cron.weekly issue #100: dnsmasq, systemd, MariaDB, logfmt, Rancher, Envoy, Micro, traceroute & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, October 08, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #100 for Sunday, October 8th, 2017.

It’s back!

Sorry about last week, some high fevers kept me in bed & unable to get an issue out. It’s a shame, I almost made it to 100 consecutive weekly newsletters. Figures I stumble at the very last one. 🙂

But that doesn’t matter. It’s issue #100 and when I first started 2 years ago, I didn’t think I’d ever see that number. But it’s been a fun & very interesting ride, bringing me in touch with many new folks, learning new technologies & learning a thing or two about businesses & pricing when working with sponsors.

If you happen to have plenty of time left, don’t mind a weekly deadline, are always reading the (tech) news and love dealing with e-mail deliverability troubleshooting, writing and maintaining a newsletter is the perfect hobby for you! 😀

All kidding aside, the newsletter wouldn’t be here without you – yes, cliché, you! – the reader. I’m not writing a newsletter if no one is reading it. But since there are over 7.500 of you, you motivate me every week to get the issue out, even at times when I’d love to be doing something else (is Stranger Things season 2 out yet?).

If at any point you’re thinking “sjeez, what could I do to help that Mattias fella?“, the biggest help you can be is share links to the newsletter, promote it to friends & family and get new people to signup. That’s what keeps me going. I don’t want individual donations, the kind cron.weekly sponsors take care of the costs involved in running a newsletter & for compensating my time writing it.

Now on with the show: it’s a 2-week-catchup, so plenty of links, new releases, new guides & videos. Take care all!


A clever way of killing groups of processes

There’s some smart handling in systemd about killing all remaining processes on system shutdown that’s worth reading & knowing about.

Safety-critical realtime with Linux

This write-up explains the “realtime OS”, which features predictability of timings over “just very fast” execution.

Save Code Share

Current EU Copyright Review threatens Free and Open Source Software. Take action now to preserve the ability to collaboratively build software online.

Linux kernel LTS releases are now good for 6 years

The LTS (Long Term Support) kernels are switching from a 2 year cycle to a 6 year cycle, prolonging the life of the LTS kernels significantly!

MariaDB gets new $27M investment

More money to open source, this time lead by the Alibaba group. The folks at MariaDB sure are raising a lot of money!

Behind the Masq: Yet more DNS, and DHCP, vulnerabilities

Google has discovered several critical flaws in ‘dnsmasq’ you’ll want to patch asap, one includes an RCE (Remote Code Execution) vulnerability.

​Serious Linux kernel security bug fixed

Another vulnerability that’ll need patching; a local user privilege escalation existed in Linux for a long time and has now been disclosed & patched.

Mozilla Awards Over Half a Million to Open Source Projects

The Mozilla Foundation has awarded more than $500.000 to new open source projects, like Ushahidi, Webpack, RiseUp, Phaser and mod_md.

Different I/O Access Methods for Linux, What We Chose for Scylla, and Why

Lots of in-depth info in disk I/O here, comparing different schedulers (read/write, mmap, DIO, …) and how they perform.

bye bye bug #199, MySQL auto_increment is fixed !

With the latest MySQL release, an important bug related to how MySQL implements “auto_increment” has been fixed. I’ll admit I was unaware of this bug, but this post contains a clear example of where this might really hurt in your data consistency!

Dynamic Users with systemd

You may now configure systemd to dynamically allocate a UNIX user ID for service processes when it starts them and release it when it stops them. It’s pretty secure, mixes well with transient services, socket activated services and service templating.


security.txt to allow websites to define security policies, much like a robots.txt or humans.txt file.

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)

SSHPry 2

This tool can record & replay an active terminal, take over its control & more. Pretty useful to have on a system if you want to record all SSH sessions or collaborate with junior sysadmins.


HonSSH is designed to log all SSH communications between a client and server.


