cron.weekly issue #21: Swift, Ubuntu, Oh My Zsh, NPM, SMTP, rspamd and many moreMarch 27, 2016 - Mattias Geniar
Welcome to cron.weekly issue #21 for Sunday, March 27th, 2016.
This is just a heads up so there are no surprises to anyone: as of the next couple of issues, you may see sponsored posts or links appear in this newsletter. They’re used to help with the costs involved in running this newsletter (mainly Mailchimps’ monthly cost).
I’m working on making this as non-disruptive as possible. You signed up for open source & linux content, that’s what you’ll continue to get and that is what remains my priority. Additionally, sponsored posts will always be clearly marked as such – no hidden content.
In related news: if you or your company is interested in reaching an audience of loyal open source & linux sysadmins, let me know by replying to this mail. I’ve got sponsor packages available. 😉
The new Long Term Support release of Ubuntu, Xenial Xerus (16.04), is just around the corner. The final beta is available for testing, we should see that final release in a couple of weeks now.
With the release of Swift 2.2, the new programming language from Apple, Ubuntu 14.04 and 15.10 are officially supported. Swift is coming to Linux!
Soon you’ll no longer need a VirtualBox VM to run your Docker containers: there is now a beta program for native Docker support on both Mac OSX and Windows.
It’s hard to argue with Red Hat’s success as an open source company: they are now a $2.000.000.000 (yes, those numbers are correct) dollar company. While it isn’t easy to make money in open source, they prove a solid strategy and a stable product can make it work.
A very interesting read in the making of oh-my-zsh, the popular wrapper/plugin/theme around the zsh shell. What started of small is now one of the most popular shells out there.
This story requires quite a bit of linking and highlights the fragility of open source ecosystems, package managers and dependencies in general. Azer Koçulu is the author of a very popular NodeJS package. Because of a patent lawyer, he had to pull a very popular NodeJS package due to naming ‘violations’. This package happened to be used in millions of dependencies in the NodeJS ecosystem, wrecking havoc everywhere.
In follow-up of that previous NodeJS article: the dangers involved in heavily dependent ecosystems. More importantly, and this can apply to package managers in general, it’s sometimes hard to know which dependent packages trigger other dependencies you may not fully control.
Despite their continued efforts to open source their own software, Microsoft continues to enforce its Android patents. Companies worldwide have had to pay billions because of these “open source” patents.
A good statement that Docker in itself doesn’t solve IT problems. The mindset and changes Docker encourages, like microservices and portability, that’s where the difference lies. Docker as a tool facilitates that.
Good news for mailserver admins: the Strict Transport Security which we know from HTTPs is coming to the SMTP protocol. In the end, it can be used to enforce TLS in the SMTP protocol.
A trip down memory lane: a video from 1982 promoting the use of UNIX and covering some of the backgrounds. It’s pretty amazing to watch and consider those paradigms are still what we use today.
Tools & Projects
gx is a packaging tool built around the distributed, content addressed filesystem IPFS. It aims to be flexible, powerful and simple. It’s especially its support for IPFS, the new distributed p2p web, that makes it interesting.
chkboot is a set of scripts that are meant to be run on a system with an encrypted disk drive. Due to the nature of disk encryption, in order to get the operating system to boot, there needs to be a portion of it which remains un-encrypted. These scripts check that those files have not changed between reboots.
If you’re launching a new website and have security in mind, this is a good starting point: a set of clear TODO’s for hosting secure sites, featuring TLS, strong ciphers, security headers, fail2ban, SSH configs, …
This project is a fast, free and open-source spam filtering system. Think of it as a modern SpamAssasin (with guides available on how to migrate from SA to Rspamd). The new release focusses on stability and speed.
OwnTracks allows you to keep track of your own location. You can build your private location diary or share it with your family and friends. This sounds interesting for runners or cyclists that want to keep track of their location but host it on your own infrastructure.
It’s both a parody and a useful resource at once: the concepts of SElinux (like enforcement, policies, object types, …) explained in a kids’ coloring book.
Remember when Microsoft said they’d port the SSH protocol to Windows? Well, they’re still working on that. Last week release 1.1 was made available. We’re one step closer to connecting to our Windows environments like we do our Linux ones, which could completely change how we manage Windows servers.
SSH for Clusters and Teams: Teleport extends SSH to create a modern access layer for teams working on distributed infrastructure. Its features include mandatory 2FA, SSH session recording & logging, webUI and ful SSH compatibility. At the CLI, it offers all sorts of shortcuts to send commands across multiple hosts. The 3min video on the site explains this best in a demo.
Citus horizontally scales PostgreSQL across commodity servers using sharding and replication. Its query engine parallelizes incoming SQL queries across these servers to enable real-time responses on large datasets.
Jenkins is an open source automation server with a plugin ecosystem to support practically every tool as part of your delivery pipelines. Whether you use it for continuous integration, continuous delivery or something else entirely, Jenkins can help automate it.
Guides & Tutorials
A practical guide on how to write your very own Kernel module. At the end of this guide, you’ll have your very own Rickroll module that plays Rick Astley’s biggest hit whenever you try to open an MP3 file, instead of the actual MP3 file.
This guides explains how WebSockets work, their relation to the “standard” HTTP protocol and how to configure them in Nginx.
How to upgrade a farm of webservers with absolute zero downtime, using a combination of HAProxy (load balancer) and Ansible (config management / deployment tool).
When debugging something that looks easy turns into something more complex: how a non-working HTTP connection can be fixed by delaying all network traffic leaving the server with 100ms using Linux’s traffic shaping.
How would you implement a SIGINT in your code yourself? This guide explains the C-code needed to handle and catch interrupt signals in Linux.
Sysdig is a very interesting tool for debugging on Linux. This post deliberately sets up an insecure server so they can use sysdig to monitor what an attacker does that gains control over such a server. The result: a detailed analysis of everything that happens on a compromised server.
This is by no means an attack on FreeBSD, but the author highlights a couple of configuration changes to be made on a default FreeBSD installation to increase security.