Welcome to cron.weekly issue #64 for Sunday, January 22nd, 2017.
Sit back and relax because there is a lot to share. There’s a special 50%-off promo code for the SCALE conference, lots of new tools and practical guides on using Vault, implementing caching strategies, …
This post is a good reminder that “secure code” doesn’t come from changing a few .INI settings here and there, but is a much more profound process. While there are a handful of PHP.INI settings to help secure PHP, most of the guides regarding these changes are not worth it.
A critical view on how the Linux kernel is maintained and the role individuals play, the bottlenecks & powers that come from it and a proposal for improving this process.
As confirmed by Greg Kroah-Hartman, the new 4.9 kernel is going to be an LTS release. The previous LTS was 4.4.
Many of us run our Linux servers on a VMware infrastructure, so it’s good news that VMware’s 6.5 release brings lots of support for container workloads. With persistent volumes, it’s easier to run your containers on any VM.
Some valid points in this critical piece: how internal ‘drama’ triggers forks, how open source projects are often delayed, …
Tools & Projects
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
Hellogopher: “just clone and make” your conventional Go project. This greatly simplifies the whole GOPATH environment mess.
Run your application at full speed while syncing your code for development, finally empowering you to utilize docker for development under OSX.
Secure tunnels to localhost as an answer to ”I want to expose a local server behind a NAT or firewall to the internet.”.
A new addition to the open source Apache Hadoop ecosystem, Apache Kudu completes Hadoop’s storage layer to enable fast analytics on fast data.
This is a thing for your home server & automation: Home Assistant is an open-source home automation platform running on Python 3. Track and control all devices at home and automate control.
ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS.
Yahoo has open sourced Screwdriver, their Continuous Delivery Build System for Dynamic Infrastructure. Looks like a solid architecture and nice looking UI too.
A pattern matching swiss army knife: built for pentesters, but I can see a lot of use cases where it’s convenient even as “normal” sysadmins. YARA is a tool aimed to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Config management with Python: BundleWrap is a decentralized configuration management system that is designed to be powerful, easy to extend and extremely versatile.
A portable file system cache diagnostics and control. vmtouch is a tool for learning about and controlling the file system cache of unix and unix-like systems.
Guides & Tutorials
A scale & setup most of us can only dream about: a very open and detailed view, by Twitter themselves, about the architecture and infrastructure the social network is built upon. From storage to networking to caching and even running Puppet at scale – well worth a read!
A very practical guide with lots of considerations for running IPFS, the “distributed web” (think of IPFS as Bittorrent meets git). If the distributed web is the future (instead of typical client <-> server), IPFS has the chance to become the standard in that area.
Another very open write-up of the caching layer at Reddit: mostly using Memcached + mcrouter, how the servers are set up, how they balance the load, …
If you have access to a Linux server with SSH, you can easily set up a SOCKS proxy that you can use in your browser. From that point forward, all your HTTP/HTTPs traffic will be routed over SSH and via your own server.
The official Fedora documentation on upgrading systems is very detailed, so I wanted to highlight it here too: this page describes how to (safely) use the dnf package manager to do a major distro upgrade.
This guide explains how to setup and configure Minio, an S3-compatible object-storage server that you can run on your own kit and has first-class Docker and Raspberry Pi support.
A practical guide on using HashiCorp’s Vault (secret & password manager) with Ansible’s automation.
A solid explanation of one of the most iconic comments in the Linux source code: ‘you are not expected to understand this’. The post and video explain the mechanism that allows for time-sharing and multi-tasking … essentially how a computer is allowed to be shared by multiple concurrent users and concurrent applications.
A solid introduction to Bash, covering changing directories (the absolute basics) to things like _pushd, fg/bg, find/ag/grep, … _
Lots of big and known names as speakers to the SCALE conference this year. On March 2-5th in Pasadena, California. Use promo code “CRON” for a 50% discount. (cron.weekly perks, cool!)
There are 2 security related newsletters I’d like to highlight. If you sign up to any of these, don’t let it replace your cron.weekly subscription. 🙂
To-the-point security news linking to lots of articles, each nicely summarised. Plenty of news I miss on a weekly basis, it’s nice to be kept informed this way. Gets sent every week.
A monthly newsletter on all things security with a focus on cryptography and TLS: lots of links get shared in every issue, giving you plenty of reading material.