Skip to content

Don't Panic! Posts

The epoch was an hour late

The epoch – midnight on 1st January 1970 – is one of the most important moments in computing. Many systems store dates and times as the number of seconds (or milliseconds) since the epoch. When new year’s revellers counted down the seconds before Big Ben struck twelve for the first time in a new decade, who would have known that the moment would be significant fifty years on?

Except, it didn’t. On the moment that is represented as zero in Unix, C, Java and so many other systems, Big Ben did not strike twelve. At midnight on the 1st January 1970, Big Ben struck one.

Execute Around idiom in Java

The Execute Around idiom is a pattern that allows you to wrap an action with some standard setup / tear down steps. Examples might include:

  • Execute within a lock: acquire the lock, do the action, release the lock
  • Resource handling: acquire the resource, do the action, close the resource
  • Execute as a user: switch to the user, do the action, switch back to the original user
  • Exception handling: do the action, handle the exceptions
  • Time an action: start a timer, do the action, stop the timer

The pattern allows you to pass in arbitrary actions and have them run with the same setup / tear down steps.

Private DNS for Native Windows Docker Container

Docker Windows containers have a number of shortcomings, particularly around networking. One showstopper is that it doesn’t use the DNS of its host server. The expected behaviour in (Linux) Docker containers is that the Docker engine creates a virtual DNS for containers. The Docker DNS resolves containers by name (for Docker Swarm / Docker Compose) or delegates to the host DNS configuration. There are options to override this behaviour if necessary.

Native Windows containers don’t do this. Docker for Windows will resolve container names from the Swarm and will then use the default external DNS (Google DNS on to resolve external addresses. It will not use the host machine DNS settings nor can its behaviour be overridden with the --dns flag. This is a serious problem if your container depends on services within a private / corporate network.

This appears to be an issue with the Docker Windows images (nanoserver / windowservercore) rather than with the engine. Microsoft might get round to fixing it but given its half-hearted support for Docker, it might not.

Deploying to Google Kubernetes Engine

Previously we looked at building a Spring Cloud Data Flow on Kubernetes. As a follow up, we’re now looking at deploying to Google Kubernetes Engine. The great thing about Kubernetes you use exactly the same commands to manage a cluster on your laptop as on a server or cloud compute platform. Google has first class support for Kubernetes on the Google Kubernetes Engine so deploying the Primer application was very straightforward.

Spring Cloud Data Flow on Kubernetes

Spring Cloud Data Flow is a powerful tool for composing and deploying message driven data pipelines. It allows us to compose simple Spring Cloud Stream applications into complex processing pipelines. It also takes care of deploying these pipelines into Kubernetes or into Cloud Foundry.

It’s powerful but has a lot of moving parts. It can be daunting to get a simple pipeline running. This article introduces the Primer demo for SCDF and describes how to deploy it into Kubernetes on a local development machine.

Secrets in Google App Engine

Google App Engine makes it easy to deploy NodeJS applications. The GAE Standard Environment and SDK support NodeJS out of the box. This makes Google App Engine a great choice ahead of competitors such as Heroku, AWS or Microsoft Azure. Unfortunately though, there’s no support for managing secrets in Google App Engine. When I deployed Dog n Bone to GAE, I found this single shortcoming the main source of complexity.

There are however some workarounds. None of them is particularly nice though.

Detecting Twilio API login failures

When I built out Dog n Bone – a browser phone powered by Twilio, I found that behavior on providing an incorrect accountSid / authToken was not quite what I expected. This post details how I detected Twilio API login failures in Dog n Bone.

Twilio uses ClientCapability tokens to grant access to API features. The back end obtains a ClientCapability object using a Twilio accountSid and authToken. It sets scopes on the ClientCapability to grant only necessary permissions on that account. API requests in the front end authenticate using the JWT created from the CapabilityToken. This mechanism allows the front end to authenticate to the API without exposing the Twilio accountSid / authToken.

SSH into a Docker Container

Just sometimes, it’s useful to SSH into a Docker Container. While docker exec or docker attach are usually sufficient to run commands in a container, sometimes you specifically need SSH. For example, to connect directly from a remote machine or when an application needs to run commands on your container. Most Docker images don’t come with the SSHd service installed so it is not possible to SSH to them. This post demonstrates how to install and run the SSHd service to an existing image so that you can connect to it.