cron.weekly issue #103: pack, SSLStrip, gping, Kubernetes, Vagrant, MySQL, SSH & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, October 29, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #103 for Sunday, October 29th, 2017.

This issue is especially heavy in the tools & guides section, a little less news this time. Oh, and Ask cron.weekly is back! And there are videos! And cats!

OK, no cats – but the rest is true. Go to your local bakery (tell’m cron.weekly sent you), buy a croissant, grab a coffee & sit back and relax.

Ciao!

News

Performing & Preventing SSL Stripping: A Plain-English Primer

This post gives a very good basic intro to SSL/TLS in HTTPS, how “SSL Stripping” works (a better name would be “SSL preventing”, but it isn’t as catchy I suppose) and how solutions like HSTS prevent that.

An ode to pack: gzip’s forgotten decompressor

A trip down memory lane, with the history of xz/tar/gzip/… all the way down the ‘pack’, and it goes on to explaining the benefits & drawbacks of pack. Did you know it can’t compress a file if it only contains single-character content, like ‘aaaa‘? Fascinating!

A weekly email with security news

Here’s a weekly newsletter that digests last week’s infosecurity news into a shortlist of useful articles. It reports on events like new large-scale attacks, exploits, new security features and just interesting infosec articles. (Sponsored)

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)

Sonar

A linting tool for the web: sonar is a linting tool that analyzes the code for a wide range of issues, including related to coding errors, performance, accessibility, security, Progressive Web Apps (PWA), and interoperability. Sonar can be used as a command line tool or via an online version.

Suicide Linux

A game of roulette: any time you type any remotely incorrect command, the interpreter creatively resolves it into rm -rf / and wipes your hard drive. How long can you last?

Babybuddy

A buddy for babies. Helps caregivers track sleep, feedings, diaper changes, and tummy time to learn about and predict baby’s needs without (as much) guess work.

httpie

Pretty sure I covered this one already, but worth repeating: HTTPie is a modern command line HTTP client – user-friendly curl alternative with intuitive UI, JSON support, syntax highlighting, wget-like downloads, extensions, etc.

gping

Gping is like regular ping, but with a graph.

pingfs

pingfs is a filesystem where the data is stored only in the Internet itself, as ICMP Echo packets (pings) travelling from you to remote servers and back again.

riot

riot is a full text search engine, written in Go.

PyRexecd

PyRexecd is a standalone SSH server for Windows, written in Python.

Nuclio

nuclio — “Serverless” for Real-Time Events and Data Processing.

pg_blkchain

This is a C language Postgres extension that provides Bitcoin blockchain functionality.

 

Guides & Tutorials

GoCD – open source continuous delivery server

GoCD is a continuous delivery tool specializing in advanced workflow modeling and dependency management. It lets you track a change from commit to deploy at a glance, providing superior visibility into your workflow. It’s open source, free to use and download. (Sponsored)

A Software-based Approach to Identify Heavy Hitters in DNS Traffic

Lots of clever tips in this post when you ever want to look at 10GE NICs and identify bad DNS traffic, there are lot of things to keep in mind when working at such bandwidth scales.

Ten Things I Wish I’d Known Before Using Vagrant

Tips on CPU & memory limitations, running multiple versions, snapshots, persistent storage, … when using Vagrant to manage your virtual machines.

Kubernetes By Example

This seems to cover all the essentials with ready-to-use CLI snippets: service discovery, health checks, pods, deploying, …

Some more fuzzy matching fun: fzf is a command line tool that allows you to interactively filter its input using fuzzy searching. fd sends the paths of files in a directory tree to standard output. Together, you can use fzf and fd to quickly find files and change directories.

How to Monkey-Patch the Linux Kernel

This post introduces “systemtap”, which allows you to overwrite kernel functions and hook in additional logic of your own. Not sure where I’d use it, but if you ever want to wreck your kernel, this seems like a fun way to do it!

MySQL Point in Time Recovery the Right Way

Another good one for performing point in time restores of a MySQL database, using clever MySQL replication & binary logs.

How Merkle trees enable the decentralized Web

The concept of a “Merkle Tree” is everywhere, from bitcoin to IPFS to failover & quorum resolution, this post gives an easy-to-understand intro to help get you familiar with the concept.

SSH escape sequences

Did you know that when you’re using OpenSSH from the command line you have a variety of escape sequences available to you? SSH somewhere, then type “~” and “?” (tilde, then question mark) to see all the options.

Why does one NGINX worker take all the load?

If you read the URL, the original title was “the sad state of Linux socket balancing”. It’s a solid intro into different load balancing mechanics & their pro’s & con’s.

HTTPS or not HTTPS, that is the question

A practical guide on securing your own server with Let’s Encrypt certificates using Nginx.

Ask cron.weekly!

Right, we have a forum! It’s died a bit with little to no posts, but once in a while a good question arrives. So remember, if you’re stuck with something, it can wait a week for a newsletter appearance & there’s no one else left, ask the cron.weekly listeners!

OpenStack status for public cloud?

I’m a sysadmin and I’m evaluating if I should study AWS, GCP or OpenStack for my future career cloud’s need. I would like to study OpenStack client-use for public cloud, but I don’t want to waste my time in a technology that could be dropped for my purpose. What should I do?

Videos

DEF CON 25

Many of the DEF CON 25 security conference videos are starting to appear online, from crypto to drone hacking to foss tools.

systemd @ facebook

“systemd at facebook, a year later”: I haven’t seen this video yet, but it’s an interesting topic from one of the giants. Hoping to get a lot of lessons learned out of this.

cgroupv2: Linux’s new unified control group hierarchy

Another video from CCC, offering an intro to cgroups, what’s the difference between v1 and v2, the new features & what’s planned ahead.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.