xenadu02
As a kid in the late 90s my mind was blown when I realized
I could telnet to port 80, 25, or 110 and interact with
the servers manually.Simple get:
GET / HTTP/1.1
Content-Type: text/html
User-Agent: l33t hax0rs lol
X-Funny-Monkey: fartsFor sending a mail message on port
25:
HELO
mail-from: whoever@whatever.com
mail-to: sysadmin@yaya.com
<other headers>
<blank line>
Body of the message yay.
<two blank lines to end>POP3 was so long ago I forgot but
you could list the mailboxes then get individual messages
and so on.This revelation was the beginning of "there is
no magic" for me. The realization that every part of the
computer was built by human beings and was at some level
understandable if one undertook the effort.Perhaps most
people in the future won't bother. They'll just let agents
do it all. I'm sure that will leave some interesting holes
in various systems for people willing to actually learn
how they work without the filter of a model (or its safety
rails).
|
> charles_f
I sent many an email from jacques.chirac@elysee.fr,
the veneer of the terminal helping, my friends were
quite impressed by how good a hacker I was. Good olde
days when many DKIM/SPF weren't a thing yet and SMTP
servers weren't even authenticated.
|
> > cferry
"Cher compatriote, voici, rédigé avec mes
clavier et mulot, mon programme de l'an 2000 que
j'ai après la dissolution..."
|
> rahimnathwani
Back in those days not only was there was no DKIM or
SPF, most SMTP servers would accept email from anyone
anywhere to anyone anywhere (i.e. 'open relay').
|
> > xp84
[ Note: Anyone who has been a geek since the 90s,
there's nothing you don't already know here ]>
most SMTP servers would accept email from anyone
anywhere to anyone anywhere (i.e. 'open relay').to
date that claim, I'd say that by the late 90s at
least, true open relays ("from anyone to anyone")
were still numerous but carried a huge assumption
of being part of spam operations (willingly or
through ineptitude), and the most basic spam
filtering would reject mail that came out of
one.That said, (before things like SPF) it was
easy enough to deliver email to anyone you wanted
even if you didn't have your own real email
account and SMTP server; you could just look up
the destination's MX and connect to it with telnet
like that. Since your own random IP probably
wasn't blocklisted it would generally be accepted
and delivered.Back then it was still basically
considered bad form to reject email simply because
the server didn't know where it was from... sadly,
if we were still playing by those rules today, I
can only imagine how useless email would be. Now
it's definitely guilty-till-proven-innocent.
|
> > > awesome_dude
The magic for me, to this day in fact, is
knowing that mail is essentially anyone on the
internet being allowed to write to a mail
servers disk.There are rules now, but the
concept is still almost intact, random people
writing to the servers disk - to be later read
by someone
|
> > > > soneil
It used to be even more literally so -
network mail started off as using FTP to
SNDMSG onto a remote system instead of
your own. In RFC475, FTP has MAIL and MLFL
(mailfile) commands to support this.I
think it's neat that you can still find
echoes of this. MAIL worked by just
appending to MLFL, separating records with
CRLF.CRLF - which is still how Data
segments are terminated in SMTP.
|
> > the_arun
With agents in the house now, we don't use curl at
all. Slowly they all are becoming implementation
details.
|
> > > VladVladikoff
Probably curl is safer than whatever cobbled
up bash script your agent invented. Battle
tested for years, and free, why replace that?
|
> > > > cinntaile
He probably means using curl directly.
