What is needed to secure a docker container that’s running on nodes in an AWS Private Subnet with internet access only via NAT?

I know securing a container is a big deal and a lot is needed to be done to secure a default container configuration. But having it in a private subnet should take care of a lots of risks.

So what major things does one need to start with to secure a docker container that’s running on nodes in an AWS Private Subnet with internet access only via NAT?

Find the common ancestor between two nodes of a tree

import unittest from Tree import * from list2BST import *   def traverse_DFS(root, target_node_value, hash_route):     # print('looking at node ' + str(root.value))     if root.value == target_node_value:         # print('found node ' + str(target_node_value))         hash_route[root.value] = 1         return 1     else:         if root.left_child:             left_result = traverse_DFS(root.left_child, target_node_value,                                        hash_route)             if left_result == 1:                 hash_route[root.value] = 1                 return 1         if root.right_child:             right_result = traverse_DFS(root.right_child, target_node_value,                                         hash_route)             if right_result == 1:                 hash_route[root.value] = 1                 return 1   common_ancestor = None   def hash_check_DFS(root, target_node_value, hash_route):     global common_ancestor      if root.value == target_node_value:         if root.value in hash_route:             print('Found a common ancestor ' + str(root.value))             if common_ancestor is None:                 common_ancestor = root.value         return 1     else:         if root.left_child:             left_result = hash_check_DFS(root.left_child, target_node_value,                                          hash_route)             if left_result == 1:                 if root.value in hash_route:                     if common_ancestor is None:                         print('Found a common ancestor ' + str(root.value))                         common_ancestor = root.value                 return 1          if root.right_child:             right_child = hash_check_DFS(root.right_child, target_node_value,                                          hash_route)              if right_child == 1:                 if root.value in hash_route:                     if common_ancestor is None:                         print('Found a common ancestor ' + str(root.value))                         common_ancestor = root.value                 return 1   def find_common_node(Tree, node1, node2):     global common_ancestor      print('Running the common ancestry finder')      # First run DFS v1 with Hash     hash_route= {}      print('This value of node1 is ' + str(node1))     traverse_DFS(Tree.root, node1, hash_route)      print(hash_route)      common_ancestor = None     hash_check_DFS(Tree.root, node2, hash_route)     if common_ancestor:         return common_ancestor     else:         return None   class Test(unittest.TestCase):      def test_basic_odd_case(self):         array = [1, 4, 5, 8, 11, 15, 18]         result_tree = BinaryTree(insert_list_BST(0, array))         result_node = find_common_node(result_tree, 1, 18)         self.assertEqual(result_node, 8)      def test_basic_even_case(self):         array = [1, 4, 5, 8, 11, 15, 18, 20]         result_tree = BinaryTree(insert_list_BST(0, array))         result_node = find_common_node(result_tree, 1, 8)         self.assertEqual(result_node, 5)   if __name__ == '__main__':     unittest.main() 

Here is my code in python for a program that will find a common ancestor between two nodes in a particular tree. This is a question from Cracking the Coding Interview that I decided to implement on my own. No one has talked about the solution that I implemented above.

Basically, I do a DFS (depth-first search) of the tree for the first node (Time: O(n) and Space: O(1)) and then I get the recursive callbacks to add the path to a hashmap (Time: O(logn) Space: O(n)). The second time around while using DFS for the second node, once I find it – I check with the hashmap till a collision occurs, indicating the lowest common ancestor.

My Tree class is here, while my list2BST function is here. I am looking for feedback on a couple of things:

  • Performance of code and how it could possibly be improved.
  • My coding style and the readability of said code.

What is a polynomial-time algorithm for determining whether two trees, with colored nodes, are isomorphic or not

Provide any polynomial-time algorithm (even a large degree polynomial) which determines whether two rooted colored trees are isomorphic to each-other or not.

For example, consider the following two trees:

trees

Example trees T and U are isomorphic.
An isomorphism (bijection) is described in the table below:

  T          U   1          2   2          4   3          1   4          5   5          3   "white"    "green"   "blue"     "white"      

Below are some things to know about the problem:

  • Nodes are colored
  • edges are not colored.
  • Nodes are free to be any color. Adjacent nodes are allowed to be the same color.
  • which node is the root node of each tree cannot be changed.
  • children are un-ordered.
  • the tree is not necessarily a binary tree. a node could have 3 children, 4 children, 5, etc…

Formally, a colored tree is a tuple (VS, ES, root, color_set, color_map) such that:

  • VS is the vertex set
  • ES is the edge set
  • (VS, ES) is a undirected tree
  • root is a element of VS
  • color_set is a set of objects called “colors”
  • color_map is a mapping from VS to color_set
  • every element of color_set appears in the range of color_map at least once. That is, every color is applied to at least one node.

colored trees T and U are isomorphic if and only if there exists a bijection, PHI from the vertex set of T, VT, to the vertex set of U, VU such that:

  • the root of one tree is matched to the root of the other tree
  • for all nodes v, w in VT, {v, w} is an edge in tree T if and only if {PHI(v), PHI(w)} is an edge in tree U
  • for all nodes v, w in VT, v and w are the same color in tree T if and only if PHI(v), PHI(w) are the same color in tree U

View escapes node’s text field HTML

I’ve looked at other posts but been unable to resolve the issue. I have a Text field (formatted, long) in a content type, when the node is viewed the HTML in the field displays correctly, when I view the fields in the database it is stored as raw HTML, however, when I add one of these fields to my view, the output is escaped as < and so on and therefore displayed in the browser as HTML rather than marking up the text.

I’ve seen a few posts suggesting modification of the twig template, however a) this didn’t seem to work for me and b) I’m looking to do this within the view / module so it is applicable regardless of which theme is in use.

