cron.weekly issue #135: Grafana, WebSockets, DNS, map, nix & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, May 24, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! πŸ‘‹

Welcome to cron.weekly issue #135.

I found a lot of interesting articles last week, I had to throw away almost 50% because it would be too much otherwise.

I hope you’ll enjoy these as much as I did!

Take care, grab a β˜•οΈ, happy reading!

News & general πŸ—ž

Where Have all the Gophers Gone?

This was a trip down memory lane, before it was even in my memory. Gopher is file transfer technology from before my time. In this post, the author looks at the rise & fall, how it was promising technology in the ’90s and how it got replaced by what is now known as the World Wide Web.

Why is This Website Port Scanning me?

Did you know some websites actively try to portscan your local machine, looking for exposes services? Even Ebay (on Windows machines) does it, to try to fingerprint you and do some risk analysis. How do they do this? Well, a website can make WebSocket connections to localhost without any port restrictions!

Stealing Secrets from Developers using Websockets

In follow-up of the previous port-scanning post, this write-up looks at a way of revealing secrets or messages from locally running WebSocket services. If you develop locally on your machine and run a WebSocket service, any public website you visit may try to connect to it and see all messages being sent over it!

New DNS Vulnerability: NX/NS Attack

This is a very interesting new amplification attack that can use public nameservers and (ab) use the nameserver-delegation feature of the DNS protocol.

If you run a public recursive nameserver, you’ll want to check your software versions asap!

15 years later: Remote Code Execution in qmail

A 15-year old bug found in qmail was now found to be vulnerable to a remote code execution vulnerability!

Google rolls out DNS-over-HTTPS in Chrome 83

Google released Chrome 83 on Tuesday and with it, enabled DNS-over-HTTPS support. The approach is slightly different than Firefox’s (that just forwards everything to Cloudflare Β―\_(ツ)_/Β―), Google looks to see if your current ISP supports DoH and if so - uses that.

More concretely, Chrome will automatically switch to DNS-over-HTTPS if your current DNS provider supports it, and provide manual configuration options for users who wish to use a specific provider.

Strange that Firefox didn’t pick this route as well.

John Carmack contributes to OpenBSD

John Carmack, the infamous famous lead developer of Wolfenstein 3D, Quake & Doom, is contributing code to the OpenBSD project. How cool is that?

Apache Kafka to remove the Apache ZooKeeper Dependency

Apache Kafka is working to remove its ZooKeeper dependency altogether, citing it’s better to have this kind of metadata management inside Kafka, rather than rely on an external resource. This should also help in the difficulty of setting up and maintaining Kafka, as everything is better contained.

It’s OK for your open source library to be a bit shitty

A good reminder for us all: your open-sourced projects, contrituted to in your own free time, have helped solve problems for yourself. You don’t owe it to anyone to be a perfectionist.

Tools & Projects πŸ› 

ScoutSuite

Scout Suite is an open-source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas.

GW-BASIC

Microsoft has released the source code of a 38-year old tool: GW-BASIC. It’s all written in assembly and dates back to 1983! Looking at the code, I feel grateful to be able to program in higher-level languages. πŸ˜„

Visualize the health of all your servers in one place

Understand your entire environment and monitor Linux servers in real-time with Datadog. Discover underutilized cloud and on-prem servers using the auto-generated host map and reduce excess capacity based on historical data so you can easily save on operational costs. Start a free trial today, create one dashboard, and Datadog will send you a free t-shirt! Sponsored

map

Map lines from stdin to commands. map is an alternative to xargs or a find -exec, aiming to be more user friendly.

dropwatch

Dropwatch is an interactive utility for monitoring and recording packets that are dropped by the kernel.

Subspace

Subspace is a simple WireGuard VPN server GUI.

Hole Stats

You can follow-up and manage the status of your Pi-hole with this simple macOS app that lives in your menu bar.

Uptime Monitoring. Built for Developers.

Cronitor is the utility-knife style monitoring tool we’ve always wanted. With multi-region uptime & response time verification, powerful test assertions on HTML & JSON responses, privacy checks for your S3 buckets, and instant alerts when things go wrong, Cronitor fills the gaps in monitoring modern web applications. Sponsored

Grafana v7.0

Grafana allows you to query, visualize and alert on metrics and logs no matter where they are stored. The new v7 release introduces lots of UX enhancements, support for AWS CloudWatch Logs, data transformations and so much more!

fake-s3

Fake S3 is a lightweight server that responds to the same API of Amazon S3. It is useful for testing of S3 in a sandbox environment without actually making calls to Amazon.

TimescaleDB

TimescaleDB is an open-source database designed to make SQL scalable for time-series data. It is engineered up from PostgreSQL and packaged as a PostgreSQL extension, providing automatic partitioning across time and space (partitioning key), as well as full SQL support.

GitLab 13.0

The new v13 has support for high available git storage (without NFS), auto-deploy to ECS (AWS Elastic Container Service), better roadmap features with hierarchical epics, version web-snippets, …

Guides & Tutorials πŸŽ“

What Is Nix?

Nix is a very interesting approach manage packages on any system. Among other things, it creates a graph database of dependencies between packages. This post gives an in-depth look at the inner workings of the Nix package manager & the Nix language.

What is RabbitMQ?

RabbitMQ is a free, open-source and extensible message queuing solution. It is a message broker that understands AMQP (Advanced Message Queuing Protocol), but is also able to be used with other popular messaging solutions like MQTT.

Composing in the Caddyfile

This post gives a lot of background to creating a Caddyfile, one of the ways of creating configurations for the Caddy web server. This is an in-depth look at structuring Caddy configs and common pitfalls to be aware of!

Simple Personal Finance Tracking with GnuCash

This post looks at using GNU Cash, a free and open-source tool for tracking your personal finances.

SSH Agent Explained

Ah the magic of having your private keys available on any other system you SSH into! A lot goes on behind the scenes of the SSH-agent, this post does an excellent job explaining the inner details.

Python performance: it’s not just the interpreter

How do you optimize python for performance? This post gives a lot of benchmarks, implementing code improvements in every step, to ultimately end up in a near pure-C version of the original code.

Linux Productivity Tools (PDF)

So many good tips in here, it’s like a crash-course in Linux. It covers just about every topic I’d want to see: manpages, important commands, output redirection, streams & pipes, session management, SSH configs, …

10 most common mistakes using kubernetes

Let’s face it, if you’re going to start with Kubernetes, at one point you’ll shoot yourself in the foot. Learn from other people’s mistakes instead by reading these kinds of posts instead. πŸ˜…



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.