cron.weekly issue #45: Zines, Kubernetes, Trojans, myLG, InfluxDB, hop & more!


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, September 11, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #45 for Sunday, September 11th, 2016.

Grab a coffee, sit back and relax, because this is a packed edition. Lots of amazingly good content to share this week.

Enjoy!

News

HashiConf 2016 announcements

Some new announcements from the company behind Vagrant, Terraform, Nomad, Vault and many others: sticky volumes for Nomad, Vault Enterprise (a GUI on top of Vault) & more. If you’re interested, I did a podcasting recording on Vault a while back that covers all the basics.

Why Kubernetes is winning the container wars

Opinionated, but it makes some good points: Google’s support, Kubernetes’ community, a lot of contributions and the open nature of Kubernetes are considered the main motivators for its success.

Why were port 80/443 chosen as HTTP & HTTPs ports?

Not so much news as a bit of webserver trivia: the history behind why ports 80 and 443 were the choice for running HTTP and HTTPs webservers.

Chrome to mark non-HTTPs websites as “not secure” in 2017

Consider yourself warned: Chrome is going to mark websites that are served over plain HTTP as visually “NOT SECURE” somewhere in 2017. Better start to plan your HTTP-to-HTTPS moves soon.

Mirai Linux Trojan corrals IoT devices into DDoS botnets

Linux isn’t without viruses: a new trojan, called ‘Mirai’, targets routers, WebIP cameras, BusyBox systems & general Linux devices. Once infected, the machine becomes part of a DDoS botnet.

HP Enterprise names SUSE linux as preferred Linux partner

You might have expected Red Hat or Ubuntu, but HPE appointed SUSE linux as their default Linux partner.

Linux & Open Source ‘zines

If you’re only going to click on one link in this edition, let it be this one: Julia Evans has created stunningly looking zines (blend of fan and magazine or -zine). They are drawings and written summaries of Linux tools. There’s an amazing one covering strace (PDF) and an extensive one for Linux debugging tools you’ll love (PDF). Awesome work!

Tools & Projects

pg_cron

This tool allows you to run scheduled tasks in PostgreSQL. I know what you’re thinking, why not just crontab? Well, this could be a good way to give your PostgreSQL users to scheduled tasks, without granting them cron/shell access.

rkt 1.14 released

A new release from the rkt team, one of the Docker alternatives. This release focusses on stability and minimalisme, exactly what the Docker team got accused of not providing. Clever marketing going on here!

myLG

My looking glass is an open source software utility which combines the functions of the different network probes in one network diagnostic tool: DNS lookups in over 200 countries, RIPE queries, port scans, LAN discovery, traffic dumps, … you name it!

InfluxDB 1.0

A generally available version (GA) of InfluxDB: the open source time series database (like Graphite, RRD, …).

wpscan

A ‘blackbox’ WordPress vulnerability scanner. You can run this remotely, point it at any WordPress installation, and it’ll try to find vulnerabilities. If you host any WordPress sites, this could be a good addition to your recurring security scans.

phpdocker.io

This project generates Docker images (or Vagrant-files) for a typical PHP setup, letting you select the bits and pieces you want.

zone-mta

A modern outbound SMTP relay (MTA/MSA). The goal of this project is to provide granular control over routing different messages. Trusted senders can be routed through high-speed (more connections) virtual “sending zones” that use high reputation IP addresses, less trusted senders can be routed through slower (less connections) virtual “sending zones” or through IP addresses with less reputation.

fastnetmon

A very fast DDoS analyzer with sflow/netflow/mirror support. It can detect hosts in your networks sending or receiving large volumes of packets/bytes/flows per second. It can call an external script to notify you, switch off a server, or blackhole the client.

hop

HOP is a tool meant to tunnel any sort of traffic over a standard HTTP channel. Useful for scenarios where there’s a proxy filtering all traffic except standard HTTP(S) traffic.

rmlint

rmlint finds space waste and other broken things on your filesystem and offers to remove it. It is able to find duplicate files & directories, empty files, broken symlinks, …

Guides & Tutorials

How to run IPFS

A really practical guide on the Arch Linux Wiki about how to install & configure IPFS – the decentralised “InterPlanetary File System”.

Creating a PostgreSQL cluster using Helm on Kubernetes

Helm, the Kubernetes package manager, can be used for a variety of installations. This post focuses on getting a PostgreSQL cluster running on top of the Kubernetes container scheduler.

PHP’s OPCache explained

Some really nice low-level explanation of how PHP’s OPCache – the bytecode cache for the PHP interpreter – works internally. It just got updated for PHP 7.

TCP Puzzlers

If you have a basic understanding of networking, this is really fun: a set of challenges and examples of how TCP works, requiring you to work out the questions like ‘What happens to an established TCP session if one end is power cycled?‘. Also nice to see truss being used in the examples instead of the de facto strace, to monitor low level system calls.

Moving from Docker to rkt

If you have a Docker infrastructure and want to migrate to rkt, the alternative container runtime, have a look here.

Continuous Pipelines for DevOps

A catchy title with lots of practical tools being linked to set up your own pipeline: automating builds & tests, deployments & releases, orchestration, …

How to set up your own malware trap in Postfix

A set of configs for collecting malware sent to a Postfix-enabled mailserver, that you can use for later analysis.

What typing ^D really does on Unix

Typically, it exits a program when you type ^D. But what goes on behind the screens, making that work?

Locking Down an SSH Server

A good explanation of the most commonly configured parameters of an OpenSSH server you should tweak for increased security.

Measuring network performance with qperf

A practical guide for benchmarking your network stack with the qperf tool: covers installation & running and interpreting the results.

Overview On Essential Linux Filesystems

This offers a nice overview of the most common Linux file systems: EXT, Btrfs, XFS, ReiserFS & JFS.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.