cron.weekly issue #109: PostgreSQL, GIF, VLC, containerd, Docker, NTP & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, December 10, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #109 for Sunday, December 10th, 2017.

A bigger issue than last time, so hopefully it’ll be enough to keep you all busy. 🙂

News

Open source innovation is now all about vendor on-ramps

This isn’t exactly news to most of us, but more & more big companies are turning to open source, only to lure customers to their paid version of the same software, boasting with their operational efficiency. After all, open source software needs maintenance, engineers, up-time, bugfixes, …

Evolution of img: Gif without the GIF

With the latest Safari update, all major browsers have support for MP4 video. All GIF’s can now be replaced with the much more efficient video format.

European Parliament has approved budget for VLC bug bounty program

The European Parliament has approved budget to extend the software security audit programme (FOSSA), in this case by providing a bug bounty on VLC, allowing anyone to report security issues & be rewarded for it.

The Eternal Cost Savings Of Netflix’s Internal Spot Market

These folks work at a scale most of us can only imagine: Netflix has its own “spot market”, donating free cpu cycles/memories from their servers to internal projects like video rendering (which server isn’t oversized nowadays?).

Chrome to force .dev domains to HTTPS via preloaded HSTS

Last week, Chrome 63 was automatically rolled out worldwide. With it, the change that forces all domains ending in “.dev” to HTTPS. If your development crew uses local .dev domains, make sure they either support HTTPS or consider another development TLD, like “.test”.

Wildcard Let’s Encrypt certificates coming in February 2018

The Let’s Encrypt team highlighted their roadmap for 2018. My biggest feature I’m looking forward to: wildcard certificates, which should be available around February 27th, 2018.

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)

APPUiO: Open Container Platform with a Powerful Community

The Swiss Container Platform APPUiO is based on OpenShift by Red Hat. Reliable Open Source concepts such as Docker and Kubernetes allow you to develop, operate and scale your application according to your needs. Contact us for a free one month trial of APPUiO. (Sponsored)

RocksDB storage engine for MySQL

This project allows you to use the RocksDB storage engine in MySQL server, giving you up to 2x the compression capacity, faster replication & improved write efficiency.

fswatch

fswatch is a file change monitor that receives notifications when the contents of the specified files or directories are modified.

sysdig-inspect

Sysdig Inspect is a powerful opensource interface for container troubleshooting and security investigation. Inspect’s user interface is designed to intuitively navigate the data-dense sysdig captures that contain granular system, network, and application activity of a Linux system.

misocoin

Misocoin is a barebones bitcoin-like protocol implemented in Python 3.x.

Kubernetes Memcached Operator

memcached-operator is a Kubernetes Operator for deploying and managing a cluster of Memcached instances. memcached-operator provides a single Service endpoint that memcached client applications can connect to to make use of the memcached cluster.

containerd 1.0

The industry-standard runtime for building container solutions, has reached its 1.0 milestone.

zbox

Zbox is a zero-details, privacy-focused embeddable file system. Its goal is to help application store files securely, privately and reliably. By encapsulating files and directories into an encrypted repository, it provides a virtual file system and exclusive access to authorised application.

TrimPCAP

Network packet captures tend to produce huge files. TrimPCAP is a free open source tool that reduces the size of capture files in an intelligent way.

katacontainers

Kata Containers is a new open source project building extremely lightweight virtual machines that seamlessly plug into the containers ecosystem.

healthchecks

healthchecks is a watchdog for your cron jobs. It’s a web server that listens for pings from your cron jobs, plus a web interface, and can alert when pings have been missed (and the cronjobs haven’t run).

Guides & Tutorials

Continuous Delivery: GoCD VS Spinnaker

GoCD or Spinnaker? This post is an overview of GoCD and Spinnaker, why they are different from each other and which problems you should use them to solve. Check it out. (Sponsored)

Dynamic linker tricks: Using LD_PRELOAD to cheat, inject features and investigate programs

This is an interesting dev-trick, you can overwrite functions in applications yourself, by making your sure code/library/binary gets loaded_ before_ the actual application, using the LD_PRELOAD environment variable.

How I’ve captured all passwords trying to ssh into my server!

A fun exercise on what kind of (unwanted) auth requests you get on your SSH server, by logging all the passwords in plain text.

ffwd: delegation is (much) faster than you think

A lot of in-depth info on what it takes to scale applications beyond a single core or thread, talking about sharing variables & data structures across threads. Very theoretical, but I found it interesting.

Pentest: owning a docker host

A fun read on how a WordPress running inside in Docker could be hacked and the author got root access on the host.

Measuring Asymmetric latency via NTP

I won’t pretend to fully understand the math, but it’s an interesting problem: if NTP updates are sent via the internet, how do you know if it’s still accurate, or delayed due to packetloss or jitter on the line?

pgexercises

PGExercises provides a series of questions and explanations built on a single, simple dataset. The exercises on this site range from simple select and where clauses, through joins and case statements, and on to aggregations, window functions, and recursive queries.

Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration

Even if you’re a die-hard Linux user, chances are you have a Windows box around you need for some proprietary code. This post explains how to get Windows Event Viewer data into Elasticsearch, so you can use Kibana to visualize logs & events.

Sudoku Recursive Common Table Expression Solver

How does a database geek solve a sudoku? He writes a recursive SQL query, obviously.

PostgreSQL HA cluster failure: a post-mortem

Another interesting post-mortem, after a near 2 hour outage on a PostgreSQL cluster. Lots of interesting details how their cluster was set up, combining both sync & async slaves for redundancy. I like that approach!

Check disk space of your BTRFS snapshots with btrfs-du

That title explains it all, doesn’t it? 🙂

Platforms such as Kubernetes, Mesos, Amazon Elastic Container Service (ECS), Azure Container Service, and Google Kubernetes Engine provide a layer of abstraction and automation to help manage large numbers of ephemeral containers. This research looks at the different trends in the landscape.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.