cron.weekly issue #105: golang, webpack, Minix, CouchDB, Prometheus, Bash, XFS & moreNovember 12, 2017 - Mattias Geniar
Welcome to cron.weekly issue #105 for Sunday, November 12th, 2017.
No lame jokes this time, just good linux & foss content. Enjoy!
It isn’t easy making money from open source projects, but the Webpack team found a way to stay afloat. In this post, they describe how they went about that strategy.
A call to action for maintainers to support themselves and move forward.
This is a rather heavy topic, but I’ll admit it has crossed my mind as well: what should happen to (your) open source projects – or in fact, your online identity – if you should pass away? Lots of food for thought in this post on how open source developers can keep this in mind.
On every Intel chip, the MINIX OS is running. It’s a network-capable webserver that just happens to be completely insecurely configured.
Andrew S. Tanenbaum, who created the MINIX operating system, writes to Intel to say it would’ve been fun had he been given a heads-up that his OS is now deployed on every Intel chip, making it very likely that it’s become the most widely deployed OS in the world.
AWS is stepping away from their Xen hypervisors and moving to a KVM-based system. This might be a big blow to the Xen project.
A researcher disclosed the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a
crafted malicious USB device in case an attacker has physical access to the machine. It’s unclear if these can also be exploited through virtual USB devices, like VMs.
This one went over my head, but I’m sure some of you can appreciate it: it contains the technical details on how a security researcher bypassed KASLR to perform a privilege escalation vulnerability.
As of 3.6, MongoDB will no longer listen to 0.0.0.0 by default, but only on 127.0.0.1. Sjeez, that took ages.
If you’re running CouchDB, make sure you get the latest patches & updates installed, they fix multiple critical issues.
Tools & Projects
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
Example42 is the developer of PSICK (Puppet Systems Infrastructure Construction Kit) a powerful and integrated Puppet control-repo. At PuppetConf 2017, the companion psick module has been released with support for Puppet Bolt and a huge amount of profiles for common use cases. example42 is Puppet partner in Germany and supports Open Source and Enterprise customers in Puppet automation. (Sponsored)
Decentralized Cloud is the simplest way to send your files around the world using the InterPlanetary File System. IPFS (the InterPlanetary File System) is a new hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications. It aims to make the web faster, safer, and more open.
webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands.
Disque is an ongoing experiment to build a distributed, in-memory, message broker. Its goal is to capture the essence of the “Redis as a jobs queue” use case, which is usually implemented using blocking list operations, and move it into an ad-hoc, self-contained, scalable, and fault tolerant design, with simple to understand properties and guarantees, but still resembling Redis in terms of simplicity, performance, and implementation as a C non-blocking networked server.
Voyager is a HAProxy backed secure L7 and L4 ingress controller for Kubernetes. This can be used with any Kubernetes cloud providers including aws, gce, gke, azure, acs. This can also be used with bare metal Kubernetes clusters.
Faster storage & time series backend, built-in support for DB snapshots, more simple recording & alerting formats (in YAML) and plenty other improvements from 1.x to 2.0.
Guides & Tutorials
The final part of our Continuous Delivery 101 video series is published. In this free series, you will get the history and concepts of continuous delivery, a look into automated testing, as well as best practises and more. Check it out. (Sponsored)
A golang application is slow, what can you do to track the cause? This post covers a lot of practical tips: the types of profiling, how to interpret stats, memory consumption, … all from a dev point of view.
A very nice read on the technical architecture of Netflix, their setup of microservices, how they keep things running and keep momentum by deploying over 1.000x a day.
InfluxDB is an Open Source Time Series DB Platform for Metrics & Events, this post explains the internals of the database engine.
Migrating to any system is hard and daunting, in this post the author gives an honest overview of the problems they encountered when moving to Kubernetes and how they fixed it.
From the same team, a look at Kubernetes a few weeks into production: lots of details again about things that went wrong (locking, threading, CPU limitations, …).
Good tips on using “set -u”, “set -e”, code expectations, handling signals & traps & more.
I’ve been trying to learn golang for a while, posts like these help me for seeing the bigger picture: how applications built in Python can be ported to Go.
One of my colleagues brought this to my attention last week: XFS will pre-allocate disk space for files, in the assumption they will most likely grow further. In the case of MySQL, this can mean a MySQL data file can take up 2x the amount of space on disk vs. the size of the file in reality.
A good beginner’s post again with tips on getting started with cronjobs.
How many context switches are too much? And how do you measure that? This post has you covered.
DockerCon was a massive Docker-focussed event in Europe, and all videos are available online. There were 7 different tracks, each filled with their kind of talks. Lots of content to go through!