Made to Order Software Corporation Logo

everything

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Put the label of an HTML Input inside the Input element

Reflection of trees in a mountain lake.

Update:

With HTML5 running on pretty much all platforms, you want to use the placeholder attribute instead of any sort of tricks to place a label inside your input widgets.

This is done like this:

<input type="text" placeholder="Phone Number"/>

This example will show "Phone Number" inside the input box until the user types some text in that box.

You can test with the box right here. This is just that one <input .../> tag I placed in my page HTML. (It is not in a form, but the widget itself will work as expected.)

For additional details, I ...

Bad Google Indexing "Secure" Pages...

About a week ago I got a customer who started having their website appear in Google with HTTPS (the secure version of the site.) The pages are served securily, but it uses our website certificate so you get a big bad error saying that everything is broken and if you proceed you'll know what hell is like.

"This Connection is Untrusted" by FireFoxThe fact is that this customer never had a secure certificate. In other words, there is no reason for the site to have been referenced with HTTPS unless someone typed a link to their site and inadvertendly entered https://... instead of http://...

I checked a few of the pages where there ...

Using the Taxonomy VTN View feature

One of the options to link terms in a vocabulary to their view is:

taxonomy_view/voc-xxx/term-xxx

This option sends you to that path, exactly (where voc-xxx and term-xxx are numbers representing the vocabulary identifier and term identifier respectively.)

As is, it will tell you that the page does not exist. This is because the taxonomy_view path is to be created with the View module. To create a taxonomy VTN view, you want to define two arguments:

  • Vocabulary, and
  • Term.

The result is a list of nodes that you can control with very high granularity, sort the way you want them ...

Newsletters from Made to Order Software hosting websites

Subscribing to a Newsletter from a website hosted with us

Made to Order Software offers advanced websites (Web 2.0) and many of our customers choose to make use of the Newsletter package with their website. It has extraordinary advantages such as adding content to your website at the same time as you are sending emails to your subscribers.

We also offer hidden mailing capabilities such as auto-responders and list management.

How do I unsubscribe?

All subscribers of any one of the lists hosted by Made to Order Software Corp. can always unsubscribe by following the unsubscribe link at ...

Insert Node Parameter: cck (6-1.2)

The CCK parameter let you insert one of your CCK field and some node fields that cannot otherwise be added without being themed.

We support CCK fields and several special field names as follow.

Fields that appeared after version 6-1.2 have a version specified between parenthesis (i.e. 6-1.3).

cck=field_<name>; [requires CCK]

The CCK parameter must be followed by a field name. An empty name is likely to generate an error. The name of a field that does not exist is likely to generate nothing.

For instance, if you have a field named see_also, you would write:

   cck=field_see_also;

Cell Phones now open to telemarketers!

That's it! The phone commissioners have finally decided that it's OK for telemarketers to call cell phones and try to sell you their products and services.

Personally, I do not think that, in itself, it is a bad thing... except that if I receive even just 1 call a day and have to spend 1 minute each time, I will be burning 30 minutes a month for nothing. (Okay, with 1,000 minutes a month, it wouldn't matter that much, but that's like text messaging... if you receive spam via your phone and you have to pay 20 cents for each spam email you receive, the bill goes up quickly ...

Metadata

Tag Info
Tag Number: 
77
Tag Type: 
Format
Tag Flash Version: 
8
Brief Description: 

This tag includes XML code describing the movie. The format is RDF compliant to the XMP as defined on W3C.

Tag Structure: 
struct swf_metadata {
	swf_tag			f_tag;		/* 77 */
	string			f_metadata;
};

The Metadata tag is used to describe the SWF movie in a robot readable form. It will be used by search engines to index your Flash movies.

The f_metadata string is an XML buffer defined using the RDF definition compliant with the XMP specification. You can find more information on the W3C and other websites:

RDF Primer
RDF Specification
XMP home page
Dublin Core

Note that this description can describe everything, from the entire movie to each single line of code in your action scripts.

The string must be UTF-8 encoded.

Appendix B — History of the SSWF reference

Dec 2, 2009

Moved the monolithic documentation to a multi-page hierarchical document that includes everything we had before plus many links, many terms attached to all pages (tags, English words.) And revision of most of the text for better English and clarification in some places.

Strengthen the formatting with CCK fields so all declarations look alike.

Broken up the actions from one large table to a set of pages.

Dec 14, 2008

Started work on the Load() feature of the SSWF library. This helped fixing several small mistakes in the documentation.

May 18, 2008

Fixed the ...

Appendix A — The geometry in SWF — Coordinates

The most common and simple geometric information are the object coordinates on the output screen. These are defined in TWIPs. There are 20 twips per pixels. Note that an embedded SWF file can be enlarged and/or reduced thus changing this basic scaling factor. To have exactly 20 twips per pixel you must ensure that the EMBED and/or OBJECT tags use a WIDTH and HEIGHT with exactly the same value as in the rectangle defined in the SWF header file divided by 20.