cron.weekly issue #142: PHP, SSL, Debian, ip2unix, Ansible & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, July 12, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! πŸ‘‹

Welcome to cron.weekly issue #142.

There’s quite a bit of commotion around revoked SSL certificates, I hope none of you got bitten by that. Read on for some more details.

I’m taking a 2-week break with the newsletter to enjoy some time-off, next issue will arrive on Sunday, August 2nd.

Enjoy your morning β˜•οΈ and happy reading!

News & general πŸ—ž

Microsoft Support of PHP on Windows

This message on the PHP mailing list caused quite a bit of controversy. The short version is: Microsoft will no longer be making official releases for PHP as with the release of PHP 8, targetted for later this year.

It doesn’t mean Windows won’t be supported for PHP, someone else will just have to package things up and provide the .exe's.

Debian 8 Long Term Support reaching end-of-life

Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015.

“We can’t send mail more than 500 miles”

A fun read about how distance affects latency & timeouts. I’ve spoiled the post now, but you should still go ahead and read it. :-)

SUSE Enters Into Definitive Agreement to Acquire Rancher Labs

Rancher, a widely used enterprise Kubernetes platform, has been acquired by SUSE, one of the larger independent open-source software companies.

Making .gov More Secure by Default

The US is announcing the intent to add the .gov TLD to HSTS (HTTP Strict Transport Security). This would mean every browser would automatically assume any .gov domain is only accessible via HTTPs, much like .app and .test .dev are today.

I like these moves towards a more secure web, even if it means it can only realistically “preload .gov within a few years”. A long timeline, for sure!

Intermediate Certificate Revocations

It’s been an interesting week in SSL-land. Two major occurrences of mass-revocations of intermediate certificates, potentially affecting thousands of certificates that were signed against those.

This includes certificates from QuoVadis, GlobalSign, Digicert, HARICA, Certinomis, AS Sertifitseeimiskeskus, Actalis, Atos, AC Camerfirma, SECOM, T-Systems, WISeKey, SCEE, and CNNIC.

This was an opportunity for us though, as we were able to quickly build & ship preventive revocation notifications in Oh Dear, so we can now notify our users before the revocation in these circumstances. πŸ’ͺ

How Have I Been Pwned became the keeper of the internet’s biggest data breaches

A historic look at how Have I Been Pwned came to be, how it grew and how it’s still mostly a one-man show after all these years.

Tools & Projects πŸ› 

HashiCorp Nomad 0.12

HashiCorp Nomad 0.12 has been released, with support for spread scheduling, multi-interface networking, soft memory limits (to allow oversubscribing) & plenty more.

Puppet Bolt 2.0

I missed this release a few months go, Puppet’s Bolt has reached a new 2.0 milestone. The latest release introduces a new inventory format (to allow loading secrets from external resources) & the ability to execute on remote targets (think: devices that only expose an HTTP API for configuration).


Tauri is a framework for building tiny, blazing-fast binaries for all major desktop platforms. Developers can integrate any front-end framework that compiles to HTML, JS and CSS for building their user interface. The backend of the application is a rust-sourced binary with an API that the front-end can interact with.


Ward is a simple and minimalistic server monitoring tool. It shows only principal information and can be used if you want to see nice looking dashboard instead of looking at a bunch of numbers and graphs.

HAProxy 2.2

The new 2.2 release adds support for dynamic SSL certificate storage, a new default for TLS 1.2, native responses (generated by HAProxy), better error handling & more robust health checks.


This is clever: it can convert any IP socket into a Unix socket on-the-fly.


An alternative diff tool, providing more granular & accurate diffs between files.


A Python 3 implementation that could replace JavaScript in the browser. Tired of writing JS when working on sites? How about writing some Python instead?


A Kubernetes node connectivity tool that preforms frequent tests (tcp, udp and dns), and exposes Prometheus metrics that are enriched with the node name, and the locality information (such as zone), enabling you to correlate issues between availability zones or nodes.


Vector is a high-performance monitoring and observability data router. It makes collecting, transforming, and sending logs, metrics, and events easy. It decouples data collection & routing from your services, giving you control and data ownership, among many other benefits. It could replace Logstash, Fluent, Telegraf or Beats.


oha is a tiny program that sends some load to a web application and shows a realtime TUI (Text-based User Interface) inspired by rakyll/hey.

Guides & Tutorials πŸŽ“

git commit accepts several message flags (-m) to allow multiline commits

It’s pretty much in the title, but I didn’t know this yet: you can supply multiple -m flags when writing a git commit commit message. Each -m will be a paragraph on its own. So now I get to write git commit -am "wip" -m "bugfixes" instead!

Help message for shell scripts

Last week I shared a link to create self-documenting make files, this is the same technique but applied to Bash scripts. I think I might adopt this!

Automate Server Configuration with Ansible Playbooks

A step-by-step guide on getting started with Ansible, explaining the needed basics to get you going.

Jobs πŸ“‡

Here’s a new job section, just in case you’re on the lookout for something new. Maybe you’re looking for something closer to home, to reduce your commute? Or want to work with exciting new technology?

Product Manager at Sym

We make compliance less painful for engineering teams. Help us create primitives engineers will use to build the perfect security and privacy workflows for their teams. We’re looking for a technical PM who appreciates a great developer experience and would love to help us create one.

Location: San Francisco, Boston, Remote

Systems Engineer at devhouse Spindle

This is your chance to work on the backend of one of the biggest VoIP platforms in Europe! Bonus: we don’t have managers, we are a holacratic company. The tech stack includes Kubernetes / Rancher, Linux, Django, Python, Golang, SaltStack, Asterisk, OpenSIPS & Prometheus / Grafana.

Location: Groningen, the Netherlands

Senior Security Engineer at Aha!

You are a Security Engineer who is passionate about finding and fixing security vulnerabilities in sophisticated SaaS platforms. You have experience with Ruby on Rails and Javascript applications and have performed application security reviews.

Location: Remote in North America

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.