replace, remove an object in the current display list.

Tag Structure: 
struct swf_placeobject2 {	/* and swf_placeobject3 */
	swf_tag			f_tag;		/* 26 or 70 */
	/* NOTE: the following flags can be read as one or two bytes also */
	if(version >= 8) {
		unsigned	f_place_reserved : 5;
		unsigned	f_place_bitmap_caching : 1;
		unsigned	f_place_blend_mode : 1;
		unsigned	f_place_filters : 1;
	}
	if(version >= 5) {
		unsigned	f_place_has_actions : 1;
	}
	else {
		unsigned	f_place_reserved : 1;
	}
	unsigned		f_place_has_clipping_depth : 1;
	unsigned		f_place_has_name : 1;
	unsigned		f_place_has_morph_position : 1;
	unsigned		f_place_has_color_transform : 1;
	unsigned		f_place_has_matrix : 1;
	unsigned		f_place_has_id_ref : 1;
	unsigned		f_place_has_move : 1;
	unsigned short		f_depth;
	if(f_place_has_id_ref) {
		unsigned short		f_object_id_ref;
	}
	if(f_place_has_matrix) {
		swf_matrix		f_matrix;
	}
	if(f_place_has_color_transform) {
		swf_color_transform	f_color_transform;
	}
	if(f_place_has_morph_position) {
		unsigned short		f_morph_position;
	}
	if(f_place_has_name) {
		string			f_name;1
	}
	if(f_place_has_clipping_depth) {
		unsigned short		f_clipping_depth;
	}
	/* 3 next entries since v8.0 */
	if(f_place_filters) {
		unsigned char		f_filter_count;
		swf_any_filter		f_filter;
	}
	if(f_place_blend_mode) {
		unsigned char		f_blend_mode;
	}
	if(f_place_bitmap_caching) {
		/* WARNING: this is not defined in the Macromedia documentation
		 * it may be that it was part of the blend mode whenever the person
		 * who defined this byte was testing (I copied that from somewhere else!).
		 */
		unsigned char		f_bitmap_caching;
	}
	/* since v5.0 */
	if(f_place_has_actions) {
		unsigned short		f_reserved;
		if(version >= 6) {
			unsigned long	f_all_flags;
		}
		else {
			unsigned short	f_all_flags;
		}
		swf_event		f_event[<variable>];
		if(version >= 6) {
			unsigned long	f_end;	/* always zero */
		}
		else {
			unsigned short	f_end;	/* always zero */
		}
	}
};
  • 1. Assuming that this PlaceObject2 references a DefineSprite, this name becomes the name of this instance of the sprite. This feature enables you to place the same DefineSprite multiple times in your display list each time using a different name.

This tag will be used to specify where and how to place an object in the next frame. The PlaceObject is much different and is presented separately.

The f_depth field is used to indicate at which depth the character is inserted in the current frame. There can be only one object per depth value (thus a maximum of 65536 objects can appear on a single frame).

The f_place_has_move and f_place_has_id_ref flags are used to indicate what to do at the given depth. The following table presents what happens depending on the current value.

f_place_has_move ...

RemoveObject

Tag Info
Tag Number: 
5
Tag Type: 
Display
Tag Flash Version: 
1
Brief Description: 

Remove the specified object at the specified depth.

Tag Structure: 
struct swf_removeobject {
	swf_tag			f_tag;		/* 5 or 28 */
	if(f_tag == RemoveObject) {
		unsigned short		f_object_id_ref;
	}
	unsigned short		f_depth;
};

Remove the specified object from the display list. If the same object was placed multiple times at the specified depth1 only the last copy is removed. When only a depth is specified, the last object placed at that depth is removed from the list. Note that since version 3 it is possible to use the PlaceObject2 in order to replace an object at a given depth without having to remove it first.

  • 1. It is illegal, yet possible, to place more than one object at the same depth.

PostgreSQL and Drupal conflict

We have been running Drupal for some time now and we have noticed that it generates a very large amount of warnings in our log files.

The warning is in link with improperly formatted strings. PostgreSQL tries to follow the SQL specification to the letter and that means you cannot use the backslash character to escape special character sequences (such as \n for a newline character.)

I knew that in most cases the error was generated because of the function saving a full page or some other content in the cache. In that case, the system includes the characters: \012 and \015 (\n and \r.) That ...

Terms & Conditions

Made to Order Software Corporation
Terms and Conditions for the Online Services
offered by Made to Order Software Corporation

This Agreement ("Agreement") is by and between Made to Order Software Corporation ("m2osw") a Californian Corporation and You, your heirs, your agents, successors and assigns ("You" and "Your"), and is made effective as of the date of electronic execution, which is when you register for an electronic account to use the Web site of m2osw. This Agreement sets forth the terms and conditions of Your use of the Online Services ...