cron.weekly issue #18: OpenSSL, Debian, Caddy, Systemd, Bash, Make & many more!


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, March 06, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #18 for Sunday, March 6th, 2016.

Another security week, this time with 2 OpenSSL vulnerabilities. Lots of interesting articles on Docker, config management, monetising open source and a bunch of interesting releases and projects.

In other exciting news: this newsletter has just surpassed the 1.000 subscriber mark! Thank you all for your continued support and providing me with valuable feedback.

If you’ve liked the newsletter so far, you would do me an immense favour by sharing it on social media, mentioning it to your coworkers or friends. If you’re not sure how, check out the green ‘I loved it‘ button at the bottom of this e-mail.

Enjoy your Sunday!

News

OpenSSL vulnerabilities: DROWN attack and CacheBleed

The crypo-world got 2 gifts this week: a high severity OpenSSL vulnerability dubbed ‘DROWN’ and a side-channel attack called ‘CacheBleed’, which allows the RSA private keys to be retrieved from a server. There’s a bit of patching and configuration changes involved, if you haven’t already. More technical details are, as usual, on the CloudFlare blog.

Debian 9 released delayed, waiting for Kernel 4.10

The Debian project will wait for Kernel 4.10 to be released before it releases a stable version of Debian 9 (codenamed Stretch). It’ll take a bit longer because of this, but should mean a longer upstream support period and improved compatibility.

Lessons learned from three container-management systems over a decade

Quite a lengthy article comparing Borg, Omega & Kubernetes as container management systems. Lessons learned from each are included.

Is Caddy Free?

This blogpost by Matt Holt, creator the Caddy Server project, offers an interesting story behind monetising your open source project. Caddy is still free to download, but you’re encouraged to donate. I for one hope a reasoned explanation like this gets people to appreciate the efforts that go into an open source project.

Systemd vs. Docker

The battle for PID 1 continues: a very interesting read for 2 competing systems, Docker and systemd, both trying to accomplish similar tasks.

Block-layer I/O polling

Exciting news for the storage folks relying on Linux: block-layer I/O polling is coming soon! Instead of having the disk drivers send interrupts to the kernel to accept storage commands, the kernel can now poll for new changes. This means less interrupts and lower latency for disk I/O!

Command-line tools can be 235x faster than your Hadoop cluster

A testament to the power of our command line: this example analyses a small dataset (around 2GB) and finds it much faster to process via the CLI using a couple of grep/awk/sed commands than via a Hadoop Cluster.

Tools & Projects

Sensible Bash Defaults

This project attempts to introduce saner defaults to Bash: better tab completion, a nicer ‘history’ (without recording useless commands) and better directory navigation.

gor

Gor is an open-source tool for capturing and replaying live HTTP traffic into a test environment in order to continuously test your system with real data. It can be used to increase confidence in code deployments, configuration changes and infrastructure changes.

MiniVim

A nice set of defaults for a vim configuration. Vim is highly opinionated, of course, but these configs make for a great starting point to finetune vim to your liking.

Ansible Semaphore

This is an Open Source alternative to Ansible Tower, a central dashboard for monitoring and managing your Ansible infrastructure.

Pkgr

Package your application (Ruby / NodeJS / Go / PHP / …) into deb or rpm packages on Debian, Ubuntu, CentOS, Fedora. This includes init scripts, logrotate, etc.

ttconfig

Traffic Shaping on a Linux machine doesn’t have the easiest CLI interface. This project tries to make it better: easy to setup traffic control of network bandwidth/latency/packet-loss to a network interface.

AppImage

Distribute your desktop Linux application in the AppImage format and win users running all common Linux distributions. Package once and run everywhere.

Apt 1.0

A new ‘apt’ binary combines the most commonly used commands from apt-get and apt-cache and adds a progress bar to the mix.

Guides & Tutorials

Debugging why ping was Broken in Docker Images

I always enjoy reading debugging & troubleshooting sessions by fellow sysadmins: these kind of guides usually teach me the post (new methods, tools, CLI snippets, …). This particular blogpost uncovers a rabbit hole when debugging why ‘ping’ wouldn’t work in Docker images.

Intro to Docker (presentation)

A nice understandable presentation on using Docker, with practical information.

Curl vs. Wget

Both curl and wget have similar capabilities, bit differ in a couple of key areas: this page highlights the differences.

25 Useful IPtable Firewall Rules Every Linux Administrator Should Know

Another link-bait title, but pretty decent content: a couple of useful iptables snippets that can come in handy.

The Self-Documented Makefile

It’s not a project of itself, but a good explanation of how to create self-documentation ‘make‘ files. If your project relies on make for building, deploying or automating tasks, this post is for you.

10 things to avoid in docker containers

This interesting blogpost by Red Hat gives us some lessons learned when working with Docker containers.

Ansible vs. Chef

Nice insights from a long-time Chef user, switching to Ansible: easier to set up, easier to teach and easier to maintain. It’s opinionated, but everything in the config management world is.

The Resource Wrapper Pattern in Puppet 4

A very nice improvement came to Puppet 4, allowing you to create ‘wrapper modules’ a lot easier. You no longer have to repeat all parameters for each module, you can use the wildcard (*) parameter.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.