Blockchains for Immutable Infrastructure

Yes, we’ve all heard the hype around ICOs (Initial Coin Offerings) and the Bitcoin/Ethereum price explosion. People are scrambling to make any BS product as an excuse to do an ICO. But let’s not overlook the real use and value of blockchains. To put it simply a blockchain is a cryptographic ledger (or database) that stores data in a P2P fashion. With consensus between them to write the data to the blockchain.

The blockchain can help alleviate the issues of configuration management, file integrity checking, and help build immutable cloud infrastructures with less complexity.

This can help to secure the Internet of Things (IoT) among others things like server configurations. The blockchain is much more than just for currency. Being only the tip of the iceberg in terms of what can be done using them. Not to say that everything should be on the blockchain. One of the biggest issues in past implementations of File Integrity Checking (FIC) is the obvious attack vector was via the database, the hashes were written to verify/monitor file integrity. Compromise the database and it renders the FIC moot. Blockchain based FIC you do not need this worry since that hash is stored across many thousands of nodes across the globe. So even if the local copy is compromised it will be detected by the network as a whole. There would be no central control or access to compromise the signature “database”. With the rise of Infrastructure as Code and Containers there is a bigger need to be able to verify the integrity of systems.

This can be done by generating a token on existing chain like Ethereum (ETH). But the speed of “transactions” is paramount to using a blockchain in this way. So a custom chain would need to be built.

 

Why Your Dockerfile Sucks for Production

Harpooned by a Dockerfile that sucks
Don’t get harpooned by a Dockerfile that sucks

Your Docker Compose file might suck too.

I admit it! I am guilty of making Dockerfiles that suck.

We’re all guilty of being overly general in our Dockerfiles. Just look on Docker Hub or GitHub. But in some ways it might be making things less consistent across builds.

Example:

FROM debian:latest 

Which is fine for testing something or working to build Dockerfiles for development pipelines. But let’s look at the shortfalls and headaches we can all avoid. You never really know what something like the above will get you.

The same applies to running package manager with only package name and no version. In some instances you will want to update a package for security or bug fix purposes. But for Docker in Production you want to stipulate these things.

So first let’s stipulate the right known base image using it’s SHA256:

FROM debian@sha256:52af198afd8c264f1035206ca66a5c48e602afb32dc912ebf9e9478134601ec4

To get the SHA256 you can get it when you pull the intial image you’ll be using to build projects.

$ sudo docker pull debian:8.7
8.7: Pulling from library/debian
693502eb7dfb: Pull complete
Digest: sha256:52af198afd8c264f1035206ca66a5c48e602afb32dc912ebf9e9478134601ec4
Status: Downloaded newer image for debian:8.7

 

Now you know the exact version you will be running. Now be sure to stipulate for other packages you need to install.

RUN apt-get update && apt-get install -y \
python=2.7.5-5 \
python-pip=1.5.4-1 \
some-package=1.1.1 \
&& rm -rf /var/lib/apt/lists/*

Now you have your Dockerfile not sucking so much for Production use!

You’ll also want to have internal Docker Registry for versioning and storing your containers once you build.

 

100 Days to Privacy Online: Day 15 – Taking a Stand

There are a lot of organizations fighting for your freedoms when it comes to digital rights. But the oldest and most effective is perhaps the Electronic Frontier Foundation (EFF).

From their site:

The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.

Even in the fledgling days of the Internet, EFF understood that protecting access to developing technology was central to advancing freedom for all. In the years that followed, EFF used our fiercely independent voice to clear the way for open source software, encryption, security research, file sharing tools, and a world of emerging technologies.

Today, EFF uses the unique expertise of leading technologists, activists, and attorneys in our efforts to defend free speech online, fight illegal surveillance, advocate for users and innovators, and support freedom-enhancing technologies.

Together, we forged a vast network of concerned members and partner organizations spanning the globe. EFF advises policymakers and educates the press and the public through comprehensive analysis, educational guides, activist workshops, and more. EFF empowers hundreds of thousands of individuals through our Action Center and has become a leading voice in online rights debates.

EFF is a donor-funded US 501(c)(3) nonprofit organization that depends on your support to continue fighting for users.

Learn More and Join/Donate Today!

Using Text Files to Keep Organized

I recently came across this old article on using various text files to stay organized. In the past I have tried many ToDo apps with little success. So I have been using a slightly modified version mentioned in the article with great success. One big help is some quick and dirty aliases I added to my .bashrc file which are all kept in a directory called “daily”. You can name them as you wish. My next move is to put them in my ownCloud sync directory.

The .bashrc aliases:

#Daily txt files I write to for various reasons
alias todo='vim ~/Documents/daily/todo'
alias onething='vim ~/Documents/daily/one-thing/today_$(date +%Y%m%d)'
alias journal='vim ~/Documents/daily/journal/journal_$(date +%Y%m%d)'
alias writedaily='vim ~/Documents/daily/write-every-day'
alias ideas='vim ~/Documents/daily/ideas'
alias done='vim ~/Documents/daily/done'
alias actionplan='vim ~/Documents/daily/action-plan'

100 Days to Privacy Online: Day 14 – I2P Network

We have previously covered Tor which is perhaps the most popular decentralized overlay anonymity network (DarkNet) in the world.

Today we’ll cover I2P, which is a decentralized overlay network much like Tor in many ways. But with more features built into it.

From I2P site:

 

  • I2P is an anonymous overlay network – a network within a network. It is intended to protect communication from dragnet surveillance and monitoring by third parties such as ISPs.

  • I2P is used by many people who care about their privacy: activists, oppressed people, journalists and whistleblowers, as well as the average person.

I2P offers features like blogging, forums, email, anonymous sites and more. It is a younger project than Tor but has many promising advances and features when compared. It is a great addition to your privacy arsenal.

Get I2P Now