SlideShare a Scribd company logo

Codetainer: a Docker-based browser code 'sandbox'

Jen Andre
Jen Andre

Codetainer is a browser-based sandbox for running Docker containers. It allows users to "try 'X' in your browser" for any X by running Docker containers in an isolated and programmable manner directly in the browser. Codetainer uses Docker APIs to launch and manage lightweight containers via a Go-based API server. Users can create and register Docker images, launch "codetainers" from those images, and interact with the codetainers through the browser via websockets, viewing terminals and sending keystrokes. Codetainer aims to provide a secure and flexible environment for use cases like tutorials, training, and remote management while addressing challenges around container introspection and security.

1 of 30
Download to read offline
codetainer building  a  browser    code  `sandbox` Jen  Andre   E4E  Conference,  Sep  2015
about me @fun_cuddles  /  jenpire.com  /   organizer  @BostonGoLang   EIR  Accomplice  VC   co-­‐founder  @threatstack,     formerly  researcher   @Mandiant,  @Symantec    
what is a ‘codetainer’?
“try ‘X’ in your browser”
… for all X?
inspiration
use cases tutorials  for  APIs   learn  programming  language  X   training  on  UNIX  tools,  debugging,  etc   remote  management  for  containers
requirements flexible  &  powerful  enough  to  support  mulXple  use-­‐ cases  (programmable,  API  driven)   self-­‐hosted  (open  source!)   reasonably  secure-­‐able  :)
containers to the rescue!
“Docker  allows  you  to  package  an  applicaXon  with  all   of  its  dependencies  into  a  standardized  unit  for   so`ware  development.” host linux system container process process virtual file system system namespaces docker daemon/API tools container process process virtual file system system namespaces … process  virtualiza/on
not your parent’s virtualization • it’s  lightweight!     • process  containers  measured  in  terms  of  kilobytes  or  megabytes   instead  of  GB   • startup  measured  in  seconds,  not  minutes   • images  are  layered  and  reusable   • (see  DockerHub)   • there’s  powerful  introspecXon  /  management  APIs   • Management  is  programmable
introspection peer  “inside”  of  containers  and  perform  acXons
codetainer architecture codetainer API server loaded via iframe docker API “codetainer” process “codetainer” process “codetainer” process http / websockets sqlite /api/v1/codetainer/{id}/attach /api/v1/codetainer/{id}/create /api/v1/codetainer/{id}/stop …
components •  “codetainer”   •  this  is  just  a  Docker  container     • “codetainer  image”     •  this  is  a  Docker  image  registered  for  codetainer  use   • “codetainer  profile”     •  this  is  a  profile  associated  with  a  codetainer  that   defines  its  runXme  characterisXcs  (e.g.  security)
other tools • Go   • Docker  APIs  wrifen  in  this   • It’s  just  a  nice,  clean  language  you  can  be  producXve  in  quickly   • xterm.js   • for  rendering  terminals  in  the  browser   • sqlite   • for  storing  metdata  about  ‘codetainers’  
using codetainer!
starting the server $  ./bin/codetainer  server   Codetainer  10:34:16  [~INFO]  Initializing  Codetainer   (0.1.0)   Codetainer  10:34:16  [~INFO]  URL:  http://127.0.0.1:3000   $  ./bin/codetainer  —help   usage:  Codetainer  [<flags>]  <command>  [<args>  ...]   Flags:      -­‐-­‐help                              Show  help  (also  see  -­‐-­‐help-­‐long   and  -­‐-­‐help-­‐man).      -­‐v,  -­‐-­‐debug                    Enable  debug  logging.      -­‐-­‐dev                                Enable  dev  mode.      -­‐q,  -­‐-­‐quiet                    Remove  all  output  logging.  
