Building a Docker Image Without Internet Access (kinda)

We’ve been moving a bunch of servers into magic cloudy land. A move which comes with a whole lot of additional security restrictions (and accompanying marketing that the cloud is so much more secure … uhh, no … any host to which you used a keylogged jump server to access & it had absolutely no access to the internal or external network without a specific request and firewall rule would be equally secure. You just haven’t bothered with all of those controls before!). As such, we cannot just pull an image from Docker Hub. We also cannot just use apt-get to install/update packages.

So … how can you build a Docker image with updated software for use on these locked down boxes? Bit of a trick question — you cannot. You can, however, build such an image elsewhere and then export/import the image.

Build the image using your Dockerfile

docker build -t my_app_base .

Then export the image you created

docker save my_api_base | gzip > myapp_image.tar.gz

Download the TGZ file and transfer it to your restricted-access host. Then import the image

docker load < myapp_image.tar.gz

Verify the image loaded successfully

[user@server ~]$ docker images
REPOSITORY              TAG         IMAGE ID      CREATED            SIZE
localhost/my_app_base  latest      5z8e35z99d5z  19 minutes ago     995 MB
<none>                  <none>     5zdbcfz6393z  About an hour ago  1.01 GB

Now use docker run with your my_app_base:latest image to create a running container based on the image.

Trail Mix

Trail Mix

Recipe by LisaCourse: SnacksDifficulty: Easy

Ingredients

  • 3 lbs whole almonds

  • 27 oz walnuts halves and pieces

  • 13 oz cashews

  • 8 oz hazelnuts

  • 8 oz Brazil nuts

  • 2 lbs pecans – halves and pieces

  • 10 oz bittersweet chocolate chips

  • 12 oz raisins

Method

  • Mix all of the nuts together in a large bowl
  • Take half of the nut mixture and put aside for later. Combine raisins with remaining nuts.

We found a ton of different nuts at Costco — almonds for $3.33 a pound, pecans and walnuts for about the same price. The best price I’d found for almonds was about $5 a pound, and that was at a bulk wholesale place where you had to buy something like fifteen pounds. This is a three pound bag, and the price includes shipping. Cashews, hazelnuts, and Brazil nuts were all a little more expensive, but still significantly less than what I buy them for at a bulk / wholesale place. So we made trail mix (and have plenty of nuts left over to make more trail mix throughout the year). I need to make some dehydrated bananas, apples, and cranberries to add in … but it’s tasty already!

Apache HTTPD and DER Encoded Certificate

We are in the process of updating one of the web servers at work to a newer OS – along with a newer Apache HTTPD and PHP iteration. Ran into a snag just setting up the SSL web site – we couldn’t get HTTPD started with our Venafi certificate.

[Fri Jan 28 14:35:05.092086 2022] [ssl:emerg] [pid 57739:tid 139948816931136] AH02561: Failed to configure certificate hostname.example.com:443:0, check /path/to/certs/production/server.crt

[Fri Jan 28 14:35:05.092103 2022] [ssl:emerg] [pid 57739:tid 139948816931136] SSL Library Error: error:0909006C:PEM routines:get_name:no start line (Expecting: CERTIFICATE) — Bad file contents or format – or even just a forgotten SSLCertificateKeyFile?

[Fri Jan 28 14:35:05.092115 2022] [ssl:emerg] [pid 57739:tid 139948816931136] SSL Library Error: error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib

The certificate was DER encoded – that’s not what I use, but it was working on the old server.

I think there might be something between httpd-2.4.6-97 and httpd-2.4.37-43 that stopped DER encoded certificates from working. Rather than figure out some way to coerce HTTPD to use this DER file that I don’t really care if I’ve got … I just used a quick command to export the B64 version of the certificate, copied the header/footer/stuff in between, and made a base-64 encoded certificate file.

openssl x509 -inform DER -in server.crt | openssl x509 -text

And, voila, we’ve got a web server.

 

Buttermilk Almond Muffins

Ingredients:

  • 1 1/2 cups all-purpose flour
  • 3/4 cup almond meal from making almond milk
  • 1/3 cup maple syrup
  • 1 tsp baking powder
  • 1 tsp baking soda
  • 1/2 tsp salt
  • 2 eggs
  • 5 Tbsp powdered buttermilk
  • 1 1/4 cup water
  • 4 Tbsp melted butter

Method:

  1. Preheat oven to 350 F — I lined the muffin tin with silicone cups. This made removing the muffins from the tin and clean up much easier.
  2. Stir almond meal into flour and break up any clumps of almond meal.
  3. Whisk in baking powder, baking soda, salt, and powdered buttermilk.
  4. In a separate bowl, slightly beat eggs then mix in maple syrup and water.
  5. Add wet ingredients to dry ingredients and stir gently to incorporate.
  6. Drizzle in melted butter and stir to incorporate.
  7. Divide batter into muffin pan.
  8. Bake 15-20 minutes until a toothpick inserted into the center comes out clean.

The leftover pulp from making fresh almond milk was always a problem — I know you can dry it out and make almond flour, but that’s a long process. I keep trying to find a tasty use for the pulp, and I think I’ve finally figured something out. These muffins were moist, buttery, had a bit of bite from the buttermilk … and a double batch would use all of the pulp from a batch of almond milk. Muffins freeze well, too — so we can have quick breakfast/snack food stashed in the freezer.

On Five Dollar Gas

This is the third or fourth time in the last decade that I’ve been seeing news reports about “5 dollar gas” or, more generally, astronomical rise in petroleum prices. How much it costs to fill a tank, how much a gallon costs, how this impacts family budgets.

