Over the past few days, news of
CVE-2019-14287
— a newly discovered open source
vulnerability
in Sudo, Linux’s popular command tool has been
grabbing
quite a few
headlines. Since
vulnerabilities in widespread and established open source projects
can often cause a stir, we decided to present you with a quick cheat
sheet to let you know exactly what the fuss is about.
Here is everything you need to know about the Sudo vulnerability,
how it works, and how to handle the vulnerable Sudo component, if
you find that you are currently at risk.
If you want to display the time to a user of your application, you
query the time of day. However, if your application needs to measure
elapsed time, you need a timer that will give the right answer even
if the user changes the time on the system clock.
Following the practices here will help you improve container
stability, speed up deploy processes, cut down on image sizes, and
tighten security. Where appropriate, we've also included links to
further reading and resources to get you the most bang for your buck
valuable time. So strap in, grab a notebook or maybe your CTO, and
enjoy!
A system call is a programmatic way a program requests a service
from the kernel, and strace is a powerful tool that allows you to
trace the thin layer between user processes and the Linux kernel.
Inspired by a similar post by Ben
Boyter
this a list of useful command line tools that I use. It’s not a list
of every tool I use. These are tools that are new or typically not
part of a standard POSIX command line environment.
This post is a living document and will be updated over time. It
should be obvious that I have a strong preference for fast tools
without a large runtime dependency like Python or node.js. Most of
these tools are portable to *BSD, Linux, macOS. Many also work on
Windows. For OSes that ship up to date software many are available
via the system package repository.
Source: An Illustrated Guide to Useful Command Line
Tools,
a nice list maintained by Wesley Moore. It has several programs that
are new to me and maybe to you as well. I recommend to check out this
list if you work on the command line.
Anyway, I designed SSH to replace both telnet (port 23) and ftp
(port 21). Port 22 was free. It was conveniently between the ports
for telnet and ftp. I figured having that port number might be one
of those small things that would give some aura of credibility. But
how could I get that port number? I had never allocated one, but I
knew somebody who had allocated a port.
I suppose it might be better for me to move my link
sharing to a medium such as this so I
can at least hopefully provide some commentary on the content, à la
Plurrrr or
Trivium, but somewhat more.
This platform itself has room for growth, such as implementing fancy
quotes and proper archiving, neither of which is present now. But
it's a start, and perhaps the start is all that's needed.
This major update adds a year calendar, which makes it possible to
navigate to a specific date. See the year calendar for
2019 in action.
This new version has also an overview per active month, which only shows the
titles of each day, not the entire content because that would make
very long pages, at least for this blog. See an example of an
overview for the month September,
2019 in action.
Because of this month view page titles are now mandatory.
Documentation is one of the most important and under-rated aspects
of any library or open-source project. If you are writing code that
will be used by someone other than yourself, it needs to be
documented. Period.
After using many libraries (both open-source and private), and
writing a few of my own, I noticed that all good documentation can
be broken down into a bunch of distinct elements.
Everything curl is an extensive, detailed and totally free book,
available in multiple formats.
Learn how to use curl. How to use libcurl. How to build them from
source or perhaps how the curl project accepts
contributions. There's something for everyone in this, from the
casual first-time users to the experienced libcurl hackers.
Everything curl is written by Daniel Stenberg but is also itself an
open project that accepts your contributions and help.
Cover of Everything curl by Daniel Stenberg.
Source: Everything curl. This is
great news, and of course I downloaded the free book.
In the afternoon I refactored some code and finished the last bits of
what is going to become
tumblelog
version 4.0.0.
This new version has a year calendar, which makes it possible to
navigate to a specific date. See the year calendar for
2019 in action.
The new version has also an overview per month, which only shows the
titles of each day, not the entire content because that would make
very long pages, at least for this blog. See an example of an
overview for the month September,
2019 in action.
As I have to update all styles and write the Python version it will
probably take a week until version 4.0.0 becomes available.
In this tutorial you’ll use Git to manage a small Markdown
document. You’ll store an initial version, commit it, make changes,
view the difference between those changes, and review the previous
version. When you’re done, you’ll have a workflow you can apply to
your own writing projects.
This interactive guide will help you set up your project (or level
up your skills) with the current Python best practices making sure
that you can focus on the awesome idea you have and not worry about
racking up technical debt with code that’s hard to
maintain. Although we cover quite a few tools, you will see a lot of
them are bundled in one or two commands so you can run all of them
at the same time.
