cron.weekly issue #2November 10, 2015 - Mattias Geniar
This is the second edition of the cron.weekly newsletter. I’ve gotten some good feedback on the previous edition and I’ve taken it to heart: from now on, links are grouped more logically as you’ll see below.
The LetsEncrypt.org initiative is about to enter the public beta stage on December 3rd. That means: free, secure and trusted TLS certificates for everyone that wants one. The beta label gives them some freedom to make changes to their scripts, procedures and outcome – but the TLS certificates are valid nonetheless.
This may not be relevant for everyone, but having games on the Linux platform is a great motivator for both driver compatibility, kernel stability and new features / hardware support.
This is a blogpost arguing why the kernel needs to focus more on security in order to prevent kernel bugs from turning into exploitable vulnerabilities in userspace.
An interesting writeup on all the open source tools used by Netflix to get where they are today. Lots of good links and internal information on the workings of Netflix.
Tools & projects
The fwupd project offers a daemon that allows you to install firmware updates to your physical hardware.
The title sort of says it all. This is a huge project that’s being open sourced by Google. Tensorflow.org has some more marketing material on the project and Jeff Dean’s (Google) youtube video does a clean job of explaining where the project came from and what problems it solves for Google.
This is an interesting solution to tunnel your network traffic through obscure networks, by encapsulating it in icmp echo/reply packets. Most networks allow icmp (ping) so this could be a convenient way to tunnel your traffic in those restricted networks.
Vegeta is a versatile HTTP load testing tool written in Go built out of a need to drill HTTP services with a constant request rate. It can be used both as a command line utility and a library. This is a lightweight HTTP load tester that’s not as heavy as say ab or siege, but not as flexible as jmeter.
Clair is a new project by the CoreOS. It’s a tool to monitor the security of your containers. It can inspect containers for known security flaws. It’s API driven and should be easily integrated into any continuous integration service.
Guides & Tutorials
This is a clean and organised blogpost with more details on how sudo works, the syntax involved and some best practices.
A technical rundown on the components involved in Kubernetes, a container orchestration and cluster management tool. From resource scheduling to the individual components and nomenclature. If you haven’t had a change to look at Kubernetes yet, this is a good introduction.
This sort of ties in with the Kubernetes post above, this time from the sysdig crew with a technical rundown on how you can use sysdig to inspect containers running via Kubernetes.
Having config management is great, but it’s not the best solution to every problem you face. While this post targets Puppet, it applies to all other brands of CM’s as well. There’s an argument to be made as to why Docker is, in some cases, a better alternative for managing your infrastructure.
Systemd is here to stay. This guide covers the command line interface, the unit files and some useful examples of the built-in cron replacements and journalling systemd offers.