Welcome to cron.weekly issue 25 for Sunday, April 24th, 2016.
It’s been a pretty busy week once again with the major release of Ubuntu 16.04, a new Long Term Support Ubuntu version.
There’s a lot of practical guides in this edition too that can help you get started with running IPv6 or introduce Access Control Lists in your Linux environment.
The biggest open source company in the world is revealing more projects built on (and to support) OpenStack.
Not everything in systemd is bad, this author discovers. The post mostly covers a particular debug session in which systemd offered the right tools to troubleshoot and fix the problem.
If you’re driving a car that’s 99% computer, surely you can get Linux to run on it. Right? Well, turns out, running Gentoo inside your Tesla is perfectly possible.
A nice flashback on the various security mechanismes Docker has introduced over the last year in its various releases. It also offers a comparison between Docker, LXC and CoreOS rkt – although since this blogpost comes from the creators of Docker, I’d take it with a grain of salt.
We all know staging up-to-date on open source security issues or new versions isn’t easy. There are a lot of projects to follow and it can be intensive to stay informed. This newsletter (hopefully) helps, but can’t cover it all. That’s why I created the @oss_announce and @foss_security Twitter accounts that automated this whole process: they live-tweet whenever important releases or security announcements are made.
As sysadmins, it’s our job to keep our systems secure. Reading about how an attacker goes about exploring a target and eventually breaching its security, offers us insights into areas we need to focus extra attention to. This particular post highlights flaws in no-sql databases (MongoDB) and shows how an attacker goes about a complicated hack.
A look back at how LibreSSL started, the promises made at the start of the project and the current state.
Some more background to how Badlock, the samba vulnerability revealed last week, got discovered and how the fix got distributed to several distributions.
Tools & Projects
The latest Long Term Support (LTS) for Ubuntu is out: 16.04 ‘s most prominent features are ZFS support, the 4.4 kernel, the Mitaka release (13) of OpenStack and a new “snappy” package manager.
Hitch is a high performant SSL/TLS proxy, created by the Varnish team that gave us the fast caching daemon and load balancer. Version 1.2 fixed a couple of bugs and offers more configuration options for the frontend (SSL, ciphers etc.).
If you’ve ever wanted to run a service like Pastebin, which allows anyone to paste text and get a unique link to share it, now you can with Glot.io. If you’re looking for a Pastebin alternative for yourself or your organisation, have a look at Glot.io.
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. All the informations a stored in an Elasticsearch database.
Rperl is a “restricted perl”, a version of Perl with a select set of features included and optimised for pure performance. When used properly, rperl can be up to 100x faster as “regular” perl. Version 1.7 now offers support for stand-alone executable binaries.
Hex is a package manager for the Erlang ecosystem.
DC/OS is an entirely open source software project based on Apache Mesos, Marathon and a whole lot more.
SSSD is a system daemon. Its primary function is to provide access to identity and authentication remote resource through a common framework that can provide caching and offline support to the system. It provides PAM and NSS modules.
A clever hack to deal with WiFi-stealing neighbours: some iptables and perl scripts to automatically reverse all text on pages visited by unwanted WiFi guests.
Spash is a command line tool for Big Data platforms that simulates a real Unix environment, providing most of the commands of a typical Bash shell on top of YARN, HDFS and Apache Spark.
Scylla is a NoSQL column store database, fully compatible with Apache Cassandra at 10x the throughput and jaw dropping low latency.
A full BGP implementation for your network in a Go library. This could be the perfect corner stone if you’re building your own SDN (Software Defined Networking) solution.
Apple open sourced Swift a couple of months ago, their new programming language for developing iOS applications. The “Perfect” project takes the Swift language to the server, allowing you to write server-side applications in that very same language.
Micro is a terminal-based text editor that aims to be easy to use and intuitive, while also taking advantage of the full capabilities of modern terminals.
shift is an application that makes it easy to run online schema migrations for MySQL databases
Guides & Tutorials
Some more very low level Kernel specifics: if you’re into custom bootloaders, exotic CPU’s, strange process architectures and even more obscure memory bugs, have a go at this article.
If FreeBSD, NetBSD and OpenBSD all sound alike to you, this article can help shed light into the darkness that is BSD: the history and main direction of each *BSD project clearly explained.
A very extensive paper on the security aspects of containers: cgroups, network namespaces, mandatory access control, different attack surfaces, … If you’re deep into containers (LXC, Docker), grab a coffee and take your time for this 122 page read.
A set of useful tips and configuration parameters when you’re just starting out with Redis. A couple of important kernel tweaks needed too, or you’ll quickly run into Redis issues along the way.
Some very clever timing techniques are used here to detect, from the webserver that’s hosting the scripts, whenever a user directly pipes the output of a curl command into bash.
Gimp is an open source photoshop alternative, this post highlights some if its biggest strengths.
Another set of practica examples you might need to use when attempting git.
Git is still a complex matter, especially if you’re just starting with it. This guide takes on a very pragmatic approach with very specific questions you might have on Git and answering them clearly.
A clever way of adding more logic and error handling into your Bash scripts by catching signals like SIGHUP and acting upon them.
A set of very good questions and considerations to make when designing a new system. Very practical questions like understanding bottlenecks, scaling and load balancing methods, replication methods to use, …
This Debian guide walks you through activating IPv6 on your network and performing the first basic troubleshooting.
A do-it-yourself router, running Linux, with step by step instructions.
A guide that takes you beyond simple owner/group and file permissions and introduces Access Control Lists (ACLs) in Linux.
A post in the defence of the tool ‘make‘ as your build tool, instead of complex scripts and dependencies that take in a lot of 3rd party software. A simple make configuration can go a long way.