Made to Order Software Corporation Logo

issues

What kind of test do I need for my software?

Perfect Testing in Software

Introduction

Most software companies run in that dilemma. In order to write software that works, you want to write some tests. The question for many of these companies is: what kind of tests are most efficient for my business?

Here we talk about seven common test practices in the software industry.

1. Unit Testing

Probably the most used form of testing is Unit Testing. This is easy to write and very effective in discovering bugs. If you are looking at verifying correctness, this is 100% what you need to have to test your software.

Why is it easy to write?

In most cases, Unit ...

Best way to setup a VirtualBox to avoid system crashes on a reboot

Broken Hard Drive reminds of of Broken Eggs

We now use permanent VirtualBox OSes to run part of our infrastructure.

We ran in all sorts of issues with those, but one thing for sure is that you do not want your OS hard drive to fill up because a (re)boot may not be possible after that. This is because the drive is likely to go bust if completely full.

You should, of course, have tools to let you know how filled up your hard drive is to make sure to catch such issues early. In our case, we had a Jira instance that filled up the drive mainly because we made one backup of the database per day. One day, one of those backup ended that ...

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Help with version 0.1.7 of Zipios (CVE-2019-13453)

Here is yet another example of why opensource is a really good way of getting things fixed.

Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.

In our case, a security professional, Mike Salvatore, was asked ...

Simplemenu Settings

Menu Settings

Menu

Select the menu to be displayed as the Simplemenu. By default, we display the Navigation Menu which makes the most sense for administrator (as the Simplemenu was primarily created for administrators wanting to quickly go to all administration pages.)

Theme

Select a theme to display your Simplemenu items and dropdowns. The default is called original.

The themes reside in the module sub-folder named themes. Each theme is defined in a specific directory named after the theme. That name is what appears in the dropdown in the settings.

It is possible to add new themes as

Simplemenu Upgrade Path

Version 7.x

Version 7.x-1.x-dev is a starting point... It is not complete, although it shows you a functional Management menu as a dropdown. More to come as time allows... See issue [#791664] for more info.

Version 6.x

Version 6.x-1.13 fixes the vertical menu problem which had to do with CSS caching getting lost.

Version 6.x-1.10 to 6.x-1.12 fixes the non-called theme() function versus the other sub-modules that have callbacks through the theme() calls. However, we really need to have callbacks instead. Added horizontal and vertical themes. Attempts to fix to the vertical menu problem

Upgrade to PHP 5.3.3 or newer because of security issue

If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:

sudo apt-get install php5-suhosin

This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.

What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from ...

MobileKey Known Issues

Cached Pages

The Boost module can be used to cache pages on your website. Unfortunately, if a page is cached, it is served without accessing Drupal. This means, the redirection offered by the MobileKey doesn't take effect on pages cached by Boost or similar modules.

Also if you have a form of proxy cache (a cache before Apache2,) then the redirection will probably be prevented by that cache early on.

Protected Node Password Fork Feature

Password Fork

The new module allows for a password fork.

This means you can send your users to one specific page, and tell them about a password to use on that one page. Depending on the password, they will be sent to one of several nodes.

This works in a very similar way as the other password form, except that there is no specific destination, and the users need to know any one of the passwords.

The feature uses a specific URL defined as follow:

/protected-nodes?protected_pages=<nid1>,<nid2>,...&back=<url>

  • protected_pages=<nid1>,<nid2>,...

This

Drupal Aggregator

The default Aggregator Drupal module does not work very well. There are several problems with the Drupal Core module, one of which we have not fixed in our version (i.e. the flatness of the item table.)

There is a list of the known issues and our comments and whether we fixed the problem:

Problem Solution in m2osw's version of Aggregator
Missing XML marker The <?xml ... ?> marker is missing from some RSS feeds, add it as required
Spurious data Some RSS feeds add spurious data ...