Static vulnerability analysis tools for Docker containers

You’re developing in Docker, and you have a container with a lot of layers when you’re done. How do you make sure that you don’t have security vulnerabilities hiding somewhere inside there, especially if you are running a container that depends on something that depends on something that depends on something else? The first step is to understand your own application, so that you can have some sense for how the dependencies that you have control over are impacted. »

Using SDR.HU to listen to AM radio sports

The Cubs won the pennant, and the Buckeyes lost to Penn State. I was able to listen to the radio calls of both of these through recievers connected to The Cubs radio call was from WMVP-AM, ESPN Chicago 1000. I had some practice listening to them through the Farmington Hills, MI SDR run by KB8SPI. That system is a KiwiSDR with a PA0RDT Mini-Whip, and it tunes from 0-30 Mhz including all of the longwave (broadcast AM) band. »

More 96 core benchmarks

Yesterday I spent some time with a 96 core ARMv8 server. On day two I figured out a couple more things about that server. First and foremost, the extended path of installing Docker on the server I chronicled yesterday ended up being much easier today. A simple apt-get install did the right thing to bring Docker 1.12.1 into the system. Don’t do apt-get install docker on Ubuntu; you’ll get “docker - System tray for KDE3/GNOME2 docklet applications” instead. »

96 cores hot with ARMv8 and Docker

I had early access to a 96 core, 128 gigabyte ARMv8 server today. Here’s what I did to get all of the CPUs and all of the memory in use at the same time. The system: a bare-metal hosting company is working on general availability of these ARMv8 (aarch64) servers. I got early access for beta testing. Talk to me if you’d like to know more. The software: These systems boot with Ubuntu 16. »

AWS Lambda for Python with "Chalice"

Chalice is a microframework for Python for AWS Lambda, similar in spirit to Flask. What does that even mean? A framework is a set of libraries and coding conventions that makes development in a specific language for a specific task easier. That usually involves making some simplifying assumptions about the task you are trying to solve, and embedding those assumptions in your code so that you don’t have to spell out quite as much detail to get a task done. »

AWS IoT to Node-RED

Duong Dinh Cuong (on Github as cuongquay) has contributed a node for Node-RED that encapsulates the AWS IoT service and allows straightforward communication between the two systems over MQTT. The node, node-red-contrib-aws-iot-hub, includes support for the message-passing part of AWS IoT using MQTT, allowing you to open a channel to the IoT service and publish or subscribe to message topics. The result is easy integration between the two systems. As a part of this process, the node includes support for AWS certificates that have to be installed “just so” to allow AWS to trust Node-RED. »

Narrowband IoT (NB-IoT) as a low power cellular data protocol on the u-blox SARA-N2

In the process of looking at embedded radio components, I came across the u-blox SARA-N2, a low power device designed to provide low bandwidth cellular data coverage for Internet of Things devices - “low power consumption and extended coverage” being the operative buzzwords. Speeds are 227 Kbps down and 21 Kbps up, and it’s claimed to be “low power” though no specific power consumption figures are provided. It’s built on NB-IoT standards that are standardized in June 2016 by the 3GPP project and which are codified in their Release 13. » and the emergence of lots of small wideband SDR receivers is the home base for OpenWebRX, a remote spectrum monitoring system written by Andras HA7ILM. The system is designed to allow OpenWebRX servers, running on RTL-SDR or HackRF hardware, to share their radio spectrum and allow remote tuning of the available radio bandwidth. A typical installation will allow up to four remote listeners to independently tune in, and the tuning filters allow the listener to independently control the bandwidth of the receiver. »

Writing assignment, 500 words

The writing prompt is simple scaffolding: write 500 words about what you’re working on right now, so that when someone asks what you do, you have a proof point of it. This is preparation for going to a conference where proof of professional identity is the whole point of the exercise. The thing you say you’re working on should be elaborated on at the top of the page, and any supporting details that don’t fit into the narrative should be omitted. »

Edward Vielmetti

Daily coffee and wifi, September 6, 2016

Coffee and wifi (double espresso over ice) at the “dog park Biggby”, Platt Road at Ellsworth. It’s not an inconvenient location, and the very large south-facing windows are good to know about as the days get shorter. More than 90 degrees outside, and I’m preparing to make dinner. The recipe is for “broccoli Calabrian style” from Martha Rose Shulman. I couldn’t find that exact recipe online, but this Bucatini Con Broccoli Alla Calabrese is close. »

September 3, 2016 Oklahoma earthquakes

A magnitude 5.6 earthquake rattled oil country in Oklahoma on September 3, 2016 at 7:02 a.m. The quake’s epicenter was eight miles northwest of Pawnee, OK. The USGS maps of the quake are detailed. The Pawnee Nation declared a state of emergency after ordering evacuations of damaged buildings in the area. Historically, the incidence of earthquakes in Oklahoma is low, and there is concern in the state that these earthquakes are of man-made origin. »

New month, new theme

I’ve switched themes in this weblog, using Casper from Valère JEANTET who ported it from Ghost to Hugo. The biggest advantage of the theme is that it’s neat and clean and looks like other people’s work. The biggest disadvantage is that I have 80+ pages of paginated weblog going back into the dim mists of time, and this theme doesn’t come out of the box with support for that kind of deep back list in it. »

full stack plane spotting and data analysis

The task at hand is simple. Whenever a particular airplane is visible overhead, send out a tweet with that notice. Don’t repeat yourself with this announcement more than twice an hour, but try not to have too much lag in reporting. The full stack of hardware and software to do this is not particularly complicated to use once you get it all running, but there are a series of issues and observations along the way that add to the complexity. »

