Welcome to cron.weekly issue #64 for Sunday, January 22nd, 2017.
Sit back and relax because there is a lot to share. There’s a special 50%-off promo code for the SCALE conference, lots of new tools and practical guides on using Vault, implementing caching strategies, …
Enjoy!
News Configuration-Driven php Security Advice Considered HarmfulThis post is a good reminder that “secure code” doesn’t come from changing a few .INI settings here and there, but is a much more profound process. While there are a handful of PHP.INI settings to help secure PHP, most of the guides regarding these changes are not worth it.
Maintainers Don’t ScaleA critical view on how the linux kernel is maintained and the role individuals play, the bottlenecks & powers that come from it and a proposal for improving this process.
Kernel 4.9 = new LTS releaseAs confirmed byGreg Kroah-Hartman, the new 4.9 kernel is going to be an LTS release. The previous LTS was 4.4.
vSphere 6.5 Container IntegrationMany of us run our Linux servers on a VMware infrastructure, so it’s good news that VMware’s 6.5 release brings lots of support for container workloads. With persistent volumes, it’s easier to run your containers on any VM.
The Downsides of Open Source SoftwareSome valid points in this critical piece: how internal ‘drama’ triggers forks, how open source projects are often delayed, …
Tools & Projects DataDog: all your infrastructure, in one placeTrack & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial . (Sponsored)
hellogopherHellogopher: “just clone and make” your conventional Go project. This greatly simplifies the whole GOPATH environment mess.
docker-syncRun your application at full speed while syncing your code for development, finally empowering you to utilize docker for development under OSX.
ngrokSecure tunnels to localhost as an answer to”I want to expose a local server behind a NAT or firewall to the internet.”.
Apache KuduA new addition to the open source Apache Hadoop ecosystem, Apache Kudu completes Hadoop’s storage layer to enable fast analytics on fast data.
Home AssistantThis is a thing for your home server & automation:Home Assistant is an open-source home automation platform running on python 3. Track and control all devices at home and automate control.
exabgpExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS.
ScrewdriverYahoo has open sourced Screwdriver, their Continuous Delivery Build System for Dynamic Infrastructure. Looks like a solid architecture and nice looking UI too.
yaraA pattern matching swiss army knife: built for pentesters, but I can see a lot of use cases where it’s convenient even as “normal” sysadmins.YARA is a tool aimed to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
BundleWrapConfig management with Python:BundleWrap is a decentralized configuration management system that is designed to be powerful, easy to extend and extremely versatile.
vmtouchA portable file system cache diagnostics and control.vmtouch is a tool for learning about and controlling the file system cache of unix and unix-like systems.
Guides & Tutorials The Infrastructure Behind Twitter: ScaleA scale & setup most of us can only dream about: a very open and detailed view, by Twitter themselves, about the architecture and infrastructure the social network is built upon. From storage to networking to caching and even running Puppet at scale well worth a read!
Distributing NixOS With IPFSA very practical guide with lots of considerations for running IPFS, the “distributed web” (think of IPFS as Bittorrent meets git). If the distributed web is the future (instead of typical client <-> server), IPFS has the chance to become the standard in that area.
Caching at RedditAnother very open write-up of the caching layer at Reddit: mostly using Memcached + mcrouter, how the servers are set up, how they balance the load, …
Create a SOCKS proxy on a Linux server with SSH to bypass content filtersIf you have access to a Linux server with SSH, you can easily set up a SOCKS proxy that you can use in your browser. From that point forward, all your HTTP/HTTPs traffic will be routed over SSH and via your own server.
Upgrading Fedora using dnf directly The official Fedora documentation on upgrading systems is very detailed, so I wanted to highlight it here too: this page describes how to (safely) use the