cron.weekly issue #52: Dtrace, nftables, bashcached, nodejs 7, elastic 5, bfs, varnish & more!October 30, 2016 - Mattias Geniar
Welcome to cron.weekly issue #52 for Sunday, October 30th, 2016.
There’s lots of DNS related news and tools this week as well as topics related to HTTPs, Varnish, Go videos and Linux internals. Plenty of content to keep you busy on a Sunday, I hope!
The Linux Foundation has introduced a new MOOC (Massive Open Online Course): Introduction to DevOps. This free-to-enroll course is available online through edX and starts on November 16th.
Nftables is a new packet classification framework that aims to replace the existing iptables, ip6tables, arptables and ebtables facilities. It aims to resolve a lot of limitations that exist in the venerable ip/ip6tables tools.
The latest update to the Linux performance debugging chart by Brendan Gregg, as well as a detailed write-up on the tools and how to interpret their output.
And just like that, Mozilla has put 2 companies out of business: as of October 21st, new certificates issued by WoSign and StarTcom will be marked insecure in Firefox. Other browsers will likely follow shortly, as a result of several security incidents with both CA’s.
This is a fun cartoon/visualisation of the linux kernel; processes table, crond, …
Tools & Projects
Get real-time, integrated statistics on your entire infrastructure: from Amazon stats on your servers to detailed numbers of your PostgreSQL, Elasticsearch, Node & other applications – all from a single, easy to use, interface. Sign up for a free trial to discover a better way to monitor your stack! (Sponsored)
This is the swiss army knife of document conversions: from markdown to HTML, from LaTeX to Word or PDF, … you name it, Pandoc can take pretty much any input and convert it to virtually any output.
Memcached built on bash + socat. You wouldn’t use this in production, but it’s super interesting to see Memcached get implemented in less than 100 lines of Bash!
A whole new set of releases: Elasticsearch 5.0, Kibana 5.0, Beats 5.0, Logstash 5.0, … more than a year of development has lead to this new release and it’s packed with new features and improvements.
The ‘bus1’ project is set as a replacement for IPC (Inter Process Communication) currently active in the Linux kernel. This page gives a really detailed view of how that will work.
This latest version of nodejs introduces the latest V8 engine, 98% coverage of the ES6 language, improved performance & reliability.
A google drive client for the CLI.
The ‘Baidu file system’: a distributed file system designed to support real-time applications. Like many other distributed file systems, BFS is highly fault-tolerant. But different from others, BFS provides low read/write latency while maintaining high throughput rates.
fwknop stands for the “FireWall KNock OPerator”, and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables and firewalld on Linux) and libpcap. SPA is essentially “next generation port knocking”.
LibVMI is a C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine by viewing its memory, trapping on hardware events, and accessing the vCPU registers. This is called virtual machine introspection.
A blockchain-based DNS + HTTP server that fixes HTTPS security.
Namecoin is an experimental open-source technology which improves decentralization, security, censorship resistance, privacy, and speed of certain components of the Internet infrastructure such as DNS and identities.
Guides & Tutorials
This is a practical introduction using Hashicorp’s Vault to store sensitive data, passwords, TLS or SSH secrets, …
A back-up is only good if it can be restored: this post by Facebook introduces how they handle automated restores and validation. If you’re thinking of implementing this yourself, lots of valuable tips in that post.
This post announces a new set of configuration templates for using the latest Varnish 5 caching daemon & load balancer. Plenty of boilerplate code in VCL files to save you the trouble of writing it yourself.
The purpose of a debugger such as the BASH debugger is to allow you to see what is going on “inside” a bash script while it executes.
ops-class.org includes slides, hundreds of hours of videotaped lectures, and sample exams: everything you need to learn OS concepts online at your own pace.
Since the Go language is increasing in popularity – not only for Devs, but Ops too – I wanted to share the videos of this conference. The first 3 videos of the dotGo conference are available online, I’m sure the others will follow shortly.
This is a really entertaining video about what “makes Linux suck”; a look at systemd with the pro’s & con’s, a critical look at the community and some funny Linux vs. Justin Bieber comparisons.