Made to Order Software Corporation Logo

similar

HP Color LaserJet Pro Multifunction M479fdn Laser Printer

My new M479nfd printer, scanner, fax

Click to get this printer on Amazon.com where I'm an affiliate.

Not too long ago, I ordered a new color drump for my old printer and replaced it. Not very long after that the print simply decided to not print at all anymore. Literally, it would pass the page through just fine but it had nothing on the page. I know it was working since it was printinA picture of my old dinosaur printer, also from HP (an L2550 color laser printer)g just fine the day before and there was still plenty of black ink (it would have had the light on if the black was not enough.)

I'm thinking that may have been a ploy by the manufacturer to push me to buy a new printer...

In any event, ...

How small are computers getting?

Mini-computer versus Mouse

Click on picture to see on Amazon.com (which I'm an affiliate of).

Computer Stick

Looking at Mini Computers, I found this Fanless Mini PC based on the Intel Atom Z8350 processor by SmallRT. The picture includes a mouse to give you an idea of the size of that thing. It's tiny! Maybe not what you want, but you can already do a lot with that little one.

The connector on the left side is an HDMI plug which spits out 4K of video graphics. It's just totally amazing to me. Of course, we had the Pi3 and now we have the Pi4... but those are computers for hackers. Here we're ...

Docker, an advanced chroot utility


Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Massive Bug in Intel, AMD, ARM and other Processors in Handling VM Memory

In the last few days, we started hearing about a massive bug in the implementation of the VM memory handling.

Intel has been frantically working on fixing host machines kernels in order to prevent one VM from accessing the memory of other VMs that run on the same machine.

Of course, most users are not going to attempt to read someone else memory so in that sense, most of us are relatively safe. But all of those who are not so lucky and have uninvited guests on their systems are running at very high risk. The information available from Intel says the memory is accessible only in Read mode. ...

PHP e-Fax requires valid SSL certificates (failed with code 1)

As e-Fax is updating their systems further to be compliant with various security systems, some new problems may arise on your servers.

The main one is an SSL error that is quite unclear.

Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /path-to-php-efax/http_request.php on line 294

As we can see, the error mentions a server certificate function and says it could not verify a certificate.

If your server is not 100% up to date with newest SSL versions or your web ...

Protected Node Rules Support

The following features are available only when installing the Rules extension of protected nodes. This extension requires the thrid party Rules extension for Drupal.

Protected Node Rules Conditions

When handling a Node, it is possible to check whether the node is currently protected or locked.

Protected Nodes

A node is said protected when the node was protected by a password using the Protected node module.

Whether the user can view that node is irrevelant in this case. Only the fact that the node requires a password to be viewed is what this condition checks.

Locked Nodes

A ...

Simplemenu Settings

Menu Settings

Menu

Select the menu to be displayed as the Simplemenu. By default, we display the Navigation Menu which makes the most sense for administrator (as the Simplemenu was primarily created for administrators wanting to quickly go to all administration pages.)

Theme

Select a theme to display your Simplemenu items and dropdowns. The default is called original.

The themes reside in the module sub-folder named themes. Each theme is defined in a specific directory named after the theme. That name is what appears in the dropdown in the settings.

It is possible to add new themes as

Protected Node per Node Type Settings

Node Type extension

The Protected Node module adds a field set to the Node Type form that you edit under:

Administer » Content management » Content types

These additions are explained in detail below.

The main reason for adding this feature is to avoid seeing the field set on all the node edit forms. With this feature you can hide the form on all the node types that you will never protect with a password.

Protected mode for nodes of this type

This option let you choose how this node type handles the Protected Node capability.

Never protected

This means this node type is

MobileKey Known Issues

Cached Pages

The Boost module can be used to cache pages on your website. Unfortunately, if a page is cached, it is served without accessing Drupal. This means, the redirection offered by the MobileKey doesn't take effect on pages cached by Boost or similar modules.

Also if you have a form of proxy cache (a cache before Apache2,) then the redirection will probably be prevented by that cache early on.

Protected Node Password Fork Feature

Password Fork

The new module allows for a password fork.

This means you can send your users to one specific page, and tell them about a password to use on that one page. Depending on the password, they will be sent to one of several nodes.

This works in a very similar way as the other password form, except that there is no specific destination, and the users need to know any one of the passwords.

The feature uses a specific URL defined as follow:

/protected-nodes?protected_pages=<nid1>,<nid2>,...&back=<url>

  • protected_pages=<nid1>,<nid2>,...

This