The history of Docker containers (according to GoogleSearch)

Posted on September 25, 2025 by joe.mariadassou@norwestcomputing.com.au

Pre-Docker: The Seeds of Containerization

1979: chroot: The concept of process isolation began with the chroot system call in Unix V7, which could change the root directory of a process and its children, effectively isolating them from the rest of the file system.

2000: FreeBSD Jails: FreeBSD took this a step further with Jails, which allowed for the partitioning of a system into several independent, smaller systems.

2001-2004: Linux VServer and Solaris Containers: These technologies introduced more sophisticated resource management and isolation, getting closer to the container model we know today.

The Birth of Docker

dotCloud: Docker started as an internal project at dotCloud, a Platform-as-a-Service (PaaS) company. The goal was to create a simpler way to build and deploy applications in isolated environments.

2013: Public Launch and Open Sourcing: Solomon Hykes, the founder of dotCloud, introduced Docker to the world at PyCon 2013. It was released as an open-source project, which was a key factor in its rapid adoption. Initially, Docker used LXC (Linux Containers) as its underlying technology.

Rapid Evolution and Growth

2014: libcontainer and Explosive Growth: Docker replaced LXC with its own libcontainer, written in Go. This gave Docker more control over its destiny and improved its capabilities. By this time, Docker’s popularity was skyrocketing, with millions of downloads.

2015-2016: Building an Ecosystem: To address the needs of more complex applications, Docker introduced Docker Compose for defining and running multi-container applications, and Docker Swarm for orchestrating and managing clusters of Docker containers.

Industry-Wide Adoption: Major tech companies quickly saw the potential of Docker. Red Hat, Microsoft, Amazon, and IBM all announced partnerships and integrations, solidifying Docker’s position as the industry standard for containers.

Docker Today

Enterprise Focus: In 2017, Docker released an Enterprise Edition to cater to the needs of large organizations.

Acquisition by Mirantis: In 2019, Mirantis acquired Docker’s enterprise business, while Docker Inc. continued to focus on the developer-facing tools.

The defacto Standard: Docker has fundamentally changed how software is developed, shipped, and run. It has become an essential tool for modern software development, enabling (a) microservice architectures, (b) CI/CD pipelines, and (c) cloud-native applications. In essence, Docker didn’t invent containerization, but it made it accessible and easy to use for developers. Its simple and powerful tools, combined with its open-source nature, led to its explosive growth and its profound impact on the software industry.

Posted in Programming | Leave a comment

Gemini: Restore computer to domain

Posted on July 16, 2025 by parama

I recently migrated my Windows Primary Domain Controller from one server to another.A workstation running Windows 10 could not recognize the shared drive. So I changed the DNS to the new server and flushed the DNS. When I rebooted the workstaion it refused to logon the domain user as the ‘trust relationship’ between the workstation and the Primary domain controller was broken. There is no local user with admin privileges on the workstation. How do I bring back the workstation into the domain?

✦ This is a classic and tricky situation. The “broken trust
relationship” error occurs because the computer’s account
password, which it uses to securely communicate with the domain
controller, is out of sync. Since you have no local administrator
account, you can’t log in to fix it directly.

The solution involves using a Windows installation media to gain
temporary administrative access from the login screen, creating a
new local admin user, and then using that user to repair the trust
relationship.

Here is a step-by-step guide.

Disclaimer:
This procedure involves modifying system files. While generally
safe when followed carefully, it’s always recommended to have a
backup of any critical data on the workstation before proceeding.

Part 1: Gaining Administrative Access

You will need a Windows 10 installation USB or DVD.