Jaeger, inspired by Dapper and OpenZipkin, is a distributed tracing system released as open source by Uber Technologies. It can be used for monitoring microservice-based architectures.


Yahoo is open sourcing Vespa, their Big Data Processing and Serving Engine.

Rancher 2.0

Racher lets you run Docker and Kubernetes in production with more ease. Their 2.0 release focusses on Kubernetes more, to make the integration even better.


Envoy is an open source edge & service proxy, designed for cloud-native applications.


A modern and intuitive terminal-based text editor.


This is a structured log format, designed to be readable by humans and parseable by computers. It adds structure & sanity to logs and looks like something that should/could be widely adopted.


Fn is an event-driven, open source, functions-as-a-service compute platform that you can run anywhere.


Cortex provides horizontally scalable, long term storage for Prometheus metrics when used as a remote write destination, and a horizontally scalable, Prometheus-compatible query API.

OpensSH 7.6

This release completely deletes the SSHv1 protocol, which has been deprecated for a while now. It also removes several vulnerable ciphers and weak SSH keys.

PostgreSQL 10

The PostgreSQL 10 release includes significant enhancements to effectively implement the divide and conquer strategy (spreading data across many nodes), including native logical replication, declarative table partitioning, and improved query parallelism.

Systemd 235

A new systemd release that brings; a new modprobe.d drop-in replacement, better tracking of service restarts, traffic accounting unit files (per service), simple IP-based ACLs for sockets and ports & several bugfixes. Quite a big release, it seems.


Zulip is a powerful, open source group chat application. Written in Python and using the Django framework, Zulip supports both private messaging and group chats via conversation streams.

Debian 9.2

Several security updates & bugfixes in this maintenance release of Debian 9.

Guides & Tutorials

You can’t buy DevOps, but you may have to sell it – GoCD

This new blog series aims to help DevOps leaders in organization get stakeholder buy-in. It covers approaches to talking about why, as well as specific things you can do to sell your ideas. (Sponsored)

Backup/Restore of InfluxDB from/to Docker Containers

In order to restore an InfluxDB back-up to a Docker container, the instance needs to be stopped. But if you stop the instance, Docker thinks it’s “pid 1” has ended, and stops the container altogether. This post shows how to work around that catch-22 situation. (Sponsored)

Monitoring Cloudflare’s planet-scale edge network with Prometheus (PDF)

This is a solid presentation on the Prometheus monitoring solution when run at scale, by the team at CloudFlare.

git git git git

If you’re like me, chances are you’ve typed “git git status” more than once – doubling the git at the beginning. No idea why I even do that. But, this post has a good fix for that using git aliases that’s applicable to all git commands!

HAProxy vs nginx: Why you should NEVER use nginx for load balancing!

I love nginx, but it’s lack of a good status page and lack of control over backends make it a rather weak choice for load balancing. There are alternatives, like HAProxy – or my own favorite, Varnish – that are much better suited for performing healthchecks & adding backend controls.

A 1KB Docker Container

It’s possible to make really small containers, but they often grow in size rapidly due to the large application installs that happen inside of them. This post looks at a tiny binary running in a Docker container, keeping it under 1KB.

How to kill your network with Ansible

A cautionary tale of how not to kill your network when configuring network resources using Ansible.

Building Cross-Distribution Linux Applications with Flatpak

Some step-by-step instructions on creating your own Flatpak “packages” that can be run on any system.

Traceroute Lies! A Typical Misinterpretation Of Output

A traceroute showing a slow or high latency hop isn’t always telling the truth, this post explains why we can’t blindly trust traceroute’s output for performance troubleshooting.


LaraconEU 2017

All recorded videos from LaraconEU, the yearly Laravel conference in Europe, are released. If you’re into PHP & Laravel, there’s definitely something in there for you.

BruCON 2017

BruCON is a yearly hacker conference in Brussels, Belgium. The videos of those presentations are now online, they range from malware detection to open source security orchestration, browser exploits & more.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.