So, in one fell swoop - about a half hour - I was able to create three servers running a Docker image to serve our main website, from scratch. It’s a good thing, too.
TL;DR: Remove SSLv3 - the impact is likely very small We've now removed SSLv3 from about 1000 servers in our environment. So far, we've only had one issue - a script used to call an API started to fail. The issue was the ruby rest client > 1.7.0. (Yes, that's greater-than.) Removing from Apache SSLv3 … Continue reading Some Real-World Info on POODLE (CVE-2014-3566)
So what we have here is that root inside the containers effectively has root access to any of these file systems or devices. If you can somehow communicate with them, then consequently, you can own the host with little effort.
Sounds like an expired CA cert, but replacing it didn't fix it. All the posts online with this error talk about a three-year-old activerecord bug, so that's not valid either.
Server Name Indication, or SNI, is an extension to the TLS protocol. It's function, in plain English, is to allow a browser to tell a web serverwhich website it's coming to see before starting the SSL connection. The browser then knows which SSL credentials to send back to the browser and an SSL connection can be established.
I've heard the name CoreOS around a little bit over the last two months or so, but it hadn't really jumped out at me until last week when Mark McCahill mentioned it in a meeting. He'd read some pretty cool things about it: minimal OS, designed for running Docker containers, easy distributed configuration, default clustering … Continue reading How ’bout CoreOS as your Cloud base?
I've noticed the ways in which I set up new Docker images have shifted the more I work with the technology. For example, when I first started with Docker, I put almost all my configurations into the Dockerfile. This is easy - and the way Docker suggests it on their site - and the biggest … Continue reading Docker "Best Practices" (that don’t exist yet)