  1. Boot from Installation Media:
    • Insert the Windows 10 installation media into the
      workstation.
    • Restart the computer and boot from the media. You may need
      to change the boot order in the BIOS/UEFI settings.
  2. Open Command Prompt:
    • On the initial Windows Setup screen, press Shift + F10 to
      open a Command Prompt.
  3. Replace Utility Manager with Command Prompt:
    • First, you need to find the drive where Windows is
      installed. It’s usually C: or D: in the recovery
      environment. You can find it by typing diskpart and then
      list volume.
    • Assuming the Windows drive is C:, execute the following
      commands to back up the Utility Manager (utilman.exe) and
      replace it with the Command Prompt (cmd.exe):
    1 move c:\windows\system32\utilman.exe
    c:\windows\system32\utilman.exe.bak
    2 copy c:\windows\system32\cmd.exe
    c:\windows\system32\utilman.exe
  4. Reboot:
    • Close the command prompt and reboot the workstation
      normally, removing the installation media.
    Part 2: Creating a New Local Administrator
  5. Open the SYSTEM Command Prompt:
    • On the Windows login screen, click the Ease of Access icon
      (it looks like a clock or a person) in the bottom-right
      corner.
    • Because of the change made in Part 1, a Command Prompt will
      open with NT AUTHORITY\SYSTEM privileges.
  6. Create a New Local Admin User:
    • In the command prompt, type the following commands,
      replacing NewAdmin and Password123 with a username and
      strong password of your choice.
    1 net user NewAdmin Password123 /add
    2 net localgroup administrators NewAdmin /add
  7. Close the Command Prompt. Part 3: Repairing the Trust Relationship
  8. Log In:
    • You should now see your new local user on the login screen.
      Log in as that user (.\NewAdmin).
  9. Repair the Trust:
    • Once logged in, right-click the Start button and select
      Windows PowerShell (Admin).
    • In the PowerShell window, type the following command. It
      will test and attempt to repair the secure channel to the
      domain.
    1 Test-ComputerSecureChannel -Repair -Credential
    (Get-Credential)
    • A credential box will pop up. Enter the username and
      password for a Domain Administrator account and click OK.
    • If the command returns True, the trust relationship has
      been successfully repaired.
  10. Reboot the Workstation. Part 4: Cleanup and Verification
  11. Log In with Domain Account:
    • After rebooting, you should now be able to log in with the
      original domain user account without the trust relationship
      error.
  12. Restore Utility Manager (Important Security Step):
    • To restore the original Ease of Access functionality and
      secure your system, you must reverse the change from Part
      1.
    • Boot from the Windows 10 installation media again.
    • Press Shift + F10 to open the command prompt.
    • Execute this command (assuming C: is your Windows drive):
    1 move c:\windows\system32\utilman.exe.bak
    c:\windows\system32\utilman.exe
    • Reboot normally.
    After this, your workstation will be back in the domain and fully
    functional. You can choose to keep the local admin account you
    created for future emergencies or delete it.
Posted in Programming | 1,369 Comments

Gemini’s response to DNS issue

Posted on June 28, 2025 by parama

I lost drive mappings on a Windows client machine running Windows 8 when the Primary Domain Controller was migrated from one server to another. Changing the pointer to the DNS on the client and rebooting restored the drive mapping. No issues with Windows 11. What gives?



This is a classic symptom of a DNS-related issue, and it highlights a subtle difference in how Windows 8 and Windows 11 (and generally newer Windows versions) handle domain controller discovery and network resource access.

Here’s a breakdown of what gives:

The Core Problem: DNS and Domain Controller Discovery

When a Windows client machine needs to access a network resource (like a shared folder on a server), it typically relies on DNS to resolve the server’s name to an IP address. In a domain environment, it also needs to locate a domain controller (DC) for authentication and to retrieve Group Policy objects (GPOs) which often define drive mappings.


PDC Migration and DNS Updates: When you migrate a Primary Domain Controller (PDC) to a new server, the DNS records for that DC need to be updated. This includes A records (for the IP address), SRV records (which tell clients where to find services like LDAP, Kerberos, and Netlogon), and potentially others.

Client-Side DNS Cache: Windows clients maintain a DNS cache. If the Windows 8 machine had previously resolved the old PDC’s IP address (or its role as a DC) and cached that information, it might continue to try and connect to the old, now unavailable, IP address or use the old DC’s information even after DNS records are updated on the server.

Netlogon Service and DC Locator: The Netlogon service on a Windows client is responsible for locating domain controllers and establishing a secure channel. It uses DNS SRV records to find DCs. If the client’s DNS cache is stale, or if there’s a temporary hiccup in its ability to query the correct DNS server, Netlogon might struggle to find the new PDC or any available DC.

Why Windows 8 Had Issues, but Windows 11 Didn’t:

The key difference lies in how aggressively and intelligently older versus newer Windows versions handle DNS and DC discovery failures.

