cron.weekly issue #19: GUI’s, Jenkins, Docker, Microsoft, jo, sshtron, cockpit & more!March 13, 2016 - Mattias Geniar
Welcome to cron.weekly issue 18 for Sunday March 13th, 2016.
Before you think this newsletter is turning into a Microsoft or Docker newsletter, I want to assure you: the focus is still on open source & linux. But Microsoft has been dominating the news lately (good & bad) and Docker seems to be omnipresent nowadays.
Either way, enjoy this weeks’ edition because there’s lots of content to share!
An interesting tale of what happens when /bin/sh becomes corrupt and the system is rebooted. It’s a good use case for using alternate shells on your accounts so you still have access in case the default shell is corrupted.
This is something us server-side admin don’t have to worry about much, but desktop Linux – at least until Wayland makes its way – uses the X server to display windows and applications. In that X Server, there’s no GUI-level isolation. Two GUI applications running in X Server are not isolated from each other.
Wayland, the new display server to replace X server, will fix that GUI isolation problem. This post explores some of the highlights of Wayland and confirms that it’s not yet coming to Fedora 24 but will probably make it in Fedora 25.
This is a very nice presentation by Brendan Gregg on BPF, which used to be called the Extended Berkeley Packet Filter. BPF is the in-kernel bytecode machine that can be used for network tracing, virtual networks, and more.
I didn’t see this one coming: SQL Server, the flagship SQL Server product from Microsoft, will be available to run on Linux around mid-2017. The current target is Ubuntu & RHEL and its derivatives, like CentOS. The items that remain unclear: licensing, cost and the upgrade & migration paths from Windows to Linux. Oh, and how other processes will get along with SQL Server.
Despite their several announcements of supporting open source, Microsoft is still suing several Linux distributions over patent infringements. Their “SQL Server on Linux” announcement got a lot of attention, but is it a cleverly timed coverup for more negative news towards open source that came out last week?
Many of us linux & open source folks have started our careers in some kind of support environment, quickly learning new technologies to help support the business. This post resonated with me as it hits so close to home: the challenges involved in hiring technical support.
Learn from the biggest, I always say. This post describes some internals of Facebook’s config management, how often a day config changes occur (1.000+), what they’re used for (feature toggles, among others) etc.
An interesting look at how Docker became so popular, which problems it’s solving and where our industry in general is coming from: starting at VMware to AWS to Docker.
A recent announcement claimed Docker Swarm to be faster than Kubernetes. Both try to manage (Docker) containers as efficiently as possible. This post further explores how speed isn’t the only factor to take into account when comparing such tools.
Docker & Security (PDF)
This presentation given by 2 hackers look into Docker’s isolation & governance modal from a security point of view. Lots of interesting technical remarks on UID mapping, privilege escalation, SELinux, …
Tools & Projects
This tool allows you to create JSON output from the shell.
While not a real project, it’s something that can get you thinking: a universal install script that works for all platforms. (XKCD)
tcpkali is a high performance TCP and WebSocket load generator and sink. It can open millions of connections from a single host by using interface aliases.
The much anticipated release of Jenkins is coming soon! It introduces ‘configuration as code’ for defining pipelines, a much cleaner UI & total backwards compatibility. I’m looking forward to this release.
PyPy is a fast, compliant alternative implementation of the Python language (2.7.10 and 3.2.5). The focus is on speed and memory usage, while keeping compatibility with the ‘official’ Python releases.
A filesystem for your X Windows. X11fs creates a vitual filesystem to represent open windows, similar to what /proc does for processes. This allows windows to be controlled using any language or tool with simple file IO, in a true unix fashion.
ownCloud is a file sync and share solution, much like Dropbox, and has reached version 9.0. The new release introduces collaboration features, improvements to scalability and brings federation to a new level.
BorgBackup (short: Borg) is a deduplicating backup program. Optionally, it supports compression and authenticated encryption. The main goal of Borg is to provide an efficient and secure way to backup data.
Play Tron over SSH. It’s actually really incredible, just go ahead and test it: “ssh sshtron.zachlatta.com”.
Guides & Tutorials
This is a useful guide if you ever want to just download an ISO to your local harddrive and be able to boot from it. In GRUB2, you can modify the bootloader to load an ISO from the local hard drive to accomplish that.
An interesting writeup from a company that’s used ZFS for a while now. The post has disk I/O benchmarks and operational metrics.
That title says it all: let /dev/urandom generate random bits and bites and turn it into audio!
This guide explains the rkt container runtime, a project maintained by the CoreOS folks.
How to run both collectd with facette, a new tool to visualise time series values (like statsd values).
Cockpit is an elegant, beautiful way to see and manage your servers using just a web browser. It’s open source, and it is quickly growing new features and capabilities all the time.
A very honest introduction to Terraform, a new way of managing infrastructure as code from the creators of Vagrant. A simple file-based system gives you easy overview of your environments.
With the recent OpenSSL vulnerabilities, this isn’t a bad question to ask: what TLS ciphers should/can you support in your environment, from webservers to mailservers to IMAP and POP3 connections?
Some low-level info on how CPU usage is calculated. A nice reminder on timing & clock cycles, too.
There’s lots of ways to troubleshoot a problem in Linux, this post further explains the ‘sar’ command with a couple of useful examples.