cron.weekly issue #129: http3, brim, pagure, mosh, git & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, April 12, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! 👋

Welcome to cron.weekly issue #129.

I’ve been exploring HTTP/3 some more last week, so you’ll find a couple of HTTP/3 references lower in here. Interesting stuff, of course!

This is a nice and varied issue, lots of tools and guides this time, I’m pretty sure you won’t be bored.

Grab a ☕️, enjoy the read & stay safe.

News & general 🗞

Docker started work on the Compose Specification

The team at Docker as started a new initiative to make docker compose an industry standard: it will be run with open governance with input from all interested parties allowing them together to create a new standard for defining multi-container apps.

[…] in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling.

The Chrome browser was on its way to phase out 3rd party cookies, but that plan is currently on hold to allow everyone to focus on the current events.

Conntrack tales - one thousand and one flows

An interesting read about Linux’s conntrack, its limits (and how to test them) and what happens when you reach them.

Red Hat free courses due to COVID-19 emergency

Due to COVID -19 situation, RedHat is providing free courses for 30 days. These all usually pretty expensive, so if you have the time - I suggest you check them out!

Tools & Projects 🛠


Managing aliases can be tedious and difficult to set up. nostromo makes this process easy and reliable. The tool adds shortcuts to your .bashrc / .zshrc that call into the nostromo binary. It reads and manages all aliases within its manifest.


zz is a “smart and efficient directory changer” for zsh, implemented in pure awk & unix tooling.

Optimize PHP App Performance with Datadog

Get deeper insights into your PHP services with Datadog. With over 400 turn-key integrations, you can quickly monitor every layer of your PHP applications alongside the rest of your environment. Start a free trial today, create one dashboard, and Datadog will send you a free t-shirt! Sponsored


Braid is an experimental team chat application with a novel UI: instead of chatrooms, it’s based on many short conversations. You can think of Braid as an email/mailing-list/web-forum/chatroom hybrid, but without the constant interruptions and FOMO of Slack. It’s particularly good for remote-first companies, developer teams and online communities.


Some bureaucratic agencies require a hand-written signature instead of a digital one. This script makes it look like a PDF was printed, signed and scanned - just for your convenience.


A Docker Compose yml file charting visualizer via Desktop application available for Mac, Windows, Linux. This looks especially useful if you want to showcase your environment or write visual documentation.

Foreman 2.0

Foreman is a complete lifecycle management tool for physical and virtual servers. Giving system administrators the power to easily automate repetitive tasks, quickly deploy applications, and proactively manage servers, on-premise or in the cloud.

HostDNS: Premium DNS

Make sure your DNS isn’t a bottleneck by using HostDNS’s worldwide anycast network, intuitive web DNS editor, DDoS protection and 24/7 e-mail support. Don’t blame DNS, trust HostDNS to manage it for you. Sponsored

FreeRDP 2.0

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Enjoy the freedom of using your software wherever you want, the way you want it, in a world where interoperability can finally liberate your computing experience.

Jitsi Meet Electron

A desktop application for Jitsi Meet built with Electron.

Make Linux Fast Again

This is a bit of a parody site, but has some merit to it: a set of Linux kernel parameters that enable all flags to speed up your machine (including disabling Spectre/Meltdown mitigations).


Pagure is an Open Source software code hosting system, an alternative to GitLab. For more context, listen to this podcast recording with Neal Gompa for more insights.


Brim is an open source desktop application for security and network engineers. Brim is especially useful if you need to handle large packet captures, especially those that are cumbersome for Wireshark, tshark, or other packet analyzers.


Rclone (“rsync for cloud storage”) is a command line program to sync files and directories to and from different cloud storage providers.


Pipx allows you to install and run Python applications in isolated environments.

Guides & Tutorials 🎓

Attack matrix for Kubernetes

A treasure trove of security considerations to make when implementing & running Kubernetes. It touches privilege escalation, persistence, defense evasion, discovery, …

How to run HTTP/3 with Caddy 2

Last week I had fun upgrading to the latest Caddy build to run HTTP3 on my own servers. This post shows how you can enable and test HTTP/3 together with Caddy 2.

How to enable HTTP3 in Chrome / Firefox / Safari

This post looks at how you can enable HTTP/3 in all major browsers. It isn’t enabled by default (yet), so you’ll have to explicitly opt-in for now.

HTTP/3 explained

While diving more into HTTP/3 last week, I came across this brilliant write-up by Daniel Stenberg that explains all the changes and does a deep-dive into the new protocol.

Create your own Open Source virtual background

This guide looks at using python to build your own “virtual background” creator, pretty interesting as it gets rather complex quickly.

Deploys at Slack

An interesting read on how Slack does deploys at their scale. There are about 12 deploys each day. What originally started as an rsync-deploy has now grown into a nice flow with lots of structure to it.

Site Reliability Engineering: Building Secure and Reliable Systems

In this new (free) book, experts from Google share best practices to help your organization design scalable and reliable systems that are fundamentally secure.


This post looks at the benefits of using the mosh shell in everyday life, as its session-resumption is quite a powerful feature.

MUST, SHOULD, DON’T CARE: TCP Conformance in the Wild

This research paper looks at the use of TCP on the internet. Does everyone follow the standards? Is everyone in agreement? tl;dr: no, not even close. A good reminder that most of the internet is held together by duct tape.

WhyTheName on the Debian Wiki

Where does the name postfix come from? Or apache? Or apt? This page has the general collective wisdom stored!

Getting Started with WireGuard

This is the guide I wish I wrote: step-by-step intructions on running WireGuard on your own servers.

List your most recently-used branches using Git

A useful git alias to show the branches with the most recent activity.

Mounting Partitions Using Systemd

In this guide you’ll see basic examples of how to set up mounts using systemd instead of just /etc/fstab. The advantage is you can set dependencies and have more control of the order in which they get mounted.

10 Things I Hate About PostgreSQL

Last week featured an article about the great things of PostgreSQL, this one gives you some opposing views.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.