Breakpoint on Namshi

Rainy days in Dubai are rare! same as good places to work.

Almost 2 years ago, I landed at the Dubai Airport on a flight that took off from Egypt and for several reasons, a flight that won’t have a return ticket back to Egypt (at least anytime soon, I hope).

My First Two Weeks at Namshi

On July 10th, I joined Namshi as a Junior Software Engineer. I was really excited to start my first full time job writing software. Though, I have to confess that I was also a bit afraid and nervous. Fortunately, after just two days working with the team the fear and nervousness went away. In this post, I will share with you some of the things I have learned so far as well as what I love about working in this awesome team.

The Copy Paste Guide for Creating NPM Packages in ES6 With Babel and Webpack

ES6 is lovely, right?

I believe “Yes” it is! However, ES6 is not quite ready yet. Present JavaScript environments (NODE and Browser ) cannot run all the ES6 proposed features. Browser vendors are slowly shipping the features to their JS engines. Hence, as of today, only ES5 is guaranteed to work seamlessly in every JS environment.

So, how can we write ES6 ?

Luckily, we have transpilers. They allow us to transpile ( a term for compiling from a language to the same language but a different version ) ES6 code to ES5. In this post, we’ll see how to write a cross platform ( UMD ) module in ES6 and compile to ES5 using webpack and babel.

Progressive Web Apps Dev Summit 2016 Highlights

The first Progressive Web App dev summit happened in Amsterdam last week. I got a chance to attend the event and meet a lot of new people. All the sessions were nice, and I was so amazed to see the different browser vendors working together to push the web forward.

Today I shared the highlights of all the sessions and code labs happened at the dev summit to the team. It’s a very high-level overview of the whole event and the future of Progressive Web Apps. You can find my slides here:

Docker Security Improvement - User Namespace

With the 1.10 release, Docker added a huge list of new features. Whith this post we are going do analyze one of options: username spaces.

Prior to version 1.10, running an alpine container mounting an external volume /var/log/ was done as follows:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
➜  ~  docker run -it --rm -v /var/log:/var/log --name=demo alpine ls -latr /var/log/
total 35236
drwxr-xr-x    2 root     root          4096 Oct  5 15:57 apt
drwxr-xr-x    2 root     root          4096 Oct 20 16:18 dist-upgrade
-rw-r-----    1 root     adm             31 Oct 21 17:28 dmesg
-rw-r--r--    1 root     root         72557 Oct 21 17:29 bootstrap.log
drwxr-xr-x    2 root     root          4096 Nov  5 08:19 fsck
drwxr-xr-x    3 root     root          4096 Nov  5 08:49 installer
-rw-r-----    1 root     adm           6378 Dec 15 12:18 apport.log.1
drwxr-x---    2 root     adm           4096 Dec 17 06:04 unattended-upgrades
-rw-r-----    1 104      adm        1351288 Dec 19 05:56 syslog.2.gz
-rw-r-----    1 104      adm         402127 Dec 25 06:17 auth.log.1
-rw-r-----    1 104      adm        8667895 Dec 25 06:17 kern.log.1
-rw-r-----    1 104      adm         932806 Dec 25 06:21 syslog.1

Notice that the docker deamon is running with no additional options.

1
2
➜  ~  ps -ef | grep -i daemon
root      21636      1  2 15:04 ?        00:00:00 /usr/bin/docker daemon -H fd://

The ownership of the files in the container is exactly same as the host. The user inside the container as full rights to the files. With this access, the user can even delete the files which will delete the files in the host as well. This is the problem!

Running the same code with Docker 1.10, adding the new option --userns-remap=default to the deamon, this results to:

1
2
➜  ~  ps -ef | grep -i daemon
root      21636      1  2 15:04 ?        00:00:00 /usr/bin/docker daemon -H fd:// --userns-remap=default

As seen below, the deamon is running with an additional option --userns-remap=default.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
➜  ~  docker run -it --rm -v /var/log:/var/log --name=demo alpine ls -latr /var/log/
total 35260
drwxr-xr-x    2 nobody   nobody        4096 Oct  5 15:57 apt
drwxr-xr-x    2 nobody   nobody        4096 Oct 20 16:18 dist-upgrade
-rw-r-----    1 nobody   nobody          31 Oct 21 17:28 dmesg
-rw-r--r--    1 nobody   nobody       72557 Oct 21 17:29 bootstrap.log
drwxr-xr-x    2 nobody   nobody        4096 Nov  5 08:19 fsck
drwxr-xr-x    3 nobody   nobody        4096 Nov  5 08:49 installer
-rw-r-----    1 nobody   nobody        6378 Dec 15 12:18 apport.log.1
drwxr-x---    2 nobody   nobody        4096 Dec 17 06:04 unattended-upgrades
-rw-r-----    1 nobody   nobody     1351288 Dec 19 05:56 syslog.2.gz
-rw-r-----    1 nobody   nobody      402127 Dec 25 06:17 auth.log.1
-rw-r-----    1 nobody   nobody     8667895 Dec 25 06:17 kern.log.1
-rw-r-----    1 nobody   nobody      932806 Dec 25 06:21 syslog.1

The result is, owner is nobody now. Even the root user of the container cannot change the files. This is a great security upgrade that everybody was waiting for.

This feature saved us from working for a custom solution to tackle this problem.

Newsletter #126

TechThursday is here!

We are featuring a T-shirt clash after more than a year, this time it is Shidhin and Geshan but different colors:)

We would also like to welcome back Shidhin from his vacation. And here is your weekly quota of some interesting links

Enjoy!