Hi everyone! π
Welcome to cron.weekly issue #142.
There’s quite a bit of commotion around revoked SSL certificates, I hope none of you got bitten by that. Read on for some more details.
I’m taking a 2-week break with the newsletter to enjoy some time-off, next issue will arrive on Sunday, August 2nd.
Enjoy your morning βοΈ and happy reading!
News & general π
Microsoft Support of PHP on Windows
This message on the PHP mailing list caused quite a bit of controversy. The short version is: Microsoft will no longer be making official releases for PHP as with the release of PHP 8, targetted for later this year.
It doesn’t mean Windows won’t be supported for PHP, someone else will just have to package things up and provide the .exe
's.
Debian 8 Long Term Support reaching end-of-life
Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015.
“We can’t send mail more than 500 miles”
A fun read about how distance affects latency & timeouts. I’ve spoiled the post now, but you should still go ahead and read it. :-)
SUSE Enters Into Definitive Agreement to Acquire Rancher Labs
Rancher, a widely used enterprise Kubernetes platform, has been acquired by SUSE, one of the larger independent open-source software companies.
Making .gov More Secure by Default
The US is announcing the intent to add the .gov
TLD to HSTS (HTTP Strict Transport Security). This would mean every browser would automatically assume any .gov
domain is only accessible via HTTPs, much like .app
and .test .dev
are today.
I like these moves towards a more secure web, even if it means it can only realistically “preload .gov within a few years”. A long timeline, for sure!
Intermediate Certificate Revocations
It’s been an interesting week in SSL-land. Two major occurrences of mass-revocations of intermediate certificates, potentially affecting thousands of certificates that were signed against those.
This includes certificates from QuoVadis, GlobalSign, Digicert, HARICA, Certinomis, AS Sertifitseeimiskeskus, Actalis, Atos, AC Camerfirma, SECOM, T-Systems, WISeKey, SCEE, and CNNIC.
This was an opportunity for us though, as we were able to quickly build & ship preventive revocation notifications in Oh Dear, so we can now notify our users before the revocation in these circumstances. πͺ
How Have I Been Pwned became the keeper of the internetβs biggest data breaches
A historic look at how Have I Been Pwned came to be, how it grew and how it’s still mostly a one-man show after all these years.
Tools & Projects π
HashiCorp Nomad 0.12
HashiCorp Nomad 0.12 has been released, with support for spread scheduling, multi-interface networking, soft memory limits (to allow oversubscribing) & plenty more.
Puppet Bolt 2.0
I missed this release a few months go, Puppet’s Bolt has reached a new 2.0 milestone. The latest release introduces a new inventory format (to allow loading secrets from external resources) & the ability to execute on remote targets (think: devices that only expose an HTTP API for configuration).
tauri
Tauri is a framework for building tiny, blazing-fast binaries for all major desktop platforms. Developers can integrate any front-end framework that compiles to HTML, JS and CSS for building their user interface. The backend of the application is a rust-sourced binary with an API that the front-end can interact with.
ward
Ward is a simple and minimalistic server monitoring tool. It shows only principal information and can be used if you want to see nice looking dashboard instead of looking at a bunch of numbers and graphs.
HAProxy 2.2
The new 2.2 release adds support for dynamic SSL certificate storage, a new default for TLS 1.2, native responses (generated by HAProxy), better error handling & more robust health checks.
ip2unix
This is clever: it can convert any IP socket into a Unix socket on-the-fly.
icdiff
An alternative diff
tool, providing more granular & accurate diffs between files.
Brython
A Python 3 implementation that could replace JavaScript in the browser. Tired of writing JS when working on sites? How about writing some Python instead?
kmoncon
A Kubernetes node connectivity tool that preforms frequent tests (tcp, udp and dns), and exposes Prometheus metrics that are enriched with the node name, and the locality information (such as zone), enabling you to correlate issues between availability zones or nodes.
vector
Vector is a high-performance monitoring and observability data router. It makes collecting, transforming, and sending logs, metrics, and events easy. It decouples data collection & routing from your services, giving you control and data ownership, among many other benefits. It could replace Logstash, Fluent, Telegraf or Beats.
oha
oha is a tiny program that sends some load to a web application and shows a realtime TUI (Text-based User Interface) inspired by rakyll/hey.
Guides & Tutorials π
git commit accepts several message flags (-m) to allow multiline commits
It’s pretty much in the title, but I didn’t know this yet: you can supply multiple -m
flags when writing a git commit
commit message. Each -m
will be a paragraph on its own. So now I get to write git commit -am "wip" -m "bugfixes"
instead!
Help message for shell scripts
Last week I shared a link to create self-documenting make
files, this is the same technique but applied to Bash scripts. I think I might adopt this!
Automate Server Configuration with Ansible Playbooks
A step-by-step guide on getting started with Ansible, explaining the needed basics to get you going.
Jobs π
Here’s a new job section, just in case you’re on the lookout for something new. Maybe you’re looking for something closer to home, to reduce your commute? Or want to work with exciting new technology?
Product Manager at Sym
We make compliance less painful for engineering teams. Help us create primitives engineers will use to build the perfect security and privacy workflows for their teams. We’re looking for a technical PM who appreciates a great developer experience and would love to help us create one.
Location: San Francisco, Boston, Remote
Systems Engineer at devhouse Spindle
This is your chance to work on the backend of one of the biggest VoIP platforms in Europe! Bonus: we don’t have managers, we are a holacratic company. The tech stack includes Kubernetes / Rancher, Linux, Django, Python, Golang, SaltStack, Asterisk, OpenSIPS & Prometheus / Grafana.
Location: Groningen, the Netherlands
Senior Security Engineer at Aha!
You are a Security Engineer who is passionate about finding and fixing security vulnerabilities in sophisticated SaaS platforms. You have experience with Ruby on Rails and Javascript applications and have performed application security reviews.
Location: Remote in North America