Challenges and Solutions for Tech Companies Doing Business in China

China is a unique challenge for building infrastructure for SaaS or App based services. Unlike other (or most other) countries in the world, China has additional hurdles to overcome to offer services to Mainland China effectively.

From the legal standpoint, there is the ICP license is required for every domain name used in China. So it is a challenge for outside companies to get a license since they are outside of China. Many must partner with 3rd parties to obtain this license. Cloud providers like Tencent or AliCloud help users to gain use their license. So once you have your ICP taken care of you must now build cloud infrastructure.

One big issue with trying to work from outside China to service providers inside is what referred to as “The Great Firewall of China” is a state-run firewall that filters content and ports used for services the Chinese government has an issue. A recent example is their crackdown on the use of VPN (Virtual Private Networks) which are frequently used to circumvent the content blocking. However, for administrators are used to connect to cloud providers to manage services securely.

Read more

Decentralizing the Internet Is Only the Start to Reclaiming Privacy

There is much backlash going on over Facebook’s revelations of user data being in the hands of Cambridge Analytica and perhaps many more. Not much of a surprise to more technical users who are more familiar with the surveillance economy as it is now known. People for going on decades have given away their digital identities in exchange for some free services. It is a somewhat timely moment of clarity for Internet users as a whole since it coincides with the explosion of blockchain and other decentralized services and projects.

Now is the time to seize on the backlash and reclaim our privacy online as not just a country but as the Internet as a whole.

There are many good open source and decentralized projects for social media and Facebook equivalents. The real issue comes down to user adoption and supporting the developers.

Read more

Anonymous Smart Contract Driven Orgs and Funds

One of the biggest things that first came out of Bitcoin and blockchain was initially Decentralized Autonomous Organizations (DAOs).  This concept has evolved with Colored Coins, Counterparty, and Ethereum since then.  Of course there have been (big!) bumps in the road. The Ethereum DAO being seen as securities by the SEC is one good example.  Along with the DAO hack which wreaked havoc and caused a lot of drama.

But in hindsight these were all just growing pains of a young technology. Not to say these were not big issues. But with any new technologies there are some casualties. When real world money is involved this can make things more painful for those affected.

Read more

Blockchains for Immutable Infrastructure

Yes, we’ve all heard the hype around ICOs (Initial Coin Offerings) and the Bitcoin/Ethereum price explosion. People are scrambling to make any BS product as an excuse to do an ICO. But let’s not overlook the real use and value of blockchains. To put it simply a blockchain is a cryptographic ledger (or database) that stores data in a P2P fashion. With consensus between them to write the data to the blockchain.

The blockchain can help alleviate the issues of configuration management, file integrity checking, and help build immutable cloud infrastructures with less complexity.

This can help to secure the Internet of Things (IoT) among others things like server configurations. The blockchain is much more than just for currency. Being only the tip of the iceberg in terms of what can be done using them. Not to say that everything should be on the blockchain. One of the biggest issues in past implementations of File Integrity Checking (FIC) is the obvious attack vector was via the database, the hashes were written to verify/monitor file integrity. Compromise the database and it renders the FIC moot. Blockchain based FIC you do not need this worry since that hash is stored across many thousands of nodes across the globe. So even if the local copy is compromised it will be detected by the network as a whole. There would be no central control or access to compromise the signature “database”. With the rise of Infrastructure as Code and Containers there is a bigger need to be able to verify the integrity of systems.

This can be done by generating a token on existing chain like Ethereum (ETH). But the speed of “transactions” is paramount to using a blockchain in this way. So a custom chain would need to be built.

 

Why Your Dockerfile Sucks for Production

Harpooned by a Dockerfile that sucks
Don’t get harpooned by a Dockerfile that sucks

Your Docker Compose file might suck too.

I admit it! I am guilty of making Dockerfiles that suck.

We’re all guilty of being overly general in our Dockerfiles. Just look on Docker Hub or GitHub. But in some ways it might be making things less consistent across builds.

Example:

FROM debian:latest

Which is fine for testing something or working to build Dockerfiles for development pipelines. But let’s look at the shortfalls and headaches we can all avoid. You never really know what something like the above will get you.

The same applies to running package manager with only package name and no version. In some instances you will want to update a package for security or bug fix purposes. But for Docker in Production you want to stipulate these things.

So first let’s stipulate the right known base image using it’s SHA256:

FROM debian@sha256:52af198afd8c264f1035206ca66a5c48e602afb32dc912ebf9e9478134601ec4

To get the SHA256 you can get it when you pull the intial image you’ll be using to build projects.

$ sudo docker pull debian:8.7
8.7: Pulling from library/debian
693502eb7dfb: Pull complete
Digest: sha256:52af198afd8c264f1035206ca66a5c48e602afb32dc912ebf9e9478134601ec4
Status: Downloaded newer image for debian:8.7

 

Now you know the exact version you will be running. Now be sure to stipulate for other packages you need to install.

RUN apt-get update && apt-get install -y \
python=2.7.5-5 \
python-pip=1.5.4-1 \
some-package=1.1.1 \
&& rm -rf /var/lib/apt/lists/*

Now you have your Dockerfile not sucking so much for Production use!

You’ll also want to have internal Docker Registry for versioning and storing your containers once you build.

 

Powered by WordPress. Reyl Lite designed by Quema Labs.