cron.weekly issue #132: .ORG, Fedora, Telefork, SSH, WireGuard & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, May 03, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! 👋

Welcome to cron.weekly issue #132.

For many, this is a long weekend with national holidays on May 1st - I hope you all find the time to take a break and relax a bit. Things are stressful enough as it is in the world right now.

If you’ve ever thought about writing blogposts but don’t really know where to start, I’m experimenting a bit with guest posts on my blog. You’ll find a couple linked below in this issue, too. If that’s something you fancy, have a read about the kind of posts I’m looking for.

I also did a write-up about the tech-stack & workflow I use to write this newsletter, a behind the scenes if you will. Might interest some of you. 😄

As always, happy reading! ☕️

News & general 🗞

The .ORG TLD will not be sold of to a private investor! 🥳

Popcorn Linux Distributed Thread Execution

This is a very interesting proposal: Popcorn would allow a single application to share memory-state between machines. It’s multi-threading not across multiple cores of the same machine, but multi-threading across multiple machines.

Popcorn Linux is a Linux kernel-based software stack that enables applications to execute, with a shared code base, on distributed hosts. Popcorn allows applications to start execution on a particular host and migrate, at run-time, to a remote host. Multi-threaded applications may migrate any particular thread to any remote host.

Unlike userspace checkpoint-restart solutions (e.g., CRIU), Popcorn enables seamless and dynamic migration across hosts during execution (no user interaction), and ensures coherent virtual memory across hosts for concurrent thread execution.

Something like this could have massive consequences for things like moving containers or applications from one host to another, with zero downtime.

Teleforking a process onto a different computer!

This idea is similar to the one described by Popcorn above. It introduces a telefork method that allows you to ship a process from one machine to another and continue runtime. Quite an impressive demo in this post too!

Fedora 32 is officially here!

Last week, Fedora 32 was released. Highlights include shipping with GCC 10, Ruby 2.7 & Python 3.8.

Netherlands commits to Free Software by default

I’ve heard this before from other countries, and most of them have reverted that change already (mostly citing interoperability).

In an open letter to the Parliament, the Dutch minister for internal affairs Raymond Knops commits to a “Free Software by default” policy and underlines its benefits for society. Current market regulations shall be reworded to allow publishing Free Software by the government.

Curious to see what our Dutch neighbours make of this!

Tools & Projects 🛠

xpipe

A Unix love-child of the split(1), tee(1), and xargs(1) commands: xpipe reads input from stdin and splits it by the given number of bytes, lines, or if matching the given pattern. It then invokes the given utility repeatedly, feeding it the generated data chunks as input.

Monitoring on both sides of your firewalls

You can securely run monitoring inside your private networks using NodePing. Having both internal and external uptime monitoring from one provider that includes both unlimited users and notifications will simplify your monitoring. Free 15-day trial. Sponsored

Redis 6.0

A very impressive and substantial set of new features in this Redis 6.0 release: SSL, ACLs, RESP3, client-side caching, Threaded I/O, Diskless replication on replicas, improved redis-cli cluster support, …

SSHHeatmap

A neat little script that generates a heatmap of IP’s that made failed SSH login attempts on Linux systems, using /var/log/auth.log to get failed attempts.

Monitor all your microservice dependencies in one place

Monitor all aspects of your microservices architecture in real-time with Datadog. Automatically map services and dependencies in real-time with Datadog’s Service Map to identify bottlenecks and make better long-term architectural decisions. Start a free trial today, create one dashboard, and they will send you a free t-shirt! Sponsored

Guides & Tutorials 🎓

How to reset a root password and fix unmountable systems

This guide takes you through the steps to reset a root password when you have console access and fixing errors when creating new filesystems that render the system unbootable.

Exploring Kernel Networking: BPF Hook Points, Part 1

It can get a little hard following all eBPF news, this post gives you a practical, easy-to-understand example of how a BPF program can help.

Build & test your PHP project via Bitbucket Pipelines

This post will show you how to use Bitbucket Pipelines to build and test any PHP project in a docker container.

SSH Tips & Tricks

Some really good tips in this post, which covers using 2FA for your SSH connections, securely forwarding agents, quitting from stuck sessions and using tools like mosh or tmux.

