Welcome to cron.weekly issue #59, for Sunday, December 18th, 2016.

There’s too much content in this issue to waste your precious brain cycles on an introduction text, so just scroll down and get reading!

News

Last Sunday, the 4.9 kernel was announced. In terms of commits, it’s the biggest release ever made. It introduces Memory Protection Key, vmapped kernel stacks, a new subsystem called Greybus and many more features. Someone should do a write-up of each and send me the links to include. 😉

Google’s recently announced OSS-Fuzz project, that aims to help secure open source projects, now has more than 50 projects it monitors and fuzzes already. From big names like LibreSSL and OpenSSL, to libarchive, libssh, curl, ffmpeg, …

A fun bit of trivia of how Unix got introduced in Bell Labs and later into AT&T’s head office.

Did you know there’s a paid version of JAVA? The SE edition comes in licensing fees ranging from 5000$ to 15.000$, per processor. Better check what you have installed!

The Core Infrastructure Initiative (CII) has been working to prevent an insidious form of backdoor: malicious code inserted during the software build process without a developer’s knowledge or consent.

This is a story of Ubuntu had a flaw in its crash reporter that allowed an attacker to execute arbitrary code on any Linux desktop. While it’s desktop-focussed, the write-down is very technical and should be interesting to those of us (including me) that only care about Linux on the server.

Docker is separating its core container runtime into a new project called ‘containerd’ and plans to donate this to a neutral foundation (whoever that might be) early next year. This sounds like a good move for the stability of the Docker ecosystem.

A Flappy Bird clone, written entirely in sed. I was feeling fancy when I used sed as a search/replace tool, but it’s a really powerful language.

Microsoft now offers RPM and DEB packages to install SQL Server – historically only available on Windows – on your favorite Linux distro. There’s support for Red Hat & clones (CentOS etc.) as well as Ubuntu and SUSE.

This project turns your Redis database into a “functional SQL database” by embedding sqlite. Can’t yet image a time when you’d use this over either MariaDB or PostgreSQL, but hey — it’s possible now.

This tool can generate the requirements file for your Python project, so it’s easier to share your project and environment with others.

Enter C code, get the Assembly equivalent returned to you. Pretty cool to see what code structures amount to what Assembly code.

A fully open source public voting system, developed by the Swiss government. Fingers crossed this makes it in production and proves its worth!

This is an Nginx module that provides access to virtual host status information. It contains the current status such as servers, upstreams, caches. This is similar to the live activity monitoring of nginx plus.

Officially, this release is called CentOS 7 build 1611, but it’s derived from Red Hat Enterprises’ 7.3 branch, so I’ll call it CentOS 7.3 nonetheless. Some major changes include: updated packages, support for 7th generation intel CPU’s, virt-p2v is fully supported, technology previews of btrfs, OverlayFS (think Docker), CephFS, kpatch (live kernel patching) & more.

A stable 1.0 release for a fully functional terminal, built with web technologies.

Hot sync two Redis servers using dumps. I wish I had this tool 2 weeks ago! Super simple syntax to get 2 redis instances in sync with eachother. Some more details in the rump announcement.

Citus empowers you to build real-time applications on billions of events. Citus achieves this by scaling out PostgreSQL across commodity servers using sharding, replication, and query parallelization.

“Distributed Named Pipes”: essentially a distributed version of Unix named pipes comparable to, for example, SQS in AWS or the Service Bus in Azure.

Ansible role to deploy scripting applications like PHP, Python, Ruby, etc. in a capistrano style.

Guides & Tutorials

One of the interesting new features added in the just-released Linux 4.9 kernel is the ability to introspect namespace relationships. This helps identify the answer to “what capabilities does process X have in namespace Y?“, which only becomes more relevant as containers and namespaces take off even more.

Lots of technical deep-dives into the rkt container engine and how it behaves on a Kubernetes cluster.

Group Replication is a multi-master update everywhere replication plugin for MySQL with built-in conflict detection and resolution, automatic distributed recovery, and group membership. This post compares that technology to Galera, which offers similar functionality.

In this post, the author highlights some of the shortcomings of the Make__file and which problems it can solve (or fail to detect).

Linux memory management, always a challenge. This post explores what can cause memory consumption, what makes it difficult to just say “how much memory is X using” and further explains the different memory concepts.

Header compression in HTTP/2, called HPACK, can reduce the bandwidth amount and increase its efficiency by a lot. This post dives into the technical details of HPACK.

This article describes how to use tinc to connect several remote sites and their subnets to your central monitoring server. This will let you connect to devices on remote private IP ranges through one gateway on each site, routing them securely back to your monitoring installation.

A nice roundup of how to implement rrdtool with iptables for traffic accounting (aka: counting packets and measuring bandwidth).