Welcome to cron.weekly issue #78 for Sunday, April 30th, 2017.
Lots of good links in this release again, plenty of variation to keep you entertained. Enjoy!
News
How SSH port became 22
A bit of Unix trivia here, as the original author of the SSH protocol explains why port 22 was chosen and how it got to be approved as the official port, by IANA.
AMD Ryzen benchmarks on Linux
AMD seems to be really making a comeback with its Ryzen CPUs, this post looks at how it does on performance when run on a Linux system. Both single and multithreaded performance comparisons are handled.
PATH_MAX Is Tricky
In Linux, there’s a limit to how long a “path” can be. Since directories contain other directories, a file path could – in theory – be millions of paths deep. It’s limited via the PATH_MAX limit though, and this post explains why it’s there, the caveats and how to handle those.
Envoy: 7 months later
The team at Lyft (Uber rival) looks back at their Envoy announcement, a L7 proxy and communication bus (also known as a “service mesh”, like linkerd). Nice bit of history & future plans for the project.
grsecurity stop support open source release
Grsecurity offered kernel hardening & security guarantees, but is now stopping the support of their open source project. It’ll continue to operate, but in a closed source way only, unless the community keeps up maintenance. Funny how the parent company is still named “Open Source Security Inc.“.
Instead of containerization, give me strong config & deployment primitives
Lots of points here from the author on what proper configurations can achieve vs. containers, and how the benefit of strong configs outweigh some of the downsides of those containers.
Estimating CPU Per Query With Weighted Linear Regression
It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)
Tools & Projects
Datadog: all your infrastructure, in one place
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
dnsdiag
A set of tools to perform basic audits on your DNS requests and responses to make sure your DNS is working as you expect.
JMAP
JMAP is intended to be a new standard for email clients to connect to mail stores. It therefore intends to primarily replace IMAP + SMTP submission. It is also designed to be more generic such that it can be extended with contacts, calendars in the future (replacing CardDAV/CalDAV). It does not replace MTA-to-MTA SMTP transmission.
linkerd 1.0
The first stable release of linkerd, a dedicated infrastructure layer for making service-to-service communication safe, fast, and reliable.
mush
This tool offers mustache templates for Bash, allowing you to more easily template scripts & content in Bash.
postal
Postal is a complete and fully featured mail server for use by websites & web servers. Think Sendgrid, Mailgun or Postmark but open source and ready for you to run on your own servers.
nginx 1.13
This new release brings support for TLSv1.3 and a convenient feature where logging signals sent to nginx now also log the PID of the process which sent the signal.
Linux Malware Detect (lmd)
Linux Malware Detect (LMD) is a malware scanner for Linux is designed around the threats faced in shared hosted environments. It uses threat data from network edge intrusion detection systems.
Postgresql multi-master
Multi-master is an extension and set of patches to a Postgres database, that turns Postgres into a synchronous shared-nothing cluster to provide OLTP scalability and high availability with automatic disaster recovery.
octodns
OctoDNS provides a set of tools & patterns that make it easy to manage your DNS records across multiple providers. The resulting config can live in a repository and be deployed just like the rest of your code, maintaining a clear history and using your existing review & workflow.
sslsecure.vim
Highlight insecure SSL/TLS cipher suites and protocols as errors in your editor.
Guides & Tutorials
Reproducing Go binaries byte-by-byte
This post explains why reproducible builds are important and goes on to show how to make it happen, using rclone (CLI sync tool) as an example. There’s some Linux, Docker & Go in this post for everyone.
How to switch to Vim without ruining your workflow
Some practical tips for trying to better understand & use the vim editor, like making it the default editor in your terminal, learning the different modes & quick shortcuts for easy navigation.
What’s new with RHEL 7 CGroups?
RHEL7 (and thus, CentOS 7) has been out for a while now. This post provides lots of links to further explore cgroups, to further separate CPU/memory/network/disk resources in namespaces.
Running Mastodon
This guide gets you started running your own Mastodon instance on a Digital Ocean VM, but it’ll work on pretty much any Linux provider & flavor.
TCP/UDP Load Balancing with NGINX: Overview, Tips, and Tricks
A deep-dive into the features of the TCP and UDP load balancer in Nginx, covering hash algoritms, failovers, weighted load balancing, handling timeouts, performing health checks, etc.
Two Objects not Namespaced by the Linux Kernel
Not everything is namespaced in the kernel, this post shows which 2 objects aren’t. No tl;dr here, click through to find out! 😉
How To Measure MySQL Query Performance with mysqlslap
MySQL comes with a handy little diagnostic tool called mysqlslap that’s been around since version 5.1.4. It’s a benchmarking tool that can help DBAs and developers load test their database servers. This post gives you the steps to use it.
Videos
Why UNIX has short command names
This video only takes 35 seconds and I won’t spoil the answer. Go view. 🙂