step 1: create an image • Create  your  Docker  image     • Register  a  Docker  image  for  use  in  a  codetainer   • POST  /api/v1/image $  curl  -­‐XPOST  http://127.0.0.1:3000/api/v1/image  -­‐-­‐data  "id=tcpdump-­‐ demo:latest&description=hi"  2>  /dev/null  |  jq  .   {      "image":  {          "id":   "e5d42500e0419df4a29d1ed443de2da5c2c8d2e683cb045883b79b2e826910b0",          "command":  "",          "description":  "hi",          "Tags":  [              "tcpdump-­‐demo:latest"          ],          "CreatedAt":  "0001-­‐01-­‐01T00:00:00Z",          "UpdatedAt":  "0001-­‐01-­‐01T00:00:00Z",          "Enabled":  true      }  
step 2: launch a codetainer • POST  /api/v1/codetainer $  curl  -­‐XPOST  http://127.0.0.1:3000/api/v1/codetainer/  -­‐-­‐data   "name=tcpdump&image-­‐id=tcpdump-­‐demo:latest"  2>  /dev/null  |  jq  .   {      "codetainer":  {          "id":   "07fd1305dc22714ff5c005f8edb5db8bb462ff931bb94c51feab879a10cbcaa6",          "name":  "tcpdump",          "image-­‐id":   "e5d42500e0419df4a29d1ed443de2da5c2c8d2e683cb045883b79b2e826910b0",          "Defunct":  false,          "Running":  false,          "Profile":  "",          "CreatedAt":  "0001-­‐01-­‐01T00:00:00Z",          "UpdatedAt":  "0001-­‐01-­‐01T00:00:00Z"      }  
step 3: interact with it! • /api/v1/codetainer/{id}/attach  (attach  via  websockets)   • /api/v1/codetainer/{id}/view  (render  terminal  view)   • /api/v1/codetainer/{id}/send  (send  keystrokes)
more! • List/Upload/Download  files  in  a  codetainer   • GET  /api/v1/codetainer/{id}/files   • GET  /api/v1/codetainer/{id}/files/ download   • PUT  /api/v1/codetainer/{id}/files/upload
command-line too $  ./bin/codetainer  list   Found  2  codetainers.   -­‐-­‐  [4505c3c844a46f4966280cd6762d3512ba8c04ebd5cb550ba90732c11a5514ee]   lRf9QWOrhAYbNf4_PUdZ58DtKpfmTihu  (Running)   -­‐-­‐  [c2fce38a8ba86caf0e3f1462177809f14d905c26e3cd04ac907d7d18ad9a63f0]   R0bZK2O-­‐1SWsoTp7a2gas1-­‐cHjnFIlf_  (Running)   $  ./bin/codetainer  image  register  ubuntu:14.04   Codetainer  08:01:31  [~INFO]  Registering  New  Image:   &{91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e    267c      [ubuntu:14.04]  0001-­‐01-­‐01  00:00:00  +0000  UTC  0001-­‐01-­‐01   00:00:00  +0000  UTC  true}   odetainer  08:01:31  [~INFO]  Registration  succeeded.
challenges Dealing  with  missing  introspecXon  APIs  (e.g.  file  lisXng)   minimize  risk  of  abuse  by  ‘sandboxing’  what  a   container  can  do
Docker Security Knobs
{      "Config":  {          "NetworkDisabled":  true      },      "HostConfig":  {          "Privileged":  false,          "ReadonlyRootfs":  true,          "Memory":  1000000000,          "Ulimits":  [{  "Name":  "nofile",  "Soft":   1024,  "Hard":  2048  }]      }   limiting a codetainer’s permissions using profiles $  ./bin/codetainer  profile  register  ./ secure.json  secure   2015/09/18  10:52:54  Created  profile  with   id=767653c7-­‐8fb6-­‐4f78-­‐bfcf-­‐3853bbe6df64:   2015/09/18  10:52:54  -­‐-­‐   2015/09/18  10:52:54  {      "Config":  {        "NetworkDisabled":  true      },      "HostConfig":  {   • pass  codetainer-­‐profile-­‐id  to  POST  /api/v1/ codetainer  when  creating  a  codetainer secure.json
Missing APIs • Docker  has  an  API  to  ‘exec’  processes  in  the  context   of  a  container.   • SoluXon:  mount  all  codetainers  with  a  shared  “/ codetainer/uXls”  volume  with  custom  tools.   • Example:  /api/v1/codetainer/{id}/files     • Executes  /codetainer/uXls/files    —path  <path>     • returns  JSON  path  lisXng
demo time! • creaXng  a  codetainer   • lsof  tutorial
status • “Alpha”  -­‐  works  but  needs  a  lifle  more  ‘umph’  to   make  it  producXon  ready     • Auth  for  API   • DocumentaXon,  documentaXon,  documentaiton   • TesXng
contribute! github.com/codetainerapp/codetainer jandre@gmail.com  or  @fun_cuddles  on  twifer or just say hi…

