cron.weekly issue #99: Struts, SELinux, Xen, JDK, Postgres, Caddy & moreSeptember 24, 2017 - Mattias Geniar
Welcome to cron.weekly issue #99 for Sunday, September 24th, 2017.
I’m writing this one a bit later than usual, if some of the comments seem a bit short – it’s just because I lack the time to dive in deeper. But, as usual, a good issue with lots of variation.
Next one will get some more attention, after all – it’s celebration time then.
Happy 10th birthday, Go programming language!
I didn’t think they’d do it, but after all the hassle & anger Facebook got over its React license, it’s now changing it to a basic MIT license.
The maintainer of Caddy, a popular HTTP/2 & security focussed webserver, shares his experience after a troubled week of trying to make an open source project a viable business.
If you manage the server stack of developers, beware that if you’re using the “.dev” domain, Chrome (and soon other browsers) will now force those domains to HTTPS.
This is still very much in alpha/beta, but the Xen team is working on a configurable unikernel that can be used as the basis for creating your own unikernels, targeting specific applications (like nginx, mysql, …).
If you use iTerm2/iTerm3 as your terminal, make sure you’re on the latest version: previous versions are known to leak private data (passwords, notes, URLs, …) via unwanted DNS requests. The latest update disables that feature.
It requires a couple of specific conditions, but Apache can leak private data – like Heartbleed – when sending the OPTIONS HTTP method. No update to Apache has been released yet.
Tools & Projects
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
This new release contains a feature called “Auto Devops” (don’t get me started), which auto-configures CI, code testing/quality, reviews, … a whole new GUI, stricter requirements on SSH keys & plenty more.
Java 9 is out!
Wire is a secure communication client, this part open sources the server aspect so you can run your own instance of a Wire-server.
This isn’t a practical project, but it’s a technical achievement I wanted to share: a full website, with audio, that fits in a single TCP packet. Many optimizations go into this to make it possible, which might give you ideas for solving other problems!
gops is a command to list and diagnose Go processes currently running on your system.
This is a tech demo of CRIU and Docker integration, featuring tmux.
NSQ is a realtime distributed messaging platform designed to operate at scale, handling billions of messages per day. It promotes distributed and decentralized topologies without single points of failure, enabling fault tolerance and high availability coupled with a reliable message delivery guarantee.
Guides & Tutorials
This free reference guide will take you back to the basics. You’ll find visuals and definitions on key concepts and questions you need to answer about your teams to determine your readiness for continuous delivery. Download and share with your team. (Sponsored)
This post does a very good job at explaining “time series” databases, focusses on the use cases & advantages of InfluxDB and explains the concept of a “TICK” (Telegraf, Chronograf, Kapacitor) stack. Followed by a set of concrete commands to get you started. (Sponsored)
This post contains a lot of good tips & tricks for getting more processes running in your favor, by “threading” them, or starting multiple at once, using tools like ‘parallel’, ‘xargs’ & pipes.
If you’ve ever setup an NFS client/server configuration, you probably learned the hard way the difference between a soft & hard mount. It’s a tradeof between speed (in failure/boot/shutdown) vs. reliability & potential data loss. Something everyone should be aware of, I think.
This wiki shows a list of all things new and shiny in the next upcoming PostgreSQL 10 release, which could be any day now.
An extensive overview of the different NTP clients & servers and how they differ. I often find these ancient protocols, that no one seems to care about anymore, very fascinating to dive into.
In this post, the author explains what an SSH honeypot is and how you can set one up yourself. If you’re looking for motivation to firewall your 22/TCP port, running an SSH honeypot to see what kind of traffic comes in is a good method. 🙂
This one contains the basics of systemd, some basics regarding processes & file management & a fair amount of history on systemd.
This is a very good tip if you have a rather big .bashrc file, to spread the content into logical files in a “.d” directory, and source each file individually. Much cleaner this way!
In this post, the author looks at the recent Apache Struts exploit and tries to launch it on a SELinux enabled system vs. one without SELinux. I think you can guess how that ended …
This is useful when dealing with broken or malicious clients accessing your systems, to throttle them via their source IP.