CRON.WEEKLY

I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

cron.weekly issue #34: Containers, Flatpak, Licensing, Mailservers, SSH keys, networking & many more

June 26, 2016 - Mattias Geniar

Welcome to cron.weekly issue #34 for Sunday, June 26th, 2016.

There’s a lot more content for mailserver admins this time – together with plenty of in-depth reading material on Docker and the Linux networking stack.

Have fun!

Podcast: curl & libcurl with its author, Daniel Stenberg

If you’re a sysadmin or a developer, you’ve probably used curl before. Or some kind of project, like PHP, Python, Ruby, … that uses libcurl. You can thank Daniel Stenberg, creator and maintainer of curl, for that.

In the latest podcast, I talk to Daniel about how he got started with curl, we talk about HTTP/2 and HTTP/3, Google’s Quic protocol, IETF, standards and we fantasize about the future of the web.

News

Containers vs. Config Management

A question many of us have been asking for a while: with the rise of containers, does config management still have a place? This post explains where the 2 can be combined.

Email Servers For More Than Half of World’s Top Sites Can Be Spoofed

This is one for all the mailserver admins that subscribed: a good reminder on SPF, DMARC, DKIM and other techniques to validate e-mails and prevent others from sending mails in your name.

Linux’s RPM/deb split could be replaced by Flatpak vs. snap

Wishful thinking if you ask me, but it would be nice to see more innovation in the packing area: this post has some background on the Flatpak & Snap package formats and offers some ideas as to where/how they could replace our traditional RPM’s and DEB packages.

Mozilla Awards $385,000 to Open Source Projects

A nice move from Mozilla: the Tor project, Tails (secure operating system), Caddy, Mio and many others all received a portion of $385.000 donated to open source projects around the world.

Nano no longer a GNU project

The editor ‘nano’ used to be a GNU project but has gone fully independent: it seems with a mixed set of feelings, because there is still a GNU Nano project around – but maybe that just requires some cleaning up.

Software Licenses in Fedora Ecosystem

This is a very nice visualisation of the many licenses used in the Fedora project: BSD and MIT are the clear winners, with GLPv2 a close third.

A tiny systemd convenience: it can reboot the system from RAM alone

Doesn’t always have to be systemd-bashing: when you completely brick your system, chances are the ‘reboot’ command will still work as it doesn’t have to read anything from disk (as compared to SysVinit).

Just Sysadmin Things… for which I’ve been reprimanded

Looking for ways to troll your coworkers? This list has quite a few: from setting funny MOTD messages to fake root cause analysis, there’s a lot of things we can’t seem to get away with as sysadmins. 🙂

Infrastructure Software is Dead

A remarkable blogpost coming from the Mirantis team, one of the major OpenStack players. Customers don’t care about software, they care about outcome. And to quote Boris Renski directly: “Everybody’s OpenStack software is equally bad.”.

Tools & Projects

Papertrail

With Papertrail’s free plan, receive a Slack, HipChat, or HTTP webhook notification when a new user signs up for your Web app, a process segfaults, or an admin invokes sudo(Sponsored)

BASH3 Boilerplate

A useful set of boilerplate code to use when writing your bash scripts.

puppet-lint 2.0

A new linter for your Puppet codebase and modules was released, version 2.0. It checks your Puppet manifests against the Puppetlabs style guide and alerts you to any discrepancies.

Flatpak goes General Availability (GA)

It got mentioned in the previous issue too, but meanwhile the Flatpak packaging format has gone full GA.

Fedora 24 released

Delayed by a week, but Fedora 24 has been released. Some of the main features: support for Flatpak, Wayland and a bunch of update packages.

OpenNebula 5.0 released

The OpenNebula project is designed to managed cloud and datacenter environments. A brand new look and feel, better marketplaces (for sharing, provisioning and consuming cloud images), improved networking support with virtual routers and much more.

Docker 1.12

A new docker release with built-in container orchestration. Container orchestration is what is needed to transition from deploying containers individually on a single host, to deploying complex multi-container apps on many machines.

Hulken

Hulken is a stress testing tool for everything speaking HTTP. Hulken supports multiple urls, GETs and POSTs, static and dynamic payloads, multiple agents and more.

Security Onion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools.

Guides & Tutorials

A beginners guide to Docker

Docker is all the rage, but if you haven’t gotten started with it yet it can be quite intimidating. This insanely large guide takes you by the hand and explains the concepts, commands and how you should use it. If you like, I also recorded a podcast about Docker that can serve as an introduction.

Granting Temporary Access to Your Servers (Using Signed SSH Keys)

In need of support from a colleague or vendor, but don’t want to give them permanent access? SSH has an option to allow temporary access! Next time you need to provide temporary access for an hour or day, use this great option.

Monitoring and Tuning the Linux Networking Stack: Receiving Data

Take your time for this one: it’s highly technical, extremely detailed and super nicely written!  This blog post explains how computers running the Linux kernel receive packets, as well as how to monitor and tune each component of the networking stack as packets flow from the network toward userland programs.

SPF, DMARC, and DKIM Oh My! Our Top Tips to Keep Your Email Out of the Spam Folder

A good explanation on all the techniques used by mailserver admins to keep mails in the inbox instead of the spamdir: SPF, DKIM and DMARC all get explained. No server config snippets, but at least the technology behind each protocol gets some clarification.

Fun and Profit with Reverse SSH Tunnels and AutoSSH

A good explanation on how to use reverse SSH tunnels to get past firewalls, NAT’ing and jumphosts.

Why is “chmod -R 777 /” destructive?

“Don’t use 777” – we’ve all said it. This post explains why that’s a bad idea, with a good summary on all that can go wrong with a 777 permission scheme.

Make for hipsters

If make is for hipsters, we’ve been cool since 1977. Either way, this post is a good introduction to using a Makefile and automating tasks and deploys with make.

Linux application/script debugging with ‘strace’

‘strace’ is an extremely powerful but complex debugging tool you can use on Linux systems: it can show the system calls used by applications, can show the network traffic for a particular PID and can tell you where and why an application is ‘hanging’.

GDB for Fun (and Profit!)

Another powerful debugging tool is ‘gdb’: this post explains how to use gdb and how to interpret the output to identify application issues.

Penetration Testing Tools Cheat Sheet

A massive list of tools and techniques used by security pentesters. From packet sniffing to password hashing & cracking and protocol flaws. If you’re a sysadmin with an interest in security, you’ll love this.


I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!