Welcome to cron.weekly issue #77 for Sunday, April 23rd, 2017.
It’s been a busy week, both personally and in the open source world. So many good content to share this week, I hope you find something among the links you like!
I also ‘launched’ DNS Spy, the DNS monitoring & validation service I’ve been working on. If you’re reading this newsletter, you’re probably the kind of person that appreciates good monitoring, so go check it out at dnsspy.io! 🙂
News
The Evolution of Container Usage at Netflix
This was a fun read to see how containers get used at Netflix, with an impressive 1.000.000 containers that get spawned weekly. That’s 1 million.
Ubuntu on AWS gets serious performance boost with AWS-tuned kernel
Canonical has partnered with AWS to create an AWS-tuned Ubuntu kernel for the Ubuntu 16.04 LTS release, with some impressive results: 30% faster boot times, better I/O performance & other small fixes.
`column` to get –table support
This is a cool feature to land for the `column` tool: it can translate stdin input and convert it to a table with headers or JSON output.
Docker becomes Moby. Sort of.
The team behind Docker created a new project called Moby, with the goal to store all container components. Docker itself would be built on top of those components. Essentially, Docker remains the name of the (commercial & open source) product, Moby are the runtime components that make Docker possible. Some more info on mobyproject.org.
SSH over CPU shared cache between VMs
This is an unbelievable cool & scary attack; researches have managed to reliably extract info from another VM by probing the host CPU cache. On top of that, they managed to set up an encrypted TCP stream via SSH to allow inter-VM communication, via the CPU cache.
Intel Pulls Out of OpenStack Effort It Founded with Rackspace
Some remarkable news here, as Intel follows both HP and Cisco to stop their (financial) support of OpenStack.
Tools & Projects
Datadog: all your infrastructure, in one place
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
Caddy 0.10
This is a pretty big release, with man-in-the-middle detection, HTTP/2 server push, new plugin capabilities & plenty more fixes & features.
webhook
webhook is a lightweight configurable tool written in Go, that allows you to easily create HTTP endpoints (hooks) on your server, which you can use to execute configured commands.
slit
A modern $PAGER for noisy logs. The goal is to get more from logs than most of other pagers can. And to do so in less time. Basically slit is a verb, applied to logs.
codeflow
Open source event based Platform as a Service.
puppet-debugger
A interactive command line tool for evaluating and debugging the puppet language.
Linuxkit
The Docker team launches Linuxkit, the tooling to allow building custom Linux subsystems that only include exactly the components the runtime platform requires. This is the same toolkit that allows them to build & ship tools like Docker for Mac/Windows, which comes bundled with a lightweight Linux kernel.
Devuan Jessie 1.0 RC
I don’t usually give release candidates much attention, but I have to admit I didn’t think this would ever see the light of day: Devuan is the systemd free fork of Debian 8’s Jessie.
GoTTY
GoTTY is a simple GoLang based command line tool that enables you to share your terminal(TTY) as a web application. It turns command line tools into web applications.
secureoperator
A DNS-protocol proxy for Google’s DNS-over-HTTPS: allows you to run a server on your local network which responds to DNS queries, but requests records across the internet using HTTPS.
crochet
Crochet is a tool for building bootable FreeBSD images. There’s support for a lot of platforms, including Raspberry Pi’s.
Guides & Tutorials
Linux Server Virtualization: the basics
A very theoretical summary of virtualization in Linux, where hypervisors come into play, how containers fit in, etc.
Forgotten Unix Tools: The dc Command-Line Calculator
The `dc` command is pretty powerful for mathematics at the CLI, offering a range of additional options.
Tmux and Vim – even better together
A post about, you guess it: vim & tmux! Lots of really good & practical config snippets to make cooperation between vim & tmux even better.
More Unknown Linux Commands
This post introduces termsaver (ASCII screensaver), pv (pipe view) & calendar.
How we fine-tuned HAProxy to achieve 2,000,000 concurrent SSL connections
Many details in this post, which covers load testing, graphing & monitoring, allowing HAProxy to use more than 1 core, detailed HAProxy configurations, …
Complete installation guide for LEMP stack with PHP 7 in Debian 8 “Jessie”
Nginx, MySQL & PHP on a Debian 8 server, in a step-by-step guide.
Jenkins screencasts
A series of 6 free screencasts on setting up Jenkins, adding authentication & authorization, the new Blue Ocean interface, a working CI pipeline and managing the Jenkinsfile.
How To Run OpenVPN in a Docker Container on Ubuntu 14.04
Who doesn’t want their own, easy-to-setup VPN? This guide gets you started with an OpenVPN docker instance.
Reducing latency spikes by tuning the CPU scheduler
You usually don’t have to think about CPU scheduling too much, but when you do, blogposts like these come in really handy. From tracing to resolving CPU scheduler issues with JAVA applications.
Postfix Hardening Guide for Security and Privacy
This post covers all the basics: prevent Postfix from leaking e-mail info, don’t listen to all interfaces, prevent/limit e-mail relaying, …
Kubernetes Ingress explained
One of the core concepts of Kubernetes gets explained in this post; Ingress gives you a way to route requests to services based on the request host or path, centralizing a number of services into a single entrypoint.
tools to scan a Linux server for malware and rootkits
This post explores a couple of popular malware detection tools for Linux; chkrootkit, rkhunter, fuser and ISPProtect.
How To Host Your Own Private Git Repositories
To get started, all you need is SSH!