CRON.WEEKLY

I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

cron.weekly issue #65: SRE, ngrep, pipenv, whalebrew, KVM, Ansible, FPM & more!

January 29, 2017 - Mattias Geniar

Welcome to cron.weekly issue #65 for Sunday, January 29th, 2017.

It’s a slightly shorter one as the Family 4.0 upgrade isn’t leaving me with much sleep. Make sure to scroll to the bottom as the full Google Site Reliability Engineering book is available – online – for free!

As usual, if there’s content you read that should have been in this newsletter, let me know!

News

FSF updates list of High Priority Projects

The Free Software Foundation highlights several key areas they feel need more attention: a free phone OS, decentralized/federated self-hosting, open drivers, real-time voice and chat, …

tutorials.ubuntu.com goes live!

This looks like a solid good new resource: clear interface with very nicely written guides on Ubuntu topics.

Return of the Unauthenticated, Unfirewalled protocols

We’re seeing MongoDB, Redis, RabbitMQ, … all being held ransom because they are unfirewalled on the internet without any form of authentication. This post warns that there are a lot of similar protocols that need proper security & firewalling. If you run any of these, do a security check-up.

4.10 kernel to be named “Anniversary Edition”

See title. 😉

Look before you paste from a website to terminal

Beware that what you copy from a website might not be what you think it is: with extra CSS & HTML you can trick the user into copying more than he/she wanted, causing unexpected results (with a big security risk!) if you paste in your terminal.

Google becomes their own Certificate Authority

We’ll see the Google root certificate land soon.

The Command Line Challenge

This is a fun in-browser game that teaches you how to use the CLI by offering challenges you need to get passed.

Lennart Poettering on systemd’s Tumultuous Ascendancy in the Linux Community

What looks like an honest interview with Lennart Poettering, the creator and maintainer of systemd. Contains quite a bit of history of how systemd came to be and the rationale behind it.

Tools & Projects

DataDog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)

ngrep

ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets.

peleton

Peloton is a self-driving SQL database management system. This tool can analyse your DB configurations & implement the needed configuration tweaks for you. Sounds scary if you ask me, but so is blindly implementing mysqltuner advice – you can argue what’s best here.

pipenv

A sacred Marriage of Pipfile, Pip, & Virtualenv: aka, a new package manager for Python with lots of extra conveniences.

enteletaor

A Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. It’s like nmap, but specifically for those protocols.

Wine 2.0

This Windows Emulator now has support for Office 2013 and 64bit support on Mac OSX.

Project Everest

A high-performance, standards-compliant, verified implementation of the full HTTPS ecosystem, from the HTTPS API down to and including cryptographic algorithms such as RSA and AES.

whalebrew

For Mac users only: it’s Homebrew, but with Docker images. This package manager creates convenient aliases to Docker images.

pyzdb

A lightweight database with Python syntax queries, using ZeroMQ.

Rainloop Webmail

A good looking webmail you can self-host, written in PHP (so it runs basically anywhere).

Guides & Tutorials

The command-line, for cybersec

A solid write-up and I’d go so far as to say it isn’t “just for cybersec” folks. Covers Bash & man pages, scripting, basic network commands, tools like netcat, openssh, nmap, …

 7 ways we harden our KVM hypervisor at Google Cloud: Security in plaintext

Even Google does the typical “x ways to do y” kind of posts: some more insights into the Google Cloud platform, that runs on KVM.

OpenSSH Keys: A Walkthrough

How SSH keys are stored, the format/layout of SSH keys, how conversion between different types happens, … Plenty of low-level details on the SSH protocol.

Nginx – Enable PHP-FPM Status Page

The PHP-FPM daemon can show different stats for its running FPM processes, this guide covers the settings needed in Nginx & PHP-FPM to get that output.

Ansible best practices: the essentials

Some practical tips on structuring your Ansible projects.

Site Reliability Engineering: the full Google book

Some call it “the bible of doing operations” and it wouldn’t be far from it: the full Google SRE book is now available online. If you want to level up, this is a very good read!

Videos

linux.conf.au 2017

All talk recordings of this Australian Linux conference are available online. From BFP tracing to introducing .NET core on Linux to network hacking & config management. So much good content!

Immutable Infrastructure with Docker and Containers

This presentation covers the pro’s and con’s about running containers and explains how to set up a fully immutable infrastructure with Docker as the basis. An interesting video-display experience too, slides go side-by-side and the video goes in cinematic mode when needed automatically.


I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!