Welcome to cron.weekly issue #88 for Sunday, July 9th, 2017.
The holidays have started in Belgium, so there’s plenty of time for open source – right? 😉
Launching the cron.weekly forum
Did you know there are over 6.000 readers of cron.weekly, every single week? That’s an insane amount of smart people I get to reach! Now instead of one-way communication, what if we could all collaborate? After all, you (yes, you!) have a unique skillset someone else might not have.
To that effect, I’m starting the cron.weekly forum at ask.cronweekly.com. The idea is simple: if you’ve got a problem, a cool idea or want to share your open source project, just post something on the forum!
Unanswered problems will get highlighted in the newsletter to get more views & thoughts, in the hope that issues get resolved. To get a feel of what that looks like, see the first set of questions at the bottom of the newsletter. This is the part where you come in with the answers!
What are you waiting for? Sign up & start the discussion!
News
The Night Watch (PDF)
This isn’t exactly news, but it’s a very fun read (call it a short story) about the end of times and the zombie apocalypse and the role a systems programmer plays there. 🙂
Linux kernel 4.12
Yay, a new kernel! What’s new in 4.12? Glad you ask. Two new I/O schedulers (BFQ & Kyber), lots of filesystem fixes for BTRFS & XFS, many driver updates and a heap of smaller changes. Check kernelnewbies for the full list.
FreeBSD deprecating all r-commands
These are commands like rcp, rlogin, … which are all getting deprecated in FreeBSD.
Three New Open Source Container Utilities
If you click past the obnoxious “cookie” warning, you’ll learn about Smith (a microcontainer builder), Crashcart (to sideload binaries into a running container) and Railcar (a rust implementation of the oci-runtime).
Distributions are becoming irrelevant: difference was our strength and our liability
A good read on how and why the Linux distributions drifted apart and what that means for “modern Linux” today, including a part where systemd tries to standardize some parts of those distributions again.
OpenBSD Will Get Unique Kernels on Each Reboot
This is pretty cool; this feature is named KARL — Kernel Address Randomized Link — and works by relinking internal kernel files in a random order so that it generates a unique kernel binary blob every time.
Privileged Ports Cause Climate Change
This was another interesting read on virtualization, memory management, multi-user systems, privileged port binding & how we’re using clever method of working around those limitations.
Let’s Encrypt Wildcard Certificates Coming January 2018
Early next year, you’ll be able to request and receive wildcard certificates for your domains. To get one of those, DNS validation is a requirement – which makes sense, since if you own the DNS, you can do pretty much anything you like.
Benchmarking nftables
nftables vs iptables, who wins? This is a solid comparison, generating simple & complex rulesets to evaluate the performance of TCP streams against it.
systemd can’t handle the process privilege that belongs to user name that starts with number
Lots of attention went to this bugreport (and the discussion below it) about how systemd interprets some usernames badly, treats them as invalid and falls back to using the root user to start services or scripts.
Giving perspective on systemd’s “usernames that start with digit get root privileges”-bug
This is my own write-up of the bugreport of systemd above, putting things into context. A few days later I also posted some more nuances to the systemd debacle.
Tools & Projects
Datadog: all your infrastructure, in one place
Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)
kube-shell
Kubernetes shell: An integrated shell for working with the Kubernetes CLI.
iWant
A commandline tool for searching and downloading files in LAN network, without any central server.
Stacer
Stacer is a Linux System Optimizer and Monitoring. It can easily list the services that start on boot, clean unused or obsolete libraries, show a quick dashboard and more.
Elvish
Elvish is a friendly and expressive shell for Linux, macOS and BSDs.
sshecret
sshecret is a tool that creates an ssh-agent for each identity file found in your ssh_config(5) and executes ssh commands for a particular host using an environment that has access to only the key for that one host. If a server to which you’ve forwarded your ssh-agent is compromised, then only the key used for that domain will be affected.
magma
The magma server daemon, is an encrypted email system with support for SMTP, POP, IMAP, HTTP and MOLTEN. Additional support for DMTP and DMAP is currently in active development.
colorls
A Ruby gem that beautifies the terminal’s ls command, with color and font-awesome icons.
vtop
I’m pretty sure we’re running out of characters to put before ‘top’ soon. 🙂 Vtop looks interesting though, as a graphical activity monitor for the command line.
Pillow-SIMD
An image resizer that’s 15x as fast as ImageMagick? Color me impressed!
Puppet 5
A new major release of the popular config management tool; 30% faster agent runs over puppet 4, lots of bugfixes, improved interoperability for other tools & lots of little enhancements. And: it should be compatible with your Puppet 4 code, to make for easier upgrades.
Guides & Tutorials
AsterLabs.io: Is your monitoring causing problems or solving them?
Nagios got you down? False alarms ruining your sleep? If you’re looking to fix your monitoring and need expert help, we should chat. (Sponsored)
Skip grep, use AWK
A good reminder what ‘grep’ is often a redundant command if you’re piping to awk anyway.
How Atlassian designed their Kubernetes infrastructure on AWS
Lots of gold in this post with practical details on how their Kubernetes stack is set up on AWS, how the networking side looks, best-practices around subnetting, …
Dynamic tracing in Linux user and kernel space
Some practical commands for using dynamic tracing to help debug running applications, covering ‘perf’, ‘uprobe’ and ‘kprobe’. This one is pretty developer-focussed.
Linux Security Tools (Top 100)
I usually don’t like linkposts like these, but it was fun to see there even are 100 security tools for Linux! If you’re ever bored, you’ll find a couple in there to try out.
Tomb – A File Encryption Tool To Protect Your Secret Files In Linux
This guide lets you use ‘tomb’ to encrypt a folder on your file system with password-protected keyfiles.
A Gentle Introduction to tmux
Practical, to-the-point and persuasive (it almost makes me ditch screen!) introduction to tmux to tile window panes in a command-line environment.
Scaling a Web Service: Load Balancing
This covers things like DNS based load balancing (round-robin), layer 7 based (nginx etc.), layer 4 (HAProxy, IPVS), …
Jobs
Site Reliability Engineer (m/f) at OptioPay in Berlin
We’re on a mission to create the most beneficial payout ecosystem in the world and fundamentally change the way people receive money! As a Site Reliability Engineer at OptioPay you own and manage core infrastructure like Kubernetes, Kafka, Postgres, CI systems, Nginx and the machines on which it all runs. (no remote work) (Sponsored)
Ask cron.weekly
Best E2E encrypted back up tool for Linux?
With so many options out there, what’s the best end-to-end encrypted back-up solution for Linux?
Install grub in VM lvm disk
How do you proceed if you want to create a disk for a VM on top of LVM with GRUB?