Recommended

Introduction To Webrtc
Introduction To WebrtcIntroduction To Webrtc
Introduction To Webrtc
Knoldus Inc.
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
Kernel TLV
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
NGINX, Inc.
 
Introduction to yocto
Introduction to yoctoIntroduction to yocto
Introduction to yocto
Alex Gonzalez
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
Daniel T. Lee
 
Epoxy 介紹
Epoxy 介紹Epoxy 介紹
Epoxy 介紹
Kros Huang
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 

Recommended

Introduction To Webrtc
Introduction To WebrtcIntroduction To Webrtc
Introduction To Webrtc
Knoldus Inc.
 
Linux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use CasesLinux Kernel Cryptographic API and Use Cases
Linux Kernel Cryptographic API and Use Cases
Kernel TLV
 
LinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking WalkthroughLinuxCon 2015 Linux Kernel Networking Walkthrough
LinuxCon 2015 Linux Kernel Networking Walkthrough
Thomas Graf
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load Balancing
NGINX, Inc.
 
Introduction to yocto
Introduction to yoctoIntroduction to yocto
Introduction to yocto
Alex Gonzalez
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
Daniel T. Lee
 
Epoxy 介紹
Epoxy 介紹Epoxy 介紹
Epoxy 介紹
Kros Huang
 
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
 
Kubernetes & helm 활용
Kubernetes & helm 활용Kubernetes & helm 활용
Kubernetes & helm 활용
SK Telecom
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)Motonori Shindo
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
WebRTC on Mobile
WebRTC on MobileWebRTC on Mobile
WebRTC on Mobile
Buşra Deniz, CSM
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
Docker, Inc.
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
SUSE Labs Taipei
 
Introduction to WebRTC
Introduction to WebRTCIntroduction to WebRTC
Introduction to WebRTC
Art Matsak
 
Understanding iptables
Understanding iptablesUnderstanding iptables
Understanding iptables
Denys Haryachyy
 
Servlet 3.1 Async I/O
Servlet 3.1 Async I/OServlet 3.1 Async I/O
Servlet 3.1 Async I/O
Simone Bordet
 
톰캣 운영 노하우
톰캣 운영 노하우톰캣 운영 노하우
톰캣 운영 노하우
jieunsys
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
ACI DHCP Config Guide
ACI DHCP Config GuideACI DHCP Config Guide
ACI DHCP Config Guide
Woo Hyung Choi
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
Real-Time Text and WebRTC @ Kamailio World 2023
Real-Time Text and WebRTC @ Kamailio World 2023Real-Time Text and WebRTC @ Kamailio World 2023
Real-Time Text and WebRTC @ Kamailio World 2023
Lorenzo Miniero
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
 
Expanding Asterisk with Kamailio
Expanding Asterisk with KamailioExpanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
Fred Posner
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
HungWei Chiu
 
DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best Practices
Docker, Inc.
 
