Welcome to cron.weekly issue #97 for Sunday, September 10th, 2017.
Last week was an interesting issue, in the time between me writing and sending the newsletter, one of the featured projects got deprecated. On top of that, it looks like my URL manipulations caused one webserver to throw errors instead of the page I wanted. Ah well, lessons learned!
Meanwhile, major open source projects have been holding of on releasing new major versions for the beginning of September it seems! Many new releases in this issue, which makes it a pretty big one.
Happy reading!
News
Kernel 4.13 is released
Quite a few new security improvements in this release, better huge-page swapping & better handling of asynchronous I/O, TLS support directly in the kernel & many more improvements landed in this release.
New 4.14 Kernel = new LTS release
If everything goes according to plan, the next 4.14 kernel is going to be the new LTS release, receiving up to 2 years of support & patches.
TLS in the Linux Kernel
This is the very technical explanation of how the 4.13 kernel uses TLS directly in the kernel. An alternative read would be Filippo Valsorda’s, where he looks at the kernel patch & how it fits in with Go’s TLS implementation.
The Sizzle
Struggling to keep up with the flow of tech news? Need to improve your signal to noise ratio? One email a day, five must read tech news stories, sent in time for your commute home. Stay in the loop without burning all your free time. Read the first two weeks for free. (Sponsored)
IPv10
IP version 10 (IPv10) is a new version of the Internet Protocol, designed to allow IPv6 [RFC-2460] to communicate to IPv4 [RFC-791] and vice versa.
Oracle fires everyone on Solaris, SPARC teams
This is essentially the end of the Solaris distribution.
The two metrics that matter for host security
This is an interesting approach to looking at the security or state of your systems: monitoring reverse uptime and golden image freshness.
CAA record checking now mandatory for Certificate Authorities
As of this month, every Certificate Authority has to check for CAA DNS records before it issues a new certificate. If you haven’t already, it’s a great way to better protect your domain(s) from getting unwanted certificates.
Why open source success is increasingly dependent on corporate cash
More and more of the strong, successful open source projects, are relying on money from either investments (see previous cron.weekly’s, plenty of seed rounds & venture capital) or from major companies behind the project, deciding to open source it.
Greg Kroah-Hartman: The Commander-in-Chief of the Linux Stable Branch
In this interview, Greg Kroah-Hartman – who’s responsible for the Linux releases making it out the door – shares his background & history with Linux and how he came to join the Linux Foundation.
Tools & Projects
Get full-stack observability with Datadog
Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)
zzupdate
A simple command to fully update an Ubuntu PC/server via apt. Mostly hands-off and unattended.
LLVM 5.0
This new release adds support for C++17, co-routines, improved optimizations, new compiler warnings, many bug fixes.
keyexec
Collection of Scripts to Automatically Unlock LUKS Devices on kexec Reboot. (kexec is a method to reload to a new kernel faster, without a full system reboot.)
Yarn 1.0
The Yarn JavaScript package manager reaches its first stable release. It’s main focus at first was to be much faster than npm, the native/official package manager, but has since grown to support lots of new features like version locking etc.
Vagrant 2.0
Who hasn’t used Vagrant by now? Vagrant is a tool for building and distributing development environments, the 2.0 version includes support for provisioning on VirtualBox, VMware, Hyper-V, Docker, AWS, GCP. It can virtualize Linux, Windows & Mac.
Ansible “tower” AWX
Ansible Tower is now open source and the project is called “AWX”. Jeff Geerling wrote up more details & how to get started with AWX on his blog.
Nginx Unit
Nginx has always been a powerful webserver & proxy, but it could never run your application code (Go/Java/PHP/…) directly. With Nginx Unit, it now can. It’s a new application server that can run your code, across multiple versions. It’s better explained in the Nginx Application Platform blogpost.
fbctf
The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions. In short, it’s a game to test your hacking & infosec skills.
Raddit
Now that Reddit decided to close its source code, Raddit is a new Reddit-like clone that’s fully open sourced.
HTTrack
Judging by the website, you’d think this project hasn’t been updated in 10 years, but it’s still in active development. HTTrack is an “offline website browser” and allows you to copy a website locally, crawling all pages.
container-diff
container-diff is an image analysis command line tool. container-diff can analyze images along several different criteria, currently including Docker Image History, file system, apt-get + pip installed packages & more.
Guides & Tutorials
Jenkins vs. GoCD
GoCD or Jenkins? In this blog, we compare GoCD with Jenkins on philosophy, getting started, continuous delivery, and plugins. Understand more about how these CI/CD tools fit your needs. (Sponsored)
Solaris to Linux Migration 2017
A very good guide on what you’d need to migrate from Solaris to Linux, not only the actual data migration, but how to transfer your skillset from Solaris to modern Linux.
Rosetta Stone for Unix
This is a giant matrix of comparisons between different Unix flavors (AIX, BSD, Linux, …) comparing terminology, tools, methods, … Looks like a good place to fallback to if you’re ever switching from one Unix kind to another.
Optimizing web servers for high throughput and low latency
Dropbox has some experience with operating at scale, so when they write up guides, I read them. In this one, they look at everything that makes up a webserver; from the hardware to the network & software.
How to set up an Nginx HTTPS website with an ECDSA certificate
Another set of practical commands to get the latest ECDSA certificates with your Nginx installation.
Bash Scripts Quickstart Guide
This is a list of some of the most often used bash features and constructs.
Why favor PostgreSQL over MariaDB / MySQL
A really technical in-depth look at PostgreSQL vs. MySQL to try and persuade you to switch to Postgres.
Time for Makefiles to Make a Comeback
Every week it seems a new “task runner” is open sourced and announced, adding another layer of complexity to development. This post looks at using Makefiles instead of over-engineered tools to accomplish the same thing, but simpler.
Ask cron.weekly!
It’s been a bit quiet on the forum in the last few weeks, but that’s OK. It doesn’t need to be the most active forum, but it’s a good last resort to ask questions if you’re stuk elsewhere. After all, if cron.weekly readers don’t know the answer, you’re doomed – right? 😉
What file storage technology/system to use when accessing files remotely?
Are you looking at SAMBA or web-based tools like Owncloud?
Videos
SHA2017
All videos from this hacker camp, held a few months ago, are now available. Ranging from hardware hacking to security info & plenty of open source tools.