Hi everyone! 👋
Welcome to cron.weekly issue #142.
There’s quite a bit of commotion around revoked SSL certificates, I hope none of you got bitten by that. Read on for some more details.
I’m taking a 2-week break with the newsletter to enjoy some time-off, next issue will arrive on Sunday, August 2nd.
Enjoy your morning ☕️ and happy reading!
News & general 🗞
This message on the PHP mailing list caused quite a bit of controversy. The short version is: Microsoft will no longer be making official releases for PHP as with the release of PHP 8, targetted for later this year.
It doesn’t mean Windows won’t be supported for PHP, someone else will just have to package things up and provide the
Debian 8 jessie support has reached its end-of-life on June 30, 2020, five years after its initial release on April 26, 2015.
A fun read about how distance affects latency & timeouts. I’ve spoiled the post now, but you should still go ahead and read it. :-)
Rancher, a widely used enterprise Kubernetes platform, has been acquired by SUSE, one of the larger independent open-source software companies.
The US is announcing the intent to add the
.gov TLD to HSTS (HTTP Strict Transport Security). This would mean every browser would automatically assume any
.gov domain is only accessible via HTTPs, much like
.dev are today.
I like these moves towards a more secure web, even if it means it can only realistically “preload .gov within a few years”. A long timeline, for sure!
Intermediate Certificate Revocations
It’s been an interesting week in SSL-land. Two major occurrences of mass-revocations of intermediate certificates, potentially affecting thousands of certificates that were signed against those.
This includes certificates from QuoVadis, GlobalSign, Digicert, HARICA, Certinomis, AS Sertifitseeimiskeskus, Actalis, Atos, AC Camerfirma, SECOM, T-Systems, WISeKey, SCEE, and CNNIC.
This was an opportunity for us though, as we were able to quickly build & ship preventive revocation notifications in Oh Dear, so we can now notify our users before the revocation in these circumstances. 💪
A historic look at how Have I Been Pwned came to be, how it grew and how it’s still mostly a one-man show after all these years.
Tools & Projects 🛠
HashiCorp Nomad 0.12 has been released, with support for spread scheduling, multi-interface networking, soft memory limits (to allow oversubscribing) & plenty more.
I missed this release a few months go, Puppet’s Bolt has reached a new 2.0 milestone. The latest release introduces a new inventory format (to allow loading secrets from external resources) & the ability to execute on remote targets (think: devices that only expose an HTTP API for configuration).
Tauri is a framework for building tiny, blazing-fast binaries for all major desktop platforms. Developers can integrate any front-end framework that compiles to HTML, JS and CSS for building their user interface. The backend of the application is a rust-sourced binary with an API that the front-end can interact with.
Ward is a simple and minimalistic server monitoring tool. It shows only principal information and can be used if you want to see nice looking dashboard instead of looking at a bunch of numbers and graphs.
The new 2.2 release adds support for dynamic SSL certificate storage, a new default for TLS 1.2, native responses (generated by HAProxy), better error handling & more robust health checks.
This is clever: it can convert any IP socket into a Unix socket on-the-fly.
diff tool, providing more granular & accurate diffs between files.
A Kubernetes node connectivity tool that preforms frequent tests (tcp, udp and dns), and exposes Prometheus metrics that are enriched with the node name, and the locality information (such as zone), enabling you to correlate issues between availability zones or nodes.
Vector is a high-performance monitoring and observability data router. It makes collecting, transforming, and sending logs, metrics, and events easy. It decouples data collection & routing from your services, giving you control and data ownership, among many other benefits. It could replace Logstash, Fluent, Telegraf or Beats.
oha is a tiny program that sends some load to a web application and shows a realtime TUI (Text-based User Interface) inspired by rakyll/hey.
Guides & Tutorials 🎓
It’s pretty much in the title, but I didn’t know this yet: you can supply multiple
-m flags when writing a
git commit commit message. Each
-m will be a paragraph on its own. So now I get to write
git commit -am "wip" -m "bugfixes" instead!
Last week I shared a link to create self-documenting
make files, this is the same technique but applied to Bash scripts. I think I might adopt this!
A step-by-step guide on getting started with Ansible, explaining the needed basics to get you going.
Here’s a new job section, just in case you’re on the lookout for something new. Maybe you’re looking for something closer to home, to reduce your commute? Or want to work with exciting new technology?
We make compliance less painful for engineering teams. Help us create primitives engineers will use to build the perfect security and privacy workflows for their teams. We’re looking for a technical PM who appreciates a great developer experience and would love to help us create one.
Location: San Francisco, Boston, Remote
This is your chance to work on the backend of one of the biggest VoIP platforms in Europe! Bonus: we don’t have managers, we are a holacratic company. The tech stack includes Kubernetes / Rancher, Linux, Django, Python, Golang, SaltStack, Asterisk, OpenSIPS & Prometheus / Grafana.
Location: Groningen, the Netherlands
Location: Remote in North America