cron.weekly issue #44: Docker, SELinux, Xen, Teeproxy, zstandard & more!September 4, 2016 - Mattias Geniar
Welcome to cron.weekly issue #44 for Sunday, September 4th, 2016.
A slightly shorter edition as I’m traveling – which is also true for next week. If I missed important Linux/Open Source news, let me know – I’ll be needing help filling next weeks’ issue too.
There’s more and more talk of a Docker fork being needed, one run by the community without enterprise backing. This articles goes more in to the why that may be needed.
A slightly shorter by related article to the one above: Docker needs to stop moving so fast and keep containers simple and boring: let orchestration, management and all other functions be handled by higher level tools (like Kubernetes, Mesos, …).
This researcher discovered several vulnerabilities in RPM. That in and of itself is interesting, but the backstory to how it got reported to Red Hat and the act of filing the bug/security issue are more interesting pieces.
This presentation (PDF) gives a nice overview of SELinux’s new features and the current stance of the project: there’s Docker/rkt & overlayfs support, in the 4.8 kernel there will be labeled networking and new userspace tools.
It’s a bit of a teaser as there aren’t any details yet, but the Xen project has reserved several CVE’s critical enough to have major cloud providers scramble to patch their hosts: on September 8th, we’re probably looking at a guest-to-hv exploit. Be prepared.
Back in 2011, some kernel.org servers got hacked. It looks like someone got arrested as the culprit. The article also shares some details on the exploits and backdoors he used to get it.
Tools & Projects
This tool can visualise your infrastructure or traffic flows in a WebGL canvas (or, in more common words, your browser).
A reverse HTTP proxy that duplicates requests: this is a good tool to test-run a new environment or a PHP/Ruby/NodeJS version upgrade, by having teeproxy send incoming requests to a “real” backend and a “dummy” backend, discarding the response from the dummy backend.
This new compression standard by Facebook aims to rival with deflate (gzip, zip, zlib). Perhaps not a bad move, as our current compression standards are a few decades old.
Restic is a program that does backups right: easy, fast, verifiable, secure & efficient.
Rclone is a command line program to sync files and directories to and from cloud services like S3, Google Drive, Dropbox, …
Think of covervault as your self-hosted Github Gists, or simple, self-hosted, snippets. They can be private/public, so free to share any way you like.
Right on schedule: the OpenBSD team announces their 6.0 release.
fwd is a network port forwarder written in golang. It’s cross platform, supports multiple architectures and it’s dead simple to use.
Guides & Tutorials
A good opinionated write-up on using the terraform tool to define your infrastructure as code. Terraform gives you an abstract language to describe your Amazon EC2 (or other) instances so you can easily reproduce that environment.
A really nice low-level write-up of what it takes to diagnose and interpret the kernel stacktraces whenever your server does a kernel panic. Lots of C code in there, so this probably isn’t for everyone.
Another low-level post, this time about file operations: some insights in how inotify works and some good info on working with inodes identifiers.
Some good starting points with regards to InnoDB buffers & sizes, caches, swap usage & some other neat tricks for tuning your MariaDB instance.
Not your average Bash tips & tricks: good pointers on using the history in Bash with new modifiers, fixing typo’s in commands, easily move around words with your cursor & more. I learned quite a few new tricks here!