Welcome to cron.weekly issue #63 for Sunday, January 15th, 2017.
A full issue once again, lots of new projects and guides got posted last week. If those were New Year’s resolutions, keep it up!
Just as a reminder for anyone trying to find a project or guide mentioned in a previous newsletter, all issues are available online in the archive .
News The MongoDB hack and the importance of secure defaultsLast few weeks, several unfirewalled and unsecured MongoDB instances were held “ransom”: their data was stolen and you had to pay bitcoins to get it back. This article looks at how that could happen and what the value of secure, sane default values are for system packages.
Docker 0-Day Stopped Cold by SElinuxEarlier last week, a Docker vulnerability (CVE-2016-9962) was made public, that allowed code run in a container to escape that container and compromise the host. In this post by Red Hat they explain how SELinux prevents such exploits.
systemd Sucks, Long Live systemdA look at the bad & good parts of systemd . Thankfully, there are more good parts than bad, as we’ll be using systemd for quite some time.
How Stack Overflow plans to survive the next DNS attackThis post has some good insights in how/when to spread your DNS records across multiple providers, what the impact of one offline provider, if you should revoke nameservers or just keep them listed but ‘offline’, …
Software Developers Should Have Sysadmin ExperienceAnd vice versa! A well reasoned post about the benefits of knowing both ends of the spectrum in order to build more resilient, reliable and performant applications.
Tools & Projects DataDog: all your infrastructure, in one placeTrack & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial . (Sponsored)
relaydThe relayd project consists of `relayd`, a load-balancer, application layer gateway, transparent proxy, and SSL/TLS gateway, and `httpd`, aweb server that is based on relayd. It is secure, serves static files and supports FastCGI and TLS.
posixcubeA potential alternative to Ansible, posixcube is a POSIX compliant shell script server automation framework.
psshtpshtt (“ pushed “) is a tool to scan domains for HTTPS best practices. It saves its results to a CSV (or JSON).
wmailThis might be useful for your desktop, not so much your servers: an open source desktop client for Gmail & Google Inbox. Bringing the online Gmail & Google Inbox experience to your desktop in a neatly packaged app.
vallumdThis program allows you to centralize and distribute IP blacklists. It can be integrated with fail2ban, where banned IPs on a single host can be exported to other servers and preventively blocked. It’s a tool to build a clustered fail2ban, sharing IP block lists.
dvwsDamn Vulnerable Web Sockets (DVWS) is a vulnerable web application which works on web sockets for client-server communication.
hotelA simple process manager for developers. Start apps from your browser and access them using local .dev domains.
dgsh ― directed graph shellA new shell based on Bash which introduces a very interesting “left to right” syntax at the CLI, offers multi-core processing with piped commands and an expressive syntax. Worth a look, scroll down to the examples to understand its power!
chiselA fast TCP tunnel over HTTP.
Guides & Tutorials Google Infrastructure Security Design OverviewA very detailed write-up by Google on how to run a secure service online. It covers everything from physical security (hardware, on-prem security, …) to secure deployment to secure communication between services. Such amazing value in that document!
Using GPG to Encrypt Your DataA guide by NASA on how to use GPG to encrypt and decrypt a message (or images, binary files, …).
SSH Start to Finish Certificate Authority BasicsThis write-up explains Certificate Authorities and Key Revocation Lists in order to understand how SSH key authentication works.
From OSX to UbuntuA guide for the hardcore OSX users that are tired of their OS to switch to Ubuntu. It covers some practical areas like replacing Alfred (task launcher), the File Manager, code editors, … All for Desktop Linux, of course.
Faster mysql replication with group commit and delayThis post introduces 2 MySQL options that can greatly decrease MySQL replication lag: ‘slave-parallel-type’ and ‘binlog-group-commit-sync-delay’.
Randomness in LinuxA fund read about the difference between /dev/random and /dev/urandom, where entropy comes from, what ‘randomness’ means in Linux, …