cron.weekly issue #96: LogDevice, qmail, redis, Linus, HAProxy, libraries, concert, restic & moreSeptember 3, 2017 - Mattias Geniar
Welcome to cron.weekly issue #96 for Sunday, September 3rd, 2017.
There’s some old-skool Linux news in this one with qmail & some Apple history, even more open source venture rounds & some practical guides for monitoring & securing containers. Should keep you occupied for at least a morning coffee.
In 1997 a $500 bounty was offered to whoever found a security hole in qmail. To this day, that still goes unpaid. This post gives a good reminder of the security practices put in place by qmail too, which is a fascination read in and of itself.
This post looks at what’s underneath the a ‘container’, looking at individual components that make up the wider concept of a container. Covers image formats, registry interactions, execution, storage, … as high level topics.
Struggling to keep up with the tsunami of tech news? Need to improve your signal to noise ratio? One email a day, five must read tech news stories, sent in time for your commute home. Stay in the loop without burning all your free time. Read the first two weeks for free, no credit card required. (Sponsored)
This was some interesting trivia; Linus Torvalds turned down a job from Apple, as it would have required he stopped working on his own Linux kernel.
This is a big article (some call it a book) about the history of computers (Apple vs. Microsoft) and the rise of GUI’s vs. command line interfaces, in all its forms.
The power of open source: this is the story of how one person managed to rebuild a $86.000.000 (!) project with open source tools. That ’57 lines of code’ is of course an exaggeration, as the open source tools it’s built on have thousands more – but the cost savings are real.
The company behind popular key/value store Redis raises quite a bit of money, securing the long(er) term support of Redis.
It’s considered highly experimental, but the popular load balancer adds support for the HTTP/2 protocol in its latest update.
In this post, the author looks at the crypto used in the Restic back-up tool. Short version: looks like it’s fairly solid!
The RubyGems project has disclosed several critical vulnerabilities, you’ll want to make sure you’ve updated to the latest versions to ensure system & user safety.
Libraries helps you find new open source libraries, modules and frameworks and keep track of ones you depend upon. It includes a search engine to search by license, keyword, language, …
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
A rolling release distro, comparable to Arch Linux, which uses runit as the service manager (as opposed to systemd/sysvinit).
An Open Container Initiative (OCI) based implementation of Kubernetes Container Runtime Interface.
Concert is a console based certificate generation tool for letsencrypt.org. Let’s Encrypt is a free (as in free beer), automated, and open certificate authority.
JuNest (Jailed User NEST) is a lightweight Arch Linux based distribution that allows to have an isolated GNU/Linux environment inside any generic host GNU/Linux OS and without the need to have root privileges for installing packages.
This is a plugin to enable Kubernetes as an OpenFaaS backend. The existing CLI and UI are fully compatible. It also opens up the possibility for other plugins to be built for orchestation frameworks such as Nomad, Mesos/Marathon or even a cloud-managed back-end such as Hyper.sh or Azure ACI.
FeedHQ is a simple, lightweight web-based feed reader written in Python.
‘eg’ will give you useful examples right at the command line. Think of it as a companion tool for man.
innotop is a ‘top’ clone for MySQL with many features and flexibility, showing expensive queries, replication lag, monitoring multiple hosts, …
An interactive kubernetes client featuring auto-complete.
This is Facebook’s solution for logging at their immense scale (read: it’s probably overkill for us mere mortals). This post contains a lot of interesting details about the implementation and challenges involved of running it at such a scale.
Guides & Tutorials
GoCD or Jenkins? In this blog, we compare GoCD with Jenkins on philosophy, getting started, continuous delivery, and plugins. Understand more about how these CI/CD tools fit your needs. (Sponsored)
This post covers installation of Kubernetes 1.7 on an Ubuntu 16.04 (LTS), giving you practical CLI commands to get you started.
This is a basic install that incorporates collectd, InfluxDB, and Grafana on the same host, on CentOS.
This is a fun guide on how to build your own web-scraping but (you know, for fun & profit) using the new ‘Puppeteer’ tool to run the Chrome Browser headless.
Lots of explanations in this post about how to secure both host and container, giving you details on where the vulnerabilities might lie. Contains lots of practical commands too to implement the suggestions.