Indirectly it's still curl the LLM will
default to, but that is an implementation
detail.
|
> > > > flyingshelf
Why? Your agents knows rhyme but no
reason.
|
> ExoticPearTree
HELO is for SMTP, EHLO for ESMTP. You could access
some "advanced" features of the server if you told it
you speak ESMTP.
|
> eqmvii
Yep! It's all just text files. Lots of acronyms in top
of lots of ways to generate, send, and read structured
text files.One day I realized even databases were just
text files and I had to sit down.
|
> kps
Last century I would read and send personal email from
work using telnet to pop3 and smtp respectively.
|
> > Joeboy
I also have a tendency to say "Last century",
thinking it comedically suggests "a long time ago"
without it actually being that long ago. But as
time goes by it obviously becomes legitimately a
long time ago, and I suspect young people wouldn't
see the attempted irony at all.
|
> > > benj111
'last century' 'turn of the century' etc just
make me think the 1800s. So I just say last
millennium.Probably get confusing again when
people start referring to 'the 20s' not as the
1920s.
|
> > vbezhenar
You can actually do that today. In fact I did that
for some time, because I didn't want to configure
e-mail client. The only hard thing is HTML.
Average HTML e-mail is almost impossible to read
and friction to extract it to a file to open in a
browser is too much.
|
> > bijowo1676
perhaps you meant "in previous millennium" ?
|
> > > __float
If someone referred to the "previous decade"
in 2004, would you have said the same thing?As
the calendar rolled from 1999 to 2000, we
entered a new millennium, century, decade,
year, day, ...
|
> > > > 8n4vidtmkvmk
Yes, absolutely. I use the largest
interval any time I can get away with
it!Every Jan 2 I start saying "last year"
and every Dec I say "see you next year"
|
> > > > > xeonmc
Just following alignment rules right?
|
> > > > bijowo1676
when you compare tech from 1999 and today,
it does feel like new millennium tbh
|
> > > > fsckboy
>As the calendar rolled from 1999 to 2000,
we entered a new millennium, century,
decade, year, day, ...no, that all
happened when we rolled from 2000 to
2001.smh, even paedants today aren't what
they used to be.
|
> > > > > johncoltrane
The entirety of 1999 and 2000 was a
nightmare. "No, buddy, we won't change
millenium next january." "Nope. We are
still in the 20th century." And so
on...I think that's more or less when
I lost faith in humanity.
|
> > > > > > account42
You lost faith in humanity because
people disagree about an arbitrary
zero offset?
|
> > > chrisbrandow
Presumably the years including 1999 and
earlier
|
> vbezhenar
You can't do that with HTTP/2 (but thankfully every
server still talks HTTP/1).You also can't do that with
TLS (and a lot of servers won't talk HTTP other than
redirects). openssl s_client instead of telnet might
allow you to tunnel text inside TLS, but that feels
like a cheating.And many other modern protocols,
sadly, prefer binary encoding, which makes it
impossible to tinker with it on wire level, not
without specialized tools anyway.I think people in the
future will bother. I tried to make a fire with sticks
once, I tried to burn a clay brick, these old things
can be a lot of fun and sometimes of real use. If
anything, AI actually makes tinkering a lot more
easier. You don't need to dig into RFC to check your
mail, you can just talk to LLM about it and it'll help
you with most typical IMAP commands, for example.
|
> > linzhangrun
Nothing to regret. Text Protocol is too
inefficient.
|
> > > account42
Compared to inefficiencies in the average
payload? No, it doesn't really matter.
|
> nico
It was also cool discovering the ATA commands to drive
the modem. You could "war-dial" numbers, or manually
initiate Internet connection, or connecting to a bbs
|
> razodactyl
Me too! Writing Winsock and learning WinAPI on XP then
Vista. It took me a while to realise Linux was better
/ OSX was my gateway drug haha
|
> globular-toast
I never figured out you could do it with HTTP, but for
some reason I did for FTP and IRC. I don't know why I
first tried using a telnet client but I couldn't
believe it when the server responded to me!
|
> MuffinFlavored
I must have tried to write the same "perfect" IRC
client from scratch in C a dozen times growing up...
|
> > lacunary
any cool features you can share?
|
> jazz9k
When I was 12, I learned about open SMTP relays and
how to spoof email this way. I once spoofed an email
between two rivals on a community I was a part of and
started a flame war.Good times.
|
> > Denatonium
When I was in high school in the mid 2010s,
Verizon's email-to-SMS gateway didn't verify
SPF/DKIM/DMARC, and I had a field day showing my
classmates the Viagra ads that Hillary Clinton's
"hacked" email server was sending me. In reality,
it was an open relay, but Verizon didn't care;
they always delivered it anyway.
