Welcome to cron.weekly issue #104 for Sunday, November 5th, 2017.
The year is 2047. What is obvious now could not have been predicted 30 years earlier. The rise of systemd has taken its toll on mankind. The systemd OS – or SOS as it’s called – has driven out all other operating systems. With the One True OS running on every computer, humanity was at the fingertips of its creators. Gone are the days of text-based logs files and transparent DNS resolvers.
We’ve said goodbye to systems that can reboot flawlessly. The remote controlled power bricks have seen unprecedented sales, resetting systems worldwide. When we finally learned to appreciate ‘unit files’, they were replaced by ‘mental files’, guessing our actions and wishes instead of having to define them beforehand. We can only look back at the very start of this all and think ‘if only we contributed to systemd instead of just complaining about it‘.
How’s that for a scary Halloween story? 😉
News
What’s New in HAProxy 1.8
While it isn’t out yet, this post covers all the things you can expect with the new 1.8 release: HTTP/2, multithreading, zero-downtime config reloads, small object caching, service discovery, etc.
Node.js 8 becomes an LTS
The current version of Node, version 8, is now on Long Term Support (LTS).
A weekly email with security news
Here’s a weekly newsletter that digests last week’s infosecurity news into a shortlist of useful articles. It reports on events like new large-scale attacks, exploits, new security features and just interesting infosec articles. (Sponsored)
Linux Privilege Escalation using weak NFS permissions
This post explains the dangers of the “no_root_squash” option in NFS, where a security researched used this to get privilege escalation on a Linux server.
Scaling the GitLab database
The public GitLab system runs a single PostgreSQL server (redundantly though), this post explains how they handled connection pooling, a debate on sharding, load balancing, …
Tools & Projects
Get full-stack observability with Datadog
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
rend
A memcached proxy by Netflix that manages data chunking and L1 / L2 caches. Rend is a proxy whose primary use case is to sit on the same server as both a memcached process and an SSD-backed L2 cache.
Tarmak
Tarmak is an open-source toolkit for Kubernetes cluster lifecycle management that focuses on best practice cluster security and cluster management/operation. It is built on Terraform, Puppet and systemd.
nuster
Nuster is a simple yet powerful web caching proxy server based on HAProxy. It is 100% compatible with HAProxy, and takes full advantage of the ACL functionality of HAProxy to provide fine-grained caching policy based on the content of request, response or server status.
closh
Closh combines the best of traditional unix shells with the power of Clojure. It aims to be a modern alternative to bash.
Apache Kafka 1.0
7 years after the first release, the 1.0 is tagged. Born initially as a highly scalable messaging system, Apache Kafka has evolved over the years into a full-fledged distributed streaming platform for publishing and subscribing, storing, and processing streaming data at scale and in real-time.
bottery
The goal of Bottery is to help everyone, from designers to writers to coders, be able to write simple and engaging contextual conversational agents, and to test them out in a realistic interactive simulation, mimicking how they’d work on a “real” platform like DialogFlow.
xmysql
One command to generate REST APIs for any MySql database.
heml
If you’ve ever created HTML email templates (like I did for this newsletter), you’ll know the pain it is. HEML is an open source markup language for building responsive email.
Guides & Tutorials
[Video] Continuous Delivery 101 from GoCD
The final part of our Continuous Delivery 101 video series is published. In this free series, you will get the history and concepts of continuous delivery, a look into automated testing, as well as best practises and more. Check it out. (Sponsored)
What is entropy and how do I get more of it?
If computers generate “random” data, what makes it random? That’s the part where entropy comes in. This post explains the concepts & how to generate more entropy in case your system is heavily encrypted things (like SSL proxies).
MySQL vs. MariaDB: Reality Check
This post compares a lot of parameters between these 2 giants: protocols, licensing, partitioning, encryption, …
A Minimalist Guide to SQLite
This post covers both the Ops part (even if it’s very limited with SQLite) and the Dev part of running and working with a SQLite database.
MongoDB Process List In MySQL Way
This post introduces a few of the concepts behind Mongo’s “processlist” and showcases a new tool, specifically made for MySQL admins to better query the processlist of a MongoDB.
Gogs and Gitea
In this post, Jan-Piet looks at both Gogs & Gitea, 2 Go-based Github clones, and compares their installation & how they work.
What are your UNIX pipeline commands that saved you from lot of coding/time?
This is a collection of CLI snippets that range from simple disk space listing to clever usage of process substitution.
Why would anyone choose Docker over fat binaries?
A well-written comparison/rant on Docker vs. more old-school approaches for running applications.
Videos
PuppetConf 2017
All videos from PuppetConf are released, if you’re into Puppet (or config management in general), there’s bound to be something in here you’ll like.