cron.weekly issue #72: FreeBSD, lkml, llvm, dnscontrol, buck, ReOpenLDAP, Postfix, Bash, Xargs & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, March 19, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #72 for Sunday, March 19th, 2017.

Quite a bit of Docker news (good & bad), a lot of new tools and guides and a some fun Unix trivia along the way.

Enjoy your sunday!

News

Percona Live Open Source Database Conference: April 24-27, 2017 in Santa Clara, CA

Open source database community event. MySQL, MongoDB, MariaDB, PostgreSQL & other open source databases. 1 day of tutorials & 3 days of keynote & breakout sessions. Register Now w/ CRON15 for 15% off. (Sponsored)

FreeBSD Family Tree

This is a pretty cool visualization of the BSD forks; how FreeBSD and OpenBSD separated, where NetBSD and DragonFly forked and where Mac OS X keeps coming back to the FreeBSD core.

Some shell prompts might be vulnerable to code execution

An interesting demo & proof of concept: some shell prompts, ie the ones that show the git branch/status etc, might be vulnerable to unwanted code execution. It looks at how you can trick your local shell to execute commands if a branch contains something like “$(./script.sh)”.

lkml.wtf

This is a very fun weekly parody view on the Linux Kernel Mailing List!

CoreOS’s rkt and Docker’s containerd jointly donated to CNCF

Bother Docker’s “containerd” and CoreOS’s “rkt” container runtime are being donated to the Cloud Native Computing Foundation (CNCF), ensuring a more independent and neutral habitat for both projects.

Docker Image Vulnerability Research

24% of latest Docker images have significant vulnerabilities“. If you’ve ever used Docker, this probably doesn’t come as a surprise, as it’s remarkably easy to never update your Docker containers once things are working.

Death of Docker?

The 3rd Docker news item in a row, with an entirely different take this time: several months ago, Red Hat announced “cri-o”, an alternative container runtime. This post goes on to explore what that might mean for the Docker project.

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)

timg

A terminal image viewer, allowing you to view images while in an SSH session. Could be useful if you’re working on a webserver and want to quickly see what that image looks like.

ssh_scan

A SSH configuration and policy scanner by Mozilla. It’ll tell you what algorithms the SSH server uses, the version, banner, which keys it supports, … in handy JSON output.

borg

Search and save shell snippets without leaving your terminal: Borg was built out of the frustration of having to leave the terminal to search and click around for bash snippets.

Parrot Security

A security GNU/Linux distribution designed with cloud pentesting and IoT security in mind. It includes a full portable laboratory for security and digital forensics experts, but it also includes all you need to develop your own softwares or protect your privacy with anonymity and crypto tools.

guetzli

A new JPEG encoder from the team at Google, making JPEG images up to 35% smaller.

LLVM 4.0

A new major release of the llvm project.

Trusted Email Services

This is an industry effort to raise awareness around email security threats and promote the deployment of technologies to address them.

dnscontrol

The team at StackOverflow released dnscontrol, a system for maintaining DNS zones. It can then synchronize your DNS to multiple providers from a simple DSL. If you go this route, consider a service like DNS Spy to help check if all your nameservers are synced up.

entr

Run arbitrary commands when files change. Think of it as an inotify alternative. The Event Notify Test Runner is a general purpose Unix utility intended to make rapid feedback and automated testing easier and more intuitive.

buck

Buck is a build system developed and used by Facebook. It encourages the creation of small, reusable modules consisting of code and resources, and supports a variety of languages on many platforms.

nomouse

Discourages use of mouse by dimming screen by 10% of maximum brightness whenever you left click.

ReOpenLDAP

ReOpenLDAP, also known as “TelcoLDAP” – is the telco-oriented fork of well-known OpenLDAP project with a lot of heisenbugs fixing and addition of a few new features, mostly for highload and multi-master clustering with a hot replication.

Guides & Tutorials

Speeding up Proxychains with Nmap / Xargs

A short post, but it introduces the -P flag to xargs that allows you to run tasks in parallel. Had no idea that existed!

Debugging a Docker Heisenbug in production

A fun debugging tale involving Docker networking, some /proc exploration, nifty diagrams and VXLAN.

Monitoring Apache web server performance

A good look at the important Apache configuration directives, how to interpret the apache-status output and it goes on to explain Worker, Prefork and Event MPM pretty well.

How to Encrypt Bash Script

I hope you don’t have to do this very often, but if you ship servers or middleware to uncertain places, you might like this: a proper guide to encrypting your Bash shell scripts.

Blocking of international spam botnets with a Postfix plugin

This guide explains the steps to implement postfwd, a Postfix plugin to help combat spam.

Building and scaling the Fastly network, part 2: balancing requests

Perhaps not much of a guide, but a very read regardless: how commodity hardware was used to create the Fastly network. Goes on to explain load balancing, DNS requests, ECMP, …

Here’s How You Start Using Docker

Another introduction post to using and maintaining Docker, starting with the terminology and offering practical copy/paste’able commands to get started with Docker.

Shell Scripts Matter

Bash scripts aren’t throwaway code, our scripts usually stay for a couple of years. That’s why this post advocates testing, version control, debugging & logging of Bash scripts.

lsof

An ode to the lsof command with plenty of examples and explanations of what the tool does, where it shines and how to use it.

How to recover lost Python source code if it’s still resident in-memory

The author accidentally deleted a python script he was working on, but it was still running in a process in a Docker container. This guide explores how to get your script back, in such a scenario.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.