cron.weekly issue #18: OpenSSL, Debian, Caddy, Systemd, Bash, Make & many more!March 6, 2016 - Mattias Geniar
Welcome to cron.weekly issue #18 for Sunday, March 6th, 2016.
Another security week, this time with 2 OpenSSL vulnerabilities. Lots of interesting articles on Docker, config management, monetising open source and a bunch of interesting releases and projects.
In other exciting news: this newsletter has just surpassed the 1.000 subscriber mark! Thank you all for your continued support and providing me with valuable feedback.
If you’ve liked the newsletter so far, you would do me an immense favour by sharing it on social media, mentioning it to your coworkers or friends. If you’re not sure how, check out the green ‘I loved it‘ button at the bottom of this e-mail.
Enjoy your Sunday!
The crypo-world got 2 gifts this week: a high severity OpenSSL vulnerability dubbed ‘DROWN’ and a side-channel attack called ‘CacheBleed’, which allows the RSA private keys to be retrieved from a server. There’s a bit of patching and configuration changes involved, if you haven’t already. More technical details are, as usual, on the CloudFlare blog.
The Debian project will wait for Kernel 4.10 to be released before it releases a stable version of Debian 9 (codenamed Stretch). It’ll take a bit longer because of this, but should mean a longer upstream support period and improved compatibility.
Quite a lengthy article comparing Borg, Omega & Kubernetes as container management systems. Lessons learned from each are included.
This blogpost by Matt Holt, creator the Caddy Server project, offers an interesting story behind monetising your open source project. Caddy is still free to download, but you’re encouraged to donate. I for one hope a reasoned explanation like this gets people to appreciate the efforts that go into an open source project.
The battle for PID 1 continues: a very interesting read for 2 competing systems, Docker and systemd, both trying to accomplish similar tasks.
Exciting news for the storage folks relying on Linux: block-layer I/O polling is coming soon! Instead of having the disk drivers send interrupts to the kernel to accept storage commands, the kernel can now poll for new changes. This means less interrupts and lower latency for disk I/O!
A testament to the power of our command line: this example analyses a small dataset (around 2GB) and finds it much faster to process via the CLI using a couple of grep/awk/sed commands than via a Hadoop Cluster.
Tools & Projects
This project attempts to introduce saner defaults to Bash: better tab completion, a nicer ‘history’ (without recording useless commands) and better directory navigation.
Gor is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.
A nice set of defaults for a vim configuration. Vim is highly opinionated, of course, but these configs make for a great starting point to finetune vim to your liking.
This is an Open Source alternative to Ansible Tower, a central dashboard for monitoring and managing your Ansible infrastructure.
Package your application (Ruby / NodeJS / Go / PHP / …) into deb or rpm packages on Debian, Ubuntu, CentOS, Fedora. This includes init scripts, logrotate, etc.
Traffic Shaping on a Linux machine doesn’t have the easiest CLI interface. This project tries to make it better: easy to setup traffic control of network bandwidth/latency/packet-loss to a network interface.
Distribute your desktop Linux application in the AppImage format and win users running all common Linux distributions. Package once and run everywhere.
A new ‘apt’ binary combines the most commonly used commands from apt-get and apt-cache and adds a progress bar to the mix.
Guides & Tutorials
I always enjoy reading debugging & troubleshooting sessions by fellow sysadmins: these kind of guides usually teach me the post (new methods, tools, CLI snippets, …). This particular blogpost uncovers a rabbit hole when debugging why ‘ping’ wouldn’t work in Docker images.
A nice understandable presentation on using Docker, with practical information.
Both curl and wget have similar capabilities, bit differ in a couple of key areas: this page highlights the differences.
Another link-bait title, but pretty decent content: a couple of useful iptables snippets that can come in handy.
It’s not a project of itself, but a good explanation of how to create self-documentation ‘make‘ files. If your project relies on make for building, deploying or automating tasks, this post is for you.
This interesting blogpost by Red Hat gives us some lessons learned when working with Docker containers.
Nice insights from a long-time Chef user, switching to Ansible: easier to set up, easier to teach and easier to maintain. It’s opinionated, but everything in the config management world is.
A very nice improvement came to Puppet 4, allowing you to create ‘wrapper modules’ a lot easier. You no longer have to repeat all parameters for each module, you can use the wildcard (*) parameter.