cron.weekly issue #47: OpenSSL, ripgrep, httpstat, CouchDB, Latency & more!September 25, 2016 - Mattias Geniar
Welcome to cron.weekly issue #47 for Sunday, September 25th, 2016.
A bit later than usual, but I’m liking it better this way. From now on, cron.weekly is not going to have a fixed time for delivery. It’s still weekly and it’ll still be sent on Sunday, but it’s less formal from now on.
After all, it’s just a hobby and having a time constraint & deadline in the weekend is taking its toll on me. Having the ability to finish the newsletter later will give me more peace of mind.
So long 08:00 UTC+2, hello $RANDOM!
A new high severity vulnerability has been patched in OpenSSL: a denial of service attack when using OCSP stapling.
This is one of the most popular open source licenses, and it’s broken down line-by-line by a lawyer, in clear language (heck, even I understood it). The MIT license is pretty short, but there are a lot of nuances in those words that can make a difference.
The GitHub team has introduced their custom load balancer setup which handles their HTTP/HTTPS/SSH traffic. A mix of layer4 (ECMP) and Layer7 (proxies) are used to handle all the requests. Looking forward to their follow-up posts!
I like how they open up their finances too: a total yearly cost of 2.9M USD of which 2.0M USD goes to staffing.
An interesting blogpost about what happens when you join the company behind an open source project you’ve been contributing to, what changes, who takes responsibility, …
Tools & Projects
A faster grep, beating the silver searcher, ack, egrep, … Quite a lot of benchmarks on this page proving the speed of ripgrep!
This one is going into my daily arsenal of HTTP tools: a wrapper around “curl -v” which offers a better view of the timings of a curl request. Nicely done! (make sure to check out the screenshot)
ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core: Xen, Jails, Puppet, bhyve hypervisor & ZFS.
Postgres partitioning as easy as pie. Works great for both new and existing tables, with zero downtime and minimal app changes.
This is a fast, secure and scalable websocket & tcp server for mobile, web & “internet of things”. Think if it like a socket.io/Firebase/Pusher pub/sub & messaging server you can self-host.
A new major release for the database engine: native support for clustering, new admin interface, easier queries & improved performance.
Built on Docker Swarm, Shipyard gives you the ability to manage Docker resources including containers, images, private registries and more.
Vossibility provides better visibility for your open source project. It can collect data from GitHub and visualise them, like commits, issues reported/solved, … In short, a fun dashboard for your OSS project.
TLSlayer is a FAST TLS/SSL reconnaisance tool written in Go. The primary aim is to provide a tool that has no dependencies on OpenSSL that can utilize multiple cores.
A fun web interface to play around with the Varnish VCL configs, without having to spin up your own instances.
Guides & Tutorials
Did you know iptables can be locked? If that’s the case, commands you send to iptables will happily be ignored. The -w option prevents that from happening. This post is a good write-up on where that might sting you.
A good post with practical tips on using more secure ciphers for your SSH keys by moving to an ed25519 key.
This post offers some good tips (at least for beginner Ansible users) on when to use the command and the shell options.
I liked this talk about common pitfalls when monitoring latency, or just monitoring in general. Offers some good and practical points on improving your metrics and drawing better conclusions.
On the 8th and 9th October 2016 in Prague, Czech. Quite the schedule if you happen to be around!
A different continent, ContainerDays is happening in New York on November 3-4. And if you’re looking for a discount, use promocode “CRON.TAINERDAYS”. That’s right, the first cron.weekly reader perk!