Made to Order Software Corporation Logo

internet

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

No more excuses! Protect your passwords on your computer with strong encryption.

More and more, we hear talks about hackers entering personal accounts on systems such as Facebook, Twitter, Instagram and many others. There are many reasons why someone's account will be hacked. One of them is the lack of imagination for their password. Plus, some people use the same password for all of their accounts.

So, if you do it right, you will end up with many passwords. On my end, I have one password per account and that means about 400 passwords... That's totally unmanageable in a fairly standard human brain. For this reason, you end up writing down all your passwords on ...

IPv4 exhausted!

That's it! It's official, the IPv4 address space is now exhausted. This happened this year on February 3, 2011. Now what?

Well, first of all the exhaustion was at the level of the IANA, not for each single Internet provider. This means many more IPs are still available.

However, it is important now for everyone to think of writing any new Internet based software so that it works with IPv61

  • 1. Remember that if you support IPv6, then your system is capable of accessing all IPv4 addresses since the IPv6 address range includes the IPv4. Now let's hope that the IPv6 is not going to be ...

SimpleMenu Known Issues

SimpleMenu Disappears

There following are a few of the main reasons why SimpleMenu disappears.

Pop-up Windows

By default, SimpleMenu wants to hide itself in pop-up windows. This is a feature.

The reason is that many websites will open pop-up windows for all kinds of extra-features such as uploading an image or printing some description of an image or the definition of a word or product.

These windows should not include the SimpleMenu bar.

There is a dedicated page giving several different ways to fix this problem on your website.

Menu Overflow

Long menu going out of screen vertically and horizontally.Very long menus will disappear on the

What are yellow pages good for?

Since I work a lot with the Internet, I often have people asking me whether the Yellow Pages are still useful...

The fact is, there are still many people using the Yellow Pages. Most advanced geek will use an online directory such as superpages.com. Yet, for certain things such as looking for a plumber, people still use the Yellow Pages.

So, how do I choose whether to have an ad in the Yellow Pages?

Simple! Take the latest Yellow Pages book you've received and look under your category and see what your competition does. If you have 1 or more full page advertiser, you bet that you have ...

GoldMoney.com

Watching the spiraling price of gold (the spot price as of this writing is $1,213.40/oz) has been a humbling experience for me. There are all kinds of marketing forces happening to cause this, but if you follow what the Austrian School folks are saying, this is not a surprising trend at all. Central banks around the world are dumping their U.S. dollars and buying up gold, which is driving the price up. But I think this is different than just another commodity bubble, because the way gold is perceived--as a store of wealth. Traditionally investors who feel the currency they are in is threatened ...

DoAction

Tag Info
Tag Number: 
12
Tag Type: 
Action
Tag Flash Version: 
1
Brief Description: 

Actions to perform at the time the next show frame is reached and before the result is being displayed. It can duplicate sprites, start/stop movie clips, etc.

All the actions within a frame are executed sequentially in the order they are defined.

Important: many actions are not supported in Adobe Flash version 1. Please, see the reference of actions below in order to know which actions can be used with which version of Adobe Flash.

Tag Structure: 
struct swf_doaction {
	swf_tag			f_tag;		/* 12 and 59 */
	if(f_tag == DoInitAction) {
		unsigned short	f_action_sprite;
	}
	swf_action		f_action_record[variable];
};

The DoAction tag will be used to execute a set of actions in place. Usually, actions are used on buttons to add interactivity to the SWF movies. In version 1 you had only one dynamic branch (WaitForFrame). In version 4 you can test many different things such as a position, angle or sound track cursor position. Since version 5, SWF has a complete scripting language supporting string and arithmetic operations.

About SWF

Brief History

At the very beginning, a company created the SWF format to generate small vector animations on the Internet called Shockwave Flash (hence the name of the format, SWF.) It also included images. This company was bought by Macromedia around 1997 (if I recall properly). This is when Flash v3 was created. Since then, Macromedia created a new version about once a year up to version 8. At that time (in 2005/2006), Macromedia sealed a deal with Adobe which wanted to use the SWF format in their PDF files.

Today (May 1st, 2008), the SWF format is available for free to all. It can be ...

Terms & Conditions

Made to Order Software Corporation
Terms and Conditions for the Online Services
offered by Made to Order Software Corporation

This Agreement ("Agreement") is by and between Made to Order Software Corporation ("m2osw") a Californian Corporation and You, your heirs, your agents, successors and assigns ("You" and "Your"), and is made effective as of the date of electronic execution, which is when you register for an electronic account to use the Web site of m2osw. This Agreement sets forth the terms and conditions of Your use of the Online Services ...

Your cell phone is hackable...

This is a quite interesting article which I thought I should share and keep a copy of!

Most of us, even if we can determine whether a piece of software (or hardware!) can be hacked, we just do not have the time to spend on testing each device we use to ensure that no hackers will be able to get it. We rely on the manufacturer to do that work for us.

This article shows that even though all manufacturers have protections, all are vulnerable! And that means your data is vulnerable on your cell phones... Hope this does not scare you too much!

Note by the way that those people who have plenty of ...