|
> > sejje
I once made an enemy on AOL and he was a
spammer--he put my email in the from: field and I
got a lot of hostile emails.But the joke's on
him--it led directly to me meeting a lifelong
friend & mentor.
|
> alex_smart
Isn't that the whole point of TCP? Creating a pair of
two streams you can read out of and write to out of
less reliable network primitives?I am not sure why
this is a revelation. Any college level networking
course would cover this?!
|
> > reaktivo
> Any college level networking course would cover
this?!As an actual kid it's easy for it to be a
revelation, no? At least it was for me, with no
college level networking course experience.
|
> > > alex_smart
Sorry my brain somehow missed the literal
first three words of the oc.
|
> CGamesPlay
> Perhaps most people in the future won't bother.
They'll just let agents do it all.But can you imagine
the look on some young teen's face when they train
their own GPT on their local computer for the first
time?
|
gatestone
In Plan 9 you did have a real (synthetic) /net, and could
do that and more from any program. You could even mount
/net from another machine via 9P protocol and have an
instant VPN...9front lets you play with that on Linux.Some
Plan 9 like /net things are visible in Go libraries...
(Rob Pike legacy)
|
simonw
Neat, works against example.com exec
3<>/dev/tcp/example.com/80
printf 'GET / HTTP/1.1\r\nHost:
example.com\r\nConnection: close\r\n\r\n' >&3
cat <&3
Outputs: HTTP/1.1 200 OK
Date: Tue, 16 Jun 2026 17:37:45 GMT
Content-Type: text/html
...
I always end up on example.com for this kind of thing
because there are so few domains these days that don't
enforce https!
|
> QuantumNomad_
example.com is also great for that reason when
something fails about a captive portal on a public
WiFi.I open my web browser and go to
http://example.com and get redirected to the captive
portal page again and retry completing what they need
from me to get internet access.
|
> > some_random
Fun fact, this is almost exactly how active portal
detection is done in the
OS/browser!https://gist.github.com/skull-squadron/
edb8c0122f902013304c0...
|
> > > QuantumNomad_
Yep :) I just find example.com easier to
remember and quicker to type than any of the
OS or browser makers own URLs like-
http://captive.apple.com/-
http://connectivitycheck.gstatic.com/generate_
204-
http://detectportal.brave-http-only.com/Plus,
it feels nice to depend on the reserved domain
name example.com instead of relying on a
domain that any one specific corporation has
to maintain :D
|
> > > > 1f60c
Also http://detectportal.firefox.com. And
http://neverssl.com was set up for this
purpose while being a bit easier to
remember :)
|
> > > > > 0l
I remember a while back neverssl.com
would happily serve HTTPS requests!
Another good alternative is
http://httpforever.com/
|
> > > > xp84
What gives you confidence example.com
won't start serving the HTTPS redirect
though? There isn't any reason they
wouldn't, and given that browsers are
clearly tending towards showing big scary
warnings to even accessing something over
cleartext, I wouldn't be surprised if they
flipped that switch just to avoid
confusing noobs.
|
> > xp84
I have been using neverssl.com for this same
purpose :)My only concern would be that
example.com doesn't promise to never do the
'required SSL' thing.
|
> > LeoPanthera
I use neverssl.com for this purpose because it is
designed to resist caching.
|
> gabrielsroka
This works too exec 3<>/dev/tcp/example.com/80
printf 'GET / HTTP/1.1\r
Host: example.com\r
Connection: close\r
\r
' >&3
cat <&3
You can even take out the \r though they should be
there
|
basilikum
> As it turns out, bash can speak HTTP by itself.No, it
can not. Bash lets you open TCP sockets.What you are doing
here is trying to speak HTTP yourself, which is fine for
testing and debugging, and hella cool for fun to do by
hand, but you will shoot yourself in the foot if you try
to use this pseudo http client unattended in reality. This
toy code does not parse HTTP properly and will break.You
could of course write a full http/1.1 client in bash, you
can even do a full http server in pure bash:
https://github.com/bahamas10/bash-web-serverFor less
insane, non-bash shells there is always nc which is
usually probably the wiser choice.
