Welcome to _cron.weekly _issue #79 for Sunday, May 7th, 2017.
There’s a new Linux kernel out, some heavy networking guides on VXLAN and BGP & lots of newly released tools in this issue.
Happy Sunday everyone!
Debian 9.0 “Stretch” Might Not Have UEFI Secure Boot Support
It doesn’t look like Debian 9 is going to ship with UEFI Secure Boot, as time and resources are lacking to get it ready for the launch.
9 lessons from 25 years of Linux kernel development
A nice read on why tools matter, the value of short release cycles, the distributed nature of kernel development, why regression testing is given such a high priority, …
Security Newsletter: weekly digest of security news
Weekly e-mail that condenses security news into about 10 items that are worth knowing about. It will help you stay up-to-date on security, but with minimal effort. (Sponsored)
OpenSSH removes SSHv1 support
So long, SSHv1!
4.11 kernel released
Some headline features in 4.11 include: a new perf ftrace command restarting the work of better integrating the perf and ftrace subsystems, I/O scheduling support for the multiqueue block subsystem, journaling for device-mapper RAID 4/5/6 volumes, SipHash support, some swapping scalability improvements, a new LZ4 compression implementation, the new statx() system call, and more.
Security things in 4.11
A highlight of the security related features that made it to the 4.11 release. I think I understand about 10% of that post. 🙂
Tools & Projects
Datadog: all your infrastructure, in one place
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
OfflineIMAP is software that downloads your email mailbox(es) as local Maildirs. OfflineIMAP will synchronize both sides via IMAP. Looks useful for additional e-mail back-ups of hosted providers, like Gmail/Office365.
CoreFreq is a CPU monitoring software designed for 64-bits Processors w/ architectures Intel Atom, Core2, Nehalem, SandyBridge and superior, AMD Family.
“Open source your READMEs”: not many of us like writing documentation or README’s, yet there are writers that would like to contribute to open source that don’t know how to code. This project bridges the gap: it lists projects that need help getting their README files properly written and explained.
A CLI DNS tool that displays information about your domain. Think DNS Spy, but at your CLI.
Everything in RancherOS is a container managed by Docker. This includes system services such as udev and rsyslog. RancherOS includes only the bare minimum amount of software needed to run Docker.
OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.
Rootbox is a tool that lets you create and distribute “boxes”: isolated environments designed for building code thanks to the power of chroots and mounts.
A new major release for the Pi-Hole project: it acts as a DNS server on your network and can block known trackers, advertisers, malware, … by blocking its DNS queries. The new release has a much faster web UI & under-the-hood improvements. I wrote up a quick review of Pi-Hole last year in case you’re interested.
A mobile app that allows you to store your SSH private keys on your phone, no longer on your laptop. Whenever access to your private key is needed (SSH etc.), you can approve it via your phone. Think of it as 2 factor authentication for your private keys.
Puppet Explorer is a web application for PuppetDB that lets you explore your Puppet data.
This project is a bit less known among Red Hat/CentOS users, but is a Red Hat approved/supported way of installing up-to-date packages on a “enterprise” operating system. Think the latest NodeJS, PHP, Ruby, … to be installed next to the OS default versions.
A new major release of the GCC compiler. Their version numbers are a bit odd, the 7.0 release is a “release candidate” and the 7.1 is the general available version of GCC. This is also the 30y anniversary release of the project!
A command line client for MySQL that can do auto-completion and syntax highlighting.
An open-source Node.js implementation of a server handling the S3 protocol, which you can run on your own servers with local or network storage.
An alternative S3 client, this time written in Go. Minio is an open source object storage server compatible with Amazon S3 APIs.
Guides & Tutorials
Estimating CPU Per Query With Weighted Linear Regression
It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)
I’m a big fan of Varnish so I’d like to highlight their newly released/revamped Wiki; it offers guides for implementing Varnish on WordPress, Drupal, … goes into more details to explain the VCL etc. Lots of good resources here.
Increase open-files-limit in MariaDB on CentOS 7 with systemd
If you hit MariaDB “max open files” errors (which still defaults to 1024), this guide can get you started on increasing that number on a systemd-enabled system.
80 Linux Monitoring Tools
You’re bound to find something new in this list; it’s got all the classics and some newer ones, like bandwidthd, NetHogs, iptraf, …
cURL Command Examples
Lots of practical curl examples with header redirection, downloading files, download resumption, …
Our first Kubernetes outage
Some really honest insights into a Kubernetes cluster failure, looking at where things went wrong and what areas to focus on next. I love these write-ups, it allows everyone to (attempt to) avoid similar downtimes.
OpenSSL: validate that certificate matches / signs the private key
Some useful commands to help you validate that your private & public key for TLS certificates match, before attempting to install them. This has become part of our (automated) pre-deploy checks because it’s so easy to implement.
VXLAN & Linux
A very detailed guide that allows you to implement VXLAN on your Linux servers. VXLAN is considered ‘complete’ as of kernel 3.12.
VXLAN: BGP EVPN with Cumulus Quagga
This post builds on top of the previous one, and introduces VXLAN tunneling, adding BGP to the mix in combination with Juniper hardware. A deep dive into modern Linux networking.
Bind 9.10 with GeoIP on Ubuntu 17.04 (Zesty Zapus)
This post explains how you can give a different DNS response based on the geolocation of the client making the request.