cron.weekly issue #88: a forum, kernel 4.12, OpenBSD, systemd, elvish, puppet, vtop & more!July 9, 2017 - Mattias Geniar
Welcome to cron.weekly issue #88 for Sunday, July 9th, 2017.
The holidays have started in Belgium, so there’s plenty of time for open source – right? 😉
Launching the cron.weekly forum
Did you know there are over 6.000 readers of cron.weekly, every single week? That’s an insane amount of smart people I get to reach! Now instead of one-way communication, what if we could all collaborate? After all, you (yes, you!) have a unique skillset someone else might not have.
To that effect, I’m starting the cron.weekly forum at ask.cronweekly.com. The idea is simple: if you’ve got a problem, a cool idea or want to share your open source project, just post something on the forum!
Unanswered problems will get highlighted in the newsletter to get more views & thoughts, in the hope that issues get resolved. To get a feel of what that looks like, see the first set of questions at the bottom of the newsletter. This is the part where you come in with the answers!
What are you waiting for? Sign up & start the discussion!
The Night Watch (PDF)
This isn’t exactly news, but it’s a very fun read (call it a short story) about the end of times and the zombie apocalypse and the role a systems programmer plays there. 🙂
Yay, a new kernel! What’s new in 4.12? Glad you ask. Two new I/O schedulers (BFQ & Kyber), lots of filesystem fixes for BTRFS & XFS, many driver updates and a heap of smaller changes. Check kernelnewbies for the full list.
These are commands like rcp, rlogin, … which are all getting deprecated in FreeBSD.
If you click past the obnoxious “cookie” warning, you’ll learn about Smith (a microcontainer builder), Crashcart (to sideload binaries into a running container) and Railcar (a rust implementation of the oci-runtime).
A good read on how and why the Linux distributions drifted apart and what that means for “modern Linux” today, including a part where systemd tries to standardize some parts of those distributions again.
This is pretty cool; this feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time.
This was another interesting read on virtualization, memory management, multi-user systems, privileged port binding & how we’re using clever method of working around those limitations.
Early next year, you’ll be able to request and receive wildcard certificates for your domains. To get one of those, DNS validation is a requirement – which makes sense, since if you own the DNS, you can do pretty much anything you like.
nftables vs iptables, who wins? This is a solid comparison, generating simple & complex rulesets to evaluate the performance of TCP streams against it.
Lots of attention went to this bugreport (and the discussion below it) about how systemd interprets some usernames badly, treats them as invalid and falls back to using the root user to start services or scripts.
This is my own write-up of the bugreport of systemd above, putting things into context. A few days later I also posted some more nuances to the systemd debacle.
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
Kubernetes shell: An integrated shell for working with the Kubernetes CLI.
A commandline tool for searching and downloading files in LAN network, without any central server.
Stacer is a Linux System Optimizer and Monitoring. It can easily list the services that start on boot, clean unused or obsolete libraries, show a quick dashboard and more.
Elvish is a friendly and expressive shell for Linux, macOS and BSDs.
sshecret is a tool that creates an ssh-agent for each identity file found in your ssh_config(5) and executes ssh commands for a particular host using an environment that has access to only the key for that one host. If a server to which you’ve forwarded your ssh-agent is compromised, then only the key used for that domain will be affected.
The magma server daemon, is an encrypted email system with support for SMTP, POP, IMAP, HTTP and MOLTEN. Additional support for DMTP and DMAP is currently in active development.
A Ruby gem that beautifies the terminal’s ls command, with color and font-awesome icons.
I’m pretty sure we’re running out of characters to put before ‘top’ soon. 🙂 Vtop looks interesting though, as a graphical activity monitor for the command line.
An image resizer that’s 15x as fast as ImageMagick? Color me impressed!
A new major release of the popular config management tool; 30% faster agent runs over puppet 4, lots of bugfixes, improved interoperability for other tools & lots of little enhancements. And: it should be compatible with your Puppet 4 code, to make for easier upgrades.
Guides & Tutorials
Nagios got you down? False alarms ruining your sleep? If you’re looking to fix your monitoring and need expert help, we should chat. (Sponsored)
A good reminder what ‘grep’ is often a redundant command if you’re piping to awk anyway.
Lots of gold in this post with practical details on how their Kubernetes stack is set up on AWS, how the networking side looks, best-practices around subnetting, …
Some practical commands for using dynamic tracing to help debug running applications, covering ‘perf’, ‘uprobe’ and ‘kprobe’. This one is pretty developer-focussed.
I usually don’t like linkposts like these, but it was fun to see there even are 100 security tools for Linux! If you’re ever bored, you’ll find a couple in there to try out.
This guide lets you use ‘tomb’ to encrypt a folder on your file system with password-protected keyfiles.
Practical, to-the-point and persuasive (it almost makes me ditch screen!) introduction to tmux to tile window panes in a command-line environment.
This covers things like DNS based load balancing (round-robin), layer 7 based (nginx etc.), layer 4 (HAProxy, IPVS), …
We’re on a mission to create the most beneficial payout ecosystem in the world and fundamentally change the way people receive money! As a Site Reliability Engineer at OptioPay you own and manage core infrastructure like Kubernetes, Kafka, Postgres, CI systems, Nginx and the machines on which it all runs. (no remote work) (Sponsored)
With so many options out there, what’s the best end-to-end encrypted back-up solution for Linux?
How do you proceed if you want to create a disk for a VM on top of LVM with GRUB?