Oddly, I’ve never seen any reporting discuss ways to minimize the impact that higher gasoline prices have. Any help at all, from the trivial (make sure your tires are well inflated, drive at less congested times to avoid idling in traffic, plan excursions so you’re not making a trip “into town” for different errands three days in a row) to the expensive (buy a more fuel efficient car). There’s nothing.

This is how the free market works — something becomes expensive, you need to consider other options. Buying an electric car isn’t cheap — expensive enough that it’s not an option for some people. But driving an electric car is a way to minimize the direct impact fuel prices have on you. At an enterprise level, electric trucks can reduce the indirect impact of fuel prices.

Turkey Meatballs

Turkey Meatballs

Recipe by LisaCourse: FoodCuisine: American, ItalianDifficulty: Easy
Prep time

30

minutes
Cooking time

30

minutes

Ingredients

  • 2 pounds ground turkey

  • 1 cup panko bread crumbs

  • 1/3 cup Parmesan cheese

  • 3 large cloves of garlic, finely chopped

  • 1/2 cup minced onion

  • 2 eggs

  • 1/2 tsp black pepper

  • 1 tsp salt

  • 1/2 tsp basil

  • 1/2 tsp oregano

Method

  • Combine all ingredients in a bowl and mix until just combined.
  • Either:
    Fry in a pan to brown.
    – or –
    Place on a baking sheet lined with a silicone baking mat. Bake at 350F for about 25 minutes.
  • If using in a tomato sauce, slightly under-cook meatballs in step #2 , add to sauce, and simmer until fully cooked.

The HHGTTG Approach to Cloture

In 1975, the Senate adopted a rule change that makes me think of the beginning of Hitchhiker’s Guide to the Galaxy. A chap’s house is scheduled for demolition for “progress” — a new motorway. He lays down in front of the bulldozer to prevent his house from being smashed to bits, but his neighbor wants to hop over to the pub. So they explain to the crew manager that the chap could spend the day laying in front of the bulldozer; and, as such, it should be taken that he is laying in front of the thing even if he’s not. In the book, the answer is immaterial since the entire planet is slated for destruction so an interstellar motorway can be put in … and the discussion is meant to be fascicle regardless.

A filibuster isn’t really a legal construct — debate in the Senate could continue until everyone has had their say. That’s a process intentionally designed to slow legislation — to prevent knee-jerk responses to immediate situations. Using your ability to keep “debating” the bill to stall (or table) a bill is known as filibustering. Since 1917, Senate Rule 22 defines a “shut up and let’s vote” process (cloture) that closes debate on a bill and moves it to vote. It takes more people to invoke cloture than it does to pass a bill — 67 votes in 1917, 60 votes since 1975 — meaning the minority party potentially could stall legislation until the majority party gives up on it. Unfortunately, another change adopted in 1975 — the HHGTTG one — seems to operate on the idea that … just because you could continue debating a bill for a month means that you are doing it. And, as such, you don’t really need to stand and talk. With the rule change, the minority party could require a 3/5 majority to pass any legislation by requiring a cloture vote.

Prolonging debate on a bill requires a lot of dedication — and one dude isn’t going to be particularly effective in doing so. How long can one person actually speak from the floor? Strom Thurman holds the record at just over 24 hours with a soliloquy in opposition of the 1964 Civil Rights Act. But it wasn’t just Thurman — a whole group of Senators combined to prolong debate for sixty days. Eventually there were 67 votes to close debate (and the law passed).

Since 1975, the Senate’s approach to cloture (a.k.a. the filibuster) uses HHGTTG’s bulldozer reasoning — someone could stand on the Senate floor and talk for a long time. We should all assume they are talking on the Senate floor for an infinite period of time, thus a 3/5 majority is required to close debate and bring the bill to vote.

I think the Democrats today are making a massive tactical / branding mistake — instead of trying to “reform” or “eliminate” the filibuster, they should simply eliminate the HHGTTG component whilst pointing out how silly the idea is. If you want to marshal a group of Senators to keep talking for sixty days, have at it. But you’ve got to actually talk for sixty days. Sure, read every state’s voting laws. Read every state’s laws that might almost kinda be related to voting laws — ID is required, so lets read all about how to get a drivers or non-drivers ID in each state. Read research papers about voting rights. Read speculative information about how online voting could be implemented. Read the entirety of cases from states where courts have ruled on gerrymandered districts. But you cannot just say “I would prolong debate on this forever, so bring a cloture motion to stop me now” and be done with it.

While the Democrats had enough of a majority in 1975-1979 to close debate, Congress has been more evenly split in the subsequent decades. And the resulting public impression of Congress as virtual filibusters are used to prevent legislation from coming to vote is that nothing gets done. Blame which is assigned to the majority party — you’ve got enough votes to pass legislation, why aren’t you passing legislation?!? Having video of the minority party droning on to prevent the legislation from coming to a vote could create a vastly different perception of the obstruction.

Session Years Republicans Democrats Other
94 1975-1977 37 61 2
95 1977-1979 38 61 1
96 1979-1981 41 58 1
97 1981-1983 46 53 1
98 1983-1985 55 45 0
99 1985-1987 53 47 0
100 1987-1989 45 55 0
101 1989-1991 45 55 0
102 1991-1993 44 56 0
103 1993-1995 43 57 0
104 1995-1997 52 48 0
105 1997-1999 55 45 0
106 1999-2001 55 45 0
107 2001-2003 50 48 2
108 2003-2005 51 48 1
109 2005-2007 55 44 1
110 2007-2009 49 49 2
111 2009-2011 41 57 2
112 2011-2013 47 51 2
113 2013-2015 45 53 2
114 2015-2017 54 44 2
115 2017-2019 51 47 2
116 2019-2021 53 45 2
117 2021-2023 50 48 2