Made to Order Software Corporation Logo

consider

Don't Repeat Yourself When Writing Software

Nature tends to repeat itself, or reproduce with similar structure, but code should not.

For a very long time now, we have been using languages that support having functions that one can call. That was not always the case, although even really old versions of BASIC had a GOSUB instruction, which it had no concept of local variables so it was rather difficult to use safely.

Functions allow you to avoid repetition. You write a small snippet of code (or maybe not that small) within a function and then you call that function to reuse that snippet over and over again. Good programmers tend to do that even with one liners. However, many others often think: well, it's just one line, why don't I return copy & paste that wherever I need it, it's going to be faster.

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Help with version 0.1.7 of Zipios (CVE-2019-13453)

Here is yet another example of why opensource is a really good way of getting things fixed.

Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.

In our case, a security professional, Mike Salvatore, was asked ...

Newsletters from Made to Order Software hosting websites

Subscribing to a Newsletter from a website hosted with us

Made to Order Software offers advanced websites (Web 2.0) and many of our customers choose to make use of the Newsletter package with their website. It has extraordinary advantages such as adding content to your website at the same time as you are sending emails to your subscribers.

We also offer hidden mailing capabilities such as auto-responders and list management.

How do I unsubscribe?

All subscribers of any one of the lists hosted by Made to Order Software Corp. can always unsubscribe by following the unsubscribe link at ...

IEEE Standard 754

 

The original document by Steve Hollasch can be found at http://steve.hollasch.net/cgindex/coding/ieeefloat.html

IEEE Standard 754 Floating Point Numbers

Microsoft: Vista Worries Cause Businesses to Consider Macs and Linux

 

Eweek reports:

“A recent survey shows that 44 percent of businesses are considering Mac OS and Linux rather than switching to Vista.”

We are seeing the barbarians at the gate now, and the MS empire begins to show its first signs of crumbling. And it’s been a long time coming, I’m afraid. It goes to show you how ineffective the US anti-trust laws are, and how the free market is self-regulating.

It seems that Microsoft is very out of touch of what their customers really want, and is full steam ahead using its outdated business model of forced upgrading. Looks ...