2 interesting things happened in last cron.weekly’s newsletter

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Profile image of Mattias Geniar

Mattias Geniar, September 03, 2017

Follow me on Twitter as @mattiasgeniar

As usual, I sent out my weekly Linux & open source newsletter this Sunday. Lots of good content in there, you should probably have a read; cron.weekly issue #96: LogDevice, qmail, redis, Linus, HAProxy, libraries, concert, restic & more .

But as it was sent, I received a fair amount of feedback regarding 2 links I shared in the newsletter.

concert has been deprecated

I learned about concert, a tool for managing certificates via Let’s Encrypt, via a colleague playing with Minio, the open source S3 compatible server.

I wrote the newsletter on Saturday, and by Sunday morning, this commit had landed;

+*\*DEPRECATED – This project is deprecated and not maintained anymore.**

+*\*It is recommended all users use https://certbot.eff.org/ instead.**

Deprecate concert project (#27)

Interesting: between me discovering the project & adding it to the newsletter, it got deprecated.

Things move fast in open source.

`publicfile` HTTP server does not support “?querystring” arguments

Ok, quick summary: I linked to an article about qmail’s security guarantee & bounty program, which hasn’t been breached since as early as 1997. That’s impressive.

So naturally, I wanted to include it in the newsletter. By default, I translate all links a bit, to get better tracking of the source/medium through Google Analytics. It still keeps the URLs readable – as opposed to an actual click tracker, which would scramble all links. It transforms them like this;

Pretty harmless, usually. I added some logic that I don’t try to add query strings to an URL if it already contains any, as not to accidentally break any functionality.

However, if you check the links above: the first one works, the second does not. I didn’t see that one coming.

Turns out, that blog/page is hosted on a webserver called ‘publicfile', created by D. J. Bernstein, who also created qmail & a lot of articles ultimately defining the internet as we know it today.

However, the webserver doesn’t support query string arguments.

*Queue the security vs. flexibility/usability debate*

Lessons learned

A couple of gotcha’s;

  1. Maybe visit each link again right before it goes out
  2. At least test the final new URLs it they still work

Those are things I did at the very beginning of the newsletter, but after a while it becomes routine and you start to take things for granted. That’s when things get interesting!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.