cron.weekly issue #105: golang, webpack, Minix, CouchDB, Prometheus, Bash, XFS & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, November 12, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #105 for Sunday, November 12th, 2017.

No lame jokes this time, just good linux & foss content. Enjoy!

News

Funding Open Source: How Webpack Reached $400k+/year

It isn’t easy making money from open source projects, but the Webpack team found a way to stay afloat. In this post, they describe how they went about that strategy.

Stop supporting old releases.

A call to action for maintainers to support themselves and move forward.

Giving open source projects life after a developer’s death

This is a rather heavy topic, but I’ll admit it has crossed my mind as well: what should happen to (your) open source projects – or in fact, your online identity – if you should pass away? Lots of food for thought in this post on how open source developers can keep this in mind.

MINIX: ​Intel’s hidden in-chip operating system

On every Intel chip, the MINIX OS is running. It’s a network-capable webserver that just happens to be completely insecurely configured.

An open letter to Intel

Andrew S. Tanenbaum, who created the MINIX operating system, writes to Intel to say it would’ve been fun had he been given a heads-up that his OS is now deployed on every Intel chip, making it very likely that it’s become the most widely deployed OS in the world.

AWS adopts home-brewed KVM as new hypervisor

AWS is stepping away from their Xen hypervisors and moving to a KVM-based system. This might be a big blow to the Xen project.

Linux kernel: multiple vulnerabilities in the USB subsystem

A researcher disclosed the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a

crafted malicious USB device in case an attacker has physical access to the machine. It’s unclear if these can also be exploited through virtual USB devices, like VMs.

Exploiting CVE-2017-5123

This one went over my head, but I’m sure some of you can appreciate it: it contains the technical details on how a security researcher bypassed KASLR to perform a privilege escalation vulnerability.

MongoDB 3.6 comes hardened against database ransomware by default

As of 3.6, MongoDB will no longer listen to 0.0.0.0 by default, but only on 127.0.0.1. Sjeez, that took ages.

CouchDB vulnerabilities fixed

If you’re running CouchDB, make sure you get the latest patches & updates installed, they fix multiple critical issues.

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)

example42: Puppet|DevOps|Automation

Example42 is the developer of PSICK (Puppet Systems Infrastructure Construction Kit) a powerful and integrated Puppet control-repo. At PuppetConf 2017, the companion psick module has been released with support for Puppet Bolt and a huge amount of profiles for common use cases. example42 is Puppet partner in Germany and supports Open Source and Enterprise customers in Puppet automation. (Sponsored)

Decentralized-Cloud

Decentralized Cloud is the simplest way to send your files around the world using the InterPlanetary File System. IPFS (the InterPlanetary File System) is a new hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications. It aims to make the web faster, safer, and more open.

Webhook

webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands.

disque

Disque is an ongoing experiment to build a distributed, in-memory, message broker. Its goal is to capture the essence of the “Redis as a jobs queue” use case, which is usually implemented using blocking list operations, and move it into an ad-hoc, self-contained, scalable, and fault tolerant design, with simple to understand properties and guarantees, but still resembling Redis in terms of simplicity, performance, and implementation as a C non-blocking networked server.

voyager

Voyager is a HAProxy backed secure L7 and L4 ingress controller for Kubernetes. This can be used with any Kubernetes cloud providers including aws, gce, gke, azure, acs. This can also be used with bare metal Kubernetes clusters.

Prometheus 2.0

Faster storage & time series backend, built-in support for DB snapshots, more simple recording & alerting formats (in YAML) and plenty other improvements from 1.x to 2.0.

Guides & Tutorials

Continuous Delivery 101 from GoCD

The final part of our Continuous Delivery 101 video series is published. In this free series, you will get the history and concepts of continuous delivery, a look into automated testing, as well as best practises and more. Check it out. (Sponsored)

Profiling Go

A golang application is slow, what can you do to track the cause? This post covers a lot of practical tips: the types of profiling, how to interpret stats, memory consumption, … all from a dev point of view.

How Netflix works: the (hugely simplified) complex stuff that happens every time you hit Play

A very nice read on the technical architecture of Netflix, their setup of microservices, how they keep things running and keep momentum by deploying over 1.000x a day.

InfluxDB Internals 101 – Part One

InfluxDB is an Open Source Time Series DB Platform for Metrics & Events, this post explains the internals of the database engine.

Our Failure Migrating to Kubernetes

Migrating to any system is hard and daunting, in this post the author gives an honest overview of the problems they encountered when moving to Kubernetes and how they fixed it.

Migrating to Kubernetes: Day 20 Problems

From the same team, a look at Kubernetes a few weeks into production: lots of details again about things that went wrong (locking, threading, CPU limitations, …).

Writing Robust Bash Shell Scripts

Good tips on using “set -u”, “set -e”, code expectations, handling signals & traps & more.

Learning Go by porting a medium-sized web backend from Python

I’ve been trying to learn golang for a while, posts like these help me for seeing the bigger picture: how applications built in Python can be ported to Go.

MySQL & XFS: used space concerns

One of my colleagues brought this to my attention last week: XFS will pre-allocate disk space for files, in the assumption they will most likely grow further. In the case of MySQL, this can mean a MySQL data file can take up 2x the amount of space on disk vs. the size of the file in reality.

How to use cron in Linux

A good beginner’s post again with tips on getting started with cronjobs.

MySQL and Linux Context Switches

How many context switches are too much? And how do you measure that? This post has you covered.

Videos

DockerCon EU 2017

DockerCon was a massive Docker-focussed event in Europe, and all videos are available online. There were 7 different tracks, each filled with their kind of talks. Lots of content to go through!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.