L4-L7 Application Services with Avi Networks
L4-L7 Application Services with Avi NetworksL4-L7 Application Services with Avi Networks
L4-L7 Application Services with Avi Networks
Avi Networks
 
Vim+cscope+ctags+taglist
Vim+cscope+ctags+taglistVim+cscope+ctags+taglist
Vim+cscope+ctags+taglistPicker Weng
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
The Incredible Automation Day
 
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Fwdays
 

More Related Content

What's hot

Kubernetes & helm 활용
Kubernetes & helm 활용Kubernetes & helm 활용
Kubernetes & helm 활용
SK Telecom
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)Motonori Shindo
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
Shu Sugimoto
 
WebRTC on Mobile
WebRTC on MobileWebRTC on Mobile
WebRTC on Mobile
Buşra Deniz, CSM
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
Docker, Inc.
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
SUSE Labs Taipei
 
Introduction to WebRTC
Introduction to WebRTCIntroduction to WebRTC
Introduction to WebRTC
Art Matsak
 
Understanding iptables
Understanding iptablesUnderstanding iptables
Understanding iptables
Denys Haryachyy
 
Servlet 3.1 Async I/O
Servlet 3.1 Async I/OServlet 3.1 Async I/O
Servlet 3.1 Async I/O
Simone Bordet
 
톰캣 운영 노하우
톰캣 운영 노하우톰캣 운영 노하우
톰캣 운영 노하우
jieunsys
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
Te-Yen Liu
 
ACI DHCP Config Guide
ACI DHCP Config GuideACI DHCP Config Guide
ACI DHCP Config Guide
Woo Hyung Choi
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
Saifuddin Kaijar
 
Real-Time Text and WebRTC @ Kamailio World 2023
Real-Time Text and WebRTC @ Kamailio World 2023Real-Time Text and WebRTC @ Kamailio World 2023
Real-Time Text and WebRTC @ Kamailio World 2023
Lorenzo Miniero
 
Expanding Asterisk with Kamailio
Expanding Asterisk with KamailioExpanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
Fred Posner
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
HungWei Chiu
 
DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best Practices
Docker, Inc.
 
L4-L7 Application Services with Avi Networks
L4-L7 Application Services with Avi NetworksL4-L7 Application Services with Avi Networks
L4-L7 Application Services with Avi Networks
Avi Networks
 
Vim+cscope+ctags+taglist
Vim+cscope+ctags+taglistVim+cscope+ctags+taglist
Vim+cscope+ctags+taglistPicker Weng
 

What's hot (20)

Kubernetes & helm 활용
Kubernetes & helm 활용Kubernetes & helm 활용
Kubernetes & helm 활용
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting router
 
WebRTC on Mobile
WebRTC on MobileWebRTC on Mobile
WebRTC on Mobile
 
containerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerdcontainerd summit - Deep Dive into containerd
containerd summit - Deep Dive into containerd
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
Introduction to WebRTC
Introduction to WebRTCIntroduction to WebRTC
Introduction to WebRTC
 
Understanding iptables
Understanding iptablesUnderstanding iptables
Understanding iptables
 
Servlet 3.1 Async I/O
Servlet 3.1 Async I/OServlet 3.1 Async I/O
Servlet 3.1 Async I/O
 
톰캣 운영 노하우
톰캣 운영 노하우톰캣 운영 노하우
톰캣 운영 노하우
 
The Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitchThe Basic Introduction of Open vSwitch
The Basic Introduction of Open vSwitch
 
ACI DHCP Config Guide
ACI DHCP Config GuideACI DHCP Config Guide
ACI DHCP Config Guide
 
Intel dpdk Tutorial
Intel dpdk TutorialIntel dpdk Tutorial
Intel dpdk Tutorial
 
Real-Time Text and WebRTC @ Kamailio World 2023
Real-Time Text and WebRTC @ Kamailio World 2023Real-Time Text and WebRTC @ Kamailio World 2023
Real-Time Text and WebRTC @ Kamailio World 2023
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPN
 
Expanding Asterisk with Kamailio
Expanding Asterisk with KamailioExpanding Asterisk with Kamailio
Expanding Asterisk with Kamailio
 
iptables 101- bottom-up
iptables 101- bottom-upiptables 101- bottom-up
iptables 101- bottom-up
 
DCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best PracticesDCEU 18: Dockerfile Best Practices
DCEU 18: Dockerfile Best Practices
 