|
> iam-TJ
Need to be clear that "full http server in pure bash"
is incorrect. Bash cannot listen on a TCP/UDP socket
for incoming connections.bash-web-server project
builds a C language socket listener [0] that is
dynamically loaded at run-time as a "built-in" module
that makes the functionality available.[0]
https://github.com/bahamas10/bash-web-server/tree/main
/loada...
|
> > majorchord
By this logic, Linux does not support Wi-Fi,
because all the driver modules are "dynamically
loaded at run-time."
|
> > > account42
No, by any other logic you can implement your
Wi-Fi drivers in bash.
|
> > > > pastage
Interesting. I have never heard kernel
modules being regarded as non-linux, not
in 30 years of LKM. Further compiling a
monolithic Kernel is rather straight
forward, in this day it is even possible
to find wifi devices that do not require a
an on device firmware blob uploaded from
the kernel.
|
> > > > > zwischenzug
I don't know TBH. It's just that if
you're going to have a 'pure'
designation for a tech, it's going to
be pretty strict (as per bash and
adding modules). I've never heard of
'pure' linux, but 'pure' bash has a
recognised meaning. If someone said
'pure Linux' and it meant the core
without loaded modules I wouldn't be
shocked. Not sure how useful it would
be, though.
|
> > > Brian_K_White
Correct. It doesn't.
|
> mrshu
> No, it can not. Bash lets you open TCP sockets.Very
fair pushback -- I did get carried away and will
update the article to be more precise. Thanks for
raising it!> For less insane, non-bash shells there is
always nc which is usually probably the wiser
choice.For completeness, `nc` or any netcat equvialent
I could think of was not available in the image I was
trying this with. It would certainly be a better
option though.
|
> > bearjaws
This is the most Claude pilled comment I've seen
here.
|
> > > tbossanova
I'm torn. It's a great thing to share
knowledge and take feedback graciously. Maybe
this kind of comment will encourage more of
that. But you also need people to tell you
what is up without unnecessary filters. It's a
challenge
|
> > > thih9
This worries me. Some AI writing styles became
mainstream; at first it was the em-dashes, now
it's "A, not B" patterns and excessive
acknowledging. There will be more.Was
grandparent comment written by an LLM?Or is
this a human who copies a style they saw in a
blog post, unaware that they're copying an
AI?Or is this a human who spent too much time
talking to an AI and now they just talk like
this?Or is this an organic human response and
we're all paranoid by now?I don't know which
would be worse.
|
> > > > elevation
When learning a language, I've heard it's
good to find a reference speaker, such as
a prolific actor, and mimic them in order
to absorb several aspects of what makes
them sound authentic as a speaker, such as
vocabulary, intonation, diction,
pacing.For many in the next generation of
language learners, this reference will be
Claude.
|
> > > > > vbezhenar
I think that the fact that AI has a
very recognizable singular style is a
problem. And this problem will be
solved, sooner or later. It probably
isn't a very important problem,
because I feel that it should be
relatively easy to solve (but maybe
I'm wrong?).But certainly with smarter
AI I do believe it'll become more
fluent with choosing more diverse
idioms and phrasing, rather than
repeating one thing over and over, to
a point of being a comically similar.
So people who learn on AI-generated
text, will not learn from just one
recurring style.
|
> > > > > > pastage
> It probably isn't a very
important problemThe amount of
languages are decreasing on the
earth, I would also say that
dialects and accents are
decreasing as well. I think this
is a problem.
|
> > > > > disqard
Insightful, and scary! Imitating an
imitation machine... even if no one is
trying to intentionally do so,
McLuhan's "we become what we behold"
is inescapable.
|
> > > > 8bitsout
I'm going to go insane from all of this
|
> > > > eddd-ddde
So? That's literally how language works.
