cron.weekly issue #97: kernel 4.13, TLS, LLVM, Yarn, Vagrant, AWX, Nginx & moreSeptember 10, 2017 - Mattias Geniar
Welcome to cron.weekly issue #97 for Sunday, September 10th, 2017.
Last week was an interesting issue, in the time between me writing and sending the newsletter, one of the featured projects got deprecated. On top of that, it looks like my URL manipulations caused one webserver to throw errors instead of the page I wanted. Ah well, lessons learned!
Meanwhile, major open source projects have been holding of on releasing new major versions for the beginning of September it seems! Many new releases in this issue, which makes it a pretty big one.
Quite a few new security improvements in this release, better huge-page swapping & better handling of asynchronous I/O, TLS support directly in the kernel & many more improvements landed in this release.
If everything goes according to plan, the next 4.14 kernel is going to be the new LTS release, receiving up to 2 years of support & patches.
This is the very technical explanation of how the 4.13 kernel uses TLS directly in the kernel. An alternative read would be Filippo Valsorda’s, where he looks at the kernel patch & how it fits in with Go’s TLS implementation.
Struggling to keep up with the flow of tech news? Need to improve your signal to noise ratio? One email a day, five must read tech news stories, sent in time for your commute home. Stay in the loop without burning all your free time. Read the first two weeks for free. (Sponsored)
This is essentially the end of the Solaris distribution.
This is an interesting approach to looking at the security or state of your systems: monitoring reverse uptime and golden image freshness.
As of this month, every Certificate Authority has to check for CAA DNS records before it issues a new certificate. If you haven’t already, it’s a great way to better protect your domain(s) from getting unwanted certificates.
More and more of the strong, successful open source projects, are relying on money from either investments (see previous cron.weekly’s, plenty of seed rounds & venture capital) or from major companies behind the project, deciding to open source it.
In this interview, Greg Kroah-Hartman – who’s responsible for the Linux releases making it out the door – shares his background & history with Linux and how he came to join the Linux Foundation.
Tools & Projects
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
A simple command to fully update an Ubuntu PC/server via apt. Mostly hands-off and unattended.
This new release adds support for C++17, co-routines, improved optimizations, new compiler warnings, many bug fixes.
Collection of Scripts to Automatically Unlock LUKS Devices on kexec Reboot. (kexec is a method to reload to a new kernel faster, without a full system reboot.)
Who hasn’t used Vagrant by now? Vagrant is a tool for building and distributing development environments, the 2.0 version includes support for provisioning on VirtualBox, VMware, Hyper-V, Docker, AWS, GCP. It can virtualize Linux, Windows & Mac.
Ansible Tower is now open source and the project is called “AWX”. Jeff Geerling wrote up more details & how to get started with AWX on his blog.
Nginx has always been a powerful webserver & proxy, but it could never run your application code (Go/Java/PHP/…) directly. With Nginx Unit, it now can. It’s a new application server that can run your code, across multiple versions. It’s better explained in the Nginx Application Platform blogpost.
The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions. In short, it’s a game to test your hacking & infosec skills.
Now that Reddit decided to close its source code, Raddit is a new Reddit-like clone that’s fully open sourced.
Judging by the website, you’d think this project hasn’t been updated in 10 years, but it’s still in active development. HTTrack is an “offline website browser” and allows you to copy a website locally, crawling all pages.
container-diff is an image analysis command line tool. container-diff can analyze images along several different criteria, currently including Docker Image History, file system, apt-get + pip installed packages & more.
Guides & Tutorials
GoCD or Jenkins? In this blog, we compare GoCD with Jenkins on philosophy, getting started, continuous delivery, and plugins. Understand more about how these CI/CD tools fit your needs. (Sponsored)
A very good guide on what you’d need to migrate from Solaris to Linux, not only the actual data migration, but how to transfer your skillset from Solaris to modern Linux.
This is a giant matrix of comparisons between different Unix flavors (AIX, BSD, Linux, …) comparing terminology, tools, methods, … Looks like a good place to fallback to if you’re ever switching from one Unix kind to another.
Dropbox has some experience with operating at scale, so when they write up guides, I read them. In this one, they look at everything that makes up a webserver; from the hardware to the network & software.
Another set of practical commands to get the latest ECDSA certificates with your Nginx installation.
This is a list of some of the most often used bash features and constructs.
A really technical in-depth look at PostgreSQL vs. MySQL to try and persuade you to switch to Postgres.
Every week it seems a new “task runner” is open sourced and announced, adding another layer of complexity to development. This post looks at using Makefiles instead of over-engineered tools to accomplish the same thing, but simpler.
It’s been a bit quiet on the forum in the last few weeks, but that’s OK. It doesn’t need to be the most active forum, but it’s a good last resort to ask questions if you’re stuk elsewhere. After all, if cron.weekly readers don’t know the answer, you’re doomed – right? 😉
Are you looking at SAMBA or web-based tools like Owncloud?
All videos from this hacker camp, held a few months ago, are now available. Ranging from hardware hacking to security info & plenty of open source tools.