cron.weekly issue #57: PHP 7.1, Crypto, NTP, runv, Multibinder, Grafana, FPM & more!December 4, 2016 - Mattias Geniar
Welcome to cron.weekly issue #57 for Sunday, December 4th, 2016.
There’s a new PHP release, interesting tools from Google & Github, a very extensive crypto-guide to learn about cryptology, Grafana has entered the monitoring market & many more new things.
Get comfortable, grab a coffee, distract your kids and take your time for this weeks’ cron.weekly.
Crypto 101 is an introductory course on cryptography, freely available for programmers and sysadmins of all ages and skill levels. The course already contains over 250 pages and is still considered a work in progress.
Google is running a fuzzer on many critical open source tools and libraries, to automatically find and notify the maintainers of security vulnerabilities, buffer overflows, use-after-free bugs, …
One of the most popular webfonts used today is Font Awesome. For version 5, the team decided to do a Kickstarter campaign that now reached a whopping 1.000.000$ in funding. The best part? Because they reached that goal, all tools and processes used to create those fonts are going to be open sourced.
Google has made their NTP servers publicly available, allowing everyone to sync against them. They do really interesting things with time, like ‘smearing’ time for leap seconds: instead of jumping a second (which computers don’t like), 10h in advance they ‘smear’ the time by stretching every second for 0.0014%. Similar to what the ntimed NTP project promised to do.
“The good thing about Unix, is when it screws up, it does so very quickly.”
It isn’t easy to encrypt DNS (the protocol), so middleware DNS servers like CoreDNS are looking into using an HTTPS endpoint to query for DNS records, offering privacy to the user as your DNS queries become fully encrypted.
Tools & Projects
With Datadog, you can see all your data in one place. See Amazon stats on your servers, as well as detailed numbers of your PostgreSQL, Elasticsearch, Node & other applications. Sign up for a free 14-day trial. (Sponsored)
This tool uses iptables, tc and bash to allow you to rate limit connections based on the TCP port.
The team at GitHub introduces ‘multibinder’, a clever tool that allows you to pass a LISTEN socket from one pid to another, causing zero-downtime reloads or restarts of any service.
Runv is a hypervisor -based runtine for the open container initiative. It allows you to run containers inside a lightweight VM, using KVM, Xen or VirtualBox. This will offer greater isolation at the cost of (some) performance.
The first stable 1.0 release for the wpcli project: with wpcli, you can manage your WordPress installations via the CLI: update the core, install plugins, manage content, …
“Unix in your browser tab”, Browsix is a research project that bridges the gap between the OS and the browser. It does this by mapping low-level Unix primitives, like processes and system calls, onto existing browser APIs, like Web Workers and postMessage.
The new major release from Grafana offers alerting, making the transition from a visualization tool, to a full monitoring tool. For an overview of all the features, check out the Grafana 4 beta release announce post.
This is a network connection verification utility that supports multiple protocols.
mtail is a tool for extracting metrics from application logs to be exported into a timeseries database or timeseries calculator for alerting and dashboarding.
A good list for us sysadmins that want to keep control over things: a list of Free Software network services and web applications which can be hosted locally.
Guides & Tutorials
From blocking IPs to opening ports to rate limiting based on source IPs, some good copy/paste-able examples in that post.
A very extensive write-up on both htop and top, with every possible parameter clearly explained.
Strace is one of my favourite debugging tools, this post shows some of the basic commands and usages to troubleshoot running applications.
This post covers most of the performance-related parameters you can tweak in HAProxy, covering multiprocessing & CPU pinning, CPU affinity, load balancer algorithms, …
The FPM package manager is getting serious about its documentation. Have a look when you want to implement FPM in your processes.
Step-by-step instructions for when you want to run your own SSH honeypot: let the bad guys in and record their SSH sessions to see what they’re up to.