cron.weekly issue #66: Git Filesystem, Security, JVM, Fission, Habitat, TLS 1.3 & more!

Welcome to cron.weekly issue #66 for Sunday, February 5th, 2016.

If you managed to attend FOSDEM this weekend, I hope you had fun. The schedule was mind-blowingly big! If you’re at Config Management Camp in Ghent on Monday & Tuesday, come say hi – I’ll be around too. There are still spots available so you can drop by last-minute.

As for this issue: there’s a remarkable Git project from Microsoft, a new container initiative focussed on security and some good guides on using htop, containers and TLS 1.3.

News#

Linux Container Hardening #

This new initiative focusses on container security: by contributing patches to the Kernel Self Protection Project that evolve the primitives in the Linux kernel used by containers (namespaces, cgroups, etc) to be more secure.

Exploring Unseen Open Source Infrastructure #

There are a lot of open source projects out there that are used by thousands of projects but remain in the shadows, without anyone knowing them. This post explores some of them and makes good note that, one day, these projects – on which many projects rely – could become to the next left-pad or Heartbleed problem.

Thoughts On Gitlab Data Incident #

Many of probably heard of the GitLab data loss incident earlier this week. Many posts have been written, but I like this one as it touches on all the good topics: blameless post-mortems, a good summary and review of the events.

The JVM is not that heavy #

In defence of the Java Virtual Machine, the author looks at how heavy the JVM really is, when you run multiple processes.

Backblaze Hard Drive Stats for 2016 #

If you’re going to be buying a new server anytime soon, check out these hard drive statistics: Backblaze has more than 70.000 hard drives running and shows a lot of stats about them, like failure rates, performance, …

Tools & Projects#

DataDog: all your infrastructure, in one place #

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial . (Sponsored)

MoonMail #

Send e-mail marketing campaigns without servers: MoonMail is built entire on the “serverless” architecture of AWS Lambda. Written in Node, it composes and sends all your e-mails through Amazon’s SES and Lambda functions.

lily #

An embeddable, statically-typed PHP alternative: Lily is an interpreted language with a focus on expressiveness and type safety.

Craft #

Craft is an open source meta build system and package manager. What was formerly the KDE Windows build tool is now available for any C/C++ application to be built and packaged.

Git Virtual File System (GVFS) #

Microsoft introduces the Git file system for use in very large projects. It only downloads the git objects you actually need and can speed up git status/checkout/commits by orders of magnitude for large code bases.

sqlite json1 extension #

This extension allows you to use native json types in sqlite, the embeddable database.

Ledger #

Ledger is a powerful, double-entry accounting system that is accessed from the UNIX command-line. It’s an accounting system. At the command line. How geeky do you have to be to use this? 🙂

Monit #

Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

Fission #

Fission is a Functions as a Service (FaaS) / Serverless function framework built on Kubernetes. Fission allows you to easily create HTTP services on Kubernetes from functions. It works at the source level and abstracts away container images (in most cases).

#

Guides & Tutorials#

Limit a container resources #

The documentation for doing so are pretty spot on: you can limit memory & CPU shares per container in a variety of ways.

Tuning Linux servers for scalability #

This guide covers all the necessities: max open files, increasing the TCP ephemeral port range, increasing the connection tracking limit, …

TLS 1.3 explained by the Cloudflare Crypto Team at 33c3 #

It might take a while before you can use TLS 1.3 of you’re on CentOS/Red Hat releases, but this is a very good introduction on the topic nonetheless.

Habitat and Docker #

Chef’s Habitat and Docker containers seemingly do the same thing: package applications in a neat, convenient method. This post goes into more details to highlight where the differences and strengths lie.

The Ultimate Linux Newbie Guide #

Lots of good novice content for getting start with Linux, from choosing a Linux distro to using a package manager to giving tips on what software to run. If you’ve run Linux before, this probably isn’t for you.

10 Myths About Docker That Stop Developers Cold #

This post answers a lot of questions, not only for developers, about using, running and developing with Docker.

Htop explained visually #

A nice graph about the different parts of htop and how to interpret its output.