L4-L7 Application Services with Avi Networks
L4-L7 Application Services with Avi NetworksL4-L7 Application Services with Avi Networks
L4-L7 Application Services with Avi Networks
 
Vim+cscope+ctags+taglist
Vim+cscope+ctags+taglistVim+cscope+ctags+taglist
Vim+cscope+ctags+taglist
 

Similar to Codetainer: a Docker-based browser code 'sandbox'

TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
The Incredible Automation Day
 
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Fwdays
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
Sumedt Jitpukdebodin
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
Vincent Mercier
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQDocker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Erica Windisch
 
Mini-Training: Docker
Mini-Training: DockerMini-Training: Docker
Mini-Training: Docker
Betclic Everest Group Tech Team
 
Web Applications with Eclipse RT and Docker in the Cloud
Web Applications with Eclipse RT and Docker in the CloudWeb Applications with Eclipse RT and Docker in the Cloud
Web Applications with Eclipse RT and Docker in the Cloud
Markus Knauer
 
Amazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to productionAmazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to production
Paolo latella
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
Docker, Inc.
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with DockerPatrick Mizer
 
Lessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containersLessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containers
Ben Hall
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
Ben Hall
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
corehard_by
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
Anthony Dahanne
 
Working in the multi-cloud with libcloud
Working in the multi-cloud with libcloudWorking in the multi-cloud with libcloud
Working in the multi-cloud with libcloud
Grig Gheorghiu
 
Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17
Excelian | Luxoft Financial Services
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
Docker, Inc.
 
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other ThingsI Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
Michael Lange
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
n|u - The Open Security Community
 

Similar to Codetainer: a Docker-based browser code 'sandbox' (20)

TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
 
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
Guray Yildirim "Tooling and Managing Docker Containers With Python: Why and How"
 
From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
 
How to create your own hack environment
How to create your own hack environmentHow to create your own hack environment
How to create your own hack environment
 
DevOPS training - Day 2/2
DevOPS training - Day 2/2DevOPS training - Day 2/2
DevOPS training - Day 2/2
 
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQDocker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
Docker for Developers: Dev, Test, Deploy @ BucksCo Devops at MeetMe HQ
 
Mini-Training: Docker
Mini-Training: DockerMini-Training: Docker
Mini-Training: Docker
 
Web Applications with Eclipse RT and Docker in the Cloud
Web Applications with Eclipse RT and Docker in the CloudWeb Applications with Eclipse RT and Docker in the Cloud
Web Applications with Eclipse RT and Docker in the Cloud
 
Amazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to productionAmazon Web Services and Docker: from developing to production
Amazon Web Services and Docker: from developing to production
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Developing and Deploying PHP with Docker
Developing and Deploying PHP with DockerDeveloping and Deploying PHP with Docker
Developing and Deploying PHP with Docker
 
Lessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containersLessons from running potentially malicious code inside containers
Lessons from running potentially malicious code inside containers
 
The Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud NativeThe Challenges of Becoming Cloud Native
The Challenges of Becoming Cloud Native
 
Настройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'aНастройка окружения для кросскомпиляции проектов на основе docker'a
Настройка окружения для кросскомпиляции проектов на основе docker'a
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
 
Working in the multi-cloud with libcloud
Working in the multi-cloud with libcloudWorking in the multi-cloud with libcloud
Working in the multi-cloud with libcloud
 
Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17Excelian hyperledger walkthrough-feb17
Excelian hyperledger walkthrough-feb17
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other ThingsI Just Want to Run My Code: Waypoint, Nomad, and Other Things
I Just Want to Run My Code: Waypoint, Nomad, and Other Things
 
Kubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbaiKubernetes 101 for_penetration_testers_-_null_mumbai
Kubernetes 101 for_penetration_testers_-_null_mumbai
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

Codetainer: a Docker-based browser code 'sandbox'

