Welcome to cron.weekly issue #99 for Sunday, September 24th, 2017.
I’m writing this one a bit later than usual, if some of the comments seem a bit short – it’s just because I lack the time to dive in deeper. But, as usual, a good issue with lots of variation.
Next one will get some more attention, after all – it’s celebration time then.
Take care!
News
Go: Ten years and climbing
Happy 10th birthday, Go programming language!
Facebook Relicensing React, Jest, Flow, and Immutable.js
I didn’t think they’d do it, but after all the hassle & anger Facebook got over its React license, it’s now changing it to a basic MIT license.
The Realities of Being a FOSS Maintainer
The maintainer of Caddy, a popular HTTP/2 & security focussed webserver, shares his experience after a troubled week of trying to make an open source project a viable business.
Chrome to force .dev domains to HTTPS via preloaded HSTS
If you manage the server stack of developers, beware that if you’re using the “.dev” domain, Chrome (and soon other browsers) will now force those domains to HTTPS.
Xen announces ‘unicore’, a general purpose unikernel
This is still very much in alpha/beta, but the Xen team is working on a configurable unikernel that can be used as the basis for creating your own unikernels, targeting specific applications (like nginx, mysql, …).
iTerm leaked private data via DNS requests
If you use iTerm2/iTerm3 as your terminal, make sure you’re on the latest version: previous versions are known to leak private data (passwords, notes, URLs, …) via unwanted DNS requests. The latest update disables that feature.
Optionsbleed – HTTP OPTIONS method can leak Apache’s server memory
It requires a couple of specific conditions, but Apache can leak private data – like Heartbleed – when sending the OPTIONS HTTP method. No update to Apache has been released yet.
Tools & Projects
Get full-stack observability with Datadog
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
GitLab 10.0
This new release contains a feature called “Auto Devops” (don’t get me started), which auto-configures CI, code testing/quality, reviews, … a whole new GUI, stricter requirements on SSH keys & plenty more.
JDK 9
Java 9 is out!
wire-server
Wire is a secure communication client, this part open sources the server aspect so you can run your own instance of a Wire-server.
FastestWebsiteEver
This isn’t a practical project, but it’s a technical achievement I wanted to share: a full website, with audio, that fits in a single TCP packet. Many optimizations go into this to make it possible, which might give you ideas for solving other problems!
gops
gops is a command to list and diagnose Go processes currently running on your system.
critmux
This is a tech demo of CRIU and Docker integration, featuring tmux.
nsq
NSQ is a realtime distributed messaging platform designed to operate at scale, handling billions of messages per day. It promotes distributed and decentralized topologies without single points of failure, enabling fault tolerance and high availability coupled with a reliable message delivery guarantee.
Guides & Tutorials
Free continuous delivery eBook from GoCD
This free reference guide will take you back to the basics. You’ll find visuals and definitions on key concepts and questions you need to answer about your teams to determine your readiness for continuous delivery. Download and share with your team. (Sponsored)
Introduction to InfluxDB and TICK Stack
This post does a very good job at explaining “time series” databases, focusses on the use cases & advantages of InfluxDB and explains the concept of a “TICK” (Telegraf, Chronograf, Kapacitor) stack. Followed by a set of concrete commands to get you started. (Sponsored)
Parallel processing with unix tools
This post contains a lot of good tips & tricks for getting more processes running in your favor, by “threading” them, or starting multiple at once, using tools like ‘parallel’, ‘xargs’ & pipes.
Difference Between NFS Soft And Hard Mount With Example
If you’ve ever setup an NFS client/server configuration, you probably learned the hard way the difference between a soft & hard mount. It’s a tradeof between speed (in failure/boot/shutdown) vs. reliability & potential data loss. Something everyone should be aware of, I think.
What’s new in upcoming Postgres 10?
This wiki shows a list of all things new and shiny in the next upcoming PostgreSQL 10 release, which could be any day now.
Comparison of NTP implementations
An extensive overview of the different NTP clients & servers and how they differ. I often find these ancient protocols, that no one seems to care about anymore, very fascinating to dive into.
Learn from your attackers – SSH HoneyPot
In this post, the author explains what an SSH honeypot is and how you can set one up yourself. If you’re looking for motivation to firewall your 22/TCP port, running an SSH honeypot to see what kind of traffic comes in is a good method. 🙂
A brief overview and history of systemd — the Linux process manager
This one contains the basics of systemd, some basics regarding processes & file management & a fair amount of history on systemd.
Use .bashrc.d directory instead of bloated .bashrc
This is a very good tip if you have a rather big .bashrc file, to spread the content into logical files in a “.d” directory, and source each file individually. Much cleaner this way!
Hardening Apache Struts with SELinux
In this post, the author looks at the recent Apache Struts exploit and tries to launch it on a SELinux enabled system vs. one without SELinux. I think you can guess how that ended …
Per-IP rate limiting with iptables
This is useful when dealing with broken or malicious clients accessing your systems, to throttle them via their source IP.