cron.weekly issue #134: Deno, Zabbix, semgrep, Prometheus & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, May 17, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! πŸ‘‹

Welcome to cron.weekly issue #134.

I hope everyone’s doing alright, keeping safe & sane and adjusting to this new reality. It’s not easy and you’re not alone in this.

Hopefully, this weekly tech-dose can be a distraction and an excuse to escape into the virtual world of Linux, open-source and general web-geekyness.

Enjoy the issue! β˜•οΈ

News & general πŸ—ž

WireGuard patchset for OpenBSD

This patch includes all code required to get Wireguard available in OpenBSD. If accepted, this could mean WireGuard becomes available to anyone running a modern version of OpenBSD. Very nice to see progress being made here!


“When $FAMOUS_COMPANY launched in 2010, it ran on a single server in $TECHBRO_FOUNDER’s garage."

This is like reading every major announcement by a Fortune 500 tech-blog, all at once. πŸ˜…

The modern HTTPS world has no place for old web servers

An HTTP-serving webserver from a decade ago, might still be able to serve traffic today. Yet an HTTPS-serving webserver from 10 years ago will probably throw security warnings and be blocked entirely from your browser.

[…] it’s not going to be possible for people with web servers to just let them sit. The more the HTTPS world changes and requires you to change, the more your HTTPS web server requires ongoing work.

Very true.

Unix and Adversarial Interoperability: The ‘One Weird Antitrust Trick’ That Defined Computing

A historical read on the origins of Unix at AT&T and, how a series of unlikely events, caused it to be released into the open.

What the heck happened with .org?

If you are following the tech news, you might have seen the announcement that ICANN withheld consent for the change of control of the Public Interest Registry and that this had some implications for .org. This post gives a high-level overview of the background here and what happened with .org.

Thank you for helping us increase our bandwidth

Today I Learned: the Internet Archive website ( runs at about a constant 60Gbps of internet traffic.

Thunderspy: Breaking Thunderbolt 3 Security

A name and a logo, so you know it’s a serious vulnerability: if your computer has such a Thunderbolt 3 port, an attacker who gets brief physical access to it can read and copy all your data, even if your drive is encrypted and your computer is locked or set to sleep.

Tools & Projects πŸ› 

Deno 1.0

Deno is a new runtime for executing JavaScript and TypeScript outside of the web browser. It’s written in Rust with a security-first mindset: by default, scripts cannot access the hard drive, open network connections, or make any other potentially malicious actions without permission. Deno is shipped as a single executable binary.

This just may become very popular as a server-side replacement of nodejs. πŸ”₯

Simplify Complexity in Containerized Environments

Enhance visibility into containers and container orchestration with Datadog. Automatically track containerized services with Autodiscovery and receive smarter alerts that won’t panic as customers scale down. Easily monitor the health of all your containers with granular, real-time metrics and visualize performance from a bird’s eye view with Datadog’s live container map. Start your free Datadog trial today! Sponsored

Zabbix 5.0 LTS

My favourite monitoring tool (mostly because I’ve been using it for the last 10yrs) has reached a new major version: Zabbix 5.0, a new Long Term Support release! A rewritten agent (in Golang), new web UI layout, more trigger options, Windows Perf counter discovery, advanced visualisations, … heck, there’s a lot!

Hyperdrive v10

Hyperdrive is a POSIX-like filesystem implementation, written in Node.js, that’s designed to be the storage layer for fast, scalable, and secure peer-to-peer applications. It’s a bit like bittorrent (the protocol) on steroids, but instead allowing modifications of shared files, random-access reads to allow streaming, etc.


A blazing fast terminal-ui for git, written in rust.

Scunthorpe Sans

A font that censors bad language automatically.” This thought me quite a lot about how modern fonts render and their inner workings, it’s pretty clever!


This is incredibly clever: a ASCII chart & flow implementation into the VS Code editor, so you can create your diagrams directly where you write your code.

Hund: status pages and monitoring

Monitor your services up to every 30 seconds or with third parties, get notified via your favourite notification channels. Record and publish rich metrics and share service statuses from your hosted status page to keep customers informed. Free for 30 days! Sponsored


This is interesting: the goal of xxh is to allow you to reuse your local Shell’s aliases/colours/settings on the remote one, without having to explicitly configure it!

Pi-hole v5.0

Ah my favourite network-wide ad-blocker at home! The v5 release introduces per-client blocking, deep CNAME inspection, improved dashboard, more detailed logs about why domains get blocked, …


yubikey-agent is a seamless ssh-agent for YubiKeys. With a one-command setup, one environment variable, and it just runs in the background.


Lens is a Kubernetes IDE which you can use to take control of your Kubernetes clusters. It is a standalone application for MacOS, Windows and Linux operating systems.


semgrep is a tool for easily detecting and preventing bugs and anti-patterns in your codebase. It combines the convenience of grep with the correctness of syntactical and semantic search.

Guides & Tutorials πŸŽ“

What every developer should know about TCP

A really good primer on the basics of TCP, covering the infamous 3-way-handshake, flow control, congestion control, … Such fun, these lower-level bits & pieces. πŸ˜„

The CPU Cost of Networking on a Host

A very impressive, in-depth post, tracking down the CPU cost of sending network packets back & forth on a Linux machine. It covers a detailed test scenario, where the author pins certain network traffic by MAC to a particular CPU (didn’t know you could do that!) and some cool perf commands to measure the impact.

The logging framework isn’t a bottleneck, and other lies your laptop tells you

“It’s easy to imagine big, impressive server hardware as faster than a machine you might take to a cafe. The truth is, server hardware is different, not necessarily faster." This post gives some interesting gotcha’s when troubleshooting performance issues locally, on a laptop or desktop, vs on server hardware.

Putting container updates on a diet

This post looks at using diff's on container updates, to only download the changed bytes over the network whenever a container image changes. While Docker is pretty efficient when you just modify your containers’ last layer, it will redownload the entire container if you modify one of the first layers. The newly introduced tar-diff tool could help preserve bandwidth here.

SHA-256 Animation

“An animation of the SHA-256 hash function in your terminal." If you were questioning the complexity of SHA-256 hashing, this animation will set you straight.

The basics of Prometheus

So what is Prometheus? What does it do? How does it work? This guide gives you a very easy-to-understand walkthrough of all the basics of Prometheus.

Bare Metal in a Cloud Native World

With all this serverless, we might forget what’s underneath: physical, dedicated, servers. I liked this post as it sets a proper stage for when cloud-native thinking is useful (focus on the developer UX) but also looks at what’s needed to run all of it, on bare metal machines, and what it takes to deploy & manage.

How to manage network services with firewall-cmd on Fedora

A good summary of managing your firewall using the firewall-cmd tool.

Lord of the io_uring documentation

“io_uring is a powerful new way to do asynchronous I/O programming under Linux." This site has a great selection of documentation and tutorials for getting started with io_uring. It’s above my knowledge of C, but I’m sure this will be useful to some of you!

Alternatives to PGP

If PGP has such a bad name, what should you use instead? This post explores minisign for signing files, eureka for encrypting them and saltpack for replacing the PGP use case.

Some Relatively Obscure Bash Tips

And I’d even question their usefulness, but I did learn about mid-command comments, stderr-pipes & character encodings.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.