At some point, you’re going to have a Linux server that includes directories that various users, developers, admins, or clients need to access from your network. If you depend on Linux, your best bet for this is Samba.
Samba is the Linux implementation of the
Imagine you’re developing an application for your internal network that requires a certain network speed to function properly. You could open a web browser and point it to one of the many network speed tests on the market but I’m sure you know what that does… it tests your connection to the outside world.
What if you’re looking to test the speed of your LAN itself? OpenSpeedTest comes in.
OpenSpeedTest is a free, open source HTML5 network performance estimation tool that doesn’t require any client-side software or plugin to function. Once deployed, the tool can be accessed from a standard, modern web browser. Even better, OpenSpeedTest can be deployed with Docker. It uses a combination of NGINX and Alpine Linux to use very little resources on your Docker server.
You can run OpenSpeedTest with or without
At some point in either your cloud- or container-development life, you’re going to have to share a folder from the Linux server. You may only have to do this in a dev environment, where you want to be able to share files with other developers on a third-party, cloud-hosted instance of Linux. Or maybe file sharing is part of an app or service you are building.
And because
TrueNAS SCALE might not be a distribution on the radar of most cloud native developers, but it should be. Although TrueNAS SCALE is, by design, a network-attached storage solution (based on Debian), it is also possible to create integrated virtual machines and even Linux containers.
TrueNAS SCALE can be deployed as a single node or even to a cluster. It can be expanded with third-party applications, offers snapshotting, and can be deployed on off-the-shelf hardware or as a virtual machine.
Gluster for scalable ZFS features and data management.
You’ll find support for KVM virtual machines, Kubernetes, and Docker.
Even better TrueNAS SCALE is open-source and free to use.
Latest Release
Recently, the company launched TrueNAS SCALE 22.12.1 (Bluefin), which includes numerous improvements and bug fixes. The list of improvements to the latest release includes the following:
SMB Share Proxy to provide a redirect mechanism for SMB shares in a common namespace.
Improvements to rootless login.
Fixes to ZFS HotPlug.
Improved Dashboard for both Enterprise HA and Enclosure management.
Continue reading
Calico, from network software provider Tigera, is a third-party plugin for Kubernetes geared to make full network connectivity more flexible and easier. Out of the box, Kubernetes provides the NetworkPolicy API for managing network policies within the cluster. The problem many Kubernetes admins find (especially those new to the technology) is that network can quickly become a rather complicated mess of YAML configurations, where you must configure traffic ingress and egress properly, or communication between Kubernetes objects (such as pods and containers) can be difficult.
That’s where the likes of Flannel, which cannot configure network policies. With Calico, you can significantly enhance the Kubernetes networking configuration.
Take, for instance, the feature limitations found in the default NetworkPolicy, which are:
Policies are limited to a single environment and are applied only to pods marked with labels.
You can only apply rules to pods, environments, or subnets.
Rules can only contain protocols, numerical ports, or named ports.
When you add the Calico plugin, the Continue reading
Every so often, however, a new buzzword or acronym comes around that really has weight behind it. Such is the case with XDP (eBPF programming language to gain access to the lower-level kernel hook. That hook is then implemented by the network device driver within the ingress traffic processing function, before a socket buffer can be allocated for the incoming packet.
Let’s look at how these two work together. This outstanding example comes from Jeremy Erickson, who is a senior R&D developer with Sebastiano Piazzi on
Every network admin on the planet knows this dirty little secret: We’re running out of IPv4 addresses. This was an inevitability, given how wide-spread the network and network devices have become. Even on your LAN, you sometimes have to use subnetting, simply because you’ve found the devices on your massive enterprise network have gobbled up all the 192.68.1.x addresses.
It’s a problem.
Which is why IPv6 was developed. IPv6 offers a larger pool of addresses from which to use. The problem is that IPv6 isn’t nearly as easy to employ as IPv4. After all, 192.168.1.1 is much easier to remember than 0:0:0:0:0:ffff:c0a8:101.
But what’s a network administrator to do? Migrate all of those servers and various hardware devices from IPv4 to IPv6? In theory, yes, that is exactly what should happen. However, that’s not nearly as easy as one would like to think it would be. After all, you might have hundreds upon hundreds of devices and numerous locations. On top of which, there’s always that pesky DNS that must be updated (which could equate to downtime).
Oh, and let’s not forget that IPv6 is not backward compatible with IPv4. Why was this decision Continue reading
Imagine, if you will, you’re participating in a Eric Yuan has put a freeze on feature updates, in order to address the security issues. Zoom’s promise was to address the problem within the next 90 days, when Yuan said, “Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.”
Another writer for The New Stack, Jennifer Riggins Continue reading
The coming to the Linux kernel, much to the delight of Linux creator
“Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art,” Torvalds enthused, on the OpenVPN).
Another reason WireGuard is special is how it functions. Unlike the more complex competition, WireGuard functions in a similar fashion to SSH — by exchanging public keys. Once the keys have been exchanged and the connection made, there’s no need to manage connections or daemons, or be concerned about state or what’s going on under the hood.
For those that are interested in what’s going on under the hood, WireGuard makes use of the Curve25519, Poly1305, SipHash24, Jason Donenfeld’s prettysleepy1 from
Taking a look at how the internet’s HTTP/2 protocol works, Netflix engineers discovered CVE-2019-9512 Ping Flood. This enables an attacker to send continual ping requests to an HTTP/2 peer, causing the peer to create an internal queue of responses. When this happens a server’s CPU and memory can be consumed, which can lead to a denial of service.
already issued patches that are found in the following builds:
Continue reading
Jack Wallen