Any suggestions?

Removing Taint from kubernete nodes doesnot work

Ubuntu 18.04
Kubernete on JUJU

I tried to remove the taint form nodes: kubectl get nodes -o json | jq .items[].spec.taints [ { "effect": "NoSchedule", "key": "node.kubernetes.io/unreachable", "timeAdded": "2019-06-12T20:38:52Z" } ] [ { "effect": "NoSchedule", "key": "node.kubernetes.io/unreachable", "timeAdded": "2019-06-12T20:38:57Z" } ] [ { "effect": "NoSchedule", "key": "node.kubernetes.io/unreachable", "timeAdded": "2019-06-12T20:39:00Z" } ]

with this command:

kubectl patch node juju-06819a-0-lxd-70 -p '{"spec":{"taints":[]}}'

node/juju-06819a-0-lxd-70 patched rastin@cloudrnd1:~/.kube$ kubectl patch node juju-06819a-0-lxd-71 -p '{"spec":{"taints":[]}}' node/juju-06819a-0-lxd-71 patched rastin@cloudrnd1:~/.kube$ kubectl patch node juju-06819a-0-lxd-72 -p '{"spec":{"taints":[]}}' node/juju-06819a-0-lxd-72 patched

Nothing happened all the taint still there!

How do I convert PDF files to CSV to efficiently import into nodes? [on hold]

What is the most efficient way to convert PDF files to a CSV format to be imported to Drupal content type easily without manually copying and pasting the contents?

My semi-solution is to use https://pdftotext.com/ to extract the contents from PDF to TXT first. But then I want to add all of the TXT file contents into one CSV file where the first column is the title of the TXT filename and the second column are the texts. But not sure how I can convert all those TXT files at once to be added to one CSV file.

How would you go about extracting the contents on all those TXT files to be added to one CSV file?

Consider that there’s about 1000 PDF files that need to be imported …

Not able to join worker nodes using kubectl with updated aws-auth configmap

I’m setting up AWS EKS cluster using terraform from an EC2 instance. Basically the setup includes EC2 launch configuration and autoscaling for worker nodes. After creating the cluster, I am able to configure kubectl with aws-iam-authenticator. When I did

kubectl get nodes  

It returned

No resources found

as the worker nodes were not joined. So I tried updating aws-auth-cm.yaml file

apiVersion: v1 kind: ConfigMap metadata:   name: aws-auth   namespace: kube-system data:   mapRoles: |     - rolearn: <ARN of instance role (not instance profile)>       username: system:node:{{EC2PrivateDNSName}}       groups:         - system:bootstrappers         - system:nodes 

with IAM role ARN of the worker node. And did

kubectl apply -f aws-auth-cm.yaml 

It returned

ConfigMap/aws-auth created

Then I understood that role ARN configured in aws-auth-cm.yaml is the wrong one. So I updated the same file with the exact worker node role ARN.

But this time I got 403 when I did kubectl apply -f aws-auth-cm.yaml again.

It returned

Error from server (Forbidden): error when retrieving current configuration of: Resource: “/v1, Resource=configmaps”, GroupVersionKind: “/v1, Kind=ConfigMap” Name: “aws-auth”, Namespace: “kube-system” Object: &{map[“apiVersion”:”v1″ “data”:map[“mapRoles”:”- rolearn: arn:aws:iam::XXXXXXXXX:role/worker-node-role\n username: system:node:{{EC2PrivateDNSName}}\n groups:\n – system:bootstrappers\n – system:nodes\n”] “kind”:”ConfigMap” “metadata”:map[“name”:”aws-auth” “namespace”:”kube-system” “annotations”:map[“kubectl.kubernetes.io/last-applied-configuration”:””]]]} from server for: “/home/username/aws-auth-cm.yaml”: configmaps “aws-auth” is forbidden: User “system:node:ip-XXX-XX-XX-XX.ec2.internal” cannot get resource “configmaps” in API group “” in the namespace “kube-system”

I’m not able to reconfigure the ConfigMap after this step.

I’m getting 403 for commands like

kubectl apply kubectl delete kubectl edit  

for configmaps. Any help?

How to associate tree nodes with other objects before they have unique identifiers

I’ve been thinking about a simple software design problem. Imagine I am writing a web application to edit a tree of objects. Each node of this tree has an ID property that is filled in when the node object is POST’ed to the backend. A user can create a tree hierarchy with multiple nodes before anything is sent to this backend, leaving all nodes with an empty ID field.

Now imagine that whenever I select a node of the tree in this application, the node object is passed to a method of a class that wants to associate different objects with individual nodes of a tree in an internal dictionary. Suppose I, for some reason, cannot depend on reference equality. Is there then a better way to identify unique nodes than giving them a temporary ID that the backend should ignore?

I don’t see anything wrong with using temporary ID’s that are ignored on the server, but I want to avoid changing our model classes. Another option I can think of in this particular context would be extracting the position of the node in the tree with some representation and using this as a key for the dictionary. While this would work, it is mildly complex to implement and not very efficient.

I’m really curious to hear what you think. Thanks in advance for your input, Joshua

Number of nodes of a complete intersection lie on a plane

Suppose $ X$ is a general smooth hypersurface of degree $ \ge 6$ and $ Y$ be an irreducible hypersurface of degree $ \ge 2$ . Let $ X \cap Y$ has at least $ 5$ nodes. Is it possible that $ 4$ nodes of $ X \cap Y$ lie on a plane ?

I guess not.

The reason i have in my mind is the following: If possible let $ H$ be a plane containing $ 4$ nodes. In this case $ H$ is itself tangent to $ X$ at these $ 4$ points which is a contradiction as a plane can be tangent at at most $ 3$ points. Please correct me if i am wrong.