Relocating a Docker Container

Employing the help of ChatGPT, I was able to successfuly relocate a Docker container from one host to another.

Context

The container in question runs an application that uses a Docker Volume for persistent storage; this decouples the database from the application, so I really only needed to copy the volume to the new host and pull the latest application image to start the container on a new host.

Prompt

You are a system administrator. Your goal is to copy the volume of an existing Docker container to another host, where the app image will be pulled and the volume mounted to the new container. The old container will be stopped before copying. Write the instructions and each command with expected output. Refer to each host as node1 and node2.

Response

To copy the volume of an existing Docker container from one host (node1) to another host (node2), you can follow these steps. I’ll provide you with the necessary commands and expected outputs:

Archive Volume On node1 (Source Host)

1. Stop the old container (if running):

docker stop <container_name_or_id>

Expected output (1)

<container_name_or_id>

1. Create a tarball of the Docker volume:

docker run --rm -v <volume_name>:/data -v $(pwd):/backup alpine tar czf /backup/backup.tar.gz -C /data .

Expected output (2)

backup.tar.gz

1. Copy the tarball to node2 (replace and with the appropriate values):

scp backup.tar.gz <node2_ip>:<path_on_node2>

Expected output (3)

backup.tar.gz                                100% 1234KB  123.4KB/s   00:10

Create Container On node2 (Destination Host)

1. Pull the Docker image for your application (replace with the actual image name):

docker pull <app_image>

Expected output (4)

<app_image>:latest: Pulling from library/<app_image>
...

1. Load the tarball into a new Docker volume on node2:

docker run -v <volume_name>:/data -v <path_on_node2>:/backup alpine sh -c "tar xzf /backup/backup.tar.gz -C /data"

Expected output (5)

<container_id>

1. Run a new container with the application image and the copied volume:

docker run -d --name <new_container_name> -v <volume_name>:/path/in/container <app_image>

Expected output (6)

<new_container_id>

1. Verify that the new container is running:

docker ps

Expected output (7)

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
<new_container_id>  <app_image>         "<startup_command>"     1 minute ago        Up 1 minute                             <new_container_name>

Conclusion

The task I had identified was solved by ChatGPT.

I was able to relocate the data for an application because it was decoupled from the runtime in the container, demonstrating how useful Docker Volumes can be.

Accessibility is Everything

At MagnoliaJS 2023, Chris DeMars posed the question: who is disabled?

In the context of his talk, it followed that his response was such: “Everyone.”

Talking about the accessbility (a11y) of the Internet means creating an interet accessible to everyone.

Who has the possibility of being disabled, at some point in their life?

Everyone

In the realm of code and pixels, we unfold, A tale of “everyone,” both young and old. In digital waves, a journey we start, Accessibility’s essence, a work of art.

For every user in the vast cyber sea, “Everyone” must navigate, swift and free. A symphony of code, a crafted blend, Where inclusivity is our guiding friend.

Not just the agile, nor the keen of sight, But every soul, in the web’s vast light. In lines of code, a chorus must swell, “Everyone” embraced, in each parallel.

For those with vision, clear and bright, Or those who navigate the web at night, The door to information, open wide, “Everyone” should find it, side by side.

In digital echoes, a chorus resounds, Through keyboard strokes, inclusion abounds. For those who hear and those who touch, A symphony of empathy, oh how much!

To surf the web with ease and grace, “Everyone” must find their rightful space. No barriers strong, no walls so high, In the language of code, let empathy fly.

Crafting lines of code, we weave, “Everyone” as the common motif. In alt text whispers, and ARIA’s song, Inclusion’s chorus, enduring and strong.

For “everyone” transcends the word’s mere rhyme, The heartbeat of a digital paradigm. Let progress rhyme in every line, Accessibility’s eternal chime.

Written by ChatGPT 27 November 2023

Check Out “Accessibility in the Enterprise: The Relationship between A11y and ROI” by Chris DeMars

You can watch his entire talk on YouTube and the link provided here takes you to the beginning of his talk.

Someone please hire Chris.

MagnoliaJS 2023 - Recap

I recently attended MagnoliaJS, the premiere web dev conference in Mississippi. I’m lucky enough to be close, personal friends with both the founder and current organizers of the conference and was able to bring a group from C Spire to join in the event. The conference began on Tuesday, October 17 at the Mississippi Museum of Art, with a strong encouragement to create content. This blog post, this blog, and my social media presence were validated by Taylor Desseyn’s first talk, and so I was doubly encouraged to share these notes so that others might be able to glean something from the time I spent in the company of web developers.

