cron.weekly issue #29: ZFS, kernel 4.6, Say What?, Mailhog, Sysdig Falco, http-prompt and many moreMay 22, 2016 - Mattias Geniar
Welcome to cron.weekly issue #29 for Sunday May 22nd, 2016.
We have a new 4.6 kernel, lots of tutorials to share and some really interesting new projects — including one that can let you sleep during conference calls.
A good reminder that for most, open source is a thing that happens in the evening or in weekends – not as part of our full time job. Respect the people behind those projects and understand that life sometimes gets in the way and priorities shift.
Last week I mentioned ZFS support is coming to the contrib repository of Debian, this article highlights why that is and why source code – instead of binaries – are shipped. Long story short: licensing issues.
A similar ZFS story to the one above, but this time from the source: Debian itself.
This report takes a look at the state of security risk for Red Hat products for calendar year 2015. They look at key metrics, specific vulnerabilities, and the most common ways users of Red Hat products were affected by security issues.
Very soon, Nginx will support both RSA and ECDSA certificates, serving the correct one to the client based on the TLS handshake. This is a big step-up for faster TLS on the web (because ECDSA certificates are much smaller).
The new 4.6 kernel landed last week, the most prominent features are: a better OOM killer, the OrangeFS file system, the BATMAN protocol, and much more. Just a word of caution, the security features mentioned in the 4.6 release notes should be taken with a grain of salt.
Tools & Projects
This is a brilliant project: say you’re in a conference call you don’t want to be in, this script will listen in and ping you whenever your name is mentioned and sends a transcript of the conversation a minute before that mention happened. Perfect use of audio-to-text!
A clever little Bash alias that quickly lets you store your previous command as a new alias.
From the LinkedIn engineer team, Ambry is a distributed datastore specialised in binary data. If you ever need to scale out and store massive amounts of images, video or other binary formats, Ambry could be the datastore for you.
This is a very simple SMTP tool for developers (or setups in development): it acts as an SMTP relay on your host, but instead of sending e-mails remotely it just stores them locally. Developers can mail to firstname.lastname@example.org by mistake, the mail will never leave the local machine — crisis averted!
A streamlined comprehensive set of checks for your entire Puppet code and data. You get an automatic style check, syntax check, … it’s like an all-in-one command to verify the health of your Puppet codebase.
A language that compiles to Bash and Windows Batch. Since Bash runs in virtually any terminal, it’s a good base target to compile code to.
Think of Falco as an easy to use combination of snort, ossec and strace: Falco lets you continuously monitor and detect container, application, host, and network activity… all in one place, from one source of data, with one set of customizable rules.
http-prompt is an interactive command-line HTTP client featuring autocomplete and syntax highlighting. Instead of remember which headers or commands to use for an HTTP call, this new client will autocomplete them for you.
Apache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH. It’s called clientless because no plugins or client software are required. Thanks to HTML5, once Guacamole is installed on a server, all you need to access your desktops is a web browser.
A fully interactive X linux desktop rendered to ASCII and streamed over SSH. Pretty amazing actually, it lets you stream anything that’s normally in a GUI, but as ASCII text over SSH. So you can stream a Firefox GUI over SSH.
Guides & Tutorials
This write-up is a bit older, but still very relevant: a full tale on what happens when you browse to google.com, from checking HSTS for TLS connections, ARP requests, opening sockets, doing the HTTP requests, …
I realised I hadn’t posted a clean Ansible guide yet, so here you go: everything you need to know to get started with your first Ansible setups.
This repository has a nice collection of code snippets to get you started with Ansible, after you’ve read the introduction in the post above.
It’s a wonder crons even run at all: plenty of things can go wrong when you want to create a cronjob, this post highlights the 6 most common factors for non-functioning cronjobs.
A set of practical for using vim, from hand placement to handy .vimrc configurations to make your vim experience more enjoyable.
The Zed Attack Proxy (ZAP) is a web vulnerability scanner: point it to your website and it will report potential security issues. You can know very easily run the ZAP via a Docker container, this post has all the commands you’ll need.
A pretty good summary for sysadmins: dealing with bugs, being careful with hyped software, writing code (yes, sysadmins write code too), …
A write-up on one of the largest Kafka clusters in existence, at LinkedIn. Lots of things to learn from them and plenty of best-practices for running your own Kafka instances.