  • 1. codetainer building  a  browser    code  `sandbox` Jen  Andre   E4E  Conference,  Sep  2015
  • 2. about me @fun_cuddles  /  jenpire.com  /   organizer  @BostonGoLang   EIR  Accomplice  VC   co-­‐founder  @threatstack,     formerly  researcher   @Mandiant,  @Symantec    
  • 3. what is a ‘codetainer’?
  • 4. “try ‘X’ in your browser”
  • 7. use cases tutorials  for  APIs   learn  programming  language  X   training  on  UNIX  tools,  debugging,  etc   remote  management  for  containers
  • 8. requirements flexible  &  powerful  enough  to  support  mulXple  use-­‐ cases  (programmable,  API  driven)   self-­‐hosted  (open  source!)   reasonably  secure-­‐able  :)
  • 10. “Docker  allows  you  to  package  an  applicaXon  with  all   of  its  dependencies  into  a  standardized  unit  for   so`ware  development.” host linux system container process process virtual file system system namespaces docker daemon/API tools container process process virtual file system system namespaces … process  virtualiza/on
  • 11. not your parent’s virtualization • it’s  lightweight!     • process  containers  measured  in  terms  of  kilobytes  or  megabytes   instead  of  GB   • startup  measured  in  seconds,  not  minutes   • images  are  layered  and  reusable   • (see  DockerHub)   • there’s  powerful  introspecXon  /  management  APIs   • Management  is  programmable
  • 12. introspection peer  “inside”  of  containers  and  perform  acXons
  • 13. codetainer architecture codetainer API server loaded via iframe docker API “codetainer” process “codetainer” process “codetainer” process http / websockets sqlite /api/v1/codetainer/{id}/attach /api/v1/codetainer/{id}/create /api/v1/codetainer/{id}/stop …
  • 14. components •  “codetainer”   •  this  is  just  a  Docker  container     • “codetainer  image”     •  this  is  a  Docker  image  registered  for  codetainer  use   • “codetainer  profile”     •  this  is  a  profile  associated  with  a  codetainer  that   defines  its  runXme  characterisXcs  (e.g.  security)
  • 15. other tools • Go   • Docker  APIs  wrifen  in  this   • It’s  just  a  nice,  clean  language  you  can  be  producXve  in  quickly   • xterm.js   • for  rendering  terminals  in  the  browser   • sqlite   • for  storing  metdata  about  ‘codetainers’  
  • 17. starting the server $  ./bin/codetainer  server   Codetainer  10:34:16  [~INFO]  Initializing  Codetainer   (0.1.0)   Codetainer  10:34:16  [~INFO]  URL:  http://127.0.0.1:3000   $  ./bin/codetainer  —help   usage:  Codetainer  [<flags>]  <command>  [<args>  ...]   Flags:      -­‐-­‐help                              Show  help  (also  see  -­‐-­‐help-­‐long   and  -­‐-­‐help-­‐man).      -­‐v,  -­‐-­‐debug                    Enable  debug  logging.      -­‐-­‐dev                                Enable  dev  mode.      -­‐q,  -­‐-­‐quiet                    Remove  all  output  logging.  
  • 18. step 1: create an image • Create  your  Docker  image     • Register  a  Docker  image  for  use  in  a  codetainer   • POST  /api/v1/image $  curl  -­‐XPOST  http://127.0.0.1:3000/api/v1/image  -­‐-­‐data  "id=tcpdump-­‐ demo:latest&description=hi"  2>  /dev/null  |  jq  .   {      "image":  {          "id":   "e5d42500e0419df4a29d1ed443de2da5c2c8d2e683cb045883b79b2e826910b0",          "command":  "",          "description":  "hi",          "Tags":  [              "tcpdump-­‐demo:latest"          ],          "CreatedAt":  "0001-­‐01-­‐01T00:00:00Z",          "UpdatedAt":  "0001-­‐01-­‐01T00:00:00Z",          "Enabled":  true      }  