Building a WireGuard Jail with the FreeBSD’s Standard Tools

This guide covers how to install & configure a WireGuard VPN on a FreeBSD 12.1 host. Lots of explaining graphics that make the whole thing a lot more clear!

WireGuard on K8s (road-warrior-style VPN server)

This guide covers running the WireGuard VPN on Kubernetes. If your host is Ubuntu 20.04 (which backported WireGuard from the 5.6 kernel to its 5.4 kernel), you can run it entirely in containers.

Why strace doesn’t work in Docker

On older versions of Docker, you can’t strace a process from within a Docker container. If you add the --cap-add=SYS_PTRACE flag, it not only adds the capability of running SYS_PTRACE, but it automatically adds a secomp rule to prevent those system calls from being blocked.

How To Install Linux, Nginx, MySQL, PHP (LEMP stack) on Ubuntu 20.04

The more we automate, we more we forget about good, hand-crafted, artisanal server setups. 😄 This post takes you by the hand to set up a modern webserver with step-by-step instructions.

Hunting a Linux kernel bug

This write-up covers an interesting network-bug the team at Twitter found in the Linux Kernel. I also learned you can get a network routing tree available via cat /proc/net/fib_trie on your Linux server.

Why Segment Went Back to a Monolith

While almost every engineering team has considered moving to microservices at some point, the advantages they bring come with serious trade-offs. I liked this write-up as it goes against the industry trend of pushing to microservices. While they certainly have their advantages, your company needs to be ready for it.

WebSocket Load Testing with Artillery.io

If you’ve ever tried to run a Websocket benchmark, you’ll have learned it isn’t as easy as firing up ab or siege and be done with it. This post explains how to use artillary to define scenario’s and send/receive websocket messages to benchmark a service.

MySQL (or percona) memory usage tests

A very good comparison of real-life expectations when switching memory allocation method for running MySQL servers. There’s quite a bit of variance in the memory stability when comparing jemalloc, tcmalloc or the default glibc malloc.

Deep dive into runc and OCI specifications

What goes on behind the scenes of a Docker container? Or a Podman one? You’ll find they all make use of runc. In this in-depth post, you’ll see how this all works.

How does a TCP Reset Attack work?

A TCP reset attack is executed using a single packet of data, no more than a few bytes in size. A spoofed TCP segment, crafted and sent by an attacker, tricks two victims into abandoning a TCP connection.

Tmux for mere mortals

This post covers a good set of defaults for using tmux, modifying the keybindings and shortcuts to make it a lot more usable.

Encrypting and storing Kubernetes secrets in Git

How do you safely store secrets in git if you want to use them in Kubernetes? This post covers using a tool called kubeseal to encrypt/decrypt secrets.

Check disk space usage on linux with Ncdu

How often have you done the du -h -d 1 . dance, only to go one level deeper every time you’ve found a big directory? Well, you can use ncdu much easier for that. A TUI (Terminal User Interface) that gives you quick access to browsing directories, sorted by size.

Infrastructure monitoring with Prometheus at Zerodha

A solid write-up of a large-scale stock exchange and how they implemented Prometheus, covering the build process (AWS instances, built with Packer & custom Prometheus exporters), bare metal & Kubernetes pods.

Scaling MySQL at Quora

How do you scale to 100TB of MySQL data? And how do you handle hundreds of thousands of queries per second? This post goes in incredible depth to explain the horizontal scaling, sharding strategies, indexing, migrations, …

Different ways of writing crontab syntax

Did you know you can use placeholders like SUN or MAR in recent crontab versions, to refer to the weekday or month? Plenty of other tips (and one important gotcha!) in this post.

Clean up Linux Server Using These Simple Tips

Some useful tips if you’re running out of disk space on your server, like removing old kernels, pruning unused Docker space, clearing logs, …

How are docker images built? A look into the Linux overlay file-systems and the OCI specification

What if you wanted to build Docker containers, without actually using Docker? You can get along quite far using just primitives in Linux. In this post, a deep-dive into the Overlay filesystem and how it works.

Shell productivity tips and tricks

Some good basic tips for getting faster at the command line: covering key-shortcuts (like CTRL/CMD+A to go to the beginning of the line), autocompletes, quickly deleting words/characters/…, history search, history rewrites, … some really good stuff!



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.