cron.weekly issue #102: KRACK, Grafana, nsjail, ApsaraCache, Nix, Docker, fzf & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, October 22, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #102 for Sunday, October 22nd, 2017.

I’m writing this one a bit in a hurry, the kids aren’t leaving me with a lot of sleep & I can hear my bed calling far away in the distance.

So without further ado, here’s your weekly reminder that open source is a thing, Linux is very much alive and all sense of security is purely an illusion.


Rage4 DNS

Authoritative DNS for pros – anycast, GeoDNS, failover support with monitoring integration, DNSSEC, DANE/TLSA, CAA and much more. Join now, open support ticket and receive 10% discount as cron.weekly subscriber. (Sponsored)

Grafana to become more config mgmt friendly

Work is being done to let Grafana configurations be read/stored in yaml files, which would make it a lot easier to deploy & manage via config management tools like Puppet, Chef, Ansible, …

KRACK attacks

If you’ve got a WiFi anywhere in your office or home, it’ll probably need patching. Until then, assume WiFi – even with WPA2 – is an unencrypted transport protocol. (aka: don’t use FTP)

Adding Kubernetes support in the Docker platform

The Docker platform is getting support for Kubernetes. This means that developers and operators can build apps with Docker and seamlessly test and deploy them using both Docker Swarm and Kubernetes.

Why plain text emails work better

Since many of you read this newsletter in text/plain, I figured you’d appreciate this: some A/B testing on newsletters, and it turns out the text/plain version often outperforms the text/html one!

A gentoo system has been ransomwared

It’s not only Windows machines that get ransomwared, this Gentoo box had its files encrypted and asked for money. Keep your patches up-to-date folks!

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)


A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language).

Dragonfly BSD 5.0

This release brings support for the new HAMMER2 file system, improvements to IPFW (IP firewall & traffic shaper), support for mor than 900k procs on a single machine (wow!) & lots of smaller fixes.


zsync is a file transfer program. It allows you to download a file from a remote server, where you have a copy of an older version of the file on your computer already. zsync downloads only the new parts of the file. It uses the same algorithm as rsync.

Consul 1.0

Consul is a tool for service discovery and runtime configuration for distributed applications and infrastructure and it’s just reached its first big milestone, a 1.0 release.


This is a fork of Redis 4.0 and introduces the “memcached” protocol in Redis, allowing you to run Redis but talk to it via the Memcached protocol.


This came in handy for me last week: prips is a tool that can be used to print all of the IP address on a given range. It can enhance the usability of tools that are made to work on only one host at a time (e.g. whois).

Ubuntu 17.10

Ubuntu “Artful Aardvark” has been released; no more 32bit installers, the 4.13 kernel, improvements to qemu, libvirt, lxd, … and many more.

Guides & Tutorials

GoCD – open source continuous delivery server

GoCD is a continuous delivery tool specializing in advanced workflow modeling and dependency management. It lets you track a change from commit to deploy at a glance, providing superior visibility into your workflow. It’s open source, free to use and download. (Sponsored)

Get shell in running Docker container

This quick command lets you get a bash prompt in a running container, which can be very useful if you’re trying to debug a Docker container that’s malfunctioning.

What is Nix and Why you should try it!

This is a good introduction with plenty of CLI examples to show the benefits of Nix. It lets you install multiple versions of tools with dependent libraries without conflicts by not using a traditional file system layout.

Volume Monitoring in Kubernetes with Prometheus

This blog talks about how to use Prometheus, node-exporter and nsenter to monitor Kubernetes volumes on AWS.

FZF & RipGrep – Navigate with bash faster than ever before

This is a pretty cool combo of fzf (a fast command-line finder) and ripgrep (a blazingly fast ‘grep’ alternative) in both vim and bash!

Vim after 15 years

A lot of vim optimizations in this post, also including fzf (like the post above), improving search, multiplexing, panel orientations, …

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.