Welcome to cron.weekly issue 23 for Sunday April 10th, 2016.
Every week I think ‘I won’t have enough content‘, only to be blown away with everything that got bookmarked. This week is no exception.
Lots of new tools and releases and a heavier-than-usual focus on networking in this release.
I hope you enjoy it!
Richard Stallman wrote a piece on how free software often depends on non-free software (like a proprietary compiler or interpreter).
A very open interview, recorded in February 2016, with the creator of Linux. Lots of interesting little details about the man behind the project.
15 years after the famous essay “Goodbye free software, hello open source”, this author looks at the reverse: why it’s important to consider software to be ‘free’ instead of just ‘open’.
This post outlines some of the biggest threats we face as sysadmins, and offers solid advice on how to prevent on getting yourself and your company hacked: fixing e-mail, software policies, principle of least privilege, … All very theoretical, but plenty of reading material for you to implement in your infrastructure.
A follow-up on one of the previous Cloudflare blogposts about tracking down the cause of latency in the Linux kernel, this time focussed particularly on network connectivity. As usual, very good details on the internals of the Linux kernel and practical commands to remember for your own debug sessions.
RubyGems.org contained a bug that could allow an attacker to replace some .gem files on the RubyGems servers with a different file that they supplied. This bug has been fixed as of April 4th.
A nice summary of what it means to be a good sysadmin. Focus on automation, documentation, organisation, …
A very honest article about a writer who started at Mozilla but didn’t quite care for Open Source. After 10 years, that has changed quite a bit.
Tools & Projects
The Zulu project is a 100% open source alternative to OpenJDK, the Java framework. It comes as an alternative to OpenJDK 6, 7 and 8.
Digital Ocean has release an official command line interface to interact with their API and configure your VMs, take back-ups, spin up new servers, … all from your terminal. This offers great possibilities for scripted installs and automation.
GNU Health is a Free/Libre project for health practitioners, health institutions and governments. Its modular design allows to be deployed in many different scenarios: from small private offices, to large, national public health systems.
An open source implementation to download videos from Youtube, Vimeo, … basically every video provider out there.
A ruby on rails application to ‘securely’ (your mileage may vary) transfer passwords to someone else. Links to passwords expire after a certain number of views and/or time has passed.
LogZoom is a fast, lightweight, and reliable log data indexer written in Go. If you’ve ever considered using Logstash, Fluentd, or some other tool for log aggregation, you may want to consider using LogZoom instead.
Aria2 is a lightweight multi-protocol & multi-source command-line download utility. It supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. aria2 can be manipulated via built-in JSON-RPC and XML-RPC interfaces.
Vis strives to be simple and focuses on its core task: efficient text management. The intention is not to be bug for bug compatible with vim, instead a similar editing experience should be provided. The goal could thus be summarized as “80% of vim’s features implemented in roughly 1% of the code”.
Git-based version control plugin for WordPress. Undo any change, branch & merge easily, migrate database content between environments and more.
allmark is a fast, standalone markdown web server for Linux, Mac OS and Windows written in go. You can point it at any directory that contains markdown files and it will immediately start a web-server that serves the rendered HTML content of the markdown file to you.
Composer is PHP’s package management system. Last week, version 1.0 was released. Composer helps developers install 3rd party packages and manage dependencies.
Vuls is a Vulnerability scanner for Linux, agentless, written in golang. It can scan for any vulnerabilities on a Linux Server as well as the middleware that is not included in OS package management. It also nmap-like functionality to scan your network and detect hosts on its own.
The Github team has open sourced their implementation of git: dgit is a new distributed storage system that dramatically improves the availability, reliability, and performance of serving and storing Git content.
Vegeta is a HTTP load testing tool and library. Their latest release, version 6.1, adds support for HTTP/2. So you can now use Vegeta to loadtest an HTTP/2 server.
The new version of Kibana is approaching fast: alpha 1 has now been released. A new design, first class applications, a new plugin installer and loads of internal changes. This new release is looking very promising.
Mutt is still very much alive and kicking: this e-mail client released version 1.6 which brings support for S-MIME encryption, better character set support, header caching and more.
OpenBazaar is a decentralized peer-to-peer network for trade that uses Bitcoin. That trade happens directly between buyers and sellers with no one in the middle – and no fees or restrictions on trade.
Mailtrain is a Self hosted newsletter app built on top of Nodemailer. It’s got list management, custom fields, 3rd party sender services and many more. If you’re using Mailchimp for your newsletters (like I am now), maybe Mailtrain can replace that.
Guides & Tutorials
A practical introduction to Gerrit, the code review tool, and the move from a Github based organisation to Gerrit. For this particular team, it offered better code reviews, cleaner pull requests and faster response times.
Lots of very practical cheat sheets on BGP, WLAN, OSPF, IPv6/IPv4, RIP, … basically every network protocol you can reasonably come across.
A set of examples on using ‘apt’ instead of ‘apt-get’ for package management on Ubuntu & Debian systems.
If you’ve ever run “strace” on a program, these terms will sound familiar: open, fork, read, write, … Interpreting them however can be rather difficult. This post clearly explains the function of each Linux system call and some of its internals. Lots of content in here, all very low-level.
Practical examples on configuring OSPF, BGP, VLANs and more in this tutorial. This is written for the Linux sysadmin with a lot of new use cases for familiar tools like “ip”, “ifconfig”, “tcpdump”, …
A lengthy guide, but it looks like a very complete one: how to configure OpenPGP. Background info on keyservers, key management, IDs, …
Github now supports GPG signing of commits, so code changes can be verified. This guide shows the Github implementation, with links to extra GPG documentation.
I’ll be honest: this is dark magic. This guide shows how you can insert a vim command in the middle of a piped-command, to alter its input.
This article is about the differences between netstat and nstat regarding Linux system network metrics, and why nstat is superior to netstat.
This guide explains how you can set up both Nginx and PHP 7 inside a Docker image. If you want to get started with Docker, these kind of introductions are perfect.
Some more very low-level Linux bits: how the initcall mechanisme. The main point of the _initcall_ mechanism is to determine correct order of the built-in modules and subsystems initialization.
A very clever idea you can use for more than just AWS instances: whenever someone logs in to a server via SSH, mark it as “contaminated” so you can re-provision it. The idea is to prevent manual changes to a server and enforces a consistent infrastructure.