cron.weekly issue #34: Containers, Flatpak, Licensing, Mailservers, SSH keys, networking & many moreJune 26, 2016 - Mattias Geniar
Welcome to cron.weekly issue #34 for Sunday, June 26th, 2016.
There’s a lot more content for mailserver admins this time – together with plenty of in-depth reading material on Docker and the Linux networking stack.
If you’re a sysadmin or a developer, you’ve probably used curl before. Or some kind of project, like PHP, Python, Ruby, … that uses libcurl. You can thank Daniel Stenberg, creator and maintainer of curl, for that.
In the latest podcast, I talk to Daniel about how he got started with curl, we talk about HTTP/2 and HTTP/3, Google’s Quic protocol, IETF, standards and we fantasize about the future of the web.
A question many of us have been asking for a while: with the rise of containers, does config management still have a place? This post explains where the 2 can be combined.
This is one for all the mailserver admins that subscribed: a good reminder on SPF, DMARC, DKIM and other techniques to validate e-mails and prevent others from sending mails in your name.
Wishful thinking if you ask me, but it would be nice to see more innovation in the packing area: this post has some background on the Flatpak & Snap package formats and offers some ideas as to where/how they could replace our traditional RPM’s and DEB packages.
A nice move from Mozilla: the Tor project, Tails (secure operating system), Caddy, Mio and many others all received a portion of $385.000 donated to open source projects around the world.
The editor ‘nano’ used to be a GNU project but has gone fully independent: it seems with a mixed set of feelings, because there is still a GNU Nano project around – but maybe that just requires some cleaning up.
This is a very nice visualisation of the many licenses used in the Fedora project: BSD and MIT are the clear winners, with GLPv2 a close third.
Doesn’t always have to be systemd-bashing: when you completely brick your system, chances are the ‘reboot’ command will still work as it doesn’t have to read anything from disk (as compared to SysVinit).
Looking for ways to troll your coworkers? This list has quite a few: from setting funny MOTD messages to fake root cause analysis, there’s a lot of things we can’t seem to get away with as sysadmins. 🙂
A remarkable blogpost coming from the Mirantis team, one of the major OpenStack players. Customers don’t care about software, they care about outcome. And to quote Boris Renski directly: “Everybody’s OpenStack software is equally bad.”.
Tools & Projects
With Papertrail’s free plan, receive a Slack, HipChat, or HTTP webhook notification when a new user signs up for your Web app, a process segfaults, or an admin invokes sudo. (Sponsored)
A useful set of boilerplate code to use when writing your bash scripts.
A new linter for your Puppet codebase and modules was released, version 2.0. It checks your Puppet manifests against the Puppetlabs style guide and alerts you to any discrepancies.
It got mentioned in the previous issue too, but meanwhile the Flatpak packaging format has gone full GA.
Delayed by a week, but Fedora 24 has been released. Some of the main features: support for Flatpak, Wayland and a bunch of update packages.
The OpenNebula project is designed to managed cloud and datacenter environments. A brand new look and feel, better marketplaces (for sharing, provisioning and consuming cloud images), improved networking support with virtual routers and much more.
A new docker release with built-in container orchestration. Container orchestration is what is needed to transition from deploying containers individually on a single host, to deploying complex multi-container apps on many machines.
Hulken is a stress testing tool for everything speaking HTTP. Hulken supports multiple urls, GETs and POSTs, static and dynamic payloads, multiple agents and more.
Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools.
Guides & Tutorials
Docker is all the rage, but if you haven’t gotten started with it yet it can be quite intimidating. This insanely large guide takes you by the hand and explains the concepts, commands and how you should use it. If you like, I also recorded a podcast about Docker that can serve as an introduction.
In need of support from a colleague or vendor, but don’t want to give them permanent access? SSH has an option to allow temporary access! Next time you need to provide temporary access for an hour or day, use this great option.
Take your time for this one: it’s highly technical, extremely detailed and super nicely written! This blog post explains how computers running the Linux kernel receive packets, as well as how to monitor and tune each component of the networking stack as packets flow from the network toward userland programs.
A good explanation on all the techniques used by mailserver admins to keep mails in the inbox instead of the spamdir: SPF, DKIM and DMARC all get explained. No server config snippets, but at least the technology behind each protocol gets some clarification.
A good explanation on how to use reverse SSH tunnels to get past firewalls, NAT’ing and jumphosts.
“Don’t use 777” – we’ve all said it. This post explains why that’s a bad idea, with a good summary on all that can go wrong with a 777 permission scheme.
If make is for hipsters, we’ve been cool since 1977. Either way, this post is a good introduction to using a Makefile and automating tasks and deploys with make.
‘strace’ is an extremely powerful but complex debugging tool you can use on Linux systems: it can show the system calls used by applications, can show the network traffic for a particular PID and can tell you where and why an application is ‘hanging’.
Another powerful debugging tool is ‘gdb’: this post explains how to use gdb and how to interpret the output to identify application issues.
A massive list of tools and techniques used by security pentesters. From packet sniffing to password hashing & cracking and protocol flaws. If you’re a sysadmin with an interest in security, you’ll love this.