Made to Order Software Corporation Logo

drop

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Protected Node Rules Support

The following features are available only when installing the Rules extension of protected nodes. This extension requires the thrid party Rules extension for Drupal.

Protected Node Rules Conditions

When handling a Node, it is possible to check whether the node is currently protected or locked.

Protected Nodes

A node is said protected when the node was protected by a password using the Protected node module.

Whether the user can view that node is irrevelant in this case. Only the fact that the node requires a password to be viewed is what this condition checks.

Locked Nodes

A ...

How do I create a menu entry with Drupal?

Menu settings as it appears when creating a new page on your Drupal 6.x website.Pages and menus are separate modules in Drupal.

Sprite Properties

The following is the list of currently accepted properties or fields for the Get Property and the Set Property actions. Note that the properties can be specified with either an integer (type 7, requires V5.0+) or a single precision floating point (type 1, V4.0 compatible). And since strings are automatically transformed in a value when required, one can use a string to represent the property number (type 0).

SWF Any Filter (swf_any_filter)

SWF Structure Info
Tag Flash Version: 
8
SWF Structure: 
/* the filter type */
struct swf_filter_type {
	unsigned char	f_type;
};

struct swf_filter_glow {
	swf_filter_type	f_type;		/* 0, 2, 3, 4 or 7 */
	if(f_type == GradientGlow || f_type == GradientBevel) {
		unsigned char		f_count;
	}
	else {
		f_count = 1;
	}
	swf_rgba		f_rgba[f_count];
	if(f_type == Bevel) {
		swf_rgba		f_highlight_rgba[f_count];
	}
	if(f_type == GradientGlow || f_type == GradientBevel) {
		unsigned char		f_position[f_count];
	}
	signed long fixed	f_blur_horizontal;
	signed long fixed	f_blur_vertical;
	if(f_type != Glow) {
		signed long fixed	f_radian_angle;
		signed long fixed	f_distance;
	}
	signed short fixed	f_strength;
	unsigned		f_inner_shadow : 1;
	unsigned		f_knock_out : 1;
	unsigned		f_composite_source : 1;
	if(f_type == Bevel) {
		unsigned		f_on_top : 1;
	}
	else {
		unsigned		f_reserved : 1;
	}
	if(f_type == GradientGlow || f_type == GradientBevel) {
		unsigned		f_passes : 4;
	}
	else {
		unsigned		f_reserved : 4;
	}
};

struct swf_filter_blur {
	swf_filter_type		f_type;	/* 1 */
	unsigned long fixed	f_blur_horizontal;
	unsigned long fixed	f_blur_vertical;
	unsigned		f_passes : 5;
	unsigned		f_reserved : 3;
};

struct swf_filter_convolution {
	swf_filter_type	f_type;		/* 5 */
	unsigned char	f_columns;
	unsigned char	f_rows;
	long float	f_divisor;
	long float	f_bias;
	long float	f_weights[f_columns × f_rows];
	swf_rgba	f_default_color;
	unsigned	f_reserved : 6;
	unsigned	f_clamp : 1;
	unsigned	f_preserve_alpha : 1;
};

struct swf_filter_colormatrix {
	swf_filter_type	f_type;		/* 6 */
	long float	f_matrix[20];
};

struct swf_any_filter {
	swf_filter_type			f_fitler_type;
	swf_filter_blur			f_filter_blur;
	swf_filter_colormatrix		f_filter_colormatrix;
	swf_filter_convolution		f_filter_convolution;
	swf_filter_glow			f_filter_glow;
};

A filter defines how to transform the objects it is attached to. The first byte is the filter type. The data following depend on the type. Because each filter is much different, they are defined in separate structures. You can attach a filter to an object using an ActionScript or the PlaceObject3 tag.

The following describes the different filters available since version 8.

SyncFrame

Tag Info
Tag Number: 
29
Tag Type: 
Display
Tag Flash Version: 
3
Brief Description: 

Tag used to synchronize the animation with the hardware.

Tag Structure: 

Unknown

Apparently, Macromedia thought that synchronizing their animation with, probably, the VLB would be a good idea. Yet they dropped it and never released that out. It is probably not useful for animations (visual) to be properly synchronize when there is not audio. If you do have audio, you should synchronize the animation to the audio and drop visual frames as required to keep up with the audio.

Cute Menu Basic usage

Global Settings

CuteMenu has no global settings under the Administer » Site configuration. Instead, the settings are localized in the block and the menu items.

Change the encoding of a Postgres database

Ever wondered how you could change the encoding of one of your Postgres database?

I have had that problem several times, and in most cases people tell you to:

  1. Dump your database, may have to use –encoding on the command line
  2. Drop the existing database (or rename it)
  3. Create a new database with the proper encoding
  4. Restore the database

The problem is that there is no support for altering the encoding of a database. The ALTER DATABASE does not include that option. And since it should be really rare, it makes sense.

Now, there is an easier way ...

Drop the cords!

No more cords for your computers to run? Is that a joke? Not really. All these cords to get electricity to our computers and other gadgets are annoyingly in our way.

Creating Turn Watcher — An Adventure Unto Itself

I think I'm like just about everyone else. I have the work 'me' and the play 'me'. Only difference is, the two once merged, and what was born was Turn Watcher.

I have played in D&D campaigns for many years, but never thought of running my own campaign until I got a very unusual present for my 40th birthday — the Dungeon Master's Guide. I started reading the book and was hooked. How fun I thought it would be to create encounters and intriguing situations and worlds for my players. It wasn't until I ran my first game that I realized that it would take more ...