Windows 8 (and older):

Less Resilient DNS Cache Management: Windows 8 tended to hold onto DNS cache entries more stubbornly. If it had a cached record for the old PDC, it might prioritize that even if it’s no longer valid.

Less Robust DC Discovery: While it uses Netlogon and DNS, older versions might have been less proactive in flushing caches or trying alternative DC discovery methods when the initial attempt failed due to a stale DNS entry. They might simply fail to locate a DC or struggle to establish a secure channel, leading to issues with Group Policy processing (which maps the drives) and authentication.

Reliance on a Specific DC (PDC Emulator): In some older configurations or in specific scenarios, Windows 8 might have been more reliant on the PDC Emulator role holder for certain operations. If the client couldn’t find the new PDC Emulator, it could impact drive mappings that rely on Group Policy.

Windows 11 (and newer):

Improved DNS Client Behavior: Newer Windows versions have more sophisticated DNS client behavior, including more intelligent caching, faster detection of stale entries, and better handling of DNS server changes. They are quicker to flush and re-query when connectivity issues arise.

More Resilient DC Discovery and Group Policy Processing: Windows 10/11 have enhancements in how they discover domain controllers and process Group Policy. They are generally more tolerant of transient network issues or changes in the domain controller landscape. They might have better retry mechanisms and faster fallbacks if a DC is unreachable or if DNS resolution fails.

Background Refresh of GPOs: Group Policy Objects refresh periodically (typically every 90 minutes with a random offset). Newer Windows versions are generally better at handling these refreshes even if there are temporary network or DC availability issues.

Why Changing DNS on the Client and Rebooting Fixed It:

Changing the DNS pointer on the client and rebooting effectively forced the Windows 8 machine to:

Flush its DNS cache: A reboot, or even ipconfig /flushdns, clears the local DNS resolver cache.

Query the correct DNS server: By pointing it to the correct DNS server, it could then properly resolve the names of the new domain controllers and the server hosting the mapped drives.

Re-discover Domain Controllers: With correct DNS, the Netlogon service could successfully locate the new domain controllers, establish a secure channel, and process Group Policy, which then reapplied the drive mappings.

In Summary:

The issue was primarily a DNS resolution and caching problem on the Windows 8 client, compounded by its less robust handling of domain controller changes compared to Windows 11. When the PDC was migrated, the Windows 8 client’s cached information became outdated, and it didn’t gracefully adapt until you manually intervened with the DNS settings and a reboot to force a fresh lookup and discovery process. Newer Windows versions are simply more intelligent and resilient in these situations.

Posted in Uncategorized | 5,184 Comments

Python3 Extension Modules with Boost

Posted on July 17, 2021 by joe.mariadassou@norwestcomputing.com.au

Boost (a collection of C++ libraries) provides excellent tools for writing Python extension modules in C++. However building these modules for Python3 has some issues. This blog suggests a workaround.

Motivation

Why build Python extension modules in C++? There are at least two use cases. The first one is that there is a C++ library that you would like to port to Python. The second reason is that a pure Python library is slow or too large that further extension becomes difficult and hence a C++ port of the library is desired.

Boost Python

Boost (www.boost.org) is a collection of C++ libraries that have in many
instances been incorporated into standard C++. It provides a C++ framework that makes building Python extension modules easy. Here is an example from Boost

char const* greet()
{
   return "hello, world";
}

BOOST_PYTHON_MODULE(hello_ext)
{
    using namespace boost::python;
    def("greet", greet);
}

The def method exposes the greet function as “greet“. Calling the method from Python is simple as shown in the following code from Boost:

import hello_ext
print(hello_ext.greet())

Exposing C++ classes is easy too:

namespace { // Avoid cluttering the global namespace.

  // A friendly class.
  class hello
  {
    public:
      hello(const std::string& country) { this->country = country; }
      std::string greet() const { return "Hello from " + country; }
    private:
      std::string country;
  };

  // A function taking a hello object as an argument.
  std::string invite(const hello& w) {
    return w.greet() + "! Please come soon!";
  }
}

BOOST_PYTHON_MODULE(extending)
{
    using namespace boost::python;
    class_<hello>("hello", init<std::string>())
	// Add a regular member function.
	.def("greet", &hello::greet)
	// Add invite() as a member of hello!
	.def("invite", invite)
	;

    // Also add invite() as a regular function to the module.
    def("invite", invite);
}

Here the class hello is exposed to Python via class_<hello>. The individual methods in the class are exposed by taking the member function pointer. Notice also a function invite is exposed to Python both as member function and an external function accepting an object reference.

