cron.weekly issue #45: Zines, Kubernetes, Trojans, myLG, InfluxDB, hop & more!September 11, 2016 - Mattias Geniar
Welcome to cron.weekly issue #45 for Sunday, September 11th, 2016.
Grab a coffee, sit back and relax, because this is a packed edition. Lots of amazingly good content to share this week.
Some new announcements from the company behind Vagrant, Terraform, Nomad, Vault and many others: sticky volumes for Nomad, Vault Enterprise (a GUI on top of Vault) & more. If you’re interested, I did a podcasting recording on Vault a while back that covers all the basics.
Opinionated, but it makes some good points: Google’s support, Kubernetes’ community, a lot of contributions and the open nature of Kubernetes are considered the main motivators for its success.
Not so much news as a bit of webserver trivia: the history behind why ports 80 and 443 were the choice for running HTTP and HTTPs webservers.
Consider yourself warned: Chrome is going to mark websites that are served over plain HTTP as visually “NOT SECURE” somewhere in 2017. Better start to plan your HTTP-to-HTTPS moves soon.
Linux isn’t without viruses: a new trojan, called ‘Mirai’, targets routers, WebIP cameras, BusyBox systems & general Linux devices. Once infected, the machine becomes part of a DDoS botnet.
You might have expected Red Hat or Ubuntu, but HPE appointed SUSE linux as their default Linux partner.
If you’re only going to click on one link in this edition, let it be this one: Julia Evans has created stunningly looking zines (blend of fan and magazine or -zine). They are drawings and written summaries of Linux tools. There’s an amazing one covering strace (PDF) and an extensive one for Linux debugging tools you’ll love (PDF). Awesome work!
Tools & Projects
This tool allows you to run scheduled tasks in PostgreSQL. I know what you’re thinking, why not just crontab? Well, this could be a good way to give your PostgreSQL users to scheduled tasks, without granting them cron/shell access.
A new release from the rkt team, one of the Docker alternatives. This release focusses on stability and minimalisme, exactly what the Docker team got accused of not providing. Clever marketing going on here!
My looking glass is an open source software utility which combines the functions of the different network probes in one network diagnostic tool: DNS lookups in over 200 countries, RIPE queries, port scans, LAN discovery, traffic dumps, … you name it!
A generally available version (GA) of InfluxDB: the open source time series database (like Graphite, RRD, …).
A ‘blackbox’ WordPress vulnerability scanner. You can run this remotely, point it at any WordPress installation, and it’ll try to find vulnerabilities. If you host any WordPress sites, this could be a good addition to your recurring security scans.
This project generates Docker images (or Vagrant-files) for a typical PHP setup, letting you select the bits and pieces you want.
A modern outbound SMTP relay (MTA/MSA). The goal of this project is to provide granular control over routing different messages. Trusted senders can be routed through high-speed (more connections) virtual “sending zones” that use high reputation IP addresses, less trusted senders can be routed through slower (less connections) virtual “sending zones” or through IP addresses with less reputation.
A very fast DDoS analyzer with sflow/netflow/mirror support. It can detect hosts in your networks sending or receiving large volumes of packets/bytes/flows per second. It can call an external script to notify you, switch off a server, or blackhole the client.
HOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there’s a proxy filtering all traffic except standard HTTP(S) traffic.
rmlint finds space waste and other broken things on your filesystem and offers to remove it. It is able to find duplicate files & directories, empty files, broken symlinks, …
Guides & Tutorials
A really practical guide on the Arch Linux Wiki about how to install & configure IPFS – the decentralised “InterPlanetary File System”.
Helm, the Kubernetes package manager, can be used for a variety of installations. This post focuses on getting a PostgreSQL cluster running on top of the Kubernetes container scheduler.
Some really nice low-level explanation of how PHP’s OPCache – the bytecode cache for the PHP interpreter – works internally. It just got updated for PHP 7.
If you have a basic understanding of networking, this is really fun: a set of challenges and examples of how TCP works, requiring you to work out the questions like ‘What happens to an established TCP session if one end is power cycled?‘. Also nice to see truss being used in the examples instead of the de facto strace, to monitor low level system calls.
If you have a Docker infrastructure and want to migrate to rkt, the alternative container runtime, have a look here.
A catchy title with lots of practical tools being linked to set up your own pipeline: automating builds & tests, deployments & releases, orchestration, …
A set of configs for collecting malware sent to a Postfix-enabled mailserver, that you can use for later analysis.
Typically, it exits a program when you type ^D. But what goes on behind the screens, making that work?
A good explanation of the most commonly configured parameters of an OpenSSH server you should tweak for increased security.
A practical guide for benchmarking your network stack with the qperf tool: covers installation & running and interpreting the results.
This offers a nice overview of the most common Linux file systems: EXT, Btrfs, XFS, ReiserFS & JFS.