Made to Order Software Corporation Logo

language

Docker, an advanced chroot utility


Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Brief Overview of CRISC Certification Exam

The CRISC, also known as Certified in Risk and Information Systems Control, is a vendor-neutral certification that validates a professional’s knowledge and experience in the fields of information system control & risk management. The certificate is developed and administered by ISACA and designed for the individuals who work with organizations in mitigating business risks and implement information system controls.

Organizations in today’s world must consistently enhance their infrastructure so that they can survive and thrive in today’s competitive environment. It is a ...

No more excuses! Protect your passwords on your computer with strong encryption.

More and more, we hear talks about hackers entering personal accounts on systems such as Facebook, Twitter, Instagram and many others. There are many reasons why someone's account will be hacked. One of them is the lack of imagination for their password. Plus, some people use the same password for all of their accounts.

So, if you do it right, you will end up with many passwords. On my end, I have one password per account and that means about 400 passwords... That's totally unmanageable in a fairly standard human brain. For this reason, you end up writing down all your passwords on ...

Avoid automatic translation of Facebook posts

Once more today my French friend's post was translated.

French is my mother tongue so I sure don't need the automatic translation for French on my Facebook wall. I also like to read a couple other languages, even if I'm not at the best level I only need a little help with a few words here and there, so I like to have those in the original language to improve. The more you read a language the more you learn about it. Same if you live in a country and start talking with people there. You're going to learn a lot more that way than staying at home and not talking to anyone any ...

South Sudan top-level domain is .ss

Very recently, Sudan was split in the northern and southern part. The southern part has a new name: South Sudan. It is now official and the new ISO country code given to this new country is SS.

This means their country top-level domain name will be .ss.

Assuming they open their domain name to all world wide, this is going to be quite interesting! There are many words in the English language that end with .ss such as dre.ss, and stre.ss, and le.ss...

If you're in the domain name business, look out for those! If it works like other top-level domains, these will go really quick and make ...

Table of Contents Settings

Filter Configuration

At this point, most of the Table of Contents configuration is done in the Table of Contents filter.

This means multiple Input formats allow you to make use of several different configurations.

With

SWF Action
Action Category: 
Control
Action Details: 
0
Action Identifier: 
148
Action Structure: 
unsigned short   f_size;
Action Length: 
2 byte(s)
Action Stack: 
pop 1 (o)
Action Operation: 
with o1
  // execute f_size bytes of actions
  ...
end with;
Action Flash Version: 
5

The variable references within the following f_size bytes of action are taken as names of members of the specified object o1. When no member of that name is available in that object, the previous With, or the corresponding global variable is queried. This is similar to the Pascal language with instruction or to the Set Target (dynamic) for movies.

Get Variable

SWF Action
Action Category: 
Variables
Action Details: 
0
Action Identifier: 
28
Action Structure: 
<n.a.>
Action Length: 
0 byte(s)
Action Stack: 
pop 1 (s), push 1 (a)
Action Operation: 
s1 := pop();
r := *s1;
push(r);
Action Flash Version: 
4

Pop one string, search for a variable of that name, and push its value on the stack. This action first checks for local variables in the current function. If there isn't such a variable, or the execution is not in a function, then the corresponding global variable is read.

The variable name can include sprite names separated by slashes and finished by a colon as in. Only global variables are accessible in this way.

Example:

SWF Internal Functions

Since Flash version 5, you can use internal functions (really member functions or methods of internal objects.) These functions are always available. These methods are called using the Call Function action with the name of the object and function separated by a period. A few of these internal functions are duplicates of some direct action script instructions. In general, it is preferred to use these internal functions rather than the direct action. However, direct actions are a good way to optimize your ActionScript code.

Similarly, you can access internal constants (really variable ...

Appendix B — History of the SSWF reference

Dec 2, 2009

Moved the monolithic documentation to a multi-page hierarchical document that includes everything we had before plus many links, many terms attached to all pages (tags, English words.) And revision of most of the text for better English and clarification in some places.

Strengthen the formatting with CCK fields so all declarations look alike.

Broken up the actions from one large table to a set of pages.

Dec 14, 2008

Started work on the Load() feature of the SSWF library. This helped fixing several small mistakes in the documentation.

May 18, 2008

Fixed the ...