cron.weekly issue #108: Gophish, Exim, tldr, HAProxy, ElasticSearch, mdoc & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, December 03, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #108 for Sunday, December 3rd, 2017.

Quite a busy week once again, with lots of news & tools to share. Hope you enjoy it!

News

Exim RCE

If you run Exim, you might want to check the latest updates. There’s a remote code execution vulnerability doing the rounds.

Potential impact of the Intel ME vulnerability

A more in-depth write-up on the recent Intel Management Engine vulnerabilities.

Faces of Open Source

This is an amazing site, it’s got portraits and a bio of the most prominent contributors to open source, not just from the last year but going back decades!

Root login without password allowed by default on Mac OSX High Sierra

This was just too funny not to include: Mac OSX had a security issue where you could log in with “root” and a password of your choosing at any time, to bypass access control. The technical details are interesting, as well as their own brief summary (that tries to stay as vague as possible). There was some commotion about the way it got disclosed, that the author would like clear up.

“Huge Dirty COW” (CVE-2017–1000405)

The Dirty COW vulnerability from last year appears to have only been partially patched! These security researchers wrote up their findings about an additional vulnerability, which got patched a few days ago in the Kernel.

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)

example42: Puppet|DevOps|Automation

Example42 is the developer of PSICK (Puppet Systems Infrastructure Construction Kit) a powerful and integrated Puppet control-repo. At PuppetConf 2017, the companion psick module has been released with support for Puppet Bolt and a huge amount of profiles for common use cases. example42 is Puppet partner in Germany and supports Open Source and Enterprise customers in Puppet automation. (Sponsored)

pass

Password management should be simple and follow Unix philosophy. With pass, each password lives inside of a gpg encrypted file whose filename is the title of the website or resource that requires the password.

KeePassXC

KeePassXC is a Cross-Platform Community Edition of KeePass. KeePassXC can store your passwords safely and auto-type them into your everyday websites and applications.

tldr

It’s been a while since I linked to tldr, it’s definitely worth re-sharing: it is a community effort to simplify the beloved man pages with practical examples. Heck, it even got featured on “mainstream media“.

HAProxy 1.8

The 1.8 release is live, with TLS 1.3 support, HTTP/2, seamless reloads, … quite a big changelog with impressive features.

blists

blists is a web-based interface to mailing list archives that works off indexed mbox files. There are two programs: bindex and bit. bindex generates or updates the index file (yes, incremental updates are supported). bit is a CGI/SSI program that generates web pages on the fly.

Gophish

Gophish is a powerful, open-source phishing framework that makes it easy to test your organization’s exposure to phishing.

tenta-dns

Recursive and authoritative DNS server in go, including DNSSEC and DNS-over-TLS.

ansible-my-fedora-workstation

An Ansible playbook to help configure a Fedora desktop.

Advent of Code

A daily challenge/puzzle to solve in December, from easy programming exercises to harder puzzles.

ElasticSearch Head Chrome Plugin

This one is useful when working with ElasticSearch instances: it’s a Chrome plugin that gives you quick access to indexes, shards, status, … of an ElasticSearch instance.

PHP 7.2

Some new improvements in PHP 7.2, including a new Sodium extension that allows for secure cryptographic functions, making PHP one the of the few languages that give the tools right out of the box to get crypto right.

Guides & Tutorials

Continuous Delivery: GoCD VS Spinnaker

GoCD or Spinnaker? This post is an overview of GoCD and Spinnaker, why they are different from each other and which problems you should use them to solve. Check it out. (Sponsored)

Writing manpage with mdoc

A full guide on how to write your own manpages in the mdoc format.

A minimalist guide to tmux

A lot of good practical details to help get you started with tmux.

Inside Docker’s “FROM scratch”

You can build Docker containers that originate from a “scratch” image, to get the most minimal possible container to run your code.

What MongoDB got Right

It’s a 2-year-old post, so things might’ve changed, but it’s fun to read up on the good parts of MongoDB, instead of all the bashing it’s receiving.

Disable Transparent Hugepages

“Transparent Hugepages” is a Linux kernel feature intended to improve performance by making more efficient use of your processor’s memory-mapping hardware. It can give some applications a small performance improvement, but can cause significant performance problems, or even apparent memory leaks at worst.

How a single PostgreSQL config change improved slow query performance by 50x

Linkbait title, bit useful info: you can tweak PostgreSQL’s query planner to match the underlying disk (hdd vs. ssd), so you can optimize it for SSD scenario’s.

Debugging HTTP/2 error messages in Chrome

The default error messages in HTTP/2 aren’t very useful, they’ll say “protocol error”, with the details. However, Chrome offers an internal debugger for HTTP/2 that you can use to find the real reason of the error. This can come in handy if you’re ever troubleshooting HTTP/2 connections.

Terminal escape sequences – the new XSS for Linux sysadmins

I first wrote about it in 2015 and it’s gotten some new attention last weeks; terminal escape sequences can be used to hide output or commands secretly running when you execute Bash scripts or one-liners copy/pasted from the interwebs.

Writing a Simple Linux Kernel Module

A lot of details in the post, on writing your own Kernel module.

Getting started with Caddy

The author of the Caddy packages for Fedora/CentOS/RHEL offers his views on how to install & manage Caddy on those distributions. Thanks for packaging Caddy Carl!

Conferences

FOSDEM 2018

In case you hadn’t yet, mark February 3rd & 4th 2018 in your calendar for FOSDEM, the biggest (I think?) open source conference in Europe, held in Brussels, Belgium.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.