cron.weekly issue #94: Security, SSH, df, Wekan, funding, Kubernetes, Make, systemd & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, August 20, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #94 for Sunday, August 20th, 2017.

Last week’s issue might have been a bit shorter, I feel this one makes up for it. Lots of news to share, interesting new projects and fascinating tutorials.

If you’ve been reading cron.weekly regularly and like it, you could do me an immense favor by promoting it to friends & colleagues on social media. If you’re not sure how, check out the ‘I loved it‘ button at the end of this mail for some easy social sharing.

Enjoy your Sunday everyone!

News

Save status code HTTP/418: I’m a teapot

It’s been a bit of a running joke among those that care about HTTP status code, but it looks like this might actually be happening: work is being done to make the HTTP/418 status code “I’m a teapot” an actual, official, RFC!

Security.txt

Security.txt is a standard which allows websites to define security policies. This standard sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt (like cronweekly’s), but for security issues.

GoCD – open source continuous delivery

GoCD is a continuous delivery tool specializing in advanced workflow modeling and dependency management. New AWS ECS elastic agents plugin just released. Optimizes your utilization and reduces infrastructure cost now. (Sponsored)

SSH protocol inventor investigates CIA hacking tools targeting SSH

A while back, several exploits made by the CIA got released through WikiLeaks. In this post, Tatu Ylonen, inventor of the SSH protocol, looks at those exploits and gives his analysis of how they work.

Premier Open Source Database Conference

Join the Open Source Database Community 25-27 September, 2017, in Dublin for Percona Live Europe. With various talks covering core topics on MySQL, MongoDB, MariaDB, PostgreSQL, Time Series Databases, RocksDB & more. 1 day tutorials & 2 days sessions & keynotes. Buy Now. (Sponsored)

Debian policy: packages should be reproducible

In this new policy for packagers, it’s not a requirement that new packages be ‘reproducible’: every compile from the same source, should result in the exact same binary. This makes it possible to detect and prevent flaws – malicious or accidental – in those packages.

OpenSSL to introduce new random number generator

In the next OpenSSL release, the team behind the popular crypto package is going to completely redo the RAND() API calls. The goal is to improve the security by generating better random numbers using NIST recommended approaches.

Native encryption on ZFS

In this commit, the ZFS project now includes native encryption in the file system.

The HDFS juggernaut

Did you know there’s over 5PB of publicly available HDFS (Hadoop File System) systems out there, with data you can just reach out ‘touch’? This serves as a general reminder to 1) firewall your systems and 2) authenticate any kind of data access.

Database provider MongoDB has filed confidentially for IPO

Looks like MongoDB is going public (the company, the source was already open) and seeks to attract new investors.

Software Maker Docker Is Raising Funding at $1.3 Billion Valuation

More financial news: Docker is also seeking to raise more money and is already valued at 1.3 billion dollars.

Dwarf Fortress starting during apt-get upgrade

This was a fun read; can you guess why the game Dwarf Fortress, with a binary named ‘df’, would automagically start up whenever you update your system?

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial(Sponsored)

Certificate Transparency monitoring

I didn’t know Facebook built this tool, but it’s a really simple way to keep track of which certificate gets issued for which domain(s) through CT – Certificate Transparency.

.NET core 2.0

.NET Core is the modular and high performance implementation of .NET for creating web applications and services that run on Windows, Linux and Mac.

ngx_php

I’ll admit that I’m not sure when to use this, but it’s an embedded PHP module for Nginx. Think mod_php for Apache, but for Nginx. There’s also a variant specific for PHP 7.x. I think I’d still prefer PHP-FPM though.

rotgrep

A tool to capture and report on file checksums with an aim to report bit rot.

DevSec.io

A collection of security hardening tips & modules for Chef/Puppet/Ansible to help harden the base OS, SSH, MySQL, Apache, PostgreSQL, …

puppeteer

Puppeteer is a Node library which provides a high-level API to control headless Chrome over the DevTools Protocol. It can also be configured to use full (non-headless) Chrome.

Wekan

This project actually got featured in issue #12 already, but since there were like 5 subscribers back then, it bears repeating: Wekan is an open source Kanban tool, much like Trello.

Agorakit

Agorakit is a web based open source groupware for citizens initiatives.  By creating collaborative groups, people can discuss, organize events, store files and keep everyone updated when needed. Agorakit is a forum, agenda, file manager, mapping tool and email notifier.

SecGen

SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.

nvidia-docker

Build and run Docker containers leveraging NVIDIA GPUs. If you’re thinking of mining certain cryptocurrencies, this might come in handy.

Guides & Tutorials

SSH + Public Key Encryption: The Simple Explanation You’ve Been Looking For

This post draws the analogy between superhero communication and “secret communication” with private and public keys. It’s a bit hectic if you already know how SSH public key authentication works, but if you’re new to that concept, it’s a pretty good explanation.

Everything You Always Wanted to Know About Optical Networking – But Were Afraid to Ask (PDF)

This was a fascination read about how fiber optics work! More and more of our networking is moving towards fiber instead of copper, this shares lots of insights into what makes fiber unique and how on earth it’s possible to use light to transfer bits & bytes.

Kubernetes usage at GitHub

A lot of info on why GitHub moved to Kubernetes, as well as the approach they took on migrating a legacy “classic” application to be compatible with Kubernetes’ way of working.

Casually removing root files (as a non-root user)

Did you know there are scenario’s in which a non-privileged user can delete root-owned files, even if he doesn’t have permissions to it? Very good read & catch!

How Postgres Makes Transactions Atomic

A dive into the mechanics that allow Postgres to provide strong atomic guarantees despite the chaotic entropy of production.

Afraid of Makefiles? Don’t be!

This is a really solid introduction to ‘make’ and the Makefile, for building & automating tasks, adding dependencies between tasks, error handling, input handling, …

What are the security implications of systemd compared to systemv init?

Not a rant on systemd, but this post has a well-written answer on where the security impact of an init system like systemd might lie.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.