Welcome to cron.weekly issue #105 for Sunday, November 12th, 2017.
No lame jokes this time, just good linux & foss content. Enjoy!
News
Funding Open Source: How Webpack Reached $400k+/year
It isn’t easy making money from open source projects, but the Webpack team found a way to stay afloat. In this post, they describe how they went about that strategy.
Stop supporting old releases.
A call to action for maintainers to support themselves and move forward.
Giving open source projects life after a developer’s death
This is a rather heavy topic, but I’ll admit it has crossed my mind as well: what should happen to (your) open source projects – or in fact, your online identity – if you should pass away? Lots of food for thought in this post on how open source developers can keep this in mind.
MINIX: Intel’s hidden in-chip operating system
On every Intel chip, the MINIX OS is running. It’s a network-capable webserver that just happens to be completely insecurely configured.
An open letter to Intel
Andrew S. Tanenbaum, who created the MINIX operating system, writes to Intel to say it would’ve been fun had he been given a heads-up that his OS is now deployed on every Intel chip, making it very likely that it’s become the most widely deployed OS in the world.
AWS adopts home-brewed KVM as new hypervisor
AWS is stepping away from their Xen hypervisors and moving to a KVM-based system. This might be a big blow to the Xen project.
Linux kernel: multiple vulnerabilities in the USB subsystem
A researcher disclosed the details for 14 vulnerabilities found with syzkaller in the Linux kernel USB subsystem. All of them can be triggered with a
crafted malicious USB device in case an attacker has physical access to the machine. It’s unclear if these can also be exploited through virtual USB devices, like VMs.
Exploiting CVE-2017-5123
This one went over my head, but I’m sure some of you can appreciate it: it contains the technical details on how a security researcher bypassed KASLR to perform a privilege escalation vulnerability.
MongoDB 3.6 comes hardened against database ransomware by default
As of 3.6, MongoDB will no longer listen to 0.0.0.0 by default, but only on 127.0.0.1. Sjeez, that took ages.
CouchDB vulnerabilities fixed
If you’re running CouchDB, make sure you get the latest patches & updates installed, they fix multiple critical issues.
Tools & Projects
Get full-stack observability with Datadog
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
example42: Puppet|DevOps|Automation
Example42 is the developer of PSICK (Puppet Systems Infrastructure Construction Kit) a powerful and integrated Puppet control-repo. At PuppetConf 2017, the companion psick module has been released with support for Puppet Bolt and a huge amount of profiles for common use cases. example42 is Puppet partner in Germany and supports Open Source and Enterprise customers in Puppet automation. (Sponsored)
Decentralized-Cloud
Decentralized Cloud is the simplest way to send your files around the world using the InterPlanetary File System. IPFS (the InterPlanetary File System) is a new hypermedia distribution protocol, addressed by content and identities. IPFS enables the creation of completely distributed applications. It aims to make the web faster, safer, and more open.
Webhook
webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands.
disque
Disque is an ongoing experiment to build a distributed, in-memory, message broker. Its goal is to capture the essence of the “Redis as a jobs queue” use case, which is usually implemented using blocking list operations, and move it into an ad-hoc, self-contained, scalable, and fault tolerant design, with simple to understand properties and guarantees, but still resembling Redis in terms of simplicity, performance, and implementation as a C non-blocking networked server.
voyager
Voyager is a HAProxy backed secure L7 and L4 ingress controller for Kubernetes. This can be used with any Kubernetes cloud providers including aws, gce, gke, azure, acs. This can also be used with bare metal Kubernetes clusters.
Prometheus 2.0
Faster storage & time series backend, built-in support for DB snapshots, more simple recording & alerting formats (in YAML) and plenty other improvements from 1.x to 2.0.
Guides & Tutorials
Continuous Delivery 101 from GoCD
The final part of our Continuous Delivery 101 video series is published. In this free series, you will get the history and concepts of continuous delivery, a look into automated testing, as well as best practises and more. Check it out. (Sponsored)
Profiling Go
A golang application is slow, what can you do to track the cause? This post covers a lot of practical tips: the types of profiling, how to interpret stats, memory consumption, … all from a dev point of view.
How Netflix works: the (hugely simplified) complex stuff that happens every time you hit Play
A very nice read on the technical architecture of Netflix, their setup of microservices, how they keep things running and keep momentum by deploying over 1.000x a day.
InfluxDB Internals 101 – Part One
InfluxDB is an Open Source Time Series DB Platform for Metrics & Events, this post explains the internals of the database engine.
Our Failure Migrating to Kubernetes
Migrating to any system is hard and daunting, in this post the author gives an honest overview of the problems they encountered when moving to Kubernetes and how they fixed it.
Migrating to Kubernetes: Day 20 Problems
From the same team, a look at Kubernetes a few weeks into production: lots of details again about things that went wrong (locking, threading, CPU limitations, …).
Writing Robust Bash Shell Scripts
Good tips on using “set -u”, “set -e”, code expectations, handling signals & traps & more.
Learning Go by porting a medium-sized web backend from Python
I’ve been trying to learn golang for a while, posts like these help me for seeing the bigger picture: how applications built in Python can be ported to Go.
MySQL & XFS: used space concerns
One of my colleagues brought this to my attention last week: XFS will pre-allocate disk space for files, in the assumption they will most likely grow further. In the case of MySQL, this can mean a MySQL data file can take up 2x the amount of space on disk vs. the size of the file in reality.
How to use cron in Linux
A good beginner’s post again with tips on getting started with cronjobs.
MySQL and Linux Context Switches
How many context switches are too much? And how do you measure that? This post has you covered.
Videos
DockerCon EU 2017
DockerCon was a massive Docker-focussed event in Europe, and all videos are available online. There were 7 different tracks, each filled with their kind of talks. Lots of content to go through!