Hi everyone! 👋
Welcome to cron.weekly issue #132.
For many, this is a long weekend with national holidays on May 1st - I hope you all find the time to take a break and relax a bit. Things are stressful enough as it is in the world right now.
If you’ve ever thought about writing blogposts but don’t really know where to start, I’m experimenting a bit with guest posts on my blog. You’ll find a couple linked below in this issue, too. If that’s something you fancy, have a read about the kind of posts I’m looking for.
I also did a write-up about the tech-stack & workflow I use to write this newsletter, a behind the scenes if you will. Might interest some of you. 😄
As always, happy reading! ☕️
News & general 🗞
The .ORG TLD will not be sold of to a private investor! 🥳
This is a very interesting proposal: Popcorn would allow a single application to share memory-state between machines. It’s multi-threading not across multiple cores of the same machine, but multi-threading across multiple machines.
Popcorn Linux is a Linux kernel-based software stack that enables applications to execute, with a shared code base, on distributed hosts. Popcorn allows applications to start execution on a particular host and migrate, at run-time, to a remote host. Multi-threaded applications may migrate any particular thread to any remote host.
Unlike userspace checkpoint-restart solutions (e.g., CRIU), Popcorn enables seamless and dynamic migration across hosts during execution (no user interaction), and ensures coherent virtual memory across hosts for concurrent thread execution.
Something like this could have massive consequences for things like moving containers or applications from one host to another, with zero downtime.
This idea is similar to the one described by Popcorn above. It introduces a
telefork method that allows you to ship a process from one machine to another and continue runtime. Quite an impressive demo in this post too!
Last week, Fedora 32 was released. Highlights include shipping with GCC 10, Ruby 2.7 & Python 3.8.
I’ve heard this before from other countries, and most of them have reverted that change already (mostly citing interoperability).
In an open letter to the Parliament, the Dutch minister for internal affairs Raymond Knops commits to a “Free Software by default” policy and underlines its benefits for society. Current market regulations shall be reworded to allow publishing Free Software by the government.
Curious to see what our Dutch neighbours make of this!
Tools & Projects 🛠
A Unix love-child of the split(1), tee(1), and xargs(1) commands:
xpipe reads input from stdin and splits it by the given number of bytes, lines, or if matching the given pattern. It then invokes the given utility repeatedly, feeding it the generated data chunks as input.
You can securely run monitoring inside your private networks using NodePing. Having both internal and external uptime monitoring from one provider that includes both unlimited users and notifications will simplify your monitoring. Free 15-day trial. Sponsored
A very impressive and substantial set of new features in this Redis 6.0 release: SSL, ACLs, RESP3, client-side caching, Threaded I/O, Diskless replication on replicas, improved redis-cli cluster support, …
A neat little script that generates a heatmap of IP’s that made failed SSH login attempts on Linux systems, using /var/log/auth.log to get failed attempts.
Monitor all aspects of your microservices architecture in real-time with Datadog. Automatically map services and dependencies in real-time with Datadog’s Service Map to identify bottlenecks and make better long-term architectural decisions. Start a free trial today, create one dashboard, and they will send you a free t-shirt! Sponsored
Guides & Tutorials 🎓
This guide takes you through the steps to reset a root password when you have console access and fixing errors when creating new filesystems that render the system unbootable.
It can get a little hard following all eBPF news, this post gives you a practical, easy-to-understand example of how a BPF program can help.
This post will show you how to use Bitbucket Pipelines to build and test any PHP project in a docker container.
Some really good tips in this post, which covers using 2FA for your SSH connections, securely forwarding agents, quitting from stuck sessions and using tools like
This guide covers how to install & configure a WireGuard VPN on a FreeBSD 12.1 host. Lots of explaining graphics that make the whole thing a lot more clear!
This guide covers running the WireGuard VPN on Kubernetes. If your host is Ubuntu 20.04 (which backported WireGuard from the 5.6 kernel to its 5.4 kernel), you can run it entirely in containers.
On older versions of Docker, you can’t
strace a process from within a Docker container. If you add the
--cap-add=SYS_PTRACE flag, it not only adds the capability of running
SYS_PTRACE, but it automatically adds a
secomp rule to prevent those system calls from being blocked.
The more we automate, we more we forget about good, hand-crafted, artisanal server setups. 😄 This post takes you by the hand to set up a modern webserver with step-by-step instructions.
This write-up covers an interesting network-bug the team at Twitter found in the Linux Kernel. I also learned you can get a network routing tree available via
cat /proc/net/fib_trie on your Linux server.
While almost every engineering team has considered moving to microservices at some point, the advantages they bring come with serious trade-offs. I liked this write-up as it goes against the industry trend of pushing to microservices. While they certainly have their advantages, your company needs to be ready for it.
If you’ve ever tried to run a Websocket benchmark, you’ll have learned it isn’t as easy as firing up
siege and be done with it. This post explains how to use
artillary to define scenario’s and send/receive websocket messages to benchmark a service.
A very good comparison of real-life expectations when switching memory allocation method for running MySQL servers. There’s quite a bit of variance in the memory stability when comparing
tcmalloc or the default glibc
What goes on behind the scenes of a Docker container? Or a Podman one? You’ll find they all make use of
runc. In this in-depth post, you’ll see how this all works.
A TCP reset attack is executed using a single packet of data, no more than a few bytes in size. A spoofed TCP segment, crafted and sent by an attacker, tricks two victims into abandoning a TCP connection.
This post covers a good set of defaults for using
tmux, modifying the keybindings and shortcuts to make it a lot more usable.
How do you safely store secrets in
git if you want to use them in Kubernetes? This post covers using a tool called
kubeseal to encrypt/decrypt secrets.
How often have you done the
du -h -d 1 . dance, only to go one level deeper every time you’ve found a big directory? Well, you can use
ncdu much easier for that. A TUI (Terminal User Interface) that gives you quick access to browsing directories, sorted by size.
A solid write-up of a large-scale stock exchange and how they implemented Prometheus, covering the build process (AWS instances, built with Packer & custom Prometheus exporters), bare metal & Kubernetes pods.
How do you scale to 100TB of MySQL data? And how do you handle hundreds of thousands of queries per second? This post goes in incredible depth to explain the horizontal scaling, sharding strategies, indexing, migrations, …
Did you know you can use placeholders like
MAR in recent crontab versions, to refer to the weekday or month? Plenty of other tips (and one important gotcha!) in this post.
Some useful tips if you’re running out of disk space on your server, like removing old kernels, pruning unused Docker space, clearing logs, …
What if you wanted to build Docker containers, without actually using Docker? You can get along quite far using just primitives in Linux. In this post, a deep-dive into the Overlay filesystem and how it works.
Some good basic tips for getting faster at the command line: covering key-shortcuts (like CTRL/CMD+A to go to the beginning of the line), autocompletes, quickly deleting words/characters/…, history search, history rewrites, … some really good stuff!