cron.weekly issue #15: Ubuntu, TCP/IP, systemd, htop, Teletraan, Maybe, /etc/hosts, Fish & many more!February 14, 2016 - Mattias Geniar
Welcome to the 15th issue of cron.weekly for February 14th, 2016. It’s valentines day, so what better way to spend your day than reading about Open Source, right?
Last week’s edition was a small one due to illness on my part, but I promise you plenty of reading material for this week. Enjoy!
Right now, Ubuntu inherits a lot of packages, methodologies and workflows from the Debian project, but there are some very specific Ubuntu “hacks” needed in order to use the Debian packages. The Ubuntu project is working for the 18.04 release to be entirely compatible with Debian, without Ubuntu specific patches.
The Debian 6 LTS release will reach end of life on February 26th, 2016, five years after its initial release.
As of the 1.9.11 release (out since 9/2) Nginx supports dynamic modules. This allows modules to be loaded or unloaded at runtime based on configuration files.
An interesting technical read on virtual ethernet devices (veth) and a long-standing bug that has plagued the Mesos, Kubernetes and in lesser form the Docker community (Docker was only vulnerable over IPv6).
This new release has DNSSEC validation (optional), improved coredump support, better socket activation and many more improvements.
Vault is a tool for managing secrets. From API keys and encrypting sensitive data to being a complete internal CA, Vault is meant to be a solution for all secret management needs. The new release adds listing secrets, better ACLs, split backends and many more.
Docker recently acquired Unikernels Systems. This post covers the potential impact of that purchase on the ecosystem for both the developers and endusers.
An interesting change for the security of our terminals: the ‘ls’ command will soon automatically shell-escape the output.
Open Source is everywhere. In the military, using open source can be used to your advantage.
The new version is now cross-platform, ads support for mouse-wheel scrolling, moving meters/columns in the settings becomes easier, the ability to show environment variables and a revamped “graph” mode.
Our once beloved open-source hosting repository is once again being sold, this time to an unknown ‘BIZX’.
This post looks at successful open source projects and determines what it takes to make it happen, referring back to the famous “The Cathedral and the Bazaar” essay covering software development methodologies that is nearly 20 years old.
Open Source is more than writing code and making it public. It’s a shame that most open source tools only show appreciation to “contributors” in the form of code commits, not by submitting bug reports, writing documentation, support end-users on mailing lists, …
Tools & Projects
Vagga is a tool to create development environments, aiming to be automated after commands like “git pull” by starting a container and running a command. Environments can be automatically rebuilt after every change in version control. If you’re wondering “isn’t Vagrant already doing this?”, their FAQ has you covered.
This new project is Pinterests’ deployment tool, with a focus on rollbacks, hotfixes, rolling deploys (with no downtime), staging, visibility and usability.
RancherOS is a 20mb Linux distro that runs the entire OS as Docker containers. RancherOS is a minimalist Linux distribution that is perfect for running Docker containers. The idea is to run Docker directly on top of the Linux Kernel, and have all user-space Linux services be distributed as Docker containers.
The ‘spellbook’ project allows you to search for and store command line snippets. Instead of “aliassing” everything and hoping to remember each alias, spellbook can be your own personal repository of useful little CLI snippets.
BigchainDB is a scalable blockchain database, built for petabytes of capacity. The whitepaper behind the project offers more details.
Not sure what that shell-script is going to do? Run it with maybe. See what the program does before deciding whether you really want it to happen.
The ‘git blame’ command shows the author and commit for each line in a file. It’s perfect for tracing the author of a faulty change. But what if you’re that author? This project allows you to change the author of a particular commit, to shift blame to someone else.
Bup is a very efficient backup system based on the git packfile format, providing fast incremental saves and global deduplication (among and within files, including virtual machine images).
ddumbfs is a fast inline deduplication filesystem for Linux. Based on FUSE and released under the GNU GPL. Deduplication is a technique to avoid data duplication on disks and to increase its virtual capacity.
This project is a consolidated effort to combine multiple adblock lists into a single, curated, hosts-file. You can drop this in your /etc/hosts to block most of the ads on the internet.
Subuser turns Docker containers into normal linux programs for easier use and improved security. Subuser gives your desktop programs access to the resources they need in order to function normally.
Modd is a flexible tool for responding to filesystem change. It triggers commands and manages daemons in response to filesystem changes.
Gz-sort sorts gzipped data files. Really really big gzipped data files. In order to sort a terabyte of data you only need 4MB of RAM.
A Scalable Server for Realtime Web Apps. It stores and syncs data in realtime, built in node.js.
Maltrail is a malicious traffic detection system, utilizing publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails compiled from various AV reports and custom user defined lists, where trail can be anything from domain name, URL or IP address.
A command to search port names and numbers.
Storm is a command line tool to manage your ssh connections. You can add/delete/edit your ~/.ssh/config file from the CLI.
Sync files to and from Google Drive, S3, Swift, Cloudfiles, Dropbox and Google Cloud Storage.
Testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws.
An interesting proof-of-concept chat implementation, based on the SSH protocol. Just SSH to a server (and accept its public key) and you enter a chatroom.
Project Haystack is an open source initiative to streamline working with data from the Internet of Things.
Offline search tool for developers: find what you need without the need for Internet access. It takes a local copy of Stack Overflow and builds a GUI in front of it so you can search the data.
Qira is a ‘QEMU Interactive Runtime Analyser’: it’s like strace of gdb, but for QEMU virtual machines.
Guides & Tutorials
An interesting approach on developing software locally on a laptop/desktop, by partitioning the drive as a separate ZFS partition for use with LXD (linux container hypervisor) to destroy/rebuild environments quickly.
CPU load averages aren’t as straightforward as they could be. This guide dives into what they are, how they relate to CPU time and how to better understand the averages.
If you ever need to build RPM packages for Red Hat, CentOS or Fedora, this guide has you covered.
This StackOverflow post covers the various settings of “set -o verbose, “set -x” and “set -v” in bash scripts. They can be used to debug applications and show the output of each shell-command within that bash file.
A detailed guide covering the Fish-shell, which has recently been gaining in popularity next to the already famous Zsh and oh-my-zsh project.
This tutorial discusses KVM introduction, deployment and how to use it to create virtual machines under RedHat based-distributions such as RHEL/CentOS7 and Fedora.
How do you make your Docker images as small as possible? This guide covers some basics for removing obsoleted packages.
RSpec is used for testing your infrastructure as code. This blog post is the first in a series attempting to outline some of the basics of test driven development with rspec from the perspective of an Operations person.
Prometheus is an open source monitoring system developed by SoundCloud. Like other monitoring systems, such as InfluxDB and Graphite, Prometheus stores all its data in a time series database. This guide covers the setup and configuration.