cron.weekly issue #59: Kernel 4.9, Java, containerd, sfb, Redis, CentOS 7.3, Nginx, Ansible & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, December 18, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #59, for Sunday, December 18th, 2016.

There’s too much content in this issue to waste your precious brain cycles on an introduction text, so just scroll down and get reading!

News

Linux Kernel 4.9

Last Sunday, the 4.9 kernel was announced. In terms of commits, it’s the biggest release ever made. It introduces Memory Protection Key, vmapped kernel stacks, a new subsystem called Greybus and many more features. Someone should do a write-up of each and send me the links to include. 😉

Google’s OSS-Fuzz reaches more than 50 projects

Google’s recently announced OSS-Fuzz project, that aims to help secure open source projects, now has more than 50 projects it monitors and fuzzes already. From big names like LibreSSL and OpenSSL, to libarchive, libssh, curl, ffmpeg, …

How Unix made it to the top

A fun bit of trivia of how Unix got introduced in Bell Labs and later into AT&T’s head office.

Oracle finally targets Java non-payers – six years after plucking Sun

Did you know there’s a paid version of JAVA? The SE edition comes in licensing fees ranging from 5000$ to 15.000$, per processor. Better check what you have installed!

How to make Linux more trustworthy

The Core Infrastructure Initiative (CII) has been working to prevent an insidious form of backdoor: malicious code inserted during the software build process without a developer’s knowledge or consent.

Reliably compromising Ubuntu desktops by attacking the crash reporter

This is a story of Ubuntu had a flaw in its crash reporter that allowed an attacker to execute arbitrary code on any Linux desktop. While it’s desktop-focussed, the write-down is very technical and should be interesting to those of us (including me) that only care about Linux on the server.

Docker splits container runtime to ‘containerd’

Docker is separating its core container runtime into a new project called ‘containerd’ and plans to donate this to a neutral foundation (whoever that might be) early next year. This sounds like a good move for the stability of the Docker ecosystem.

Tools & Projects

sfb

A Flappy Bird clone, written entirely in sed. I was feeling fancy when I used sed as a search/replace tool, but it’s a really powerful language.

SQL Server Preview on Linux

Microsoft now offers RPM and DEB packages to install SQL Server – historically only available on Windows – on your favorite Linux distro. There’s support for Red Hat & clones (CentOS etc.) as well as Ubuntu and SUSE.

rediSQL

This project turns your Redis database into a “functional SQL database” by embedding sqlite. Can’t yet image a time when you’d use this over either MariaDB or PostgreSQL, but hey — it’s possible now.

pigar

This tool can generate the requirements file for your Python project, so it’s easier to share your project and environment with others.

Compiler Explorer

Enter C code, get the Assembly equivalent returned to you. Pretty cool to see what code structures amount to what Assembly code.

CHVote

A fully open source public voting system, developed by the Swiss government. Fingers crossed this makes it in production and proves its worth!

nginx-module-vts

This is an Nginx module that provides access to virtual host status information. It contains the current status such as servers, upstreams, caches. This is similar to the live activity monitoring of nginx plus.

CentOS 7.3

Officially, this release is called CentOS 7 build 1611, but it’s derived from Red Hat Enterprises’ 7.3 branch, so I’ll call it CentOS 7.3 nonetheless. Some major changes include: updated packages, support for 7th generation intel CPU’s, virt-p2v is fully supported, technology previews of btrfs, OverlayFS (think Docker), CephFS, kpatch (live kernel patching) & more.

Hyper 1.0

A stable 1.0 release for a fully functional terminal, built with web technologies.

rump

Hot sync two Redis servers using dumps. I wish I had this tool 2 weeks ago! Super simple syntax to get 2 redis instances in sync with eachother. Some more details in the rump announcement.

Citus

Citus empowers you to build real-time applications on billions of events. Citus achieves this by scaling out PostgreSQL across commodity servers using sharding, replication, and query parallelization.

dnpipes

“Distributed Named Pipes”: essentially a distributed version of Unix named pipes comparable to, for example, SQS in AWS or the Service Bus in Azure.

ansible-deploy

Ansible role to deploy scripting applications like PHP, Python, Ruby, etc. in a capistrano style.

Guides & Tutorials

Introspecting namespace relationships

One of the interesting new features added in the just-released Linux 4.9 kernel is the ability to introspect namespace relationships. This helps identify the answer to “what capabilities does process X have in namespace Y?“, which only becomes more relevant as containers and namespaces take off even more.

What Kubernetes users should know about the rkt container engine

Lots of technical deep-dives into the rkt container engine and how it behaves on a Kubernetes cluster.

Group Replication is GA with MySQL 5.7.17 – comparison with Galera

Group Replication is a multi-master update everywhere replication plugin for MySQL with built-in conflict detection and resolution, automatic distributed recovery, and group membership. This post compares that technology to Galera, which offers similar functionality.

I’m tired of Makefiles

In this post, the author highlights some of the shortcomings of the Make__file and which problems it can solve (or fail to detect).

How much memory is my process using?

Linux memory management, always a challenge. This post explores what can cause memory consumption, what makes it difficult to just say “how much memory is X using” and further explains the different memory concepts.

HPACK: the silent killer (feature) of HTTP/2

Header compression in HTTP/2, called HPACK, can reduce the bandwidth amount and increase its efficiency by a lot. This post dives into the technical details of HPACK.

Remote monitoring using tinc VPN

This article describes how to use tinc to connect several remote sites and their subnets to your central monitoring server. This will let you connect to devices on remote private IP ranges through one gateway on each site, routing them securely back to your monitoring installation.

Traffic accounting using Ubiquiti EdgeRouter, iptables and rrdtool

A nice roundup of how to implement rrdtool with iptables for traffic accounting (aka: counting packets and measuring bandwidth).

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.