Language Selection

English French German Italian Portuguese Spanish

Server: Managing GNU/Linux Servers and Cost of Micro-services Complexity

Filed under
Server
  • Keeping track of Linux users: When do they log in and for how long?

    The Linux command line provides some excellent tools for determining how frequently users log in and how much time they spend on a system. Pulling information from the /var/log/wtmp file that maintains details on user logins can be time-consuming, but with a couple easy commands, you can extract a lot of useful information on user logins.

  • Daily user management tasks made easy for every Linux administrator

    In this article, we will be going over some tasks that a Linux administrator may need to perform daily related to user management.

  • The cost of micro-services complexity

    It has long been recognized by the security industry that complex systems are impossible to secure, and that pushing for simplicity helps increase trust by reducing assumptions and increasing our ability to audit. This is often captured under the acronym KISS, for "keep it stupid simple", a design principle popularized by the US Navy back in the 60s. For a long time, we thought the enemy were application monoliths that burden our infrastructure with years of unpatched vulnerabilities.

    So we split them up. We took them apart. We created micro-services where each function, each logical component, is its own individual service, designed, developed, operated and monitored in complete isolation from the rest of the infrastructure. And we composed them ad vitam æternam. Want to send an email? Call the rest API of micro-service X. Want to run a batch job? Invoke lambda function Y. Want to update a database entry? Post it to A which sends an event to B consumed by C stored in D transformed by E and inserted by F. We all love micro-services architecture. It’s like watching dominoes fall down. When it works, it’s visceral. It’s when it doesn’t that things get interesting. After nearly a decade of operating them, let me share some downsides and caveats encountered in large-scale production environments.

    [...]

    And finally, there’s security. We sure love auditing micro-services, with their tiny codebases that are always neat and clean. We love reviewing their infrastructure too, with those dynamic security groups and clean dataflows and dedicated databases and IAM controlled permissions. There’s a lot of security benefits to micro-services, so we’ve been heavily advocating for them for several years now.

    And then, one day, someone gets fed up with having to manage API keys for three dozen services in flat YAML files and suggests to use oauth for service-to-service authentication. Or perhaps Jean-Kevin drank the mTLS Kool-Aid at the FoolNix conference and made a PKI prototype on the flight back (side note: do you know how hard it is to securely run a PKI over 5 or 10 years? It’s hard). Or perhaps compliance mandates that every server, no matter how small, must run a security agent on them.

More in Tux Machines

Allan Day: GNOME Shell user research goings on

It’s been a while since we last blogged about the GNOME Shell design work that’s been happening. While we might not have blogged in a bit, there’s been a lot going on behind the scenes, particularly on the research side, and it’s about time that we told everyone about what we’ve been up to. As a side note: a great team has developed around this initiative. The existing design team of Jakub, Tobias and myself has been joined by Maria Komarova from System76. Maria has a particularly strong research background and was immensely helpful in running interviews. The development side has also been fully engaged with the process, particularly through Georges and Florian. Read more

Android Leftovers

Apostrophe – distraction free Markdown editor

Markdown is a plain text formatting syntax created by John Gruber in 2004. It’s designed to be easy-to-read and easy-to-write. Readability is at the very heart of Markdown. It offers the advantages of plain text, provides a convenient format for writing for the web, but it’s not intended to be a replacement for HTML. Markdown is a writing format, not a publishing format. You control the display of the document; formatting words as bold or italic, adding images, and creating lists are just a few of the things we can do with Markdown. Mostly, Markdown is just regular text with a few non-alphabetic characters included, such as # or *. Apostrophe is a distraction free Markdown editor. It uses pandoc as backend for Markdown parsing and offers a very clean and sleek user interface. Read more

Audiocasts/Shows: DevNation Tech Talks, LINUX Unplugged and mintCast

  • Kubernetes: The evolution of distributed systems

    DevNation Tech Talks are hosted by the Red Hat technologists who create our products. These sessions include real solutions plus code and sample projects to help you get started. In this talk, you’ll learn about Kubernetes and distributed systems from Bilgin Ibryam and Burr Sutter. Cloud-native applications of the future will consist of hybrid workloads: stateful applications, batch jobs, stateless microservices, and functions (plus maybe something else) wrapped as Linux containers and deployed via Kubernetes on any cloud. Functions and the so-called serverless computing model are the latest evolution of what started as service-oriented architecture years ago. But is this the last step of the application architecture evolution and is it here to stay? During this talk, we will take you on a journey exploring distributed application needs, and how they evolved with Kubernetes, Istio, Knative, Dapr, and other projects. By the end of the session, you will know what is coming after microservices.

  • Distro Triforce | LINUX Unplugged 372

    What would it really take to get you to switch Linux distributions? We debate the practical reasons more and more people are sticking with the big three. Plus Carl from System76 stops by to surprise us with some firmware news.

  • mintCast 344 – Getting Jacked

    First up, in our Wanderings, I fiddle with the Focusrite, Tony Hughes paints it pink, Joe puts a ring on it, Bo gets jacked, Tony Watts reduces, reuses and recycles