The importance is not in the writing
style, but in the content of the words.
|
> > > > > thfuran
Those are not separate things.
|
> > > mrshu
It's pretty rough to learn I sound like
Claude. Will need to do something about it
then.(For what it's worth I did write the
message above manually but I understand why no
one would believe that now. At least I did not
call netcat "load-bearing"
[https://mareksuppa.com/til/load-bearing/] or
something...)
|
> > > > sisve
I did not think you sounded like claude.
Then I looked again after the comment was
made and then I saw some of the vibes.
Like acknowledging a mistake you have
done.Before that would just made you top
5% (or maybe top 1%) of the nicest people
to talk too.. know ppl think you are
Claude.We are all going crazy s a sibling
comment said.
|
> > > > > fc417fc802
It's wasn't "acknowledging the
mistake" it was the phrasing and
general structure while doing so.
|
> > > > ffsm8
I know that feelingI notice myself getting
afflicted with llm-isms after a full
workday. And I didn't always notice,
sometimes I only realize the day
after...Like it slowly siphoned out my
soul, which then reconnected with me over
night
|
> > > > BearOso
Avoid the backtick quotes, too. Claude
also mistakenly uses them outside of
markdown.
|
> > > nialv7
what would be a non-pilled way of saying the
same thing?
|
> > > > xeyownt
Yeah. The comments saying it's AI-pilled
comments are more annoying and less
informative than the comments themselves.
|
> > > > > hnlmorg
Agreed. I really wish Dang would
explicitly add that to the rules.
|
> > > > WD-42
Good point however netcat wasn't available
either.
|
> > scubbo
FWIW, I didn't read this as AI-like. Even on a
re-read, it's only the quasi-em-dash, and _maybe_
the polite acknowledgement of "Very fair pushback"
(just good etiquette, IMO!) that would ring any
alarm bells. You're fine.
|
> > > farmerbb
Not to mention, the typo in the word
"equivalent".
|
> a-dub
it's not that insane. i've been manually typing http
requests in since before http/1.1 and the mandatory
host header.it is insane to use it for anything
serious (also the opposite, implementing webservers in
bash), but for quick testing it's pretty great!
|
> > bitmasher9
Why wouldn't you use curl for the quick test?
|
> > > hnav
Sometimes you want to do something that curl
cannot express, e.g. timing, protocol
oddities, etc. For example you may want to
issue a CONNECT to an echo server through a
proxy and observe the bytes flowing back and
forth. You may want to see what happens when
conflicting hop-by-hop headers are specified
without worrying about the client's (curl's)
interpretation of them. A simple nc -c (or
openssl s_client -crlf) lets you do all of
that.
|
> > > > Bender
For what it's worth curl can do very
detailed timing [1] and it can also do
this using a proxy export
http_proxy=http://your.proxy.server:port/
export
HTTPS_PROXY=https://your.proxy.server:port
/
curl -x http://proxy_server:proxy_port
--proxy-user username:password
or $socks-wrapper curl # [2]
[1] -
https://dev.to/gbhorwood/curl-getting-perf
ormance-data-with-...[2] - torsocks,
tsocks, wireproxy, shadowsocks-rust,
proxychains-ng, etc...
|
> > > > > hnav
what I meant was a proxy that
implements HTTP/1.1 CONNECTand a
server behind it like```
mkfifo /tmp/myfifo
cat /tmp/myfifo | nc -l 12345 >
/tmp/myfifo
```so if you manually type out CONNECT
host:12345 HTTP/1.1
host: host:12345
you can see exactly what's happening.
