CRON.WEEKLY

I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

cron.weekly issue #12: Zabbix, GitLab, Tcpdive, Pact, Grafana, XKCD and many more

January 24, 2016 - Mattias Geniar

Welcome to issue 12 for cron.weekly. Today is January 24th, 2016 and there’s a lot of content to share!

News

Linux Kernel Privilege Escalation

Kernels 3.8 and higher are vulnerable for a local privilege escalation vulnerability, allowing non-root users to elevate their privileges to root. Patching is advised!

Zabbix 3 – Beta 1

The first public beta of Zabbix 3.0 is available for download: source, pre-build VMs and appliances are available.

Linux Foundation quietly drops community representation

The Linux Foundation, which acts as a promoter and is involved in standardising Linux, has now removed the community from its board representation. In response to these accusations, an official response by the Linux Foundation was also written.

Next generation configuration mgmt

A daring title, but the author makes for some compelling arguments: a new config management tool focussed on parallel execution, event driven and distributed ideas.

Debian to allow co-installable PHP versions

By default, it has always been a pain to get multiple PHP versions running on a single server. The Debian project is working to resolve that, by allowing multiple PHP versions to be installed side-by-side, out of the box. Fingers crossed this gets adopted by other major distributions, too.

Thank you Github

Last edition featured a complaint post about the issues Github should/could fix to improve the way open source works. This time, it’s time for praise, to acknowledge all the things Github has done to make open source so much better and easier to contribute to.

Making GitLab Better for Large Open Source Projects

The recent good cop/bad cop posts about Github have prompted GitLab, the open source Github competitor, to highlight some of its open source features.

Things I learned from OpenSSH about reading very sensitive files

Very low-level thoughts on what we can lear from last weeks’ OpenSSH vulnerability and how it can shape the way we handle sensitive files in the future.

Why always Docker?

There is a trend of using Docker containers for everything. This post explores why that’s not always a good idea.

Tools & Projects

pact

Give pact several PIDs. When one PID dies, pact will kill all provided PIDs. This is useful when you have grouped scripts/commands running that all rely on eachother and should either be started or stopped together.

tcpdive

Tcpdive is designed to provide an insight into TCP, by monitoring and analysing mass data collected from a running linux kernel. The data is gathered via systemtap and requires no kernel modifications.

Grafana-Zabbix

This project allows you to use your Zabbix monitoring instances as a datasource for Grafana.

DevopsWiki: a collection of resources

A wiki with a nice collection of ‘hacker links’: bash-scripts, vim guides, … lots of links to click through.

/dev/xkcdrandom

A new kernel module that adds support for the the famous XKCD comic about fair randomness on a server. If anything, it shows how much boilerplate code is required even for a simple kernel module.

WDT: Warp Speed Datatransfers

This new project by Facebook’s open source team offers a library and CLI client to transfer data between 2 hosts as fast as possible, over multiple TCP paths.

The serverless framework

This project uses AWS Lambda’s to write entire applications, effectively ignoring the need to manage ‘actual’ servers by yourself (while Amazon obviously still has servers to manage).

Riemann – A network monitoring system

Riemann aggregates events from your servers and applications with a powerful stream processing language.

grapse: online man-page editor

You’d think editing manpages is an easy thing, when you’re used to MarkDown or other formats. It’s actually a pretty obscure format, and this online editor helps you write proper manpages with correct syntax.

Wekan, open-source Trello

Wekan is an open source Kanban tool, much like Trello. It looks pretty much the same but is free to host on your own infrastructure.

PEV: PostgreSQL Query Plan Visualisation

An ‘EXPLAIN‘ query shows the query plan and execution strategy the SQL server, in this PostgreSQL, will use as its most optimal path of query’ing the data and returning the response. The pev project is a more visual representation of such an EXPLAIN query. The screenshots on the blog speak for themselves. If anyone makes a MySQL-version I’d be very interested!

Guides & Tutorials

How To Install GitLab As Your Private GitHub Clone

A very practical and to-the-point guide on getting started with GitLab, the git repository hosting tool.

Varnish vs Nginx: reaching 20Gbps throughput

The BBC investigated the throughput of Varnish vs. Nginx and found that a well-tweaked Nginx could serve up to 20Gbps of traffic, whilst Varnish was limited to 4Gbps. The technical write-down shows some bottlenecks in Varnish when it comes to memory mapping.

Posting successful SSH logins to Slack

Slack is all the rage nowadays. This post shows you how to let SSH trigger custom shell-scripts (through PAM) to send notifications to a chat-channel about logins on a server.

RHEL7: Apply a tuning profile to a server

RHEL 7, and by extension CentOS 7, support different “profiles” for a server out of the box. This post covers how to select them and, in short, shows the differences between them (powersave, high-throughput, virtual-host, …). Tuning a server isn’t easy, these presets make it just a little easier.

Beginner’s guide to IRC

IRC is the backbone of our open source communication. This post covers how you can get started by explaining both the tools and the concepts (channels, servers, etc) for IRC.

Tinkering with systemd’s predictable network names

Some nice background information on the ‘random’ network names devices can get on systemd servers.

What’s the difference between a ‘terminal’, a ‘shell’, a ‘tty’ and a ‘console’?

A lot of background information on the various terms.

Setting up an OpenVPN server on Linux

A detailed step-by-step set of instructions if you ever want to configure OpenVPN on your own linux machine(s).

SSH tunneling for fun & profit: autossh

This post introduces a new tool, autossh, and covers its configuration. Autossh will make SSH tunnels persistent, should they ever disconnect they’ll be re-connected in the background.

The Unix/Linux file system

The layout reminds me of a 90s TV show somehow, but the content is still relevant: explaining the Linux filesystem (inodes, paths, symlinks, hard- and softlinks, etc).

Proper handling of SIGINT/SIGQUIT

Another 90s-style layout, but covering important basics of handling SIGINT signals in your scripts.

SSH: Best Practices

I feel like I can include a ‘security best practice‘ link in every edition, but this one – aiming only at SSH – is very detailed. If your only job was to configure SSH as securely as possible, check this one out and follow each recommendation.


I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!