cron.weekly issue #17: Mint, GCC, Ansible, Python, Kubernetes, MongoDB & performanceFebruary 28, 2016 - Mattias Geniar
Welcome to cron.weekly for Sunday, February 28th, 2016.
Once again a full edition with lots of interesting links and follow-up items.
Lots of attention last week to this problem: it seems the forums of Linux Mint were hacked for several weeks, and the attackers managed to build a custom .ISO that was offered for download. It even spawned some reactions concerning general security in the Mint project.
A really nice write-up on the AnsibleFest conference 2 weeks ago. The post has plenty of links to the presentations and other blogposts that further summarise this Ansible event. From networking to continuous deployment to immutable infrastructures.
A fun article looking at the low-level bluetooth implementation of cheap buttons, like used in selfiesticks. Interesting script & code examples to use on Linux, too.
This open source Github/Bitbucket clone reached a new milestone with their 8.5 release: much faster (like: 3-5x), introducing TODO’s, custom domains for Gitlab Pages and a much easier way to revert a commit via the GUI.
This post explores the implicit thrust we place in package maintainers and the faith we have in them for responding to security vulnerabilities within a reasonable timeframe. Lots of good arguments there.
This could become an interesting blog to follow: the Python team at Microsoft now has a tech-blog of their own.
This post is fairly high-level, but offers some food for thought on what’s going on with Linux containers: fragmentation, open vs. partially open sourced containers and improper use of containers by vendors.
This commit fixes the problem where an “rm” command from a Linux server could, accidentally, destroy the UEFI firmware running the machine – rendering it unusable.
I’m not usually interested in typical list-posts, but this one covered some tools I never heard of: shuf, look, cowsay, factor, … and some more obscure tools.
GCC 6 is just around the corner, and the new compiler has a very interesting new compiler flag: -Wmisleading-indentation. In C-code, it’s very easy to misread code because its indentation is of. Think the classical ‘goto fail;‘ bug in Mac OSX. This new flag warns the user about misleading indentation, potentially causing bugs or security vulnerabilities.
If your primary job, as a tool, is the schedule containers, it better be good at it. This blogpost dives into the way Kubernetes handles it, with lots of technical insights.
If you liked Nadia’s previous open source post (‘How I Stumbled Upon The Internet’s Biggest Blind Spot‘), you might like this one too: comparing the way companies and open source projects handle management, decision making and sustainability.
After almost a decade of having to name the Firefox package ‘Iceweasel’, the Debian project have reached an agreement with Mozilla to finally have the rights to name the browser Firefox.
The first beta of Ubuntu 16.04 is up for download: this blogpost covers what’s new and what’s interesting.
In follow-up of the previous link: this 7-page article tests Ubuntu 16.04 against Fedora 23, Ubuntu 15 and openSUSE 42. Benchmarks run on the graphics, the OS and disk I/O.
If you’re running multiple Docker containers, chances are you’re looking for some kind of scheduler or orchestrator to handle that workload. This post compares Swarm, Mesosphere, Tutum and Kubernetes.
Tools & Projects
How do you operate a microservice application at scale? It introduces lots of interesting challenges like unpredictable workloads, scalability, … Linkerd is a new tool to help manage those microservices, introducing load balancing, real-time traffic routing and lots of statistics for monitoring.
This project offers decentralized feeds (RSS) using BitTorrent’s DHT. An interesting implementation of a tracker-less, distributed, protocol.
A StackOverflow client from the CLI: simply type “how2 read a file while changing”, and you get a nicely presented answer on how to use tail from StackOverflow.
The mosh shell isn’t new, but is worth mentioning nonetheless: this shell is ideal for roaming users, with high latency and intermittent connectivity, while still continuing to work.
Cross-platform Linux without the suck: a node package you can install on any platform, that emulates Linux. Like Cygwin, but without the hassle.
BeeGFS (formerly FhGFS) is a parallel cluster file system, developed with a strong focus on performance and designed for very easy installation and management.
Guides & Tutorials
Git is a complex beast. Instead of following countless tutorials, repeating the same actions, this guide explores git by looking at the hidden .git directory and looking at it from a very technical point-of-view.
A couple of issues back I mentioned “mgmt“, the next generation config management tool. This blogpost explores a way to have Puppet’s catalog be used as input for the new mgmt tool. Really cool proof-of-concept if you’re a Puppet fan.
This post covers the use case of the ‘dex’ tool, which can read your MongoDB logs and offer meaningful improvements. Sort of like mysqltuner for MySQL, but for MongoDB.
Sysdig has several ‘plugins’ that can further enhance its features: this post dives into a particular plugin (or ‘chisel’, as they call it) named ‘spectogram’. It can show a heatmap of system calls (open, close, read, write, socket, …) which could be useful when debugging.
Imagine being able to communicate with an application running in a Docker container from Python with very little code? This blogpost introduces a tool called sidomo which does just that.
A useful guide if you’re running a lot of internal systems and are tired of self-signed SSL certificate warnings: how to run your own Certificate Authority.
Install the entire ELK stack on CentOS 7.
A practical guide on using ‘perf’ to investigate and analyse CPU usage on a linux server.
This thesis (in PDF) does a really in-depth analysis of the performance of ZFS vs. BTRFS on Linux. If anything, skip to the conclusion and read the interesting takeaways there.