Made to Order Software Corporation Logo

block

Docker, an advanced chroot utility


Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Put the label of an HTML Input inside the Input element

Reflection of trees in a mountain lake.

Update:

With HTML5 running on pretty much all platforms, you want to use the placeholder attribute instead of any sort of tricks to place a label inside your input widgets.

This is done like this:

<input type="text" placeholder="Phone Number"/>

This example will show "Phone Number" inside the input box until the user types some text in that box.

You can test with the box right here. This is just that one <input .../> tag I placed in my page HTML. (It is not in a form, but the widget itself will work as expected.)

For additional details, I ...

SMS From Me Service

SMS From Me Logo SMS From Me is a service offered by Made to Order Software Corporation that allows registered users to automatically send SMS whenever they receive a lead in their funnel.

This solution lets you sends SMS message from your phone, which means that you start a conversation with your prospect.

CAPTCHA is not working against all robots anymore but...

No Junk Mail written on the mailbox window of this door.

Also many reCAPTCHAs are being bypassed, it still work against many robots, although newer robots use Artificial Intelligence and they are quickly able to bypass most of the reCAPTCHAs.

At some point, the main reason for the bypass was the fact that some people were getting paid to resolve those reCAPTCHAs. In other words, some people were offered the job to do just that! They go to a computer, resolve many reCAPTCHAs and get paid something like 2 cents per successful resolutions. The result is that websites with reCAPTCHAs still receive a lot of spam!

In 2017, it looks like such ...

Simplemenu Settings

Menu Settings

Menu

Select the menu to be displayed as the Simplemenu. By default, we display the Navigation Menu which makes the most sense for administrator (as the Simplemenu was primarily created for administrators wanting to quickly go to all administration pages.)

Theme

Select a theme to display your Simplemenu items and dropdowns. The default is called original.

The themes reside in the module sub-folder named themes. Each theme is defined in a specific directory named after the theme. That name is what appears in the dropdown in the settings.

It is possible to add new themes as

Drupal Aggregator

The default Aggregator Drupal module does not work very well. There are several problems with the Drupal Core module, one of which we have not fixed in our version (i.e. the flatness of the item table.)

There is a list of the known issues and our comments and whether we fixed the problem:

Problem Solution in m2osw's version of Aggregator
Missing XML marker The <?xml ... ?> marker is missing from some RSS feeds, add it as required
Spurious data Some RSS feeds add spurious data ...

Sample Usage

The jsMath module is now a filter. By default, the filter detects all the delimiters as defined by the jsMath library. This includes \( ... \), \[ ... \], $$ ... $$, $ ... $. It also supports the tag like syntax with [math], [/math] and [display], [/display].

The [math] tag, parenthesis and single dollar sign generate an inline math equation. This means the result is saved in a <span> tag.

Only add identifiers and optionally numbers to my headers

Proposition

The Table of Contents module uses the headers to get generated. Each header gets a unique identifier when none were assigned manually. The Table of Contents module uses the text between the start and end tags as the title to show in the table of contents.

Very good!

Now, you may not want the Table of Contents itself, but you like the idea to have identifiers in all your headers. This can be useful to create in-page links (a link with an anchor, i.e. #some-name at the end of your URL.) It is generally annoying to have to enter the identifiers by hand for each header and you may

Upgrade from Table of Contents 2.x to 3.x

Make a Backup

DO NOT FORGET TO MAKE A BACKUP OF YOUR DATABASE & CODE.

That way you can come back to your previous version if anything goes wrong. So far, no one told me that they had a problem upgrading. Although version 2.x did not have any schema, the new module may modify nodes and generate incompatible tags.

Show stopper

Version 3.x has a new theme() scheme. It is much more powerful has it allows you to create your own header numbering, etc. However, if you already had a theme() overload in your theme, it will stop working until fixed.

Please, in this case, make sure to upgrade on

Table of Contents Settings

Filter Configuration

At this point, most of the Table of Contents configuration is done in the Table of Contents filter.

This means multiple Input formats allow you to make use of several different configurations.