cron.weekly issue #16: ZFS, Ubuntu 16.04, glibc, Vulkan, Kocho, Networking, tar & many moreFebruary 21, 2016 - Mattias Geniar
Welcome to cron.weekly for Sunday, February 21st, 2016. We were all busy with the glibc vulnerability last week, so I hope you can find the time to relax this Sunday and read through some of the interesting articles below.
If this glibc vulnerability is news to you, and you manage Linux servers, I suggest you go ahead and patch your servers straight away. It’s been a busy week for Linux sysadmins all around the globe with yet another DNS vulnerability in the core of our OS (glibc), much like the ghost vulnerability from last year (2015).
Dan Kaminsky, known for many security vulnerabilities and most known for its DNS cache poisoning attack a couple of years ago, looks back at the glibc bug mentioned above to assess its impact.
A well-reasoned argument about Canonical’s licensing terms for package (re)distribution, adding additional burden and load to anyone willing to redistribute the Ubuntu packages into a new distribution. Turns out, he’s not alone in thinking this.
Most of the FOSDEM 2016 videos are available online, with new recordings still being added daily. If you missed interesting talks during this open source conference, have a look!
With the glibc vulnerability getting a lot of attention, Red Hat asks the interesting question: who’s going to fix the containers?
If you had previous Go code, go ahead and compile against the 1.6 release. It offers a number of improvements including enabling HTTP/2 by default.
What do you do if your microwave oven has the worst possible UI or UX? You hack it and let Linux run it, of course.
If you only use Linux on the server this may seem irrelevant, but still: Vulkan is a new video display API competing with OpenGL and Microsoft’s DirectX. This enables more robust and innovative video support for Linux on the desktop, adding support for 64bit games. Ubuntu 16.04 will even include full support in the Mir display server. If you’re interested in 3D rendering from a technical standpoint, have a look here: Vulkan in 30 minutes.
As sysadmins, we know we already have plenty of package managers. Everyone seems to invent one at some point. This post dives into the technical details of what it takes to actually write a package manager of your own.
It’s taken a really long time, but ZFS is finally coming to Ubuntu. In a couple of weeks, when 16.04 is released (LTS!), official support for ZFS will be included.
Nearly 10 years after the previous release, the ReactOS team released version 0.4.0. ReactOS is an open-source effort to develop a quality operating system that is compatible with Microsoft Windows applications and drivers.
An introduction to the ‘Elastic Stack’ (Elasticsearch, Kibana, Logstash) version 5, which offers quite a few improvements and name changes.
A new major release, featuring lots of new encoders & filters.
After many years of development, the new LTS release of Zabbix has been released: a much needed redesigned web interface, encrypted protocol for client <-> server communication, trend prediction & many performance improvements.
Tools & Projects
This project tries to reverse engineer the Dockerfile when all you have is the Docker image itself.
Last week’s issue featured BigchainDB as a blockchain-database. This project offers you a simple deployment based on Docker.
This project transforms your smartphone into a PC. Ubuntu once tried something similar in 2013 which failed, I’m curious what this project can offer.
This project is a cooperative discourse, delegation and voting software, which enables a collective, binding decision-making process online. Basically, if you want online voting, have a look here.
Remember that post about not having enough package managers? Well, organon is a new package manager for pentesting focussed tools.
A safe, comprehensible and efficient PID 1/init replacement written in OCaml. In short, it haves like sinit does.
The Kocho tool is a way of bootstrapping CoreOS OS’s in a virtual environment. There’s a lot of tools out there for bootstrapping Docker images, but very little tools that bootstrap the OS to run your Docker images. Kocho fills that gap.
notty is a virtual terminal like xterm, gnome-vte, sh, or rxvt. Unlike these programs, notty is not intended to emulate a DEC VT-series physical video terminal, or any other physical device. Instead, notty is an experimental project to bring new features to the command-line which would not have been possible for the physical terminals other terminals emulate.
Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment.
Breadth-first search for your files. bfs is a variant of the UNIX find command that operates breadth-first rather than depth-first. In short: a much faster, more efficient version of ‘find’ at the CLI.
AppFS is a FUSE-based filesystem that presents a filesystem view of remote packages presented via HTTP for the purpose of running software without the hassle of installing it.
Guides & Tutorials
An excellent guide on configuring the different caching options in Nginx, in this case to replace a Varnish configuration and keep just the Nginx instance. It also includes an interesting way of generating thumbnails to images from within Nginx.
An absolutely brilliant 5-part series on how the network stack in Linux works, outlining the path of a packet from the wire through the network driver and kernel until it reaches the receive queue for a socket. part 1, part 2, part 3, part 4 & part 5.
There’s a famous XKCD comic about the ‘tar’ tool, so an introduction & guide about that tool seems about right.
Managing LVM isn’t always as straightforward as we’d like, especially for newcomers. RHEL and CentOS 7 ship with a tool called ‘System Storage Manager’ (a set of CLI tools and interfaces) which facilitates the use of LVM and this guide explains it further.
A very explicit guide on wrapping both Grafana and InfluxDB into a Docker image, with each step explained in detail.
If you’re new to monitoring, this post unveils a couple of tools you can use to monitor your Linux server(s).
The ‘load average’ mystery continues: this uncovers the history of load averages, starting at BSD.
IPFS (InterPlanetary File System) is a new peer-to-peer hypermedia protocol, basically a huge distributed filesystem. This post further clarifies IPFS with some examples.
If you come from Windows and want to use Linux, which open source variants to popular Windows tools do you use? This post explores some of them (like Photoshop, ISO tools, Sketchbook, …).
The Linux pseudo random number generator (PRNG) is a special device that generates randomness from hardware interrupts (keyboard, mouse, disk/network I/O) and other operating system sources. In a virtual environment however, those aren’t always available. This post explores an alternative way to generate such “entropy”.