cron.weekly issue #21: Swift, Ubuntu, Oh My Zsh, NPM, SMTP, rspamd and many more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, March 27, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #21 for Sunday, March 27th, 2016.

This is just a heads up so there are no surprises to anyone: as of the next couple of issues, you may see sponsored posts or links appear in this newsletter. They’re used to help with the costs involved in running this newsletter (mainly Mailchimps’ monthly cost).

I’m working on making this as non-disruptive as possible. You signed up for open source & linux content, that’s what you’ll continue to get and that is what remains my priority. Additionally, sponsored posts will always be clearly marked as such – no hidden content.

In related news: if you or your company is interested in reaching an audience of loyal open source & linux sysadmins, let me know by replying to this mail. I’ve got sponsor packages available. 😉

News

Ubuntu 16.04 LTS (Xenial Xerus) Final Beta released

The new Long Term Support release of Ubuntu, Xenial Xerus (16.04), is just around the corner. The final beta is available for testing, we should see that final release in a couple of weeks now.

​Apple’s Swift comes to Linux

With the release of Swift 2.2, the new programming language from Apple, Ubuntu 14.04 and 15.10 are officially supported. Swift is coming to Linux!

Docker for Mac and Windows Beta

Soon you’ll no longer need a VirtualBox VM to run your Docker containers: there is now a beta program for native Docker support on both Mac OSX and Windows.

​Red Hat becomes first $2b open-source company

It’s hard to argue with Red Hat’s success as an open source company: they are now a $2.000.000.000 (yes, those numbers are correct) dollar company. While it isn’t easy to make money in open source, they prove a solid strategy and a stable product can make it work.

d’Oh My Zsh: How I unexpectedly built a monster of an open source project

A very interesting read in the making of oh-my-zsh, the popular wrapper/plugin/theme around the zsh shell. What started of small is now one of the most popular shells out there.

This story requires quite a bit of linking and highlights the fragility of open source ecosystems, package managers and dependencies in general. Azer Koçulu is the author of a very popular NodeJS package. Because of a patent lawyer, he had to pull a very popular NodeJS package due to naming ‘violations’. This package happened to be used in millions of dependencies in the NodeJS ecosystem, wrecking havoc everywhere.

More reading: The (official) npm blog: kik, left-pad, and npmAlert: NPM modules hijackedNPM Package Hijacking: From the Hijackers Perspective

Micropackages and Open Source Trust Scaling

In follow-up of that previous NodeJS article: the dangers involved in heavily dependent ecosystems. More importantly, and this can apply to package managers in general, it’s sometimes hard to know which dependent packages trigger other dependencies you may not fully control.

Microsoft still makes billions from open source patents

Despite their continued efforts to open source their own software, Microsoft continues to enforce its Android patents. Companies worldwide have had to pay billions because of these “open source” patents.

The problem with the Docker hype

A good statement that Docker in itself doesn’t solve IT problems. The mindset and changes Docker encourages, like microservices and portability, that’s where the difference lies. Docker as a tool facilitates that.

SMTP Strict Transport Security

Good news for mailserver admins: the Strict Transport Security which we know from HTTPs is coming to the SMTP protocol. In the end, it can be used to enforce TLS in the SMTP protocol.

UNIX: Making Computers Easier To Use (1982)

A trip down memory lane: a video from 1982 promoting the use of UNIX and covering some of the backgrounds. It’s pretty amazing to watch and consider those paradigms are still what we use today.

Tools & Projects

gx

gx is a packaging tool built around the distributed, content addressed filesystem IPFS. It aims to be flexible, powerful and simple. It’s especially its support for IPFS, the new distributed p2p web, that makes it interesting.

chkboot

chkboot is a set of scripts that are meant to be run on a system with an encrypted disk drive. Due to the nature of disk encryption, in order to get the operating system to boot, there needs to be a portion of it which remains un-encrypted. These scripts check that those files have not changed between reboots.

securitychecklist.org

If you’re launching a new website and have security in mind, this is a good starting point: a set of clear TODO’s for hosting secure sites, featuring TLS, strong ciphers, security headers, fail2ban, SSH configs, …

Rspamd 1.2

This project is a fast, free and open-source spam filtering system. Think of it as a modern SpamAssasin (with guides available on how to migrate from SA to Rspamd). The new release focusses on stability and speed.

OwnTracks

OwnTracks allows you to keep track of your own location. You can build your private location diary or share it with your family and friends. This sounds interesting for runners or cyclists that want to keep track of their location but host it on your own infrastructure.

SElinux Coloring Book (PDF)

It’s both a parody and a useful resource at once: the concepts of SElinux (like enforcement, policies, object types, …) explained in a kids’ coloring book.

Win32-OpensSSH 1.1

Remember when Microsoft said they’d port the SSH protocol to Windows? Well, they’re still working on that. Last week release 1.1 was made available. We’re one step closer to connecting to our Windows environments like we do our Linux ones, which could completely change how we manage Windows servers.

Teleport

SSH for Clusters and Teams: Teleport extends SSH to create a modern access layer for teams working on distributed infrastructure. Its features include mandatory 2FA, SSH session recording & logging, webUI and ful SSH compatibility. At the CLI, it offers all sorts of shortcuts to send commands across multiple hosts. The 3min video on the site explains this best in a demo.

Citus: Scalable PostgreSQL

Citus horizontally scales PostgreSQL across commodity servers using sharding and replication. Its query engine parallelizes incoming SQL queries across these servers to enable real-time responses on large datasets.

Jenkins 2.0 beta

Jenkins is an open source automation server with a plugin ecosystem to support practically every tool as part of your delivery pipelines. Whether you use it for continuous integration, continuous delivery or something else entirely, Jenkins can help automate it.

Guides & Tutorials

Linux Kernel Module example: write your own Rickroll kernel module

A practical guide on how to write your very own Kernel module. At the end of this guide, you’ll have your very own Rickroll module that plays Rick Astley’s biggest hit whenever you try to open an MP3 file, instead of the actual MP3 file.

NGINX as a WebSocket Proxy

This guides explains how WebSockets work, their relation to the “standard” HTTP protocol and how to configure them in Nginx.

Zero downtime upgrade with Ansible and HAProxy

How to upgrade a farm of webservers with absolute zero downtime, using a combination of HAProxy (load balancer) and Ansible (config management / deployment tool).

HTTP/HTTPS not working inside your VM? Wait for it.

When debugging something that looks easy turns into something more complex: how a non-working HTTP connection can be fixed by delaying all network traffic leaving the server with 100ms using Linux’s traffic shaping.

Linux Programming – Signal Basics

How would you implement a SIGINT in your code yourself? This guide explains the C-code needed to handle and catch interrupt signals in Linux.

Fishing for Hackers: Analysis of a Linux Server Attack

Sysdig is a very interesting tool for debugging on Linux. This post deliberately sets up an _insecure _server so they can use sysdig to monitor what an attacker does that gains control over such a server. The result: a detailed analysis of everything that happens on a compromised server.

FreeBSD – a lesson in poor defaults

This is by no means an attack on FreeBSD, but the author highlights a couple of configuration changes to be made on a default FreeBSD installation to increase security.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.