cron.weekly issue #102: KRACK, Grafana, nsjail, ApsaraCache, Nix, Docker, fzf & moreOctober 22, 2017 - Mattias Geniar
Welcome to cron.weekly issue #102 for Sunday, October 22nd, 2017.
I’m writing this one a bit in a hurry, the kids aren’t leaving me with a lot of sleep & I can hear my bed calling far away in the distance.
So without further ado, here’s your weekly reminder that open source is a thing, Linux is very much alive and all sense of security is purely an illusion.
Authoritative DNS for pros – anycast, GeoDNS, failover support with monitoring integration, DNSSEC, DANE/TLSA, CAA and much more. Join now, open support ticket and receive 10% discount as cron.weekly subscriber. (Sponsored)
Work is being done to let Grafana configurations be read/stored in yaml files, which would make it a lot easier to deploy & manage via config management tools like Puppet, Chef, Ansible, …
If you’ve got a WiFi anywhere in your office or home, it’ll probably need patching. Until then, assume WiFi – even with WPA2 – is an unencrypted transport protocol. (aka: don’t use FTP)
The Docker platform is getting support for Kubernetes. This means that developers and operators can build apps with Docker and seamlessly test and deploy them using both Docker Swarm and Kubernetes.
Since many of you read this newsletter in text/plain, I figured you’d appreciate this: some A/B testing on newsletters, and it turns out the text/plain version often outperforms the text/html one!
It’s not only Windows machines that get ransomwared, this Gentoo box had its files encrypted and asked for money. Keep your patches up-to-date folks!
Tools & Projects
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language).
This release brings support for the new HAMMER2 file system, improvements to IPFW (IP firewall & traffic shaper), support for mor than 900k procs on a single machine (wow!) & lots of smaller fixes.
zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync.
Consul is a tool for service discovery and runtime configuration for distributed applications and infrastructure and it’s just reached its first big milestone, a 1.0 release.
This is a fork of Redis 4.0 and introduces the “memcached” protocol in Redis, allowing you to run Redis but talk to it via the Memcached protocol.
This came in handy for me last week: prips is a tool that can be used to print all of the IP address on a given range. It can enhance the usability of tools that are made to work on only one host at a time (e.g. whois).
Ubuntu “Artful Aardvark” has been released; no more 32bit installers, the 4.13 kernel, improvements to qemu, libvirt, lxd, … and many more.
Guides & Tutorials
GoCD is a continuous delivery tool specializing in advanced workflow modeling and dependency management. It lets you track a change from commit to deploy at a glance, providing superior visibility into your workflow. It’s open source, free to use and download. (Sponsored)
This quick command lets you get a bash prompt in a running container, which can be very useful if you’re trying to debug a Docker container that’s malfunctioning.
This is a good introduction with plenty of CLI examples to show the benefits of Nix. It lets you install multiple versions of tools with dependent libraries without conflicts by not using a traditional file system layout.
This blog talks about how to use Prometheus, node-exporter and nsenter to monitor Kubernetes volumes on AWS.
This is a pretty cool combo of fzf (a fast command-line finder) and ripgrep (a blazingly fast ‘grep’ alternative) in both vim and bash!
A lot of vim optimizations in this post, also including fzf (like the post above), improving search, multiplexing, panel orientations, …