cron.weekly issue #4


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, November 28, 2015

Follow me on Twitter as @mattiasgeniar

This is the 4th edition of the cron.weekly newsletter for Sunday November 29th. If you’re looking for older releases, have a look at the archive pages on the site.

News

Last week we had an explosion of new releases and noteworthy news, this week seem to be a lot slower on that front.

Let’s Encrypt: public beta starts this week

I know I’ve mentioned this in previous issues as well, but I feel Let’s Encrypt is one of those once in a decade type of things. Next week, on December 3rd, Let’s Encrypt starts their public beta. From then on, anyone can apply for a free TLS certificate. From then on, a secure and trusted HTTPS site is within reach of anyone who wants it.

Raspberry Pi Zero: The 5$ Computer

That’s the price of a coffee at Starbucks. This new Raspberry Pi is only 5$. The absence of a network port can easily be resolved with a usb-to-ethernet adapter, making this an incredibly cheap and multi-purpose computing device.

Predictable SSH keys on a Raspberry Pi

Around the same time as their Raspberry Pi Zero announcement, a commenter on the forums noticed some interesting behaviour when a Raspberry Pi first boots. Due to its configuration, SSH keys on a Pi become predictable, which could cause security headaches in the future.

‘The Guardian’ abandons OpenStack, goes AWS

After a 2 year attempt on getting OpenStack working for them, The Guardian is moving its server infrastructure to AWS. It lacks technical details on why their OpenStack implementation failed, though. We’re left to guessing at this point.

Ubuntu 16.04 to ship with Python 3.5

We’ve had Python 2.x (mostly 2.6 and 2.7) on our Linux machines for a really long time. Ubuntu’s 16.04 release is getting rid of the 2.7 version and replaces it with Python 3.5 as the new default.

Fallout 4 Service Discovery and Relay

I’m no gamer, but I enjoy the geeky aspects of gaming. This blogpost has some details on the service discovery used by the game Fallout 4. It dives into using a TCP and UDP relays to sniff the traffic and set up a fake discovery service. All the tools are open sourced, too!

Tools & Projects

Underhanded: an evil .bashrc file

This one is perfect for testing rookie sysadmins. Set some of these aliases in a .bashrc file and watch them scratch their head to the unexpected behaviour that follows.

KnightOS: an OS for TI calculators

Remember those fancy TI calculators many of us had in highschool? Turns out, besides programming little games or the answers to exam questions, you can also run an entire alternative operating system on those things. KnightOS is one those.

Caddy: A modern HTTP/2 server

Since the announcement of HTTP/2, new webservers have been fighting for attention. Caddy is a new approach to webservers and is aimed at designers, bloggers, developers, … and not directly at your typical sysadmin. The idea of a Caddyfile to easily configure a webserver (much like a Dockerfile) is interesting.

Titus: TLS/SSL proxy server

Titus is a TLS/SSL proxy server (like stunnel or stud) that protects you from vulnerabilities in the TLS implementation such as Heartbleed (or worse).  If there’s a vulnerability in the TLS implementation, titus makes it very unlikely that an attacker could steal your private key, access the memory of your application, sniff data from other TLS connections, or otherwise attack your system.

Bash trick: |&

I’m posting this in the tools section, because you’ll be using it your own tools more once you know this trick. I was unaware, of it until now. If ‘|&’ is used (so: pipe + ampersand), command1’s standard error, in addition to its standard output, is sent to command2’s standard input through the pipe; it is shorthand for “2>&1 |”.

Guides & Tutorials

TCP over IP Anycast – Pipe dream or Reality?

This blogpost by the LinkedIn engineering team shares some insights on their move to an anycast infrastructure for hosting the LinkedIn.com site with some comparisons to a more traditional DNS-based traffic distribution model.

Security Basics for Containers

Running an application inside a (Docker) container is great, but it’s no silver bullet for the security of that application. This post has some practical pointers on how to look at the security of your containers.

Awesome AWS: a curated list of AWS resources

This Github repository has a very big list of awesome AWS libraries, repositories, guides, blogs and other resources. If you’re currently working on AWS, you may want to check this out.

The TTY demystified

A TTY is something we take for granted. Many of us only come into contact with TTY’s whenever we’re playing with _sudo _configurations and run into obscure errors. This post goes into history of the TTY on Linux and does some more in-depth technical analysis.

What’s a unikernel?

In the last couple of months, the concept of unikernels has received a lot of attention. Where docker offers containers to get isolation for your applications, unikernels take it to the next level. This blogpost offers a “plain english” explanation as to what a unikernel is.

Exploring FreeBSD from a Linux user’s perspective

This 3 part series (part 1, part 2, part 3) offers a nice introduction to the use of FreeBSD as a Linux user. It’s all Unix, but the differences are noteworthy. If you’ve ever wanted to dive into FreeBSD, check out those articles.

The Art of Command Line

Fluency on the command line is a skill often neglected or considered arcane, but it improves your flexibility and productivity as an engineer in both obvious and subtle ways. This is a selection of notes and tips on using the command-line that were found useful when working on Linux.

Nginx optimization: understanding sendfile, tcp_nodelay and tcp_nopush

If you’re running Nginx, you’ll want to read this. Most articles dealing with optimizing Nginx performances recommend to use sendfile, tcp_nodelay and tcp_nopush options in the nginx.conf configuration file. Unfortunately, almost none of them tell neither how they impact the Web server nor how they actually work. This blogpost does.

Presentation: Broken Performance Tools (PDF)

If you’re unfamiliar with Brendan Gregg, I highly suggest googling him. This latest presentation by the Netflix guru dives into the state of performance monitoring, what’s wrong with it and how to fix it.

Presentation: How to boot Linux in one second (PDF)

Another presentation, this time on optimising the boot process in Linux by looking at the bootloader, kernel, filesystem and the application layer.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.