cron.weekly issue #4November 28, 2015 - Mattias Geniar
This is the 4th edition of the cron.weekly newsletter for Sunday November 29th. If you’re looking for older releases, have a look at the archive pages on the site.
Last week we had an explosion of new releases and noteworthy news, this week seem to be a lot slower on that front.
I know I’ve mentioned this in previous issues as well, but I feel Let’s Encrypt is one of those once in a decade type of things. Next week, on December 3rd, Let’s Encrypt starts their public beta. From then on, anyone can apply for a free TLS certificate. From then on, a secure and trusted HTTPS site is within reach of anyone who wants it.
That’s the price of a coffee at Starbucks. This new Raspberry Pi is only 5$. The absence of a network port can easily be resolved with a usb-to-ethernet adapter, making this an incredibly cheap and multi-purpose computing device.
Around the same time as their Raspberry Pi Zero announcement, a commenter on the forums noticed some interesting behaviour when a Raspberry Pi first boots. Due to its configuration, SSH keys on a Pi become predictable, which could cause security headaches in the future.
After a 2 year attempt on getting OpenStack working for them, The Guardian is moving its server infrastructure to AWS. It lacks technical details on why their OpenStack implementation failed, though. We’re left to guessing at this point.
We’ve had Python 2.x (mostly 2.6 and 2.7) on our Linux machines for a really long time. Ubuntu’s 16.04 release is getting rid of the 2.7 version and replaces it with Python 3.5 as the new default.
I’m no gamer, but I enjoy the geeky aspects of gaming. This blogpost has some details on the service discovery used by the game Fallout 4. It dives into using a TCP and UDP relays to sniff the traffic and set up a fake discovery service. All the tools are open sourced, too!
Tools & Projects
This one is perfect for testing rookie sysadmins. Set some of these aliases in a .bashrc file and watch them scratch their head to the unexpected behaviour that follows.
Remember those fancy TI calculators many of us had in highschool? Turns out, besides programming little games or the answers to exam questions, you can also run an entire alternative operating system on those things. KnightOS is one those.
Since the announcement of HTTP/2, new webservers have been fighting for attention. Caddy is a new approach to webservers and is aimed at designers, bloggers, developers, … and not directly at your typical sysadmin. The idea of a Caddyfile to easily configure a webserver (much like a Dockerfile) is interesting.
Titus is a TLS/SSL proxy server (like stunnel or stud) that protects you from vulnerabilities in the TLS implementation such as Heartbleed (or worse). If there’s a vulnerability in the TLS implementation, titus makes it very unlikely that an attacker could steal your private key, access the memory of your application, sniff data from other TLS connections, or otherwise attack your system.
I’m posting this in the tools section, because you’ll be using it your own tools more once you know this trick. I was unaware, of it until now. If ‘|&’ is used (so: pipe + ampersand), command1’s standard error, in addition to its standard output, is sent to command2’s standard input through the pipe; it is shorthand for “2>&1 |”.
Guides & Tutorials
This blogpost by the LinkedIn engineering team shares some insights on their move to an anycast infrastructure for hosting the LinkedIn.com site with some comparisons to a more traditional DNS-based traffic distribution model.
Running an application inside a (Docker) container is great, but it’s no silver bullet for the security of that application. This post has some practical pointers on how to look at the security of your containers.
This Github repository has a very big list of awesome AWS libraries, repositories, guides, blogs and other resources. If you’re currently working on AWS, you may want to check this out.
A TTY is something we take for granted. Many of us only come into contact with TTY’s whenever we’re playing with sudo configurations and run into obscure errors. This post goes into history of the TTY on Linux and does some more in-depth technical analysis.
In the last couple of months, the concept of unikernels has received a lot of attention. Where docker offers containers to get isolation for your applications, unikernels take it to the next level. This blogpost offers a “plain english” explanation as to what a unikernel is.
This 3 part series (part 1, part 2, part 3) offers a nice introduction to the use of FreeBSD as a Linux user. It’s all Unix, but the differences are noteworthy. If you’ve ever wanted to dive into FreeBSD, check out those articles.
Fluency on the command line is a skill often neglected or considered arcane, but it improves your flexibility and productivity as an engineer in both obvious and subtle ways. This is a selection of notes and tips on using the command-line that were found useful when working on Linux.
If you’re running Nginx, you’ll want to read this. Most articles dealing with optimizing Nginx performances recommend to use sendfile, tcp_nodelay and tcp_nopush options in the nginx.conf configuration file. Unfortunately, almost none of them tell neither how they impact the Web server nor how they actually work. This blogpost does.
If you’re unfamiliar with Brendan Gregg, I highly suggest googling him. This latest presentation by the Netflix guru dives into the state of performance monitoring, what’s wrong with it and how to fix it.
Another presentation, this time on optimising the boot process in Linux by looking at the bootloader, kernel, filesystem and the application layer.