Welcome to cron.weekly issue #55 for Sunday, November 20th, 2016.
Last week was a shorter edition and I even got confused with the versioning – but I’m making that up this week!
Plenty of new security tools and a vulnerable VM you can test them against, lots of open source news, an IFTTT open source alternative, querying JSON via the command line & many more interesting guides.
Enjoy!
News
apt-get in Watch Dogs 2
In the new game Watch Dogs 2, the main character installs a ‘backdoor’ using apt-get and shows the source code. Nerdy!
Do not change Linux files using Windows apps and tools
If you’re running applications in Bash on Windows, Microsoft has issued a warning (with lots of bold red text, so you know they’re serious) not to edit any Linux-related files with Windows applications. Hooray for consistent line-endings.
Portable system services
A new idea that might land into systemd: containers may be integrated into system services, allowing you to further isolate processes from each other.
Microsoft joins Linux Foundation
Lots of follow-up has already been written on this topic, ranging from “this is just PR“, “Microsoft really does support Linux” to “Microsoft actually hates Linux“. I’ll leave the judging up to you. But if anything, it means more money for the Linux foundation to support more open source projects.
Linux now runs on 99.6% of the top 500 supercomputers
Cool!
The “cryptsetup initrd root shell” vulnerability
More background info on the recently disclosed vulnerability that _you can press ENTER for 70 seconds to bypass disk encryption authentication. _As usual, there are more nuances.
Apple is doubling down on Open Source
More projects are going to be open sourced and the existing ones are going to get more support.
Self-taught Software Developers: Why Open Source is important to us
The importance of open source in order to prove your worth as a developer, it can’t be underestimated.
Tools & Projects
Datadog: Cloud Monitoring as a Service
With Datadog, you can see all your data in one place. See Amazon stats on your servers, as well as detailed numbers of your PostgreSQL, Elasticsearch, Node & other applications. Sign up for a free 14-day trial. (Sponsored)
Commix
Commix is an automated tool that can be used from web developers, penetration testers or even security researchers in order to test web-based applications with the view to find bugs, errors or vulnerabilities related to command injection attacks.
neet
Neet is a flexible, multi-threaded tool for network penetration testing. It runs on Linux and co-ordinates the use of numerous other open-source network tools, with the aim of gathering as much network information as possible in clear, easy-to-use formats.
gmvault
Gmvault is a tool for backing up your gmail account and never lose email correspondence.
Metasploitable3
Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities, so you can test your pentesting skills.
Celery 4.0
Celery is an asynchronous task queue/job queue based on distributed message passing. It is focused on real-time operation, but supports scheduling as well. The changelog for the recently release 4.0 is quite impressive.
KiTTy
A new fork from the PuTTy SSH client on Windows with quite a few new features. If it continues to receive support, it may well replace PuTTy.
Trigger Happy
An open source clone of IFTTT.
iocage: a FreeBSD jail manager
iocage is a zero dependency drop in jail/container manager amalgamating some of the best features and technologies FreeBSD operating system has to offer. It is geared for ease of use with a simple and easy to understand command syntax.
Rocker
Rocker breaks the limits of Dockerfile. It adds some crucial features that are missing while keeping Docker’s original design and idea.
Guides & Tutorials
A brief history of select(2)
Lots of history in this post about the select(2) system call and how epoll, iocp and kqueue have built upon that.
Fixing MySQL master-slave replication upon query error
In a MySQL master/slave or master/master replication, some queries can stop your replication altogether. These commands allow you to ‘skip’ a replication-breaking query. Warning though: at that point, your nodes may be in an inconsistent state.
Node.js at Scale – Node.js Garbage Collection Explained
Lots of in-depth info for those running Nodejs application where garbage collection can cause problems and how that works internally.
Querying JSON data at the command line with ‘jq’
This guide shows some practical examples of handling json data at the command line. By nature, it isn’t very easy to use with awk/grep/sed, so jq parses the json and allows you to query for individual fields.
Monitoring in the Kubernetes Era
A very detailed 4-part series about monitoring Kubernetes in a world where containers come and go. Definitely worth a read if you’re running Kubernets: part 1, part 2, part 3 & part 4.
Tapping Wires for Lean Security Monitoring: DNS Request Analysis with Open Source Software
An interesting approach: using Graylog to collect and analyse all DNS requests on a network for security research purposes.
Using systemd-nspawn for some containerization needs
A guide to show how you can use systemd-nspawn to run simple containers, together with some examples to create containers. systemd-nspawn seems quite powerful, actually.
Use and automate letsencrypt certificates (ACME) in an high-availability environment
Getting Let’s Encrypt certificates for a single server or site is quite easy, but handling a multi-server environment and getting certificates managed over multiple nodes poses its challenges. This post introduces a few methods of keeping those certificates in sync.
Videos
Coding in the name of
Another parody of the SUSE team: this team remaking Rage Against The Machine’s popular “Killing in the name of”. The other videos in that channel are worth a check, too.