We now use permanent VirtualBox OSes to run part of our infrastructure.
We ran in all sorts of issues with those, but one thing for sure is that you do not want your OS hard drive to fill up because a (re)boot may not be possible after that. This is because the drive is likely to go bust if completely full.
You should, of course, have tools to let you know how filled up your hard drive is to make sure to catch such issues early. In our case, we had a Jira instance that filled up the drive mainly because we made one backup of the database per day. One day, one of those backup ended that ...
SECURITY WARNING
Before installing Docker and containers with services on your Linux system, make sure to read and understand the risks as mentioned on this Docker and iptables page. Especially, Docker will make all your containers visible to the entire world through your Internet connection. This is great if you want to indeed share that service with the rest of the world, it's very dangerous if you are working on that container service since it could have security issues that need patching and such. Docker documents a way to prevent that behavior by adding the following rule to your firewall:
iptables -I DOCKER-USER -i eth0 ! -s 192.168.1.0/24 -j DROP
This means that unless the IP address matches 192.168.1.0/24, the access is refused. The `eth0` interface name should be replaced with the interface name you use as the external ethernet connection. During development, you should always have such a rule.
That has not worked at all for me because my local network includes many other computers on my LAN and this rule blocks them all. So really not a useful idea.
Instead, I created my own entries based on some other characteristics. That includes the following lines in my firewall file:
*filter :DOCKER-USER - [0:0] -A DOCKER-USER -j early_forward -A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 80 --ctdir ORIGINAL -j DROP -A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8080 --ctdir ORIGINAL -j DROP -A DOCKER-USER -i eno1 -p tcp -m conntrack --ctorigdstport 8081 --ctdir ORIGINAL -j DROP
My early_forward allows my LAN to continue to work. These are my firewall rules that allow my LAN computers to have their traffic forwarded as expected.
Then I have three rules that block port 80, 8080, and 8081 from Docker.
Docker will add new rules that will appear after (albeit not within the DOCKER-USER list) and will open ports for whatever necessary service you install in your Dockers.
Note that the only ports you have to block are ports that Docker will share and that you have otherwise open on your main server. If Docker opens port 5000 and your firewall does not allow connections to port 5000 from the outside, then you're already safe. On my end I have Apache running so as a result I block quite usual HTTP ports from Docker.
As we are helping various customers, we encounter new technologies.
In the old days, we used chroot to create a separate environment where you could have your own installation and prevent the software from within that environment access to everything on your computer. This is particularly useful for publicly facing services liek Apache, Bind, etc.
Here is yet another example of why opensource is a really good way of getting things fixed.
Assuming you have a project that is getting used by many, you are likely to see people post issues about bugs and possible enhancements. Your software is even very likely to get improved on its own by enthousiast users. On Github, for example, it is very easy to fork a project (make a copy) and then work on your version of the software. You can then offer a fix to the main authors of the project with a near one to one copy of the project.
In our case, a security professional, Mike Salvatore, was asked ...
In the last few days, we started hearing about a massive bug in the implementation of the VM memory handling.
Intel has been frantically working on fixing host machines kernels in order to prevent one VM from accessing the memory of other VMs that run on the same machine.
Of course, most users are not going to attempt to read someone else memory so in that sense, most of us are relatively safe. But all of those who are not so lucky and have uninvited guests on their systems are running at very high risk. The information available from Intel says the memory is accessible only in Read mode. ...
Version 7.x-1.x-dev is a starting point... It is not complete, although it shows you a functional Management menu as a dropdown. More to come as time allows... See issue [#791664] for more info.
Version 6.x-1.13 fixes the vertical menu problem which had to do with CSS caching getting lost.
Version 6.x-1.10 to 6.x-1.12 fixes the non-called theme() function versus the other sub-modules that have callbacks through the theme() calls. However, we really need to have callbacks instead. Added horizontal and vertical themes. Attempts to fix to the vertical menu problem
If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:
sudo apt-get install php5-suhosin
This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.
What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from ...
Your business website is you online. Educate your leads by the writing of your journal, and offer quality pages full of information!
This upgrade enhances your existing Snap! Blogger Free website with business quality features such as remote blogging, anti-spam features, incorporated social media capabilities, professional analysis, and much
That way you can come back to your previous version if anything goes wrong. So far, no one told me that they had a problem upgrading. Although version 2.x did not have any schema, the new module may modify nodes and generate incompatible tags.
Version 3.x has a new theme() scheme. It is much more powerful has it allows you to create your own header numbering, etc. However, if you already had a theme() overload in your theme, it will stop working until fixed.
Please, in this case, make sure to upgrade on
I changed the name of the module back to InsertNode (although I did not want to, I did not want to jeopardize the Drupal 5 version... which would probably have been fine, but well...)
So, the newer version of the D6 module is again called InsertNode.
To upgrade you will want to keep the other version running until you get the new version as the replacement (although you can manage your site the way you'd like this procedure let you switch from the previous version to the new version without having to turn off your site for a little while.)
PHP eFax is very popular and generates many questions from our customers and potential customers. We try to answer those questions on our website for a quick read from our users. You can always ask us additional questions by contacting us directly or by posting a comment on the FAQ page.