Made to Order Software Corporation Logo

Linux

Best way to setup a VirtualBox to avoid system crashes on a reboot

Broken Hard Drive reminds of of Broken Eggs

We now use permanent VirtualBox OSes to run part of our infrastructure.

We ran in all sorts of issues with those, but one thing for sure is that you do not want your OS hard drive to fill up because a (re)boot may not be possible after that. This is because the drive is likely to go bust if completely full.

You should, of course, have tools to let you know how filled up your hard drive is to make sure to catch such issues early. In our case, we had a Jira instance that filled up the drive mainly because we made one backup of the database per day. One day, one of those backup ended that ...

HP Color LaserJet Pro Multifunction M479fdn Laser Printer

My new M479nfd printer, scanner, fax

Click to get this printer on Amazon.com where I'm an affiliate.

Not too long ago, I ordered a new color drump for my old printer and replaced it. Not very long after that the print simply decided to not print at all anymore. Literally, it would pass the page through just fine but it had nothing on the page. I know it was working since it was printinA picture of my old dinosaur printer, also from HP (an L2550 color laser printer)g just fine the day before and there was still plenty of black ink (it would have had the light on if the black was not enough.)

I'm thinking that may have been a ploy by the manufacturer to push me to buy a new printer...

In any event, ...

Linux to the rescue!

Xtra-PC, a complete ready to go OS on a thumb drive

Doug and I have always thought that Linux would become the primary OS of today.

We've seen it go up and down, but now it's really becoming powerful, between OpenOffice, Chrome, The Gimp, Krita, Audacity, and many other tools, you can do so much that it more and more renders the expense of running MS-Windows less and less viable for most.

Now there is this new company offering a thumb drive with an optimized version of Linux called Xtra-PC which boots really fast and offers all the basics that one needs to run a computer. There is nothing to install, the OS will automatically detect ...

Docker, an advanced chroot utility

Chasm—just like a Docker creates a chasm between two sets of software

SECURITY WARNING

Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:

iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP

This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.

That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.

Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:

*filter
:DOCKER-USER - [0:0]

-A DOCKER-USER -j early_forward
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP
-A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP

My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.

Then I have three rules that block port 80, 8080, and 8081 from Docker.

Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.

Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.

Docker

As we are helping various customers, we encounter new technologies.

In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.

Best C++ Books

Once in a while someone will ask me which book is best to start learning programming. The fact is that I do not know because I'm already an advanced programmer and it's rather difficult for me to get back to the basics (it feels like a waste of my time, sorry...)

That being said, at Made to Order Software, we've mainly been a C++ shop. We also do a lot of C, PHP, JavaScript and touch many other languages as required by the tasks we perform (bash, cmake, perl, C#, Java, etc.)

That being said, I wanted to underline some of the best C++ books available today. Especially, in the last ...

No more excuses! Protect your passwords on your computer with strong encryption.

More and more, we hear talks about hackers entering personal accounts on systems such as Facebook, Twitter, Instagram and many others. There are many reasons why someone's account will be hacked. One of them is the lack of imagination for their password. Plus, some people use the same password for all of their accounts.

So, if you do it right, you will end up with many passwords. On my end, I have one password per account and that means about 400 passwords... That's totally unmanageable in a fairly standard human brain. For this reason, you end up writing down all your passwords on ...

Massive Bug in Intel, AMD, ARM and other Processors in Handling VM Memory

In the last few days, we started hearing about a massive bug in the implementation of the VM memory handling.

Intel has been frantically working on fixing host machines kernels in order to prevent one VM from accessing the memory of other VMs that run on the same machine.

Of course, most users are not going to attempt to read someone else memory so in that sense, most of us are relatively safe. But all of those who are not so lucky and have uninvited guests on their systems are running at very high risk. The information available from Intel says the memory is accessible only in Read mode. ...

PHP e-Fax requires valid SSL certificates (failed with code 1)

As e-Fax is updating their systems further to be compliant with various security systems, some new problems may arise on your servers.

The main one is an SSL error that is quite unclear.

Warning: stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /path-to-php-efax/http_request.php on line 294

As we can see, the error mentions a server certificate function and says it could not verify a certificate.

If your server is not 100% up to date with newest SSL versions or your web ...

DefineEditText

Tag Info
Tag Number: 
37
Tag Type: 
Define
Tag Flash Version: 
4
Brief Description: 

An edit text enables the end users to enter text in a Flash window.

Tag Structure: 
struct swf_defineedittext {
	swf_tag			f_tag;		/* 37 */
	unsigned short		f_edit_id;
	swf_rect		f_rect;
	unsigned		f_edit_has_text : 1;
	unsigned		f_edit_word_wrap : 1;
	unsigned		f_edit_multiline : 1;
	unsigned		f_edit_password : 1;
	unsigned		f_edit_readonly : 1;
	unsigned		f_edit_has_color : 1;
	unsigned		f_edit_has_max_length : 1;
	unsigned		f_edit_has_font : 1;
	if(version >= 6) {
		unsigned		f_edit_reserved : 1;
		unsigned		f_edit_auto_size : 1;
	}
	else {
		unsigned		f_edit_reserved : 2;
	}
	unsigned		f_edit_has_layout : 1;
	unsigned		f_edit_no_select : 1;
	unsigned		f_edit_border : 1;
	unsigned		f_edit_reserved : 1;
	unsigned		f_edit_html : 1;
	unsigned		f_edit_use_outlines : 1;
	if(f_edit_has_font) {
		unsigned short		f_edit_font_id_ref;
		unsigned short		f_edit_font_height;
	}
	if(f_edit_has_color) {
		swf_rgba		f_edit_color;
	}
	if(f_edit_has_max_length) {
		unsigned short		f_edit_max_length;
	}
	if(f_edit_has_layout) {
		unsigned char		f_edit_align;
		unsigned short		f_edit_left_margin;
		unsigned short		f_edit_right_margin;
		signed short		f_edit_indent;
		signed short		f_edit_leading;
	}
	string			f_edit_variable_name;
	if(f_edit_has_text) {
		string			f_edit_initial_text;
	}
};

Additional interactivity has been added in V4.0 of the SWF format. This is given by the use of edit boxes offering the end users a way to enter text as if the SWF movie was in fact an interactive form.

The text is defined in a variable (accessible in action scripts). It can be dynamically assigned and retrieved. It is legal to have an empty string as the variable name (not dynamically accessible).

Since version 8, the text drawn by a DefineEditText tag can be tweaked by adding a CSMTextSettings tag.

The f_edit_word_wrap flag will be set to true (1) in order to have words going beyond the ...

SetBackgroundColor

Tag Info
Tag Number: 
9
Tag Type: 
Display
Tag Flash Version: 
1
Brief Description: 

Change the background color. Defaults to white if unspecified.

Tag Structure: 
struct swf_setbackgroundcolor {
	swf_tag			f_tag;		/* 9 */
	swf_rgb			f_rgb;
};

This tag is used to specify the background color. It should always be included at the start of every .swf file (after the FileAttributes and Protect tags). Only an RGB color can be used (i.e. there is no alpha channel for that color, whatever the SWF version.)

To create a Flash animation that's transparent (so we can see the website gradient, for example) you use the wmode parameter in the HTML tag with the value "transparent", in which case the background color will be ignored and replaced by a fully transparent background. For example:

<embed width="440"  ...