Plurrrr

a tumblelog
week 43, 2019

Sudo Vulnerability Cheat Sheet: Learn All About CVE-2019-14287

Over the past few days, news of CVE-2019-14287 — a newly discovered open source vulnerability in Sudo, Linux’s popular command tool has been grabbing quite a few headlines. Since vulnerabilities in widespread and established open source projects can often cause a stir, we decided to present you with a quick cheat sheet to let you know exactly what the fuss is about.

Here is everything you need to know about the Sudo vulnerability, how it works, and how to handle the vulnerable Sudo component, if you find that you are currently at risk.

Source: CVE-2019-14287 - Sudo Vulnerability Cheat Sheet, an article by Daniel Elkabes.

How to not leap in time using Python

If you want to display the time to a user of your application, you query the time of day. However, if your application needs to measure elapsed time, you need a timer that will give the right answer even if the user changes the time on the system clock.

Source: How to not leap in time using Python.

Docker best practices for secure and lightweight Dockerfiles

Following the practices here will help you improve container stability, speed up deploy processes, cut down on image sizes, and tighten security. Where appropriate, we've also included links to further reading and resources to get you the most bang for your buck valuable time. So strap in, grab a notebook or maybe your CTO, and enjoy!

Source: Docker best practices for secure and lightweight Dockerfiles, an article by Shimon Tolts.

Understanding system calls on Linux with strace

A system call is a programmatic way a program requests a service from the kernel, and strace is a powerful tool that allows you to trace the thin layer between user processes and the Linux kernel.

Source: Understanding system calls on Linux with strace, an article by Gaurav Kamathe.

An Illustrated Guide to Useful Command Line Tools

Inspired by a similar post by Ben Boyter this a list of useful command line tools that I use. It’s not a list of every tool I use. These are tools that are new or typically not part of a standard POSIX command line environment.

This post is a living document and will be updated over time. It should be obvious that I have a strong preference for fast tools without a large runtime dependency like Python or node.js. Most of these tools are portable to *BSD, Linux, macOS. Many also work on Windows. For OSes that ship up to date software many are available via the system package repository.

Source: An Illustrated Guide to Useful Command Line Tools, a nice list maintained by Wesley Moore. It has several programs that are new to me and maybe to you as well. I recommend to check out this list if you work on the command line.

The story of getting SSH port 22

Anyway, I designed SSH to replace both telnet (port 23) and ftp (port 21). Port 22 was free. It was conveniently between the ports for telnet and ftp. I figured having that port number might be one of those small things that would give some aura of credibility. But how could I get that port number? I had never allocated one, but I knew somebody who had allocated a port.

Source: The story of getting SSH port 22, an article by Tatu Ylonen with useful information regarding SSH; a recommended read.

More Kudos

I suppose it might be better for me to move my link sharing to a medium such as this so I can at least hopefully provide some commentary on the content, à la Plurrrr or Trivium, but somewhat more.

This platform itself has room for growth, such as implementing fancy quotes and proper archiving, neither of which is present now. But it's a start, and perhaps the start is all that's needed.

Source: shortform.

shortform kudos
Plurrrr mentioned on shortform.

This is the second time that another blogger mentions Plurrrr. Again, found while checking backlinks to this blog.

Version 4.0.0 of tumblelog has been released

In the evening I pushed version 4.0.0 of tumblelog to GitHub.

This major update adds a year calendar, which makes it possible to navigate to a specific date. See the year calendar for 2019 in action.

This new version has also an overview per active month, which only shows the titles of each day, not the entire content because that would make very long pages, at least for this blog. See an example of an overview for the month September, 2019 in action.

Because of this month view page titles are now mandatory.

How to Write Good Documentation

Documentation is one of the most important and under-rated aspects of any library or open-source project. If you are writing code that will be used by someone other than yourself, it needs to be documented. Period.

After using many libraries (both open-source and private), and writing a few of my own, I noticed that all good documentation can be broken down into a bunch of distinct elements.

Source: How to Write Good Documentation (And Its Essential Elements), an article by Soham Kamani.

Everything curl - the book

Everything curl is an extensive, detailed and totally free book, available in multiple formats.

Learn how to use curl. How to use libcurl. How to build them from source or perhaps how the curl project accepts contributions. There's something for everyone in this, from the casual first-time users to the experienced libcurl hackers.

Everything curl is written by Daniel Stenberg but is also itself an open project that accepts your contributions and help.

Cover of Everything curl
Cover of Everything curl by Daniel Stenberg.

Source: Everything curl. This is great news, and of course I downloaded the free book.

Readline is the single most useful thing in everything

Today I added the following to ~/.inputrc:

"\e[A": history-search-backward
"\e[B": history-search-forward

See The single most useful thing in bash why this is handy, and why this is actually a Readline functionality.

Coming soon: tumblelog 4.0.0

In the afternoon I refactored some code and finished the last bits of what is going to become tumblelog version 4.0.0.

This new version has a year calendar, which makes it possible to navigate to a specific date. See the year calendar for 2019 in action.

The new version has also an overview per month, which only shows the titles of each day, not the entire content because that would make very long pages, at least for this blog. See an example of an overview for the month September, 2019 in action.

As I have to update all styles and write the Python version it will probably take a week until version 4.0.0 becomes available.

How To Use Git to Manage Your Writing Project

In this tutorial you’ll use Git to manage a small Markdown document. You’ll store an initial version, commit it, make changes, view the difference between those changes, and review the previous version. When you’re done, you’ll have a workflow you can apply to your own writing projects.

Source: How To Use Git to Manage Your Writing Project, an article by Brian Hogan.

Python Tooling Makes a Project Tick

This interactive guide will help you set up your project (or level up your skills) with the current Python best practices making sure that you can focus on the awesome idea you have and not worry about racking up technical debt with code that’s hard to maintain. Although we cover quite a few tools, you will see a lot of them are bundled in one or two commands so you can run all of them at the same time.

Source: Python Tooling Makes a Project Tick, an article by Adithya Balaji.