Day 1

Taylor Desseyn, Content Creation 101

persuasive speech on the networking benefits of creating content on social media

Alex Riviere, Small Design Systems for Developers

6 types of design systems Design token code generators

Rizel Scarlett, Emerging tech to improve diversity

• defining privilege doesn’t mean you didn’t earn your achievements
• tech identified as creating equity
• containers
• AI code generation
• Decentralization

Angie Jones, Refactoring the Web

• the missing layer: identity
• Web5 = Web2 + Web3

Jaimin Patel, D3.js: Changing the way people do cancer research

• visualization of cancer mutations
• D3.js provides SVG creation APIs

Karl Groves, Everything you need to know about JavaScript Accessibility

• GitHub Repo used for live coding exercise

Tyler Clark, Getting the Job… Tips For Your Next React Interview Challenge

1. Be proactive in your career, not reactive
2. Network Network Network
3. Breakdown job descriptions
4. Understand your code, sometimes less is more
5. After fundamentals, learns tradeoffs and patterns

Pato Vargas, From Chaos to Order: How React Monorepos Can Simplify Your Codebase

• Monorepo tooling; Pato uses nx

Danielle Maxwell, To Micro-Frontend or Not to Micro-Frontend: 5 Questions to Ask First

• I think this is an architectural talk?

Taylor Desseyn (reprise), A Manifesto in Hiring

• don’t be an asshole
• do what you say you will
• show you are capable of being prepared

Noteworthy events

• Kenia won the art giveaway
• Abbey Perini won the costume contest as Tech Conference Barbie
• Nick Wallace catering was fire

Day 2

Chris DeMars, Accessibility in the Enterprise: The Relationship between A11y and ROI

• numeronym
• Web accessibility means that everyone can use the web
• 3 things that come last:
• Accessibility
• Performance
• Security
• questions
• Does it work on all screen readers?
• can i solely use a keyboard?
• Does the color contrast work for all users?
• Do the images have alt attributes?
• why should i care?

Mo Daniel, How to Learn Technical Skills Effectively

• Continual learning
• Increases adaptability
• Maintains skills

Five steps to learn effectively

1. Have a goal in mind
2. Master the fundamentals
3. Project based learning
4. Practice
5. Strengthen your weaknesses
6. Work with people with more experience

Blake Watson, The Joys of Home-Cooked Apps

• home-cooked apps are about redefining success
• A Fine Start
• DSL caretaker time sheets

Mark Noonan, a whale of a tale about front-end testing

• Unit and Component Tests
• Unit tests document the purpose of a function
• ‘Component tests document the purpose of a component and its variations
• Component tests are useful for discovering accessibility issues
• Lowest level for testing quickly
• Written by engineers who have the most knowledge of what and why the DOM is the way it is
• End-to-end and component tests
• Component tests are often “vertical”
• E2E tests are often “horizontal”
• Network stubbing benefits e2e testing and dev in parallel
• API testing
• When using mocked APIs, use API testing to validate the mocks against the real API
• Balance trade-offs between different testing schemes

Michael Liendo, Moonlighting as a developer

• Side hustle guidelines
• Come with a plan
• Communicate with your manager
• Create separate social accounts
• Side hustle tool box
• Calendly
• Stripe
• Carrd

Abbey Perini, Cognitive Load and your development environment

• Memory and cognition are finite resources
• Instructional design
• CodeClimate

Nerando Johnson, Unloacked: Growing Your Skills Through Open Source Development and Civic Hacking

• Ushahidi platform (Kenyan)
• Hack the City (Finnish)
• BudgIT (Nigerian)
• Code for America
• getCTG.org
• Code for Atlanta
• Marta.js
• Georgia Courtbot

Todd Libby, Deceptive Patterns and FAST

• Deceptive is not anti-pattern
• Molly Holzschlag

Noteworthy events (pt 2)

• Noonan’s presentation had a cast of characters
• Kevin won some socks
• Nicole won a Bluetooth speaker
• Dylan won a Bluetooth speaker
• Because everyone from C Spire but me won something, Kayla felt bad and gave me a candle
• More Nick Wallace heat with slow cooked pork roast

Thank you for reading

These notes may or may not mean anything to you and that is okay. For making it this far, I’d like to reward you with the relevant social media asset to this experience.

View this post on Instagram

A post shared by Michael Lamb (@themichaellamb)

MagnoliaJS 2023

MagnoliaJS is the premier web development conference hosted in the capitol city of Mississippi at the Mississippi Museum of Art downtown. With all the stories of Mississippi as a failing state, it is important to recognize MagnoliaJS as an opportunity for people in the web industry to learn about the state from its storied museums. The art museum in particular is an excellent community center and venue for this conference, as well as being rich with catering options from close by!

1. Why do I want to attend MagnoliaJS

I won’t lie: the food is a big draw. There’s great food in Jackson and MagnoliaJS is a great chance for it to be showcased in front of a national (sometimes global) audience.

