Working at $big_company is not without its challenges, but the least of which should be network access, right? No, of course not. Installed “security appliances” (see the SSL MiTM post for more on that) on the network always limit access from within the corporate firewall out to the Iernet at large to protect from security vulurables. This is all great and fine, but that kind of protection always errs on blocking, so working with open source projects that are easy to install and run out in the real world become a nightmare when you’re inside the coporate firewall.
TL;DR companies are buying appliances that run SSL MiTM (Man in The Middle) attacks against their users, decrypting sessions on the fly without the user’s knowledge. You should find out if this is happening to you.
As a self described privacy advocate, I consider myself pretty cognizant of when I might be under some sort of network surveillance; I know what to look for, and enjoy understanding ways to avoid it (often by not visiting certain sites from certain networks), but one day I hit something that surprised me.
Years ago there was a lot of excitment about Do Not Track (DNT) as a way to enhance online privacy for users by allowing them to ‘opt-out’ of tracking by websites and advertisers. The idea as defined on Wikipedia:
I’ve used CoreOS a good deal for the last few months, automating it on Amazon Web Services to run Docker instances like a boss, but when a new version comes out, figuring out the new AMI ID to target is cumbersome. What happens is that a new CoreOS version will be built with AWS, resulting in a new AMI ID, but going to the CoreOS cloud provider’s page to manually grok the ID is no fun. I knew there had to be a automated way to do this, but earlier attempts failed. That changed today as I got a clue from the #coreos channel on irc.freenode.net. Here’s the gist:
One of my all time favorite bands Mogwai (still #2 on my last.fm listen list) is releasing a career spanning 3 CD / 6 LP set called Belters Box. For the occasion they’ve released a new video, for an old song, Helicon 1. Directory Graig Murray has this to say about it, “The film you see is made from 100% 35mm stills which I shot off the screen: I used about 100+ rolls which were all individually scanned. All effects you see in the film are physical workings of the negatives (scanner compositing, scratching, liquids etc). Given the logistics of shooting everything discreetly and also in the sea, the original footage was all shot on an iphone and a go-pro, with some addition animation using 35mm.”
While Edward Snowden may be hiding in Russia, he understands and thinks about the freedoms American’s take for granted everyday. In a recent Reddit AMA he succinctly described why he is such a firm believer in privacy, giving his argument against the often heard, “I don’t care if they violate my privacy; I’ve got nothing to hide”.
I’ve been watching ciscocloud/microservices-infrastructure for awhile, an ambitious project designed to get a microservices infrastructure setup with a reasonable set of defaults. Now they seem to be getting more serious about the project and have renamed it mantl, which they define as, “A container orchestrator, docker, a network stack, something to pool your logs, something to monitor health, a sprinkle of service discovery and some automation”. This sounds amazing, and certainly similar to something I did/try to do with my stax project… but just like with stax, there’s lots to do up front. Let’s give it a go. Will run it on AWS, but note that it can also be run on Vagrant, Openstack, Google Compute Engine, as well as bare metal, via Terraform. As usual I’m working from Debian, so if you’re in something else, or OSX, your initial setup will vary.
Overview For the past year it seems, everyone is trying Docker, running processes in containers to make environments more predictable and reproducable. However old habits die hard, and once again I see installations that are far larger with wasted resources at best, and insecure, unused services running at worst. Most people running Docker are using huge images with needless applications installed and taking up space for their containers. Meanwhile, if you search in the Docker Registry for ‘debian minimal’ you’ll come across some images that are over 260 MB!
Today Ubuntu released 15.04 (Vivid Vervet) which is a huge release for the lastest cloud and server options. Updated OpenStack, Juju, libvirt, qemu, Open vSwitch, Ceph, cloud-init, docker, corosync, haproxy, pacemaker - and the stars of the show, Ubuntu’s take on the container world, lxc, lxd and Ubuntu Core, aka Snappy. With all of that fun stuff I didn’t waste any time, I grabbed the server ISO of 15.04 and slapped it on a server. I got started with lxc and lxd to check them out, and while there’s plenty more to do and learn, here’s how to get started with them.
And now for something completely different, it’s a followup to my only other cooking post, Migas. Keeping it in the Mexican/Tex-mex realm, today we’re going to make some green chile chicken enchiladas!