Hi everyone! 👋
Welcome to cron.weekly issue #129.
I’ve been exploring HTTP/3 some more last week, so you’ll find a couple of HTTP/3 references lower in here. Interesting stuff, of course!
This is a nice and varied issue, lots of tools and guides this time, I’m pretty sure you won’t be bored.
Grab a ☕️, enjoy the read & stay safe.
News & general 🗞
Docker started work on the Compose Specification
The team at Docker as started a new initiative to make docker compose
an industry standard: it will be run with open governance with input from all interested parties allowing them together to create a new standard for defining multi-container apps.
Temporarily rolling back SameSite Cookie Changes
[…] in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling.
The Chrome browser was on its way to phase out 3rd party cookies, but that plan is currently on hold to allow everyone to focus on the current events.
Conntrack tales - one thousand and one flows
An interesting read about Linux’s conntrack, its limits (and how to test them) and what happens when you reach them.
Red Hat free courses due to COVID-19 emergency
Due to COVID -19 situation, RedHat is providing free courses for 30 days. These all usually pretty expensive, so if you have the time - I suggest you check them out!
Tools & Projects 🛠
nostromo
Managing aliases can be tedious and difficult to set up. nostromo makes this process easy and reliable. The tool adds shortcuts to your .bashrc
/ .zshrc
that call into the nostromo binary. It reads and manages all aliases within its manifest.
zz
zz is a “smart and efficient directory changer” for zsh
, implemented in pure awk & unix tooling.
Optimize PHP App Performance with Datadog
Get deeper insights into your PHP services with Datadog. With over 400 turn-key integrations, you can quickly monitor every layer of your PHP applications alongside the rest of your environment. Start a free trial today, create one dashboard, and Datadog will send you a free t-shirt! Sponsored
braid
Braid is an experimental team chat application with a novel UI: instead of chatrooms, it’s based on many short conversations. You can think of Braid as an email/mailing-list/web-forum/chatroom hybrid, but without the constant interruptions and FOMO of Slack. It’s particularly good for remote-first companies, developer teams and online communities.
falsisign
Some bureaucratic agencies require a hand-written signature instead of a digital one. This script makes it look like a PDF was printed, signed and scanned - just for your convenience.
nautilus
A Docker Compose yml file charting visualizer via Desktop application available for Mac, Windows, Linux. This looks especially useful if you want to showcase your environment or write visual documentation.
Foreman 2.0
Foreman is a complete lifecycle management tool for physical and virtual servers. Giving system administrators the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage servers, on-premise or in the cloud.
HostDNS: Premium DNS
Make sure your DNS isn’t a bottleneck by using HostDNS’s worldwide anycast network, intuitive web DNS editor, DDoS protection and 24/7 e-mail support. Don’t blame DNS, trust HostDNS to manage it for you. Sponsored
FreeRDP 2.0
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Enjoy the freedom of using your software wherever you want, the way you want it, in a world where interoperability can finally liberate your computing experience.
Jitsi Meet Electron
A desktop application for Jitsi Meet built with Electron.
Make Linux Fast Again
This is a bit of a parody site, but has some merit to it: a set of Linux kernel parameters that enable all flags to speed up your machine (including disabling Spectre/Meltdown mitigations).
pagure
Pagure is an Open Source software code hosting system, an alternative to GitLab. For more context, listen to this podcast recording with Neal Gompa for more insights.
brim
Brim is an open source desktop application for security and network engineers. Brim is especially useful if you need to handle large packet captures, especially those that are cumbersome for Wireshark, tshark, or other packet analyzers.
rclone
Rclone (“rsync for cloud storage”) is a command line program to sync files and directories to and from different cloud storage providers.
pipx
Pipx allows you to install and run Python applications in isolated environments.
Guides & Tutorials 🎓
Attack matrix for Kubernetes
A treasure trove of security considerations to make when implementing & running Kubernetes. It touches privilege escalation, persistence, defense evasion, discovery, …
How to run HTTP/3 with Caddy 2
Last week I had fun upgrading to the latest Caddy build to run HTTP3 on my own servers. This post shows how you can enable and test HTTP/3 together with Caddy 2.
How to enable HTTP3 in Chrome / Firefox / Safari
This post looks at how you can enable HTTP/3 in all major browsers. It isn’t enabled by default (yet), so you’ll have to explicitly opt-in for now.
HTTP/3 explained
While diving more into HTTP/3 last week, I came across this brilliant write-up by Daniel Stenberg that explains all the changes and does a deep-dive into the new protocol.
Create your own Open Source virtual background
This guide looks at using python to build your own “virtual background” creator, pretty interesting as it gets rather complex quickly.
Deploys at Slack
An interesting read on how Slack does deploys at their scale. There are about 12 deploys each day. What originally started as an rsync
-deploy has now grown into a nice flow with lots of structure to it.
Site Reliability Engineering: Building Secure and Reliable Systems
In this new (free) book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.
Mosh
This post looks at the benefits of using the mosh
shell in everyday life, as its session-resumption is quite a powerful feature.
MUST, SHOULD, DON’T CARE: TCP Conformance in the Wild
This research paper looks at the use of TCP on the internet. Does everyone follow the standards? Is everyone in agreement? tl;dr: no, not even close. A good reminder that most of the internet is held together by duct tape.
WhyTheName on the Debian Wiki
Where does the name postfix
come from? Or apache
? Or apt
? This page has the general collective wisdom stored!
Getting Started with WireGuard
This is the guide I wish I wrote: step-by-step intructions on running WireGuard on your own servers.
List your most recently-used branches using Git
A useful git
alias to show the branches with the most recent activity.
Mounting Partitions Using Systemd
In this guide you’ll see basic examples of how to set up mounts using systemd
instead of just /etc/fstab
. The advantage is you can set dependencies and have more control of the order in which they get mounted.
10 Things I Hate About PostgreSQL
Last week featured an article about the great things of PostgreSQL, this one gives you some opposing views.