Welcome to cron.weekly for Sunday, February 21st, 2016. We were all busy with the glibc vulnerability last week, so I hope you can find the time to relax this Sunday and read through some of the interesting articles below.
Enjoy!
News#
Critical glibc vulnerability in Linux #
If this glibc vulnerability is news to you, and you manage Linux servers, I suggest you go ahead and patch your servers straight away. It’s been a busy week for Linux sysadmins all around the globe with yet another DNS vulnerability in the core of our OS (glibc), much like the ghost vulnerability from last year (2015).
A Skeleton Key of Unknown Strength #
Dan Kaminsky, known for many security vulnerabilities and most known for its DNS cache poisoning attack a couple of years ago, looks back at the glibc bug mentioned above to assess its impact.
Canonical, Ubuntu and why I seem upset about them all the time #
A well-reasoned argument about Canonical’s licensing terms for package (re)distribution, adding additional burden and load to anyone willing to redistribute the Ubuntu packages into a new distribution. Turns out, he’s not alone in thinking this .
Fosdem 2016 videos #
Most of the FOSDEM 2016 videos are available online, with new recordings still being added daily. If you missed interesting talks during this open source conference, have a look!
Who’s fixing containers? #
With the glibc vulnerability getting a lot of attention, Red Hat asks the interesting question: who’s going to fix the containers?
Go 1.6 released #
If you had previous Go code, go ahead and compile against the 1.6 release. It offers a number of improvements including enabling HTTP/2 by default.
A linux powered microwave oven #
What do you do if your microwave oven has the worst possible UI or UX? You hack it and let Linux run it, of course.
Khronos released Vulkan #
If you only use Linux on the server this may seem irrelevant, but still: Vulkan is a new video display API competing with OpenGL and Microsoft’s DirectX. This enables more robust and innovative video support for Linux on the desktop, adding support for 64bit games . Ubuntu 16.04 will even include full support in the Mir display server . If you’re interested in 3D rendering from a technical standpoint, have a look here: Vulkan in 30 minutes .
So, you want to write a package manager? #
As sysadmins, we know we already have plenty of package managers. Everyone seems to invent one at some point. This post dives into the technical details of what it takes to _actually _write a package manager of your own.
ZFS coming to Ubuntu 16.04 #
It’s taken a really long time, but ZFS is finally coming to Ubuntu. In a couple of weeks, when 16.04 is released (LTS!), official support for ZFS will be included.
ReactOS 0.4.0 released #
Nearly 10 years after the previous release, the ReactOS team released version 0.4.0. ReactOS is an open-source effort to develop a quality operating system that is compatible with Microsoft Windows applications and drivers.
Elastic Stack 5.0 #
An introduction to the ‘Elastic Stack’ (Elasticsearch, Kibana, Logstash) version 5, which offers quite a few improvements and name changes.
FFmpeg 3.0 released #
A new major release, featuring lots of new encoders & filters.
Zabbix 3.0 released #
After many years of development, the new LTS release of Zabbix has been released: a much needed redesigned web interface, encrypted protocol for client <-> server communication, trend prediction & many performance improvements.
Tools & Projects#
dockerfile-from-image #
This project tries to reverse engineer the Dockerfile when all you have is the Docker image itself.
BigchainDB on Docker #
Last week’s issue featured BigchainDB as a blockchain-database. This project offers you a simple deployment based on Docker.
Maru #
This project transforms your smartphone into a PC. Ubuntu once tried something similar in 2013 which failed, I’m curious what this project can offer.
Adhocracy #
This project is a cooperative discourse, delegation and voting software, which enables a collective, binding decision-making process online. Basically, if you want online voting, have a look here.
Organon: a pentesting package manager #
Remember that post about not having enough package managers? Well, organon is a new package manager for pentesting focussed tools.
Lyrica #
A safe, comprehensible and efficient PID 1/init replacement written in OCaml. In short, it haves like sinit does.
Kocho #
The Kocho tool is a way of bootstrapping CoreOS OS’s in a virtual environment. There’s a lot of tools out there for bootstrapping Docker images, but very little tools that bootstrap the OS to run your Docker images. Kocho fills that gap.
notty #
notty is a virtual terminal like xterm, gnome-vte, sh, or rxvt. Unlike these programs, notty is not intended to emulate a DEC VT-series physical video terminal, or any other physical device. Instead, notty is an experimental project to bring new features to the command-line which would not have been possible for the physical terminals other terminals emulate.
Damn Vulnerable Web Services #
Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment.
bfs #
Breadth-first search for your files. bfs is a variant of the UNIX find command that operates breadth-first rather than depth-first. In short: a much faster, more efficient version of ‘find’ at the CLI.
AppFS #
AppFS is a FUSE-based filesystem that presents a filesystem view of remote packages presented via HTTP for the purpose of running software without the hassle of installing it.
Guides & Tutorials#
Nginx as a caching reverse proxy #
An excellent guide on configuring the different caching options in Nginx, in this case to replace a Varnish configuration and keep just the Nginx instance. It also includes an interesting way of generating thumbnails to images from within Nginx.
Linux networking from the ground up #
An absolutely brilliant 5-part series on how the network stack in Linux works, outlining the path of a packet from the wire through the network driver and kernel until it reaches the receive queue for a socket. part 1 , part 2 , part 3 , part 4 & part 5 .
Introduction to tar #
There’s a famous XKCD comic about the ‘tar’ tool, so an introduction & guide about that tool seems about right.
CentOS 7 using the system storage manager management volume LVM #
Managing LVM isn’t always as straightforward as we’d like, especially for newcomers. RHEL and CentOS 7 ship with a tool called ‘System Storage Manager’ (a set of CLI tools and interfaces) which facilitates the use of LVM and this guide explains it further.
Wrangling Grafana and InfluxDB into a Docker image #
A very explicit guide on wrapping both Grafana and InfluxDB into a Docker image, with each step explained in detail.
How to monitor your Linux machine #
If you’re new to monitoring, this post unveils a couple of tools you can use to monitor your Linux server(s).
The many load averages of Unix(es) #
The ‘load average’ mystery continues: this uncovers the history of load averages, starting at BSD.
An introduction to IPFS #
IPFS (InterPlanetary File System) is a new peer-to-peer hypermedia protocol, basically a huge distributed filesystem. This post further clarifies IPFS with some examples.
Moving from Windows to Linux: what software to use? #
If you come from Windows and want to use Linux, which open source variants to popular Windows tools do you use? This post explores some of them (like Photoshop, ISO tools, Sketchbook, …).
How to Setup Additional Entropy for Cloud Servers Using Haveged #
The Linux pseudo random number generator (PRNG) is a special device that generates randomness from hardware interrupts (keyboard, mouse, disk/network I/O) and other operating system sources. In a virtual environment however, those aren’t always available. This post explores an alternative way to generate such “entropy”.