Hi everyone! 👋
Welcome to cron.weekly issue #134.
I hope everyone’s doing alright, keeping safe & sane and adjusting to this new reality. It’s not easy and you’re not alone in this.
Hopefully, this weekly tech-dose can be a distraction and an excuse to escape into the virtual world of Linux, open-source and general web-geekyness.
Enjoy the issue! ☕️
News & general 🗞
This patch includes all code required to get Wireguard available in OpenBSD. If accepted, this could mean WireGuard becomes available to anyone running a modern version of OpenBSD. Very nice to see progress being made here!
“When $FAMOUS_COMPANY launched in 2010, it ran on a single server in $TECHBRO_FOUNDER’s garage."
This is like reading every major announcement by a Fortune 500 tech-blog, all at once. 😅
An HTTP-serving webserver from a decade ago, might still be able to serve traffic today. Yet an HTTPS-serving webserver from 10 years ago will probably throw security warnings and be blocked entirely from your browser.
[…] it’s not going to be possible for people with web servers to just let them sit. The more the HTTPS world changes and requires you to change, the more your HTTPS web server requires ongoing work.
A historical read on the origins of Unix at AT&T and, how a series of unlikely events, caused it to be released into the open.
If you are following the tech news, you might have seen the announcement that ICANN withheld consent for the change of control of the Public Interest Registry and that this had some implications for .org. This post gives a high-level overview of the background here and what happened with .org.
Today I Learned: the Internet Archive website (archive.org) runs at about a constant 60Gbps of internet traffic.
A name and a logo, so you know it’s a serious vulnerability: if your computer has such a Thunderbolt 3 port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.
Tools & Projects 🛠
This just may become very popular as a server-side replacement of nodejs. 🔥
Enhance visibility into containers and container orchestration with Datadog. Automatically track containerized services with Autodiscovery and receive smarter alerts that won’t panic as customers scale down. Easily monitor the health of all your containers with granular, real-time metrics and visualize performance from a bird’s eye view with Datadog’s live container map. Start your free Datadog trial today! Sponsored
My favourite monitoring tool (mostly because I’ve been using it for the last 10yrs) has reached a new major version: Zabbix 5.0, a new Long Term Support release! A rewritten agent (in Golang), new web UI layout, more trigger options, Windows Perf counter discovery, advanced visualisations, … heck, there’s a lot!
Hyperdrive is a POSIX-like filesystem implementation, written in Node.js, that’s designed to be the storage layer for fast, scalable, and secure peer-to-peer applications. It’s a bit like bittorrent (the protocol) on steroids, but instead allowing modifications of shared files, random-access reads to allow streaming, etc.
A blazing fast terminal-ui for git, written in rust.
“A font that censors bad language automatically.” This thought me quite a lot about how modern fonts render and their inner workings, it’s pretty clever!
This is incredibly clever: a ASCII chart & flow implementation into the VS Code editor, so you can create your diagrams directly where you write your code.
Monitor your services up to every 30 seconds or with third parties, get notified via your favourite notification channels. Record and publish rich metrics and share service statuses from your hosted status page to keep customers informed. Free for 30 days! Sponsored
This is interesting: the goal of
xxh is to allow you to reuse your local Shell’s aliases/colours/settings on the remote one, without having to explicitly configure it!
Ah my favourite network-wide ad-blocker at home! The v5 release introduces per-client blocking, deep CNAME inspection, improved dashboard, more detailed logs about why domains get blocked, …
yubikey-agent is a seamless ssh-agent for YubiKeys. With a one-command setup, one environment variable, and it just runs in the background.
Lens is a Kubernetes IDE which you can use to take control of your Kubernetes clusters. It is a standalone application for MacOS, Windows and Linux operating systems.
semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctness of syntactical and semantic search.
Guides & Tutorials 🎓
A really good primer on the basics of TCP, covering the infamous 3-way-handshake, flow control, congestion control, … Such fun, these lower-level bits & pieces. 😄
A very impressive, in-depth post, tracking down the CPU cost of sending network packets back & forth on a Linux machine. It covers a detailed test scenario, where the author pins certain network traffic by MAC to a particular CPU (didn’t know you could do that!) and some cool
perf commands to measure the impact.
“It’s easy to imagine big, impressive server hardware as faster than a machine you might take to a cafe. The truth is, server hardware is different, not necessarily faster." This post gives some interesting gotcha’s when troubleshooting performance issues locally, on a laptop or desktop, vs on server hardware.
This post looks at using
diff's on container updates, to only download the changed bytes over the network whenever a container image changes. While Docker is pretty efficient when you just modify your containers’ last layer, it will redownload the entire container if you modify one of the first layers. The newly introduced tar-diff tool could help preserve bandwidth here.
“An animation of the SHA-256 hash function in your terminal." If you were questioning the complexity of SHA-256 hashing, this animation will set you straight.
So what is Prometheus? What does it do? How does it work? This guide gives you a very easy-to-understand walkthrough of all the basics of Prometheus.
With all this serverless, we might forget what’s underneath: physical, dedicated, servers. I liked this post as it sets a proper stage for when cloud-native thinking is useful (focus on the developer UX) but also looks at what’s needed to run all of it, on bare metal machines, and what it takes to deploy & manage.
A good summary of managing your firewall using the
“io_uring is a powerful new way to do asynchronous I/O programming under Linux." This site has a great selection of documentation and tutorials for getting started with
io_uring. It’s above my knowledge of C, but I’m sure this will be useful to some of you!
If PGP has such a bad name, what should you use instead? This post explores
minisign for signing files,
eureka for encrypting them and
saltpack for replacing the PGP use case.
And I’d even question their usefulness, but I did learn about mid-command comments, stderr-pipes & character encodings.