issue #72: FreeBSD, lkml, llvm, dnscontrol, buck, ReOpenLDAP, Postfix, Bash, Xargs & moreMarch 19, 2017 - Mattias Geniar
Welcome to cron.weekly issue #72 for Sunday, March 19th, 2017.
Quite a bit of Docker news (good & bad), a lot of new tools and guides and a some fun Unix trivia along the way.
Enjoy your sunday!
Open source database community event. MySQL, MongoDB, MariaDB, PostgreSQL & other open source databases. 1 day of tutorials & 3 days of keynote & breakout sessions. Register Now w/ CRON15 for 15% off. (Sponsored)
This is a pretty cool visualization of the BSD forks; how FreeBSD and OpenBSD separated, where NetBSD and DragonFly forked and where Mac OS X keeps coming back to the FreeBSD core.
An interesting demo & proof of concept: some shell prompts, ie the ones that show the git branch/status etc, might be vulnerable to unwanted code execution. It looks at how you can trick your local shell to execute commands if a branch contains something like “$(./script.sh)”.
This is a very fun weekly parody view on the Linux Kernel Mailing List!
Bother Docker’s “containerd” and CoreOS’s “rkt” container runtime are being donated to the Cloud Native Computing Foundation (CNCF), ensuring a more independent and neutral habitat for both projects.
“24% of latest Docker images have significant vulnerabilities“. If you’ve ever used Docker, this probably doesn’t come as a surprise, as it’s remarkably easy to never update your Docker containers once things are working.
The 3rd Docker news item in a row, with an entirely different take this time: several months ago, Red Hat announced “cri-o”, an alternative container runtime. This post goes on to explore what that might mean for the Docker project.
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
A terminal image viewer, allowing you to view images while in an SSH session. Could be useful if you’re working on a webserver and want to quickly see what that image looks like.
A SSH configuration and policy scanner by Mozilla. It’ll tell you what algorithms the SSH server uses, the version, banner, which keys it supports, … in handy JSON output.
Search and save shell snippets without leaving your terminal: Borg was built out of the frustration of having to leave the terminal to search and click around for bash snippets.
A security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools.
A new JPEG encoder from the team at Google, making JPEG images up to 35% smaller.
A new major release of the llvm project.
This is an industry effort to raise awareness around email security threats and promote the deployment of technologies to address them.
The team at StackOverflow released dnscontrol, a system for maintaining DNS zones. It can then synchronize your DNS to multiple providers from a simple DSL. If you go this route, consider a service like DNS Spy to help check if all your nameservers are synced up.
Run arbitrary commands when files change. Think of it as an inotify alternative. The Event Notify Test Runner is a general purpose Unix utility intended to make rapid feedback and automated testing easier and more intuitive.
Buck is a build system developed and used by Facebook. It encourages the creation of small, reusable modules consisting of code and resources, and supports a variety of languages on many platforms.
Discourages use of mouse by dimming screen by 10% of maximum brightness whenever you left click.
ReOpenLDAP, also known as “TelcoLDAP” – is the telco-oriented fork of well-known OpenLDAP project with a lot of heisenbugs fixing and addition of a few new features, mostly for highload and multi-master clustering with a hot replication.
Guides & Tutorials
A short post, but it introduces the -P flag to xargs that allows you to run tasks in parallel. Had no idea that existed!
A fun debugging tale involving Docker networking, some /proc exploration, nifty diagrams and VXLAN.
A good look at the important Apache configuration directives, how to interpret the apache-status output and it goes on to explain Worker, Prefork and Event MPM pretty well.
I hope you don’t have to do this very often, but if you ship servers or middleware to uncertain places, you might like this: a proper guide to encrypting your Bash shell scripts.
This guide explains the steps to implement postfwd, a Postfix plugin to help combat spam.
Perhaps not much of a guide, but a very read regardless: how commodity hardware was used to create the Fastly network. Goes on to explain load balancing, DNS requests, ECMP, …
Another introduction post to using and maintaining Docker, starting with the terminology and offering practical copy/paste’able commands to get started with Docker.
Bash scripts aren’t throwaway code, our scripts usually stay for a couple of years. That’s why this post advocates testing, version control, debugging & logging of Bash scripts.
An ode to the lsof command with plenty of examples and explanations of what the tool does, where it shines and how to use it.
The author accidentally deleted a python script he was working on, but it was still running in a process in a Docker container. This guide explores how to get your script back, in such a scenario.