cron.weekly issue #27: OpenSSL & ImageMagick, Chaos Monkey, Container Sandboxes, HAProxy, SSH & moreMay 8, 2016 - Mattias Geniar
Welcome to cron.weekly issue #27 for May 8th, 2016.
This edition includes a list of upcoming conferences at the bottom, if you know of any more do let me know!
Enjoy this edition, more guides and tutorials than new projects this time, so plenty of how-to’s to help get you started.
OpenSSL released 2 high severity patches and the ImageMagick image processing tool, widely used on webservers and in PHP, Ruby and NodeJS, has a critical Remote Code Execution vulnerability. You’ll want to patch both, ASAP.
I couldn’t live without my personalised .vimrc file on servers, but when I’m on a desktop I still prefer Github’s Atom text editor.
The idea of a ‘Chaos Monkey’ came from Netflix: your randomly shutdown one of your servers (or multiple) in order to force developers and sysadmins to build resilient applications, that can withstand the failure of multiple parts. This post introduces a Docker container that runs the Chaos Monkey service continuously.
Modern Linux servers have several “bin” and “sbin” directories: the story behind it is both fascinating and, when you keep Linux’s age in mind, very obvious.
I’m happy to read about large donations to open source projects! The DuckDuckGo search engine donated some serious money to OpenBSD, Tor, GPG and many other projects.
A fictional tale about the benefits of Docker and why you should start using it today.
Open sourcing software is super easy, but it comes at a burden: who’s going to maintain it? Open source is “free as in puppy”: it needs to be nurtured.
A very interesting read on what it takes to consider containers (à la Docker, LXC) as sandboxed environments, together with a proposed solution.
Tools & Projects
The Katello project brings the full power of content management alongside the provisioning and configuration capabilities of Foreman: a local yum repository and snapshotted content (so you can guarantee repo packages are delivered the same way to all your hosts).
The new versions’ biggest feature is a Geo API, allowing you to index content by latitude and longitude and query it by radius. Many other improvements to master/slave configurations, data storing and memory efficiency.
rdedup is a tool providing data deduplication with compression and public key encryption written in Rust programming language. The primary use case is storing deduplicated and encrypted backups.
xo is a command line utility that takes an input string from stdin and formats the regexp matches. You might immediately think that this is a knockoff of sed, but xo has only one job: to format matches.
Bash function that allows to go up to a certain directory. Stop counting how many levels you have to go up in a folder tree and just type where you want to go! No more cd ../../../…
Guides & Tutorials
Many of us run our Linux instances on top of a virtualised stack: this post explains how you can create a “Golden Image” out of a CentOS 7.2 installation on VMware, to reuse in templates.
An interesting approach to testing web server configs, like Nginx: how do you know your new configuration performs the right actions? This post uses rspec testing to take a test-driven approach that validates the correct functioning of an nginx config.
It’s personal preference, by I’m with Major on this one: it baffles me how services on Debian/Ubuntu start up immediately after installation, with a default (and often insecure) configuration. This post shows a way to prevent services to automatically start after installation.
The latest release of the Docker Puppet module adds support for Docker networking as well as integrating Puppet with Docker Compose. This blogpost shows what that Puppet code looks like.
A very clear tutorial on using the newly support ZFS filesystem on Ubuntu 16.04 (LTS) to run your LXD containers.
If you’re tasked with (technically) interviewing candidates for Sysadmin roles, which questions do you ask them? If you’re running out of inspiration, this list can give you some ideas.
If something goes wrong on your servers, where do you start to check? Brendan Gregg (performance engineer at Netflix) gave a presentation with practical tips on debugging performance-related issues (or downtime, for that matter) as quickly as possible.
The Chrome webbrowser will soon drop the NPN extension in favour of the new ALPN one, for protocol negotiation. This is a crucial part of the HTTP/2 support, but unfortunately most OpenSSL installations don’t support it. You need at least OpenSSL 1.0.2 and this post shows you how to upgrade your local OpenSSL installation.
How do you properly terminate a frozen session without closing your terminal? It turns out there is a very easy way yet not widespread.
This post explains 2 ways of running NodeJS instances “clustered” (aka: multiple processes): the ‘cluster’ package and the ‘PM2’ package. Personally, I prefer multiple processes behind an Nginx load balancer.
There’s a lot of talk about scaling up: adding more instances to a load balancer and adding more and more capacity. This tutorial covers using AWS Lambda to gracefully scale down your instances.
A very detailed explanation about how Stack Overflow handles it deployments: from git branches to the build system to performing database migrations, pretty much everything is covered.
The team at AirBNB has open sourced several osquery enhancements that allow you to send syslog info easily Amazon Kinesis or Firehose for storing.
The author decided to write his own SSH client and documented its adventures in this blogpost: it covers, in great detail, how an SSH client works and what protocols are involved.
A very clear tutorial on building your own packages for Debian, without the complexity that the official guides seem to include.
This is a new section that got suggested to me, but I’ll need your help to maintain it: if you know of interesting upcoming open source / linux conferences, let me know and I’ll happily include them.
This conference takes place in Utrecht (Netherlands) on May 26th, 2016. The talks are varied and are “all things linux”, the schedule is already available online. (Some talks are in Dutch, so is the website)
This conference revolves around the Varnish caching and load balancing daemon, with tutorial sessions and a full day conference. It’s held in Amsterdam (Netherlands) on Friday June 17h.
ZabbixCon takes place in Riga (Latvia) on September 9-10th, 2016.
The conference around systemd will be held in Berlin, Germany, on September 28th until October 1st, 2016.