To be fair you can hack curl to
support that via curl -x proxy:3333
telnet://host:12345
but that's not exactly what you want
and requires curl to have been
compiled with telnet support.
|
> > > > > > Bender
Ah, I see what you mean. Aside
from putting the proxy into debug
logging one would have to use curl
-vvv to get similar details but I
suppose whatever works best with
muscle memory is the right choice
and one may not always have access
to put the proxy into debug
logging.I need to try this with a
Squid SSL Bump MitM proxy just
dont have one up at the moment.
curl -vvv -A Mozilla -H
"Accept-Language: en_us" -H
"Sec-Fetch-Mode: navigate" --url
'https://nochan.net/.env'
|
> > > a-dub
because in those days there was no curl, or
wget. and then when there was, there was no
guarantee they'd be installed.telnet was
always there though. it also worked for
speaking all the other plaintext internet
protocols. (imap, pop, smtp, etc)
|
> > > > HeckFeck
I used telnet to send mail via SMTP once,
it's quite literally a good social
protocol because it begins with a polite
'HELO'.
|
> > > > > nativeit
Is it the reply to 'HELO' that enables
things like tarpits?Like if my server
replied with 'HI PLEASURE TO MEET YOU
127.0.0.1 THAT NAME SOUNDS FAMILIAR
ARE YOU BY CHANCE FROM BOSTON MY
MOTHER IS FROM BOSTON WELL QUINCY
ACTUALLY BUT DO YOU KNOW 127.0.1.1
THEY ARE A REALLY GOOD FRIEND OF MINE
YOU SHOULD MEET I HEAR THEIR DAUGHTER
IS A DOCTOR DONTYAKNOW AND YOU
COULD..."etc, etc?
|
> > > > > > edoceo
For SMTP tarpits you can do all
kinds of fun stuff. Not just in
the reply to helo. Like: always be
slow to respond. Respond to each
command with a temporary error.
Accept everything, then pause,
then error. Send back large chunks
of garbage.
|
> > > > > a-dub
the '90s version of finding the hiring
manager or boss on linkedin to try and
get a job was connecting to the
company's public smtp server with
telnet, using their name to probe
different email address patterns with
"rcpt to:" (those days the actual
servers were often directly connected
to the internet and would leak email
address validity in how they would
respond to rcpt to) and then sending
them a nice email.smtp grew up to be
an antisocial curmudgeon. extended
smtp starts with EHLO.
|
> > > > > > endofreach
> smtp grew up to be an antisocial
curmudgeon. extended smtp starts
with EHLO.email will become so
unusable, next one will have to be
HELNO i guess
|
> > > > > > jolmg
> smtp grew up to be an antisocial
curmudgeon. extended smtp starts
with EHLO."EHLO" still sounds
friendly. It just sounds like a
different accent or something.
Know someone that used to answer
calls with a friendly "Jello?".
|
> > > > > > xp84
Eventually Microsoft will debut
Microsoft Extended SMTP which will
greet with MEHLO
|
> > > > > > a-dub
yeah, i think you're right. i
originally read a bit of snarky
blow-off, like "eh?" ... but you
know, now that i think of it, it's
actually does have more of a
friendly canadian style vibe.
|
> > > > dragontamer
Note: Telnet is not completely plaintext
and has control characters in the upper
byte range (like 0xff or something, I
forget).Use nc or this TCP Bash technique
if you really want to ensure decent
compatibility when doing hacky solutions,
otherwise a random 0xFF somewhere from a
terminal console color change (or other
control character) might really screw you
over.EDIT or ya know, use the correct tool
like Curl.
|
> > > asmnzxklopqw
Because curl is not installed in minimal
docker images.
|
> > > > xp84
Sometimes I don't understand why people
use those most tiny of images, at least
for anything that they might ever ssh
into.When there is no corresponding level
of restraint in the libraries that we add
to most applications, does it really make
a difference to leave out the likes of
curl, nano, ping, etc compared to how
frustrating it is to operate in just
busybox (etc)?I'm not just ranting, I'd
actually like someone who swears by always
shipping alpine images (etc) and never
installing any basic utilities in them to
share their reasoning.
|
> > > > > alex_smart
Less installed things means smaller
security surface area, fewer things to
patch when CVEs get discovered
etc.Thanks to `kubectl debug`, you
don't need to install debugging
utilities into your production image.
|
> > > > gear54rus
neither is bash or even sh for that matter
:) if you have bash, you probably have apk
or apt
|
> > > > > mcmoor
Sometimes I worked in environment that
blocks all internet access, but I
still need some way to test internal
connectivity.
