There were three vulnerabilities discovered by Netflix in NGINX: CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. Both current stable¹ and mainline² were patched and point releases had been issued. As I mentioned in my NGINX Extended post I was not going to work on 1.14.x branch any more with the exception of security updates. Canonical backported patches to their nginx package³ with the following changelog:

• SECURITY UPDATE: HTTP/2 Data Dribble issue
  – debian/patches/CVE-2019-9511.patch: limited number of DATA frames in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h, src/http/v2/ngx_http_v2_filter_module.c.
  – CVE-2019-9511
• SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
  – debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
  – CVE-2019-9513
• SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
  – debian/patches/CVE-2019-9516.patch: reject zero length headers with PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
  – CVE-2019-9516

I also took these patches and rebuilt my NGINX Extended version.⁴

Having this opportunity I thought it’s worth mentioning that there’s also Docker container available with my NGINX version. Dockerfile is available on GitHub and image itself on Docker Hub. Internally it’s also using my PPA to provide the package so it has exactly the same version as the one provided there.

Panic’s Nova Text Editor entered private beta testing. I don’t exactly look for a new text editor,¹ but I’m watching this one closely. Two reasons: 1) it’s Panic and their software for Apple devices is absolutely awesome; 2) it’s going to be a native editor for macOS. Not some Electron app, but a real deal. I never got myself to use BBEdit and Coda looks a bit vintage these days, so I’m keeping my eye on this one.

I was working for at&t when I first learned about SmartOS. Reason was simple, I’ve been in UNIX/Solaris team so I was more in “this world” back then. I found the concept of this new OS fascinating and it was additionally sprinkled by Bryan Cantrill’s amazing lightning talk. It’s one of those moments when I felt that I’m being interested in the right things at the right time. To me SmartOS in many ways felt revolutionary and I still think that some of its concepts¹ are ahead of the industry.

(more…)

My first encounter of ZFS happened on Solaris 10 running on some SPARC box. It felt very refreshing after SVM or, goodness me, VxVM. I became a fan instantly as the overall simplicity in administration and promise of reliability were nowhere else to be found.¹ Throughout the years I’ve been playing with it mainly on Illumos distros (OmniOS and SmartOS) and FreeBSD, but never got myself to entrust it fully on Linux.

While it appears that ZFS is still sort of persona non grata at least in the Linux kernel, but with Canonical shipping it by default with Ubuntu helps a lot. Quite recently it also became apparent that the community behind ZFS on Linux is the largest and most active one. It also seems that both Illumos and FreeBSD (among others) are going to be syncing with/against it.

This release brings impressive set of new features. I for one am the most excited about the native encryption and possibility to transfer raw encrypted snapshots.

On 16th of May new major release of Ansible has landed. For a very long time I was a proponent and happy user of SaltStack. I still have a soft spot for it and some formulas lying here and there. At some point, however, I gave Ansible a chance and, while it was not exactly trouble-free (I had quite a few habits from Salt), once it clicked, it stayed and is my number one automation tool period.

It’s a huge release, so many things are mentioned in the release notes that it wouldn’t make sense to go through all of them here and now. That said, there’s one thing that I was really looking forward to: python interpreter discovery. It’s surprising how annoying this one can be in a mixed distro/version environment. Finally no need for some hacky solutions! 🎉

There are so many ways these days to start a local VM on the Mac that adding yet another one seems insane. And yet, Multipass from Canonical¹ appeals to me the most. Especially when it’s just a quick check that I need to make — it’s as simple as two commands and voilà, it’s working and ready to roll.

With the new version I really am looking forward for starting automatically the instance via multipass shell command — it’s safe to say that it was the only thing I was missing.

Please note that Multipass works solely with Ubuntu instances. It is cross-platform however and one can use it on Windows, macOS and Linux.

Grafana is one of my favourite Open Source software of all time. I’ve been using it for years and am thrilled to see yet another great major release. I’m really looking forward to put my hands on all new workflow called Explore. Currently it integrates with Loki, but support for Elasticsearch is already on the roadmap!