Plane finding with dump1090

In March 2015 I wrote briefly about plane spotting with dump1090. In short, many airplanes have ADS-B transponders which squawk out their location, airspeed, and current conditions, and you can pick up those transmissions using an inexpensive RTL-SDR tuner stick and a simple antenna. I’ve been looking into this again to see if I can get a better understanding of how it works as well as to take advantage of a year plus of software development. »

Github private repositories

Github has changed their pricing strategy to allow individual accounts to have more private repositories. This is a welcome change for accounts like mine. As part of their change, enterprise pricing has increased. I’m told that this will multiply the bills that some companies will see. This post tests a new private repo, and links to Github pricing for future reference. »

Edward Vielmetti on #Github,

A commonplace reader

Sometimes it’s easier and faster to fill a page by quoting from others. The commonplace book is the annotated scrapbook, carefully collecting bits from other writers with just enough commentary and selection to make them your own. If these were written in this era you’d call it “curation”, though I can only think of that word in the context of “curated meats”, somewhat salty and dry and meant to be preserved for some time. »

Edward Vielmetti

Bots are hot - again

The title of the post is taken from a 1996 Wired article by Andrew Leonard describing the state of automated systems in the dot-com era. Web robots – spiders, wanderers, and worms. Cancelbots, Lazarus, and Automoose. Chatterbots, softbots, userbots, taskbots, knowbots, and mailbots. MrBot and MrsBot. Warbots, clonebots, floodbots, annoybots, hackbots, and Vladbots. Gaybots, gossipbots, and gamebots. Skeleton bots, spybots, and sloth bots. Xbots and meta-bots. Eggdrop bots. Motorcycle bull dyke bots. »

Mechanical slaves and the Californian ideology

Noted elsewhere, saved here for reference, from Richard Barbrook and Andy Cameron, THE CALIFORNIAN IDEOLOGY If human slaves are ultimately unreliable, then mechanical ones will have to be invented. The search for the holy grail of Artificial Intelligence reveals this desire for the Golem a strong and loyal slave whose skin is the colour of the earth and whose innards are made of sand. As in Asimov’s Robot novels, the techno-utopians imagine that it is possible to obtain slave like labour from inanimate machines. »

Edward Vielmetti


Yesterday’s radio was full of the Prince music catalog. The artist passed away in his Minnesota home at the age of 57. In response any radio station that had anything other that pre-programmed music responded by playing his hits - “Little Red Corvette”, “Raspberry Beret”, “Purple Rain” - and the radio stations that had artistic control also played B sides, live shows, bootlegs and whatever they could find. Ann Arbor’s own WCBN was exemplary in this regard. »

Upgrade to El Capitan

I’m working through the details of an upgrade from Mavericks to El Capitan. Some running notes. The upgrade took about 2 hrs. I went to the Apple Store at Briarwood in Ann Arbor to get the install done, since their Internet is faster than my home UVerse. After doing the upgrade the next big slow task is brew update. You would not be surprised to know that I have a lot of packages installed, and that brew is working hard to update everything. »

Chicken and onion curry

Saveur Magazine has a recipe for a chicken and onion curry from January 27, 2010. It took a little more than an hour to cook, but the results were very much worth it - delicious, and worth repeating. We had the meal with rice, kale, and a daikon raita from that I kind of liked but which was not a big hit with the rest of the table. The current meal planning regime here uses a Google calendar and a question at the end of every meal: do you want this again, and how many weeks before we have it again? »

a2b3 lunch non-summary for 3d week of January 2016

Thanks to everyone for coming to lunch. We had 16 people, and complete introductions in 23 minutes. The topic of the question was “repair”. Linda Diane Feldt is repairing her side door, original equipment on a 90 y/o house. Kathryn Sanderson darns socks. Dan Friedus wants to know if you want to repair his 1980s Bolens garden tractors. (Make an offer.) Ruthann Nichols teaches Science and Wine as a freshman seminar at the U. »

Ann Arbor area APRS network status, January 2016

APRS is the “Automatic Position Reporting Service”, a system for sharing information about the position of participating amateur radio stations. Clients transmit position reports on 144.39 Mhz; digipeaters repeat these reports to other monitoring stations; and various IGate sites monitor transmissions and send their findings to which collects worldwide data. In recent memory there has been an APRS digipeater in Chelsea, Michigan with wide area coverage, good enough to pick up travellers on I-94 west of Ann Arbor. »

Dave New N8SBE to speak at ARROW on Software Defined Radio

Dave New N8SBE will be speaking at the January 2016 meeting of the ARROW radio club on the topic of Software Defined Radio. He will present an introduction to GNU Radio and the GNU Radio Companion visual programming environment, and the HackRF One Software Defined Transceiver from Great Scott Gadgets. The demo will include a disucssion of receiver and transmitter flow graphs, as well as resources to learn more about digital signal processing using the HackRF One and GNU Radio. »

Oxford Flood Network

The Oxford Flood Network is making a flood detection network in the UK, using low cost sensors and volunteers. They are sharing their code on Github and their results on the Flood_Network Twitter account. They encourage you to join their effort, and no high technology is necessary. The network incorporates both readings from automated sensors (about £250) as well as manual readings from gaugeboards or photos. New as of December 2015 is an interactive flood map. »