cron.weekly issue #100: dnsmasq, systemd, MariaDB, logfmt, Rancher, Envoy, Micro, traceroute & moreOctober 8, 2017 - Mattias Geniar
Welcome to cron.weekly issue #100 for Sunday, October 8th, 2017.
Sorry about last week, some high fevers kept me in bed & unable to get an issue out. It’s a shame, I almost made it to 100 consecutive weekly newsletters. Figures I stumble at the very last one. 🙂
But that doesn’t matter. It’s issue #100 and when I first started 2 years ago, I didn’t think I’d ever see that number. But it’s been a fun & very interesting ride, bringing me in touch with many new folks, learning new technologies & learning a thing or two about businesses & pricing when working with sponsors.
If you happen to have plenty of time left, don’t mind a weekly deadline, are always reading the (tech) news and love dealing with e-mail deliverability troubleshooting, writing and maintaining a newsletter is the perfect hobby for you! 😀
All kidding aside, the newsletter wouldn’t be here without you – yes, cliché, you! – the reader. I’m not writing a newsletter if no one is reading it. But since there are over 7.500 of you, you motivate me every week to get the issue out, even at times when I’d love to be doing something else (is Stranger Things season 2 out yet?).
If at any point you’re thinking “sjeez, what could I do to help that Mattias fella?“, the biggest help you can be is share links to the newsletter, promote it to friends & family and get new people to signup. That’s what keeps me going. I don’t want individual donations, the kind cron.weekly sponsors take care of the costs involved in running a newsletter & for compensating my time writing it.
Now on with the show: it’s a 2-week-catchup, so plenty of links, new releases, new guides & videos. Take care all!
There’s some smart handling in systemd about killing all remaining processes on system shutdown that’s worth reading & knowing about.
This write-up explains the “realtime OS”, which features predictability of timings over “just very fast” execution.
Current EU Copyright Review threatens Free and Open Source Software. Take action now to preserve the ability to collaboratively build software online.
The LTS (Long Term Support) kernels are switching from a 2 year cycle to a 6 year cycle, prolonging the life of the LTS kernels significantly!
More money to open source, this time lead by the Alibaba group. The folks at MariaDB sure are raising a lot of money!
Google has discovered several critical flaws in ‘dnsmasq’ you’ll want to patch asap, one includes an RCE (Remote Code Execution) vulnerability.
Another vulnerability that’ll need patching; a local user privilege escalation existed in Linux for a long time and has now been disclosed & patched.
Lots of in-depth info in disk I/O here, comparing different schedulers (read/write, mmap, DIO, …) and how they perform.
With the latest MySQL release, an important bug related to how MySQL implements “auto_increment” has been fixed. I’ll admit I was unaware of this bug, but this post contains a clear example of where this might really hurt in your data consistency!
You may now configure systemd to dynamically allocate a UNIX user ID for service processes when it starts them and release it when it stops them. It’s pretty secure, mixes well with transient services, socket activated services and service templating.
security.txt to allow websites to define security policies, much like a robots.txt or humans.txt file.
Tools & Projects
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
This tool can record & replay an active terminal, take over its control & more. Pretty useful to have on a system if you want to record all SSH sessions or collaborate with junior sysadmins.
HonSSH is designed to log all SSH communications between a client and server.
Jaeger, inspired by Dapper and OpenZipkin, is a distributed tracing system released as open source by Uber Technologies. It can be used for monitoring microservice-based architectures.
Yahoo is open sourcing Vespa, their Big Data Processing and Serving Engine.
Racher lets you run Docker and Kubernetes in production with more ease. Their 2.0 release focusses on Kubernetes more, to make the integration even better.
Envoy is an open source edge & service proxy, designed for cloud-native applications.
A modern and intuitive terminal-based text editor.
This is a structured log format, designed to be readable by humans and parseable by computers. It adds structure & sanity to logs and looks like something that should/could be widely adopted.
Fn is an event-driven, open source, functions-as-a-service compute platform that you can run anywhere.
Cortex provides horizontally scalable, long term storage for Prometheus metrics when used as a remote write destination, and a horizontally scalable, Prometheus-compatible query API.
This release completely deletes the SSHv1 protocol, which has been deprecated for a while now. It also removes several vulnerable ciphers and weak SSH keys.
The PostgreSQL 10 release includes significant enhancements to effectively implement the divide and conquer strategy (spreading data across many nodes), including native logical replication, declarative table partitioning, and improved query parallelism.
A new systemd release that brings; a new modprobe.d drop-in replacement, better tracking of service restarts, traffic accounting unit files (per service), simple IP-based ACLs for sockets and ports & several bugfixes. Quite a big release, it seems.
Zulip is a powerful, open source group chat application. Written in Python and using the Django framework, Zulip supports both private messaging and group chats via conversation streams.
Several security updates & bugfixes in this maintenance release of Debian 9.
Guides & Tutorials
This new blog series aims to help DevOps leaders in organization get stakeholder buy-in. It covers approaches to talking about why, as well as specific things you can do to sell your ideas. (Sponsored)
In order to restore an InfluxDB back-up to a Docker container, the instance needs to be stopped. But if you stop the instance, Docker thinks it’s “pid 1” has ended, and stops the container altogether. This post shows how to work around that catch-22 situation. (Sponsored)
This is a solid presentation on the Prometheus monitoring solution when run at scale, by the team at CloudFlare.
If you’re like me, chances are you’ve typed “git git status” more than once – doubling the git at the beginning. No idea why I even do that. But, this post has a good fix for that using git aliases that’s applicable to all git commands!
I love nginx, but it’s lack of a good status page and lack of control over backends make it a rather weak choice for load balancing. There are alternatives, like HAProxy – or my own favorite, Varnish – that are much better suited for performing healthchecks & adding backend controls.
It’s possible to make really small containers, but they often grow in size rapidly due to the large application installs that happen inside of them. This post looks at a tiny binary running in a Docker container, keeping it under 1KB.
A cautionary tale of how not to kill your network when configuring network resources using Ansible.
Some step-by-step instructions on creating your own Flatpak “packages” that can be run on any system.
A traceroute showing a slow or high latency hop isn’t always telling the truth, this post explains why we can’t blindly trust traceroute’s output for performance troubleshooting.
All recorded videos from LaraconEU, the yearly Laravel conference in Europe, are released. If you’re into PHP & Laravel, there’s definitely something in there for you.
BruCON is a yearly hacker conference in Brussels, Belgium. The videos of those presentations are now online, they range from malware detection to open source security orchestration, browser exploits & more.