Static vulnerability analysis tools for Docker containers

You’re developing in Docker, and you have a container with a lot of layers when you’re done. How do you make sure that you don’t have security vulnerabilities hiding somewhere inside there, especially if you are running a container that depends on something that depends on something that depends on something else? The first step is to understand your own application, so that you can have some sense for how the dependencies that you have control over are impacted. »

More 96 core benchmarks

Yesterday I spent some time with a 96 core ARMv8 server. On day two I figured out a couple more things about that server. First and foremost, the extended path of installing Docker on the server I chronicled yesterday ended up being much easier today. A simple apt-get install did the right thing to bring Docker 1.12.1 into the system. Don’t do apt-get install docker on Ubuntu; you’ll get “docker - System tray for KDE3/GNOME2 docklet applications” instead. »

96 cores hot with ARMv8 and Docker

I had early access to a 96 core, 128 gigabyte ARMv8 server today. Here’s what I did to get all of the CPUs and all of the memory in use at the same time. The system: a bare-metal hosting company is working on general availability of these ARMv8 (aarch64) servers. I got early access for beta testing. Talk to me if you’d like to know more. The software: These systems boot with Ubuntu 16. »

Daily coffee and wifi, September 6, 2016

Coffee and wifi (double espresso over ice) at the “dog park Biggby”, Platt Road at Ellsworth. It’s not an inconvenient location, and the very large south-facing windows are good to know about as the days get shorter. More than 90 degrees outside, and I’m preparing to make dinner. The recipe is for “broccoli Calabrian style” from Martha Rose Shulman. I couldn’t find that exact recipe online, but this Bucatini Con Broccoli Alla Calabrese is close. »

full stack plane spotting and data analysis

The task at hand is simple. Whenever a particular airplane is visible overhead, send out a tweet with that notice. Don’t repeat yourself with this announcement more than twice an hour, but try not to have too much lag in reporting. The full stack of hardware and software to do this is not particularly complicated to use once you get it all running, but there are a series of issues and observations along the way that add to the complexity. »

OpenVPN scaling

Previously: OpenVPN in a container Also previously: Split tunnels considered harmful I have this running in a staging environment and a test environment; it properly isolates OpenVPN from the underlying operating system, and seems to do the right thing performing rather well. However, its biggest limitation is that it runs on a single host & thus provides neither high availability in the case of Amazon funkiness nor scalability to handle lots of clients. »

OpenVPN in a container

A few notes on setting up OpenVPN in a container. I’m using CoreOS, which gives me Docker 1.7.1 in the “stable” branch. Two different Docker configurations are available that take on this task, with slightly different setups. Kyle Manna’s docker-openvpn is what I’m working with; it in turn is derived from jpetazzo/dockvpn which solves the same problem slightly differently. There’s a tutorial on Digital Ocean that describes the setup including client-side support. »

AWS DynamoDB downtime, Sunday am, September 20, 2015

A distributed system is one in which the failure of a computer you didn’t even know existed can render your own computer unusable. Leslie Lamport, 1987 Amazon Web Services DynamoDB experienced downtime in the N Virginia availability zone early Sunday morning, September 20, 2015. As a result, a number of other AWS services inside N Virginia that depend on DynamoDB also had downtime. Companies and organizations that built services on top of those systems who didn’t have geographic load balancing were having problems as well. »

Docker Detroit, Wednesday July 22, 2015, 6:00 pm, Troy, Michigan

I hope to see you at Docker Detroit’s kickoff meeting, to be held at RIIS, 1250 Stephenson Highway, Suite 200 in Troy, MI starting at 6:00 p.m. tonight July 22 2015. I’ll be coming in from Ann Arbor. The venue is between 14 Mile and Maple behind Beaumont Hospital. Google Maps suggests that because of construction on I-75 in that area you might want to head north on Campbell instead of taking the I-75 / I-696 interchange north. »

Bringing up Node-RED and mosquitto under "docker compose" on a Raspberry Pi

Progress, actually quite a lot of it: The problem, neatly stated. Docker is good for bringing up single services ("microservices"), but sometimes your application needs more than one thing running for the whole thing to work. Enter "docker compose", formerly "fig", which automates the process of running various Docker commands in the right order with the right arguments all driven from a configuration file. As described by their documentation: Compose is a tool for defining and running complex applications with Docker. »

Docker 1.7.0 issues: problems with Mac and boot2docker, ARM, Ubuntu, and disk size of images

Docker 1.7.0 has been released into the wild. Every .0 release of software should be expected to have some issues, no matter how good the QA and automated test process. Here's what to expect if you're getting Docker 1.7.0 up and running. boot2docker on Mac On the Mac, with boot2docker: Docker certs not valid with 1.7 upgrade is issue 938 on boot2docker. The symptom is a message like this An error occurred trying to connect: Get https://192. »

a few notes from Dockercon 2015, as seen via Twitter

The annual conference for Docker, Dockercon, has been going on. A few highlights from the event as seen through Twitter - I was not there to attend it. Docker is real on the Raspberry Pi through support for the ARM processor. Awesome live demo of Docker on a Raspberry Pi by @Quintus23M in the #dockercon closing keynote. — Bridget Kromhout (@bridgetkromhout) June 23, 2015 More details from the presenter, Hypriot-Demo and challenge at DockerCon 2015. »

Running Node-RED on a Raspberry Pi with Docker and Hypriot

My goal for the week was to empty out my inbox sufficiently that I would be able to make progress on some programming tasks that are hard to do when there's distractions. The inbox got all the way down to zero, and that meant that there was a chunk of evening time suitable for hacking. Happy to report that the result of this is Node-RED running on a Raspberry Pi under Docker on top of Hypriot. »