In last month' post I wrote about the new direct messaging I setup and the concern about abuse from that (spam and privacy concerns). While I can't speak on the privacy part (I don't know if anybody is listening to that channel besides me), I can update on the spam part. Since going live I recieved exactly 0 unsolicited messages. Nada, zilch, bupkis, גורנישט. I'm a little disappointed with that since it shows that my blog is not read by millions of people (a shock, I know). But it also seems that automated scanners, scanning repos in Github don't act on this kind of information. With that, I plan on keeping everything running for the foreseeable furture.
A while back I saw an interesting project, Patchbay. At first I wanted to use it when I run long tasks on remote machines (as the example shows). I would obviously script the desktop part, commit it to my rcfiles repo and have it run on startup. As a security/ privacy concern, I planned on keeping the full URL private. So I shelved it until I would have a proper secret management system in place for such things.
A few months went by and I remembered that project and started to play around with receiving such messages but sending them from a webpage. The outcome is shore.co.il/spam. I'm annnouncing this on my blog as I'm actually interested to see if I get any spam this way. The desktop side of things is in this rcfiles commit and the source for web page is in my blog commit, both are quite public.
There isn't something technically interesting here (apart from Patchbay). But the experiment aspect is interesting to me. I would like to see who reads my blog and will send me messages (hopefully interesting ones). I'm not going to advertise this in any other way. And I would like to see if I get any spam as a result of this blog entry or from having the URL public in my Git repos. I'll post an update in a few weeks with initial results.
Yesterday I described how to connect to a remote dockerd over TCP. I didn't touch security considerations at all (firewall, TLS certificate). This because, for my use, I prefer a different method, forwarding the Unix socket over SSH. Here's how.
First, you need OpenSSH version 6.7 or later (both client and server). Also, the login user on the remote instance must have permissions to access the Docker socket (in other words, be a member of the docker group).
Here's how to forward the remote socket:
ssh -fNTo ExitOnForwardFailure=yes -o ServerAliveInterval=30 -L $HOME/.ssh/docker.sock:/var/run/docker.sock host
export DOCKER_HOST=$HOME/.ssh/docker.sock
And to close the connection and return to the local dockerd kill the ssh process that's running in the background, rm the docker socket under $HOME/.ssh and unset DOCKER_HOST.
The reason I prefer this method is that it's easier to setup for ad-hoc tasks and arguably more secure since you not only authenticate the user and host with SSH, but you limit access to only those that are part of the docker group.
