cron.weekly issue #91: Memcached, MariaDB, Boltron, BinaryAlert, Gitlab, pik, uchat & moreJuly 30, 2017 - Mattias Geniar
Welcome to cron.weekly issue #91 for Sunday, July 30th, 2017.
Plenty of good links to share again, the good thing about open source is that there’s hardly ever a shortage of news, guides or new projects. Keep it coming!
Also a gentle reminder that if you have a problem … if no one else can help … and if you can find them … maybe you can hire … the collective knowledge of cron.weekly readers! Don’t be afraid to ask a question at the cron.weekly forum, plenty of kind & knowledgeable folks are ready to help you.
Monitor for domain outages or unwanted DNS changes with DNS Spy and rest assured your DNS is monitored, tracked and backed-up for easy restore. Supports AXFR zone transfers. (Sponsored)
Wikileaks has released the user manual of the Aeris project, part of the Vault7 publications. This particular set of python scripts & binaries target Linux & FreeBSD systems to help compromise those machines.
Scary title, but if you run Memcached you’ll want to make sure it’s up-to-date. Although, if your unauthenticated, plain-text Memcached instances were exposed to the internet for this long, your server is probably already compromised …
ICANN mandated that the referral whois server field had to be renamed, hence breaking all whois clients. This patch fixes that. If you’re wondering why the `whois` client stops working, that’s the reason.
MySQL’s theoretical limits are well explained, but what can be done in practice ? How far can you go with MySQL or with MariaDB? In this post, the author explores a 200+TB MySQL instance!
The Boltron project is one to keep an eye out, if proven successful it’ll find its way into Red Hat Enterprise Linux & CentOS too. Boltron tries to make it easy & maintainable to install multiple versions of ‘something’ (services, binaries, libraries) in the same user space.
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
These guys are moving quickly: the 9.4 release introduces related issues in the issue tracker & a web application monitor that can track response times & error rates and correlate that with deploy times for faster finger-pointing in case of bad deploys!
Mostly a security release, with several new security fixes & lots of minor package updates.
An open source password manager, built for teams. It’s free, open source, extensible & OpenPGP based.
Memsniff inspects network packets on a memcached server and provides realtime statistics about individual keys: their size, request rate, and bandwidth used. This helps identify hot keys without impacting the memcached service.
After Chaos Monkey & Chaos Kong, the Netflix team now introduces their Chaos Platform: an automated system that takes new deploys, sends a small batch of production traffic to it and analyses the outcome, to report back to the team that built that version.
This is a serverless, real-time framework for detecting malicious files. BinaryAlert can efficiently analyze millions of files a day with a configurable set of YARA rules and will trigger an alert as soon as anything malicious is discovered.
Chrome automation made simple. Runs locally or headless on AWS Lambda.
Soundwave is a configuration management database (CMDB) by Pinterest, aimed specifically at EC2 (Amazon) instances.
Learn to program Python within a multiplayer world we all know and love, Minecraft! Code yourself superpowers, build algorithms to construct large buildings or cities, even make a competitive PVP environment pitting your code-magic skills against your friends! Make learning to code fun!
a client-side CMS for static sites hosted on GitHub.
FreeBSD announced the second release of the stable/11 branch; 11.1.
Uber’s internal chat solution: built on top of Mattermost and Puppet.
Pik is a new lossy image format designed by Google. This directory contains an encoder and a decoder for the format. Who knows, in a couple of years time this might replace png?
If you don’t know what a “pcap” file is, this probably isn’t for you, but for those that know it: pcapdb is a Distributed, Search-Optimized Full Packet Capture System.
Guides & tutorials
Our Continuous Delivery 101 video series helps teams get a basic understanding of continuous delivery. Get to know the history and concepts, a look into automated testing, as well as best practises and more. Check it out. (Sponsored)
This post walks you through using the ‘mydumper’ and ‘myloader’ tool to create & restore back-ups in MySQL using parallel threads, significantly improving the back-up & restore speed!
A very actionable guide to get you started with PHP & Nginx on Debian, together with good tips on setting resource defaults & maxima in PHP.
This is another post on `ss`, the replacement of `netstat`. Some more examples you can use for inspiration.
A lot of good tips about scaling your MongoDB clusters, including looking at document sizes, read vs. write ratio’s, IOPS (which gets tricky with Mongo’s default behaviour of only saving data every 60s), …
Csysdig is an open source, htop-like interactive troubleshooting tool for Linux that is designed for monitoring and debugging containers. In this post, you’ll be exploring csysdig in more details.
The fine art of package building is a thing only a few appreciate … this post gives you all the theory of why packages should be signed and plenty of food for thought for building your own RPM-building-pipeline.
A debugging tale with all the basics: ps, dd, grafana/graphite to troubleshoot I/O performance bottlenecks.
Knowing the basics of regular expressions is extremely powerful and will let you parse & analyze logs much quicker. This guide takes you by the hand and shows clear examples of “regexes” to get you started.
Lots of good examples and points in this post: from readonly variables to proper error handling/exiting, handling traps, …
This guide covers the use of free, top, vmstat and sar to find out if RAM shortage is an issue or if you’re just being mislead by the default Linux tools (which happens all the time).