Another, more personal reason is that the conference organizers are friends of mine who I want to support. The conference is also quite emphatic about accessibility and inclusion as themes and as a policy, so everything from the registration process to attendance is demonstrative of these values. MagnoliaJS will begin on Tuesday, October 17, with a talk on accessibility and neurodiversity from Homer Gaines. I’m also looking forward to a live coding session from Karl Groves demonstrating accessibilty principles in JavaScript.

2. What do I expect to learn

My primary goal is to listen and learn about the varied perspectives in the web industry. While there will be some JavaScript covered at the conference, there are a number of other topics that may shed light on a different way of thinking, so I am approaching with an open mind.

3. How will this benefit my personal growth

I am always willing to take the time to listen to story tellers in Mississippi spaces. I come away from these types of interactions inspired and motivated, and this usually takes a direct impact through the leadership decisions I make.

Referral Link with Discount

If you would like to purchase tickets for MagnoliaJS please use the button below for a 15% discount!

Get Tickets for Magnolia JS 2023

Let's Expire Password Expiry

Too many organizations employ outmoded policies related to passwords that have been shown to be ineffective in providing security, namely, the requirement to change a memorized token on a regular periodic basis. I would like to present here various references which demonstrate that the industry standards have evolved in the last decade and do not require users to change a memorized token on a regular basis. It is best practice to require a changed password when credentials are found in other systems (I know of some orgs that use the haveibeenpwned API to provide intelligence when credentials are found on the dark web) but expiry should not be required until there is evidence a compromise has occurred.

Key paragraph from NIST Digital Identity Guidelines¹

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets. Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

PCI DSS password requirements²

Requirements set in the Payment Card Industry Data Security Standards state that passwords should only be changed on a regular 90-day basis, if it is the only authentication method available (Section 8.3.9). A stronger security posture is to require multi-factor authentication to access secure systems.

FTC persuasive article against mandatory password changes³

Lorrie Cranor, ACM and IEEE fellow & Chief Technologist at FTC (2016-2017), wrote an article that makes the point of this blog post: mandatory password changes should be reconsidered. Compellingly, she details research that has demonstrated “[an] attacker who knows the previous password and has access to the hashed password file (generally because they stole it) and can carry out an offline attack can guess the current password for 41% of accounts within 3 seconds per account (on a typical 2009 research computer). These results suggest that after a mandated password change, attackers who have previously learned a user’s password may be able to guess the user’s new password fairly easily.”

Three different Microsoft articles make the case

Microsoft Security removed password expiration in v1903 of Windows 10 and Windows Server⁴

Periodic password expiration is a defense only against the probability that a password (or hash) will be stolen during its validity interval and will be used by an unauthorized entity. If a password is never stolen, there’s no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem.

Microsoft 365 password policy reccommendations⁵

Password expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers that are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cybercriminals almost always use credentials as soon as they compromise them.

Robyn Hicock, Microsoft Identity Protection Team⁶

In a research article, the Microsoft Identity Protection Team identifies password expiry as an “anti-pattern” (a practice which is believed to solve a problem but in fact does not).

Mandated password changes are a long-standing security practice, but current research strongly indicates that password expiration has a negative effect. Experiments have shown that users do not choose a new independent password; rather, they choose an update of the old one. There is evidence to suggest that users who are required to change their passwords frequently select weaker passwords to begin with and then change them in predictable ways that attackers can guess easily.

One study at the University of North Carolina found that 17% of new passwords could be guessed given the old one in at most 5 tries, and almost 50% in a few seconds of un-throttled guessing. Furthermore, cyber criminals generally exploit stolen passwords immediately.

Microsoft CISO says the future is passwordless⁷

“I remember we had a motto to get MFA everywhere, in hindsight that was the right security goal but the wrong approach. Make this about the user outcome, so transition to “we want to eliminate passwords”. But the words you use matter. It turned out that simple language shift changed the culture and the view of what we were trying to accomplish. More importantly, it changed our design and what we built, like Windows Hello for business,” he says.

“If I eliminate passwords and use any form of biometrics, it’s much faster and the experience is so much better.”

Microsoft is moving towards a hybrid mode of work and, to support that shift, it’s making a push towards a Zero Trust network design, which assumes the network has been breached, that the network extends beyond the corporate firewall, and caters to BYOD devices that could be used at home for work or at work for personal communications.

References

[1] NIST 800-63B Section 5.1.1.2 Memorized Secret Verifiers

[2] PCI-DSS 4.0 Section 8.3.9

[3] FTC Time to rethink mandatory password changes

[4] Microsoft Security baseline (FINAL) for Windows 10 v1903 and Windows Server v1903

[5] Microsoft Password policy recommendations for Microsoft 365 passwords

[6] Microsoft Password Guidance

[7] Microsoft’s CISO: Why we’re trying to banish passwords forever