cron.weekly issue #108: Gophish, Exim, tldr, HAProxy, ElasticSearch, mdoc & moreDecember 3, 2017 - Mattias Geniar
Welcome to cron.weekly issue #108 for Sunday, December 3rd, 2017.
Quite a busy week once again, with lots of news & tools to share. Hope you enjoy it!
If you run Exim, you might want to check the latest updates. There’s a remote code execution vulnerability doing the rounds.
A more in-depth write-up on the recent Intel Management Engine vulnerabilities.
This is an amazing site, it’s got portraits and a bio of the most prominent contributors to open source, not just from the last year but going back decades!
This was just too funny not to include: Mac OSX had a security issue where you could log in with “root” and a password of your choosing at any time, to bypass access control. The technical details are interesting, as well as their own brief summary (that tries to stay as vague as possible). There was some commotion about the way it got disclosed, that the author would like clear up.
The Dirty COW vulnerability from last year appears to have only been partially patched! These security researchers wrote up their findings about an additional vulnerability, which got patched a few days ago in the Kernel.
Tools & Projects
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
Example42 is the developer of PSICK (Puppet Systems Infrastructure Construction Kit) a powerful and integrated Puppet control-repo. At PuppetConf 2017, the companion psick module has been released with support for Puppet Bolt and a huge amount of profiles for common use cases. example42 is Puppet partner in Germany and supports Open Source and Enterprise customers in Puppet automation. (Sponsored)
Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password.
KeePassXC is a Cross-Platform Community Edition of KeePass. KeePassXC can store your passwords safely and auto-type them into your everyday websites and applications.
It’s been a while since I linked to tldr, it’s definitely worth re-sharing: it is a community effort to simplify the beloved man pages with practical examples. Heck, it even got featured on “mainstream media“.
The 1.8 release is live, with TLS 1.3 support, HTTP/2, seamless reloads, … quite a big changelog with impressive features.
blists is a web-based interface to mailing list archives that works off indexed mbox files. There are two programs: bindex and bit. bindex generates or updates the index file (yes, incremental updates are supported). bit is a CGI/SSI program that generates web pages on the fly.
Gophish is a powerful, open-source phishing framework that makes it easy to test your organization’s exposure to phishing.
Recursive and authoritative DNS server in go, including DNSSEC and DNS-over-TLS.
An Ansible playbook to help configure a Fedora desktop.
A daily challenge/puzzle to solve in December, from easy programming exercises to harder puzzles.
This one is useful when working with ElasticSearch instances: it’s a Chrome plugin that gives you quick access to indexes, shards, status, … of an ElasticSearch instance.
Some new improvements in PHP 7.2, including a new Sodium extension that allows for secure cryptographic functions, making PHP one the of the few languages that give the tools right out of the box to get crypto right.
Guides & Tutorials
GoCD or Spinnaker? This post is an overview of GoCD and Spinnaker, why they are different from each other and which problems you should use them to solve. Check it out. (Sponsored)
A full guide on how to write your own manpages in the mdoc format.
A lot of good practical details to help get you started with tmux.
You can build Docker containers that originate from a “scratch” image, to get the most minimal possible container to run your code.
It’s a 2-year-old post, so things might’ve changed, but it’s fun to read up on the good parts of MongoDB, instead of all the bashing it’s receiving.
“Transparent Hugepages” is a Linux kernel feature intended to improve performance by making more efficient use of your processor’s memory-mapping hardware. It can give some applications a small performance improvement, but can cause significant performance problems, or even apparent memory leaks at worst.
Linkbait title, bit useful info: you can tweak PostgreSQL’s query planner to match the underlying disk (hdd vs. ssd), so you can optimize it for SSD scenario’s.
The default error messages in HTTP/2 aren’t very useful, they’ll say “protocol error”, with the details. However, Chrome offers an internal debugger for HTTP/2 that you can use to find the real reason of the error. This can come in handy if you’re ever troubleshooting HTTP/2 connections.
I first wrote about it in 2015 and it’s gotten some new attention last weeks; terminal escape sequences can be used to hide output or commands secretly running when you execute Bash scripts or one-liners copy/pasted from the interwebs.
A lot of details in the post, on writing your own Kernel module.
The author of the Caddy packages for Fedora/CentOS/RHEL offers his views on how to install & manage Caddy on those distributions. Thanks for packaging Caddy Carl!
In case you hadn’t yet, mark February 3rd & 4th 2018 in your calendar for FOSDEM, the biggest (I think?) open source conference in Europe, held in Brussels, Belgium.