cron.weekly issue #3November 21, 2015 - Mattias Geniar
This is the 3rd edition of the cron.weekly newsletter. I’m seeing new signups and no unsubscribes – that motives me even more to keep the new content coming!
A lot of things happened last week, so it’s a pretty big issue this time.
This new version features a REST API and improved web interface. Most of the development in this release went into the API and making all other tools (web, cli, graphite) take advantage of it.
This is a good reminder on why we shouldn’t blindly copy/paste commands from the web into our terminal. Even if we ignore copy/pasting from the web, evaluating the content of a script that contains terminal escape sequences is tricky and could allow an attacker to trick even the most experienced of sysadmins.
This is an impressive demo on how the team at Docker used Swarm, their container clustering tool, to launch and manage over 30.000 containers on 1.000 hosts.
Red Hat has released version 7.2 of their Enterprise Linux distribution. We should expect to see a CentOS 7.2 within a couple of weeks. It contains quite a few bugfixes and adds improved support for OpenSCAP (Security Content Automation Protocol) as wel as updates to the Docker engine and its management tools.
Quite the release week, indeed! Nmap released version 7 of its network and security scanner. Among its top improvements are better Scripting Engine support, mature IPv6, faster scans and more SSL/TLS scanning options.
The releases just keep on coming: Wireshark, the popular network packet capturer has released version 2.0.0. The most obvious change is a new GUI that should run smoother.
It’s taken a bit of a beating the last couple of months, but recent analysis concludes that TrueCrypt is, in fact, pretty safe to use.
I know what you’re thinking, this is a Linux newsletter – right? Well, turns out … the latest release of Microsoft’s Visual Studio editor is both open source and runs fine on Linux and Mac machines. Its code project seems like a great editor for both .NET and Node.js coding.
Similar to how the Wine project allows you to run Windows binaries on Linux, the Darling project allows you to run Mac OSX binaries on Linux. It’s a young project, but the first proof-of-concepts are already available.
Tools & Projects
Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends directly (Docker, Mesos/Marathon, Consul, Etcd, Zookeeper, BoltDB, Rest API, file…) to manage its configuration automatically and dynamically.
If you’ve ever felt the cli interface to lack coherence or logic, maybe this project is something for you. It “joyable” equivalents for existent linux/mac/windows commands for developers and admins.
This new webmail client tries to compete with Gmail, using a slick and lightweight interface with tabs, bidirectional synchronisation, threads and labels.
Desk makes it easy to flip back and forth between different project contexts in your favorite shell. Change directory, activate a virtualenv or rvm, load in domain-specific aliases, functions, arbitrary shell files, all in a single command.
Another fine release from the Netflix open source team! Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. Spinnaker is designed with pluggability in mind; the platform aims to make it easy to extend and enhance cloud deployment models.
Heroic is the in-house time series database Spotify uses as the backend for its monitoring infrastructure. It’s a layer on top of Kafka, Cassandra and Elasticsearch.
Adsuck is a small DNS server that spoofs blacklisted addresses and forwards all other queries. The idea is to be able to prevent connections to undesirable sites (such as ad servers, crawlers and other bloat).
Yoke is a Postgres redundancy/auto-failover solution that provides a high-availability PostgreSQL cluster that’s simple to manage.
Geode is an open source, distributed, in-memory database for scale-out applications. In short, Geode is an application that could replace your memcached setups if you’re struggling with the limitations of memcached.
Guides & Tutorials
This blogpost by the Varnish team offers some insights into Varnish cache poisoning/invalidation attacks that could be used to launch a denial-of-service attack against a running Varnish instance. They go into more detail on using multiple different backends to protect against such an attack.
This post goes into more details on the signals you can send to processes. What are the differences between a SIGHUP and a SIGINT? How do applications implement different signals? A good read to refresh your knowledge on process signals in Linux.
A short but useful guide on using tar to create incremental back-ups instead of full back-ups on each run.
A really in-depth blogpost for all the crypto fans. It focusses on the improvements TLS 1.3 can bring in terms of speed for setting up TLS connections faster.
This post dives into 2 techniques to make Node.je more scalable: building multi-core support in the code itself, with the cluster module and placing an nginx reverse proxy & load balancer in front of it.
This is an impressive overview of the different monitoring tools out there. The last couple of years, a lot of the #monitoringsucks camp has been moving to a more positive #monitoringlove attitude. The result is an immense growth in monitoring solutions, database backends and on-call services. This post gives you a nice overview of each of them.
This blogpost comes form one of the creators of systemd. It goes into more detail on the creation of sd-event, a new event-loop API written for systemd. It goes deeper into the API and offers a lot of insights from a technical point of view.
Some nice hands-on examples of modifying PDF files, converting video and audio and doing screen recording with tools at the Linux CLI.