  • 19. step 2: launch a codetainer • POST  /api/v1/codetainer $  curl  -­‐XPOST  http://127.0.0.1:3000/api/v1/codetainer/  -­‐-­‐data   "name=tcpdump&image-­‐id=tcpdump-­‐demo:latest"  2>  /dev/null  |  jq  .   {      "codetainer":  {          "id":   "07fd1305dc22714ff5c005f8edb5db8bb462ff931bb94c51feab879a10cbcaa6",          "name":  "tcpdump",          "image-­‐id":   "e5d42500e0419df4a29d1ed443de2da5c2c8d2e683cb045883b79b2e826910b0",          "Defunct":  false,          "Running":  false,          "Profile":  "",          "CreatedAt":  "0001-­‐01-­‐01T00:00:00Z",          "UpdatedAt":  "0001-­‐01-­‐01T00:00:00Z"      }  
  • 20. step 3: interact with it! • /api/v1/codetainer/{id}/attach  (attach  via  websockets)   • /api/v1/codetainer/{id}/view  (render  terminal  view)   • /api/v1/codetainer/{id}/send  (send  keystrokes)
  • 21. more! • List/Upload/Download  files  in  a  codetainer   • GET  /api/v1/codetainer/{id}/files   • GET  /api/v1/codetainer/{id}/files/ download   • PUT  /api/v1/codetainer/{id}/files/upload
  • 22. command-line too $  ./bin/codetainer  list   Found  2  codetainers.   -­‐-­‐  [4505c3c844a46f4966280cd6762d3512ba8c04ebd5cb550ba90732c11a5514ee]   lRf9QWOrhAYbNf4_PUdZ58DtKpfmTihu  (Running)   -­‐-­‐  [c2fce38a8ba86caf0e3f1462177809f14d905c26e3cd04ac907d7d18ad9a63f0]   R0bZK2O-­‐1SWsoTp7a2gas1-­‐cHjnFIlf_  (Running)   $  ./bin/codetainer  image  register  ubuntu:14.04   Codetainer  08:01:31  [~INFO]  Registering  New  Image:   &{91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e    267c      [ubuntu:14.04]  0001-­‐01-­‐01  00:00:00  +0000  UTC  0001-­‐01-­‐01   00:00:00  +0000  UTC  true}   odetainer  08:01:31  [~INFO]  Registration  succeeded.
  • 23. challenges Dealing  with  missing  introspecXon  APIs  (e.g.  file  lisXng)   minimize  risk  of  abuse  by  ‘sandboxing’  what  a   container  can  do
  • 25. {      "Config":  {          "NetworkDisabled":  true      },      "HostConfig":  {          "Privileged":  false,          "ReadonlyRootfs":  true,          "Memory":  1000000000,          "Ulimits":  [{  "Name":  "nofile",  "Soft":   1024,  "Hard":  2048  }]      }   limiting a codetainer’s permissions using profiles $  ./bin/codetainer  profile  register  ./ secure.json  secure   2015/09/18  10:52:54  Created  profile  with   id=767653c7-­‐8fb6-­‐4f78-­‐bfcf-­‐3853bbe6df64:   2015/09/18  10:52:54  -­‐-­‐   2015/09/18  10:52:54  {      "Config":  {        "NetworkDisabled":  true      },      "HostConfig":  {   • pass  codetainer-­‐profile-­‐id  to  POST  /api/v1/ codetainer  when  creating  a  codetainer secure.json
  • 26. Missing APIs • Docker  has  an  API  to  ‘exec’  processes  in  the  context   of  a  container.   • SoluXon:  mount  all  codetainers  with  a  shared  “/ codetainer/uXls”  volume  with  custom  tools.   • Example:  /api/v1/codetainer/{id}/files     • Executes  /codetainer/uXls/files    —path  <path>     • returns  JSON  path  lisXng
  • 27.
  • 28. demo time! • creaXng  a  codetainer   • lsof  tutorial
  • 29. status • “Alpha”  -­‐  works  but  needs  a  lifle  more  ‘umph’  to   make  it  producXon  ready     • Auth  for  API   • DocumentaXon,  documentaXon,  documentaiton   • TesXng