cron.weekly issue #150: PostgreSQL, SSH, Calibre, duf & more


cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, September 27, 2020

Follow me on Twitter as @mattiasgeniar

Hi everyone! πŸ‘‹

Welcome to cron.weekly issue #150.

Pfew, we’ve had a busy week at Oh Dear. We just launched our new cron job & scheduled task monitoring to all users!

Feels good to wrap up the week with some relaxing cron.weekly content. I’ve read the word “cron” too many times this week, though. πŸ˜…

Let’s go with a proven formula: β˜•οΈ + πŸ₯ = #cronweekly.

News & general πŸ—ž

Linux Journal is Back

Good news for independent reporting on Linux! Looks like Slashdot has taken ownership of Linux Journal and will continue to support it.

No, Moving Your SSH Port Isn’t Security by Obscurity

As someone who has always run its SSH on a non-default port, I’m glad Daniel took the time to write out a proper explanation on why it’s not that bad.

There are some good reasons not to move SSH ports in certain environments, such as usability. People absolutely love to invoke the β€œSecurity by Obscurity” boogeyman, and it makes them feel super smart when they do. It’s a conversation ender.

(Note: I’m aware non-root users can bind to ports > 1024, that’s - to me - the only valid argument for not running SSH on a port higher than 1024 as you’re not sure which SSH service you’ll be connecting to.)

Let’s Encrypt’s New Root and Intermediate Certificates

On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. In this post, they provide all the details about cross-signing, the new root & all the other clever mechanics that go on behind the scenes.

Tools & Projects πŸ› 

wave-share

A pretty cool proof-of-concept: a serverless, peer-to-peer, local file sharing through sound. 🀯

HEY.com - Email at its best, new from Basecamp

Stop emailing like it’s 2010 and get a fresh start with HEY. HEY is an all-new take on email designed to give you back control with features like the screener, reply later workflow, file attachment explorer and more. Run your email, don’t let it run you.

Learn more and try it free today at HEY.com. Sponsored

Calibre 5.0

The most popular e-book manager/viewer Calibre has released a new major version, 5.0. Changes include support for highlighting in the reader and a move from Python 2 to Python 3.

PostgreSQL 13

A new major version of PostgreSQL adds improvements to indexing & lookup systems, faster response times for complex queries and parallelized vacuuming.

mono-icons

A simple, consistent open-source icon set designed to be used in a wide variety of digital products.

Tor Browser 10

A new major release for the Tor browser, built on Firefox 78.3, that comes with several security fixes.

duf

A new disk usage/free utility for Linux, BSD & macOS. This will give a console-like overview of the disk consumption on your system.

Visualize the health of all your servers in one place

Get comprehensive visibility into Linux out-of-memory errors with Datadog. Visualize OOM error logs, memory utilization metrics, and memory profiles in one place so you can get a complete overview of your system’s memory usage.

Start monitoring your environment today with a free Datadog trial. If you install the agent, Datadog will send you a free t-shirt! Sponsored

sshocker

This is akin to docker run -p 8080:80 -v $(pwd):/mnt IMAGE, but sshocker is for remote hosts, not for containers.

DuckDB

DuckDB is an embeddable SQL OLAP database management system.

vue.js 3.0

A new major release for VueJS, the popular JavaScript framework.

Laravel 8

This one came out a few weeks ago, a new major release of the popular open-source PHP framework.

Guides & Tutorials πŸŽ“

Python behind the scenes #2: how the CPython compiler works

I’ve recently been doing some work on Hummingbot which uses CPython. This guide was helpful to me to understand how Python gets translated to C for performance & efficiency.

Lessons Learned from Running Postgres 13: Better Performance, Monitoring & More

There are no big new features in Postgres 13, but there are a lot of small but important incremental improvements. This post looks at performance, monitoring & usability changes.

How I bypassed Cloudflare’s SQL Injection filter

This post contains a lot of details on how to write clever SQL queries that bypass web application firewalls, while still remaining valid. There’s definitely more than one way to write a query!

Use long flags when scripting

An old post that resurfaced to me: a valid argument for why you’d want to use the long-form argument names in scripts over the short-hand ones (ie: --only-matching over -o).

Videos πŸŽ₯

Advanced programming in the UNIX environment

With COVID-19, the graduate class “Advanced Programming in the UNIX Environment” at Stevens Institute of Technology has shifted to 100% online, meaning they are being uploaded to youtube weekly. Free for anyone to follow and learn!

The course outline is available here.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.