cron.weekly issue #136: SSL, Security, Pest, Prometheus, Zsh & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, May 31, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! 👋

Welcome to cron.weekly issue #136.

Quite a lot of interesting stories to share this week! Some deep-dives into SSL certificates, turmoil in Open-Source Windows land, performance benchmarks, security tips, …

Hope you enjoy it! ☕️

News & general 🗞

Resolving the Root Certificate expirations

Just over 24 hours ago, a couple of root certificates used to sign SSL certificates have expired. This is pretty common, as certificates all have to expire at some point. But it’s a pretty rare occurrence.

If you’re noticing weird SSL errors since yesterday-ish, have a read - this post covers the problem, how to verify it and how you can resolve it.

SQLite turns 20 years old

The first commit to the SQLite project happened on May 29th, 2000. Crazy to see the history of this project!

Honestly, I ask myself that question all the time. 😅

While I’m a skeptic (I believe most people use Kubernetes in environments where it’s absolute overkill), it’s hard to ignore its rise in popularity. This post gives a good high-level overview and offers a series of arguments that might explain its popularity.

Google will be evaluating page experience for search engine ranking

This caught my eye: in about a year, Google will take the “user experience” into account when ranking sites in its search results. That means sites with overlay/popups are punished, as well as slow sites, sites with bad user interactions/usability, …

If you ever needed arguments to convince your marketing team to take speed & privacy serious, this just might be it!

The Day AppGet Died

This is an Open-Source story from the Windows ecosystem, but I want to share it with all of you. The author of AppGet, a popular package manager, is stepping down from the project as Microsoft released its own package manager:

Microsoft released WinGet (Not to be mistaken with AppGet) earlier this week as part of their Build 2020 announcements.

I have mixed feelings here, but it may ultimately be for the better of the Windows ecosystem to have the dominant package manager be controlled & managed by MS themselves.

Tools & Projects 🛠


With db you can very easily save, restore, and archive snapshots of your database from the command line. Pretty useful in a development workflow.

Fix cloud misconfigs & IaC violations automatically

Bridgecrew’s codified security platform helps developers find and fix cloud misconfigurations and policy violations in both run-time and build-time. Integrate Bridgecrew with your repos and CI/CD pipeline to prevent cloud security issues from ever being deployed. It’s free to get started. Sponsored


Micro is a modern and intuitive terminal-based text editor. It aims to be somewhat of a successor to the nano editor.


This CLI plugin pushes the README file from the current working directory to a container registry server where it appears as repo description in the web interface.

Snowpack 2.0

After 40+ beta versions & release candidates, Snowpack 2.0 is here. Snowpack is a build tool for modern web apps.

API Uptime Monitoring for Busy Developers

Cronitor is the utility-knife style monitoring tool we’ve always wanted. With multi-region uptime & response time verification, powerful test assertions on HTML & JSON responses, privacy checks for your S3 buckets, and instant alerts when things go wrong, Cronitor fills the gaps in monitoring modern web applications. Sponsored


This cool can turn any webpage, into a native desktop application that you can install & distribute. Pretty useful if, say, you wanted to make Carbon for your desktop.


Pest is a new, elegant, PHP Testing Framework with a focus on simplicity.

Guides & Tutorials 🎓

Static webhosting benchmark: AWS, Google, Firebase, Netlify, GitHub & Cloudflare

Static websites are still a hot topic. They are fast, and they’re incredibly secure because there isn’t a CMS to hack. Once you build a static website, however, the question becomes: Where do I host? This benchmark has some interesting observations: AWS CloudFront is fastest, but nearly all static hosting services have gotten slower since the last benchmark, 3 years ago!

Linux Security Hardening and Other Tweaks

A solid collection of todo’s on new systems, like hardening the disk layout, kernel options, managing the firewall, limiting sudo, …

An Introduction to Apache Airflow

Airflow is a platform created by the community to programmatically author, schedule, and monitor workflows. In this guide, an example of machine learning of Twitter posts is used to explain how Airflow operates.

Hypermodern Python

I’ve recently been writing some more Python code and found this post be very valuable: over the years, the Python landscape has (slowly) transitioned from 2.x to 3.x, and with it - many things in the ecosystem changed. In this post, you’ll find a good overview on modern Python development.

Prometheus Node Exporter and TLS

This post does a deep-dive into two exciting new features of the Prometheus Node Exporter: TLS and HTTP Basic Authentication.

5 Types Of ZSH Aliases You Should Know

I knew about normal aliases (think alias gd="git diff"), but this post also thought me about alias suffixes & global aliases, together with a couple of other neat tricks.

Sandboxing nginx with systemd

This is a pretty neat trick to let the master nginx process, which usually runs as root, run as a non-privileged user. The post contains all the systemd configs you need to make this happen.

What else can you stuff in a certificate chain?

I did some experimenting and playing around with certificate chains and learned you can stuff around 80 random certificates in your chain and things still continue to “just work” on the web.

This might break older devices that have a more basic understanding of certificate chains though.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.