cron.weekly issue #62: FOSDEM, Sockets, OpenPGP, Irssi, Ntfy, DCCP, 33C3, LLVM & more!January 8, 2017 - Mattias Geniar
Welcome to cron.weekly issue #62 for Sunday January 8th, 2017.
It’s a strange and exciting week for me. We upgraded our home hardware from Family 3.0 to 4.0, the new LTS release. Because of that, I found myself awake at odd hours, skimming the web. I feel it’s a big & heavy issue, so it should keep you busy!
Take care & if you want to do me a small favour, spread word of this newsletter on your social media of choice. 😉
The schedule for one the biggest open source conferences in the world is available: mark your Februari 4th and 5th and try to be around Brussels for this one-of-a-kind conference. I know I’ll try to be there, if my hardware upgrade at home permits it.
This project tries to build a “hierarchy” of database engines, based on its popularity. Pretty interesting to see the results, quite a few proprietary database engines are at the top, but open source dominates the list.
The net-tools package, which includes binaries like ifconfig, arp, netstat, … has been deprecated since a few years. Soon, it will no longer be shipped with your favourite Linux distro. It’s time to move on and learn about its replacer, iproute2, which features the “ip” command. (think: ip route, ip address, …)
This is a really interesting approach where PagerDuty releases their documentation on how to handle incidents, on-call and alerting principles. Lots of things to learn here!
2 proof of concepts are explored here: IP vs UNIX sockets. I expected a difference in performance, but this post shows just how much of a difference it is. Worth a read, if only to scroll to the conclusion at the bottom!
This post highlights some areas where PGP shines and is actively used, even in cases where you might not know it’s being used.
A look at 5 of the smallest Linux distributions out there, if you’re looking for inspiration for a new base Docker image or lightweight VM.
Well, sort of. It won’t get any more bugfixes, but can count on 2 more years of security fixes. That essentially leaves PHP 7.0 and 7.1 as the only supported versions of PHP out there. Time to upgrade!
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
This popular IRC client has reached a 1.0 milestone.
I don’t usually get very excited about sed releases, but there’s an interesting footnote here: “sed’s regular expression matching is now typically 10x faster“. I’ve said many things about sed before, but I never called it slow. And now it’s 10x faster.
ntfy brings notification to your shell. It can automatically provide desktop notifications when long running commands finish or it can send push notifications to your phone when a specific command finishes.
Grumpy translates Python code into Go programs, and those transpiled programs run seamlessly within the Go runtime. It removes the Global Interpreter Lock (GIL) from Python and provides a way to scale beyond the limits of “normal” Python. This project reminds me of Facebook’s HipHop, that translated PHP to high-performant C++. That project later became the HHVM runtime.
LeoFS is an unstructured object/data storage for the Web and a highly available, distributed, eventually consistent storage system.
SeaweedFS is a simple and highly scalable distributed file system. There are two objectives: to store billions of files & to serve the files fast! Instead of supporting full POSIX file system semantics, SeaweedFS choose to implement only a key~file mapping. Similar to the word “NoSQL”, you can call it as “NoFS”.
This tool improves your ability to detect and understand packets that get dropped within the network stack on your server.
The team at Uber has released Cherami: a distributed, scalable, durable, and highly available message queue system to transport asynchronous tasks.
SecGen is a Ruby application that uses virtualization software to create vulnerable virtual machines so students can learn security penetration testing techniques. Boxes like Metasploitable3 are always the same, this project uses Vagrant, Puppet, and Ruby to quickly create randomly vulnerable virtual machines that can be used for learning or CTF events.
Guides & Tutorials
A good looking comparison chart laying out the differences between MariaDB, ProxySQL, HAProxy, Nginx and MySQL router. It’s from the folks of ProxySQL, so take with a grain of salt, but it looks pretty accurate.
A heavy introduction to how the source code of the LLVM compiler infrastructure, of which Clang is one frontend. LLVM contains the code on which others can build compilers, rivalling with the de facto standard of GCC.
Some good basic tasks to run on a new PHP server, making sure all default settings are modified in a more secure way.
This post explains where Docker and Containerd differ and how they interact with each other.
A nice technical read on where to get savings using file deduplication in a real case scenario.
DCCP (Datagram Congestion Control Protocol) is a relatively newer transport layer protocol which draws from both TCP and UDP. Some very low-level techie details in this post.
This post shows a few alternatives to using dd when manipulating disks/dvds/drives.
Some more nitty gritty details of the Memcache protocol: how do Slabs work, how it allocates memory, the LRU eviction algoritm, … I still find these posts interesting, even in an age where Memcache is rapidly replaced by Redis.
The 33C3 conference is one of the most known hacker (in the old-skool sense of the word) conferences. All videos are available online, from topics such as “state of internet censorship” to “Virtual Secure Boot” and “Reverse Engineering”. Plenty of interesting videos to choose from!
No idea where they find the time, but the SUSE released another parody video, this time based on Justin Timberlake’s “Can’t Stop the Feeling”.