cron.weekly issue #51: Chaos Monkey, Pi-Hole, tcptop, Varnish, chmod, Linux Internals & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, October 23, 2016

Follow me on Twitter as @mattiasgeniar

I like how even if I think it’s going to be a slow week, there’s always more than enough content to share!

Last week, I also blogged some “behind the scenes” on the newsletter move from MailChimp to Sendy, if you’re interested in that sort of things, go have a read.

News

“Most serious” Linux privilege-escalation bug ever is under active exploit

There’s a privilege escalation vulnerability going around dubbed “Dirty Cow“. An attacker can use this to (rather reliably) use a non-privileged user to become root on a Linux server. Kernel updates & reboots are advised.

How to Open Source at Zalando

Zalando has been publishing open source projects for quite a while, this new post is about how their teams should do open source. I love how that’s also open sourced!

Disney Open source

Other organisations are betting big on open source too, like Disney. They made a good-looking overview of their projects which are all pushed to Github.

Tools & Projects

Datadog – Application monitoring done right

Get real-time, integrated statistics on your entire infrastructure: from Amazon stats on your servers to detailed numbers of your PostgreSQL, Elasticsearch, Node & other applications – all from a single, easy to use, interface. Sign up for a free trial to discover a better way to monitor your stack! (Sponsored)

Puppetlabs image_build

The basic purpose of image_build is to enable building various images, including Docker images, from Puppet code.

octocatalog-diff (Puppet)

Octocatalog-Diff assists with Puppet development and testing by enabling the user to compile 2 Puppet catalogs and compare them. It is possible to compare different branches, different versions, and different fact values. This is intended to be run from a local development environment or in CI.

CacheP2P

This is an interesting proof-of-concept where webtorrents are used to serve a webpage: using clever JavaScript, pages can be loaded via a P2P network instead of a traditional client/server model. There’s more and more interest in a “distributed web” (like IPFS), this could become another player.

Chaos Monkey 2.0

Netflix’s “Chaos Monkey” introduced an interesting concept to Ops team:  Chaos Monkey randomly terminates virtual machine instances and containers that run inside of your production environment. Exposing engineers to failures more frequently incentivizes them to build resilient services.

Nomulus

This is a new open source cloud-based registry platform that powers Google’s top level domains (TLDs).

Pi-Hole

I just finished setting this up at home: a DNS server for your Raspberry Pi which blocks, monitors and reports on advertisement and malicious domains. It’s essentially an adblocker via DNS you can run on your own.

Sanic

Sanic is a Flask-like Python 3.5+ web server that’s written to go fast.

Bucketize

A CLI tool to determine STDIN line rate at the interval of choice.

Noms

Noms is a decentralized database based on ideas from Git.

tcptop

The tcptop tool uses the new Linux BPF capabilities, which summarizes top active TCP sessions.

Guides & Tutorials

Recovering from a filesystem-wide bad chown/chmod

This is a good guide for actions you can take when you accidentally chown/chmod your entire filesystem. You can’t recover everything if you don’t have back-ups, but by using a mounted install CD you can copy all permissions again.

Varnish Explained

This post and video explains how Varnish, the caching and load balancing daemon, works: it covers an introduction to HTTP headers, the internals of Varnish, how to write custom VCL code and getting started with Varnish.

How to live patch Ubuntu Linux Kernel without rebooting the server

“Livepatching” is a licensed tool from Ubuntu, but you can test it out for free: it allows you to do in-memory kernel upgrades, without server reboots. I wonder when/how RHEL/Fedora implement this, and if it’s behind a paywall like Canonical.

Dropping Linux capabilities to make Docker more secure

Did you know there is an option to drop Linux capabilities in Docker? Using the docker run –cap-drop option, you can lock down root in a container so that it has limited access within the container.

Socket Sharding in Nginx

Nginx supports a method called “socket sharding”, where multiple processes can listen on the same IP/socket. This technique allows for rolling upgrades of nginx.

Introduction to PostgreSQL physical storage

Lots of low level details on PostgreSQL’s storage: tuples, items, nodes, blocks & pages, heaps, CTID’s, clusters, … If you’re into databases and Postgres, you’ll love this.

Linux Insides

This is a work-in-progress book with lots of interesting content: interrupt handlers, system calls, time management, synchronisations, … really stunning work by the author, all free to read!

Conferences

linux.conf.au 2017

This Linux focussed conference takes place in Australia, the CFP is open so if you want to present yourself, now’s the time to apply.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.