Calling the C++ object method is shown below:

from extending import *
hi = hello('California')
hi.greet()
invite(hi)

Creating a factory method that returns an object is more involved as we have to take care of object lifetimes. However if the factory returns an object that is independent of other objects with regards to its life time then the method can return an object. Of the method must be declared within the Module definition as well.

Issues with Boost Python

To build Boost Python we need to download the latest release of Boost. Run bootstrap. Then build the desired libraries using ./b2 with the with-<library> option. In our case we would substitute python for <library>. This does not work if both Python 2 and Python 3 are available because by default Boost constructs the build system for Python 2.

Users at StackOverflow suggest a number of options. I found Maxim Dolgov’s suggestion to be the most appropriate which is to run bootstrap with with-python=python3 option before building the libraries. That way we could specify the specific Python virtual environment if we wanted to.

Having done that and then running b2 with-python we generate the boost_python3x library where x refers to the minor version number. Now if we cd to libs/python/examples/tutorial folder and then run /path/to/b2 we will get build errors. To see what is going on it is best to run /path/to/b2 -a -n. The -a option builds everything and -n option shows the commands that would be executed. The first build error without the -n option will be about missing boost headers. This is easily fixed by typing the build command on the shell prompt with the -I option to search additional include folders. Running b2 again will result in libraries not found error. Here we need to both include the library paths with -L and modify the library names. Boost builds libboost_python3x whereas the b2 tries to link with libboost_python. In addition it does not link with the libpython3.7m. These operations have to be done manually. The following makefile might help with these issues

CFLAGS = -I/home/joe/boost_1_76_0 -I/usr/include/python3.7
LFLAGS = -L/home/joe/boost_1_76_0/stage/lib 
all : embedding extending.so

%.o : %.cpp
	"g++"   -fPIC -O0 -fno-inline -Wall $(CFLAGS)  -c $< -o $@

extending.so : extending.o
	"g++"    -o $@  -Wl,-h -Wl,$@ -shared -Wl,--start-group $< $(LFLAGS) -lboost_python37 -ldl -lpthread -lutil -lpython3.7m -Wl,--end-group -fPIC 


embedding : embedding.o
	"g++" -o $@ -Wl,--start-group  $<   $(LFLAGS) -lboost_python37  -ldl -lpthread -lutil -lpython3.7m -Wl,--end-group -fPIC 

clean:
	rm embedding embedding.o extending.so extending.o

The Python version number and LDFLAGS and CFLAGS need to be modified for local conditions.

Conclusion

While Boost provides nice tools for building Python extension modules, additional work is required for Python 3. In this blog I covered the basics of building such modules. While a lot can be done with these basics, there is more to it than what I have addressed. Check out the Boost documentation for details.

Posted in Boost, C++, Programming, Python, Uncategorized | 8,051 Comments

Recollections of a conversation with Antoine Mariadassou

Posted on July 14, 2020 by parama

It was soon after the tsunami in January 2005 when Marie Ange Harris (née Lernie) came to visit my mother (Antoinette Selvanadin) in our Candappa street, Pondicherry, house at around 10:00 in the morning. Presently, Antoine arrived. He was meeting Marie Ange after more than fifty years. Antoine required no prodding to recount the details of the last time they had met. It was in Lernie’s house and Marie Ange was less than ten.

(Note: The conversation was in French and Tamil. An English translation is necessarily bland if I need to remain close to the original meaning of the words uttered. Besides a conversation like that is hard to reproduce on paper. The tone, the body language and the reaction is difficult to capture)

Antoine was running a newsletter that was staunchly pro-independence and for unification of Pondicherry with the rest of India. Both Teta and Lernie were former French government functionaries who were clandestinely helping Antoine. Mrs Teta (Loluima) had no clue that her husband was involved in any way. She once pointed to an article and asked Antoine who wrote it. “I don’t know” Antoine replied, “it’s an anonymous document dropped off.” Her husband had written the article and she wasn’t told about it until unionization with India (de jure transfer) was complete. By that time, of course Antoine was well settled in Germany.

