Welcome to cron.weekly issue #64 for Sunday, January 22nd, 2017.
Sit back and relax because there is a lot to share. There’s a special 50%-off promo code for the SCALE conference, lots of new tools and practical guides on using Vault, implementing caching strategies, …
Enjoy!
News
Configuration-Driven PHP Security Advice Considered Harmful
This post is a good reminder that “secure code” doesn’t come from changing a few .INI settings here and there, but is a much more profound process. While there are a handful of PHP.INI settings to help secure PHP, most of the guides regarding these changes are not worth it.
Maintainers Don’t Scale
A critical view on how the Linux kernel is maintained and the role individuals play, the bottlenecks & powers that come from it and a proposal for improving this process.
Kernel 4.9 = new LTS release
As confirmed by Greg Kroah-Hartman, the new 4.9 kernel is going to be an LTS release. The previous LTS was 4.4.
vSphere 6.5 Container Integration
Many of us run our Linux servers on a VMware infrastructure, so it’s good news that VMware’s 6.5 release brings lots of support for container workloads. With persistent volumes, it’s easier to run your containers on any VM.
The Downsides of Open Source Software
Some valid points in this critical piece: how internal ‘drama’ triggers forks, how open source projects are often delayed, …
Tools & Projects
DataDog: all your infrastructure, in one place
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
hellogopher
Hellogopher: “just clone and make” your conventional Go project. This greatly simplifies the whole GOPATH environment mess.
docker-sync
Run your application at full speed while syncing your code for development, finally empowering you to utilize docker for development under OSX.
ngrok
Secure tunnels to localhost as an answer to ”I want to expose a local server behind a NAT or firewall to the internet.”.
Apache Kudu
A new addition to the open source Apache Hadoop ecosystem, Apache Kudu completes Hadoop’s storage layer to enable fast analytics on fast data.
Home Assistant
This is a thing for your home server & automation: Home Assistant is an open-source home automation platform running on Python 3. Track and control all devices at home and automate control.
exabgp
ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS.
Screwdriver
Yahoo has open sourced Screwdriver, their Continuous Delivery Build System for Dynamic Infrastructure. Looks like a solid architecture and nice looking UI too.
yara
A pattern matching swiss army knife: built for pentesters, but I can see a lot of use cases where it’s convenient even as “normal” sysadmins. YARA is a tool aimed to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
BundleWrap
Config management with Python: BundleWrap is a decentralized configuration management system that is designed to be powerful, easy to extend and extremely versatile.
vmtouch
A portable file system cache diagnostics and control. vmtouch is a tool for learning about and controlling the file system cache of unix and unix-like systems.
Guides & Tutorials
The Infrastructure Behind Twitter: Scale
A scale & setup most of us can only dream about: a very open and detailed view, by Twitter themselves, about the architecture and infrastructure the social network is built upon. From storage to networking to caching and even running Puppet at scale – well worth a read!
Distributing NixOS With IPFS
A very practical guide with lots of considerations for running IPFS, the “distributed web” (think of IPFS as Bittorrent meets git). If the distributed web is the future (instead of typical client <-> server), IPFS has the chance to become the standard in that area.
Caching at Reddit
Another very open write-up of the caching layer at Reddit: mostly using Memcached + mcrouter, how the servers are set up, how they balance the load, …
Create a SOCKS proxy on a Linux server with SSH to bypass content filters
If you have access to a Linux server with SSH, you can easily set up a SOCKS proxy that you can use in your browser. From that point forward, all your HTTP/HTTPs traffic will be routed over SSH and via your own server.
Upgrading Fedora using dnf directly
The official Fedora documentation on upgrading systems is very detailed, so I wanted to highlight it here too: this page describes how to (safely) use the dnf package manager to do a major distro upgrade.
Setting up Minio, an S3 compatible storage
This guide explains how to setup and configure Minio, an S3-compatible object-storage server that you can run on your own kit and has first-class Docker and Raspberry Pi support.
Rotate Passwords with Ansible and HashiVault
A practical guide on using HashiCorp’s Vault (secret & password manager) with Ansible’s automation.
‘You are Not Expected to Understand This’, explained
A solid explanation of one of the most iconic comments in the Linux source code: ‘you are not expected to understand this’. The post and video explain the mechanism that allows for time-sharing and multi-tasking … essentially how a computer is allowed to be shared by multiple concurrent users and concurrent applications.
Mastering Bash and Terminal
A solid introduction to Bash, covering changing directories (the absolute basics) to things like _pushd, fg/bg, find/ag/grep, … _
Conferences
SCALE
Lots of big and known names as speakers to the SCALE conference this year. On March 2-5th in Pasadena, California. Use promo code “CRON” for a 50% discount. (cron.weekly perks, cool!)
Newsletters
There are 2 security related newsletters I’d like to highlight. If you sign up to any of these, don’t let it replace your cron.weekly subscription. 🙂
Security Newsletter
To-the-point security news linking to lots of articles, each nicely summarised. Plenty of news I miss on a weekly basis, it’s nice to be kept informed this way. Gets sent every week.
Bulletproof TLS newsletter
A monthly newsletter on all things security with a focus on cryptography and TLS: lots of links get shared in every issue, giving you plenty of reading material.