cron.weekly issue #65: SRE, ngrep, pipenv, whalebrew, KVM, Ansible, FPM & more!January 29, 2017 - Mattias Geniar
Welcome to cron.weekly issue #65 for Sunday, January 29th, 2017.
It’s a slightly shorter one as the Family 4.0 upgrade isn’t leaving me with much sleep. Make sure to scroll to the bottom as the full Google Site Reliability Engineering book is available – online – for free!
As usual, if there’s content you read that should have been in this newsletter, let me know!
The Free Software Foundation highlights several key areas they feel need more attention: a free phone OS, decentralized/federated self-hosting, open drivers, real-time voice and chat, …
This looks like a solid good new resource: clear interface with very nicely written guides on Ubuntu topics.
We’re seeing MongoDB, Redis, RabbitMQ, … all being held ransom because they are unfirewalled on the internet without any form of authentication. This post warns that there are a lot of similar protocols that need proper security & firewalling. If you run any of these, do a security check-up.
See title. 😉
Beware that what you copy from a website might not be what you think it is: with extra CSS & HTML you can trick the user into copying more than he/she wanted, causing unexpected results (with a big security risk!) if you paste in your terminal.
We’ll see the Google root certificate land soon.
This is a fun in-browser game that teaches you how to use the CLI by offering challenges you need to get passed.
What looks like an honest interview with Lennart Poettering, the creator and maintainer of systemd. Contains quite a bit of history of how systemd came to be and the rationale behind it.
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
ngrep strives to provide most of GNU grep’s common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets.
Peloton is a self-driving SQL database management system. This tool can analyse your DB configurations & implement the needed configuration tweaks for you. Sounds scary if you ask me, but so is blindly implementing mysqltuner advice – you can argue what’s best here.
A sacred Marriage of Pipfile, Pip, & Virtualenv: aka, a new package manager for Python with lots of extra conveniences.
A Message Queue & Broker Injection tool that implements attacks to Redis, RabbitMQ and ZeroMQ. It’s like nmap, but specifically for those protocols.
This Windows Emulator now has support for Office 2013 and 64bit support on Mac OSX.
A high-performance, standards-compliant, veriﬁed implementation of the full HTTPS ecosystem, from the HTTPS API down to and including cryptographic algorithms such as RSA and AES.
For Mac users only: it’s Homebrew, but with Docker images. This package manager creates convenient aliases to Docker images.
A lightweight database with Python syntax queries, using ZeroMQ.
A good looking webmail you can self-host, written in PHP (so it runs basically anywhere).
Guides & Tutorials
A solid write-up and I’d go so far as to say it isn’t “just for cybersec” folks. Covers Bash & man pages, scripting, basic network commands, tools like netcat, openssh, nmap, …
Even Google does the typical “x ways to do y” kind of posts: some more insights into the Google Cloud platform, that runs on KVM.
How SSH keys are stored, the format/layout of SSH keys, how conversion between different types happens, … Plenty of low-level details on the SSH protocol.
The PHP-FPM daemon can show different stats for its running FPM processes, this guide covers the settings needed in Nginx & PHP-FPM to get that output.
Some practical tips on structuring your Ansible projects.
Some call it “the bible of doing operations” and it wouldn’t be far from it: the full Google SRE book is now available online. If you want to level up, this is a very good read!
All talk recordings of this Australian Linux conference are available online. From BFP tracing to introducing .NET core on Linux to network hacking & config management. So much good content!
This presentation covers the pro’s and con’s about running containers and explains how to set up a fully immutable infrastructure with Docker as the basis. An interesting video-display experience too, slides go side-by-side and the video goes in cinematic mode when needed automatically.