|
> sgjohnson
Someone did a Minecraft server in pure
bash.https://sdomi.pl/weblog/15-witchcraft-minecraft-s
erver-in-ba...
|
> > hnlmorg
It's impressive but it's not "pure bash". Even
just in the first section, the author talks about
using hexdump and dd.Though I did also notice they
didn't claim it was pure bash themselves. That's a
flare you added.
|
> tombert
There's even a Rails-like framework for Bash:
https://github.com/jneen/balls
|
> TZubiri
>No, you can't write 10 lines of code, you have to
import a 100k LOC dependencyCommon misconception, if
you want to replace a dependency on a swiss knife you
don't need to implement a swiss knife, sometimes you
can just implement the last helix of the corkscrew.
|
> > cyanydeez
it's curious what you'd be building where you
think you can hit the reliability of curl with a
bash script.
|
> > > pillmillipedes
a script ten lines long perhaps?
|
> > > TZubiri
health check, check that website/webapp
returns 4xx and some known keywordapi, GET
url, content-type aplication/json, parse
jsonyou can even invert it and make a server
|
> andelink
Nice parameter expansion examples in that
bash-web-server. It uses the $_ parameter in ways I
hadn't thought to before, often preceded by a single :
${x} line for pre-processing of the variable.
|
> morpheuskafka
> No, it can not. Bash lets you open TCP sockets.I
thought you had to use a program called netcat for
that--if not then what is the point of that binary?
And for that matter, can't you also use telnet to
manually send HTTP?
|
> > some_random
nc is basically just a nicer interface for the
same thing, in the same way that curl
is.https://linux.die.net/man/1/nc
|
mrshu
I ran into this while checking connectivity between
containers on an internal Docker network where the image
had neither curl nor wget.The main surprise was that Bash
has /dev/tcp which lets you do the equivalent of an HTTP
request with a bit of shell magic, for instance: exec
3<>/dev/tcp/service/8642
printf 'GET /health HTTP/1.1\r\nHost:
service\r\nConnection: close\r\n\r\n' >&3
cat <&3
Where `service` is just the hostname of whatever you're
talking to and 8642 is the port you are trying to talk
HTTP to.Pretty cool!
|
> sevenzero
It seems pretty cool, but I am wondering if there's
any drawback on just using images that support curl? I
can't think of any and to me it's kinda a must have,
even on production images
|
> > OptionOfT
I always recommend to not have any dependencies
outside of the code.So we start at compiling the
codebase (Rust) against MUSL. That way we can run
it with FROM scratch images.If we need more
tooling available at runtime, then we look at
alpine, but still using MUSL.If MUSL itself is
proving problematic, or if some of the libraries
we use need glibc then we can look at using some
locked down image.The cool part about FROM scratch
images is that you'll never have to update your
base image to address CVEs. Only your software and
its (compiled) dependencies.
|
> > > xmodem
> The cool part about FROM scratch images is
that you'll never have to update your base
image to address CVEs. Only your software and
its (compiled) dependencies.What's the benefit
really, though? If you still need to be able
to rapidly deploy a new image in response to a
dependency CVE, what have you gained?
|
> > > > regularfry
You've gained that happening much less
frequently. The tradeoff is making every
other problem harder to diagnose.
|
> > > > > NewJazz
Debug containers are a thing.Add an
ephemeral container to an already
running pod, for example to add
debugging utilities without restarting
the
pod.https://kubernetes.io/docs/referen
ce/kubectl/generated/kubec...
|
> > > > > > xmodem
Yup! They are a good solution to
the massive problem you caused for
yourself by implementing a
different "solution" to a
non-problem.And even that's only
true if you assume kubernetes is
the only place your container runs
where you might want to also debug
it.
|
> > > > > > NewJazz
You want to ship every debug
utility you will need in every
image? Just seems wasteful. What
about 3rd party images, you will
respin images just to add your
preferred toolset?
|