Lernie on the other hand was more cautious. He did not give Antoine any paper with his handwriting on it. So Antoine went to meet Lernie in person and took a dictation. It was during one of those meetings that Antoine met Marie Ange. “You used to sit on my lap. You can’t do that now” he told Marie Ange. Admittedly Antoine is prone to exaggeration. Perhaps Marie Ange didn’t want to spoil a nice story with facts. I am not sure. She laughed as did I.

I am not sure how much Mrs Lernie, my aunt, knew. I am pretty sure she would not have approved. She did not believe that Indians could run a country on their own.

All three of the others in the living room that day have passed away. I am writing this now when my my memory is still fresh in the hope somebody in the future may be interested.

Posted in Uncategorized | 16,981 Comments

Why use Duckduckgo

Posted on July 9, 2020 by joe.mariadassou@norwestcomputing.com.au

Duckduckgo is a search engine that is about 90% as good as Google. What do I mean by that? And why despite that I still recommend using Duckduckgo.

Consider a simple search query “weed remover tool.” I am looking to buy a weed remover tool. I live in Sydney, Australia and Duckduckgo (DDG) returns results pertaining to the US. I have to specify the location in the settings to get the results I am looking for. Google on the other hand lists Bunnings and US based shops without explicit prompting. In this instance the quality of the search results are if anything better for DDG, provided the location is explicitly setup than Google. I use DDG for the most part both on my desktop and on my smart-phone. Occasionally I have to switch to Google to get the specific answer I am looking for.

Why is Google better in some cases? Google has been around a lot longer that DDG. Note that every time you click on a search result you are in fact providing a response to the the search engine. The search engine uses that information to produce better results the next time. Since the vast majority of search queries are executed in Google, it has a lot more information based on user feedback to fine tune its response to future queries.

So then why use DDG? Remember the time we had more than one word processor and at least one other spread application, Lotus-123. Now there is a virtual monopoly in office suite of applications even though there is a free version, Libre Office, that does everything required. I have to pay close AU$100 every year to use MS Office at home. I have no need for all those bells and whistles and neither does the vast majority of the population. However due to networking effects, clients want to send and receive only MS Office documents. Do you really want to handover an annual subscription to Microsoft when the free version is just as good? If the average customer does not do their bit to promote competition we will land up with a monopoly which would be anti-thesis of a free market.

In the case of search engines the price you pay is privacy. Google keeps a history of all your search queries. If you live outside the US, then the US security agencies can get your search histories without your permission or notice. But Google itself has access to your search history and can tailor advertisements based on your previous search queries. This is creepy. Given that many of our purchases are impulse purchases, you actually spend a lot of money using Google, buying stuff you don’t need, at least not immediately. Given that no organisation including Google is safe from security breaches, it is still possible for at least some of the data relating to you, to land up with nefarious elements. DDG on the other hand does not keep an individual’s search history. That provides you with a lot more privacy. Note that Google pays Apple billions of dollars to let Google be the default search engine on their smart devices. This is done to preempt the use of other search engines given that most customers do not change the default search engine.

On a future date Google might decide to hide results pertaining to companies that do not advertise on Google. In that case all customers will pay a price for the monopoly.

In short the marginal benefit you get from using Google is more than offset by the price you pay in privacy and the quality of results on a future date.

Posted in Uncategorized | 3,247 Comments

Hosting your website in-house

Posted on November 26, 2019 by joe.mariadassou@norwestcomputing.com.au

There are 1700 million websites, of which around 200 million are active. Even of the active websites the vast majority are accessed less than once an hour, more like once a day. Most small businesses host their website on some paid location. In general this is a good idea because a small business would host at most one website. A host provider such as Godaddy will also provide access to tools like WordPress, MySQL, Joomla and Drupal.

The cost is reasonable… about AU$14 a month, excluding the initial overheads of domain name, SSL certificate and so on which will be incurred no what where the website is hosted.

However there are good reasons to run the website in-house. The main business case would be that it is easier to integrate the business database with the website. For example if the business sells widgets then customers can know in ‘real time’ whether the specific widget they are looking for is in stock or when they can expect the widget to be available.

If the website is hosted externally, it is possible to have the remote web server access the in-house server for the details, except, for all that trouble it is easier to host the website in-house.

Posted in Uncategorized | Tagged , | 2,005 Comments