Welcome to cron.weekly for Sunday, February 21st, 2016. We were all busy with the glibc vulnerability last week, so I hope you can find the time to relax this Sunday and read through some of the interesting articles below.

Enjoy!

News

Critical glibc vulnerability in Linux

If this glibc vulnerability is news to you, and you manage Linux servers, I suggest you go ahead and patch your servers straight away. It’s been a busy week for Linux sysadmins all around the globe with yet another DNS vulnerability in the core of our OS (glibc), much like the ghost vulnerability from last year (2015).

A Skeleton Key of Unknown Strength

Dan Kaminsky, known for many security vulnerabilities and most known for its DNS cache poisoning attack a couple of years ago, looks back at the glibc bug mentioned above to assess its impact.

Canonical, Ubuntu and why I seem upset about them all the time

A well-reasoned argument about Canonical’s licensing terms for package (re)distribution, adding additional burden and load to anyone willing to redistribute the Ubuntu packages into a new distribution. Turns out, he’s not alone in thinking this.

Fosdem 2016 videos

Most of the FOSDEM 2016 videos are available online, with new recordings still being added daily. If you missed interesting talks during this open source conference, have a look!

Who’s fixing containers?

With the glibc vulnerability getting a lot of attention, Red Hat asks the interesting question: who’s going to fix the containers?

Go 1.6 released

If you had previous Go code, go ahead and compile against the 1.6 release. It offers a number of improvements including enabling HTTP/2 by default.

A linux powered microwave oven

What do you do if your microwave oven has the worst possible UI or UX? You hack it and let Linux run it, of course.

Khronos released Vulkan

If you only use Linux on the server this may seem irrelevant, but still: Vulkan is a new video display API competing with OpenGL and Microsoft’s DirectX. This enables more robust and innovative video support for Linux on the desktop, adding support for 64bit games. Ubuntu 16.04 will even include full support in the Mir display server. If you’re interested in 3D rendering from a technical standpoint, have a look here: Vulkan in 30 minutes.

So, you want to write a package manager?

As sysadmins, we know we already have plenty of package managers. Everyone seems to invent one at some point. This post dives into the technical details of what it takes to _actually _write a package manager of your own.

ZFS coming to Ubuntu 16.04

It’s taken a really long time, but ZFS is finally coming to Ubuntu. In a couple of weeks, when 16.04 is released (LTS!), official support for ZFS will be included.

ReactOS 0.4.0 released

Nearly 10 years after the previous release, the ReactOS team released version 0.4.0. ReactOS is an open-source effort to develop a quality operating system that is compatible with Microsoft Windows applications and drivers.

Elastic Stack 5.0

An introduction to the ‘Elastic Stack’ (Elasticsearch, Kibana, Logstash) version 5, which offers quite a few improvements and name changes.

FFmpeg 3.0 released

A new major release, featuring lots of new encoders & filters.

Zabbix 3.0 released

After many years of development, the new LTS release of Zabbix has been released: a much needed redesigned web interface, encrypted protocol for client <-> server communication, trend prediction & many performance improvements.

Tools & Projects

dockerfile-from-image

This project tries to reverse engineer the Dockerfile when all you have is the Docker image itself.

BigchainDB on Docker

Last week’s issue featured BigchainDB as a blockchain-database. This project offers you a simple deployment based on Docker.

Maru

This project transforms your smartphone into a PC. Ubuntu once tried something similar in 2013 which failed, I’m curious what this project can offer.

Adhocracy

This project is a cooperative discourse, delegation and voting software, which enables a collective, binding decision-making process online. Basically, if you want online voting, have a look here.

Organon: a pentesting package manager

Remember that post about not having enough package managers? Well, organon is a new package manager for pentesting focussed tools.

Lyrica

A safe, comprehensible and efficient PID 1/init replacement written in OCaml. In short, it haves like sinit does.

Kocho

The Kocho tool is a way of bootstrapping CoreOS OS’s in a virtual environment. There’s a lot of tools out there for bootstrapping Docker images, but very little tools that bootstrap the OS to run your Docker images. Kocho fills that gap.

notty

notty is a virtual terminal like xterm, gnome-vte, sh, or rxvt. Unlike these programs, notty is not intended to emulate a DEC VT-series physical video terminal, or any other physical device. Instead, notty is an experimental project to bring new features to the command-line which would not have been possible for the physical terminals other terminals emulate.

Damn Vulnerable Web Services

Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment.

bfs

Breadth-first search for your files. bfs is a variant of the UNIX find command that operates breadth-first rather than depth-first. In short: a much faster, more efficient version of ‘find’ at the CLI.

AppFS

AppFS is a FUSE-based filesystem that presents a filesystem view of remote packages presented via HTTP for the purpose of running software without the hassle of installing it.

Guides & Tutorials

Nginx as a caching reverse proxy

An excellent guide on configuring the different caching options in Nginx, in this case to replace a Varnish configuration and keep just the Nginx instance. It also includes an interesting way of generating thumbnails to images from within Nginx.

Linux networking from the ground up

An absolutely brilliant 5-part series on how the network stack in Linux works, outlining the path of a packet from the wire through the network driver and kernel until it reaches the receive queue for a socket. part 1, part 2, part 3, part 4 & part 5.

Introduction to tar

There’s a famous XKCD comic about the ‘tar’ tool, so an introduction & guide about that tool seems about right.

CentOS 7 using the system storage manager management volume LVM

Managing LVM isn’t always as straightforward as we’d like, especially for newcomers. RHEL and CentOS 7 ship with a tool called ‘System Storage Manager’ (a set of CLI tools and interfaces) which facilitates the use of LVM and this guide explains it further.

Wrangling Grafana and InfluxDB into a Docker image

A very explicit guide on wrapping both Grafana and InfluxDB into a Docker image, with each step explained in detail.

How to monitor your Linux machine

If you’re new to monitoring, this post unveils a couple of tools you can use to monitor your Linux server(s).

The many load averages of Unix(es)

The ‘load average’ mystery continues: this uncovers the history of load averages, starting at BSD.

An introduction to IPFS

IPFS (InterPlanetary File System) is a new peer-to-peer hypermedia protocol, basically a huge distributed filesystem. This post further clarifies IPFS with some examples.

Moving from Windows to Linux: what software to use?

If you come from Windows and want to use Linux, which open source variants to popular Windows tools do you use? This post explores some of them (like Photoshop, ISO tools, Sketchbook, …).

How to Setup Additional Entropy for Cloud Servers Using Haveged

The Linux pseudo random number generator (PRNG) is a special device that generates randomness from hardware interrupts (keyboard, mouse, disk/network I/O) and other operating system sources. In a virtual environment however, those aren’t always available. This post explores an alternative way to generate such “entropy”.