Filip Chabik

DevOps Engineer, Husband & Dad.

Status (2)

18th September 2019

Photo by the amazing Jess @ My Family in Photos
Photo by the amazing Jess @ My Family in Photos.

OK, so it’s been a while since the last status update and I was going do these round-about every six months. No big deal, no big deal, but I do feel the need to communicate a thing or two. In slightly particular order:

Rolling out containers w/ Ansible

22nd August 2019

I’m not huge on containers, but I can see and appreciate their value in rolling things out fast for testing purposes. I have my own server(s) running here and there and I use Ansible for handling pretty much everything on them. Until not long ago, Docker containers were among notable exceptions from that rule. But then I finally discovered1 docker_container module. The only thing I was still missing was better handling of defining multiple containers.2

  1. Took me a while… 

  2. docker-compose style. Kind of. 

NGINX Extended Security Update →

There were three vulnerabilities discovered by Netflix in NGINX: CVE-2019-9511, CVE-2019-9513 and CVE-2019-9516. Both current stable1 and mainline2 were patched and point releases had been issued. As I mentioned in my NGINX Extended post I was not going to work on 1.14.x branch any more with the exception of security updates. Canonical backported patches to their nginx package3 with the following changelog:

  • SECURITY UPDATE: HTTP/2 Data Dribble issue
    debian/patches/CVE-2019-9511.patch: limited number of DATA frames in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h, src/http/v2/ngx_http_v2_filter_module.c.
    CVE-2019-9511
  • SECURITY UPDATE: HTTP/2 Resource Loop / Priority Shuffling issue
    debian/patches/CVE-2019-9513.patch: limited number of PRIORITY frames in src/http/v2/ngx_http_v2.c, src/http/v2/ngx_http_v2.h.
    CVE-2019-9513
  • SECURITY UPDATE: HTTP/2 0-Length Headers Leak issue
    debian/patches/CVE-2019-9516.patch: reject zero length headers with PROTOCOL_ERROR in src/http/v2/ngx_http_v2.c.
    CVE-2019-9516

I also took these patches and rebuilt my NGINX Extended version.4

Having this opportunity I thought it’s worth mentioning that there’s also Docker container available with my NGINX version. Dockerfile is available on GitHub and image itself on Docker Hub. Internally it’s also using my PPA to provide the package so it has exactly the same version as the one provided there.

  1. 1.16.x. 

  2. 1.17.x. 

  3. 1.14.0-0ubuntu1.4. 

  4. 1.14.2-4xenial0 and 1.14.2-4bionic0. 

Panic's Nova Text Editor Private Beta →

Picture by Panic from the Panic — Nova Private Beta.

Panic’s Nova Text Editor entered private beta testing. I don’t exactly look for a new text editor,1 but I’m watching this one closely. Two reasons: 1) it’s Panic and their software for Apple devices is absolutely awesome; 2) it’s going to be a native editor for macOS. Not some Electron app, but a real deal. I never got myself to use BBEdit and Coda looks a bit vintage these days, so I’m keeping my eye on this one.

  1. I’m happy with my Vim & Atom combo. 

Apple's Convergence

12th June 2019

Picture by Apple from the Apple Beta Software Program.

There’s this craving out there in the industry. Imagine walking around with super powerful device inside your pocket. You can do all sorts of cool things on it like browsing the Internet, taking amazing pictures, listening to the music, downloading apps, documents and what not. Not that hard to imagine these days, most of the smartphones out there can do of the above and then some. Most of them can and does replace multiple devices we needed in the, not that distant, past (walkmans,1 iPods, calculators, cameras etc.). But the craving is still there. Common understanding is that these devices are so powerful nowadays, that they could take on doing even more. Imagine – for the last time, I promise! – walking around with super powerful device inside your pocket. Imagine you get back home or arrive to the office, you bring the device out of your pocket and you connect it to the big screen, pointing device and a keyboard. All of a sudden, your pocket device became your desktop device. Bam! 🤯

  1. Yeah, I’m that old…