Hi everyone! 👋
Welcome to cron.weekly issue #151.
A bit of drama, some very cool new projects, a variety of interesting guides/tips and a request for comments section. That’s what I call a good issue! 💪
Enjoy your fresh ☕️ and happy reading.
News & general 🗞
Hacktoberfest Drama
Every year, Digital Ocean holds an open-source support campaign called Hacktoberfest. It incentivizes users to contribute to open-source projects in a meaningful way. As a reward, you get a free t-shirt.
Sounds like fun, but it seems this year there’s been a rush of low-quality PRs that are flooding open-source maintainers. You know, the men & women already struggling to maintain their packages …
It appears to come from one popular Youtuber demonstrating how easy it is to send a PR and get a t-shirt. Nice idea, perhaps poorly executed? The fall-out of this all is hurting maintainers, after all.
If you’re a maintainer and are struggling with lots of PRs, there’s a tool called derek that can auto-close PRs based on criteria you define. Github just rolled out a new feature to temporarily limit repo interactions, too.
Meanwhile, as of yesterday, the rules of Hacktoberfest have been changed: to be eligible, PRs have to be submitted to a repository that has ‘hacktoberfest’ as a repository topic. In other words: it’s now opt-in.
Side note: I still love Digital Ocean for running this program, next year might need some stricter rules but they’ve been contributing to open-source for a very long time and this is the first time it’s had issues.
Sectigo to Be Acquired by GI Partners
The change is now: Comodo -> Sectigo -> GI Partners.
Because of the change of ownership, additional CA checks will happen to make sure the new owner has earned the right to remain in the root certificate program. Curious to learn the outcome here.
It used to be simpler to teach
A fair critique on how even simple Unix/Linux tools have added more & more complexity, to the point where they may have surpassed their original usefulness.
Tools & Projects 🛠
youtube-downloader
A pure PHP implementation of youtube-dl
, requiring only PHP (and libcurl) without any external dependencies.
derek
Derek reduces fatigue for maintainers by automating governance and delegating permissions to your team and community.
Easily discover the cause of your Linux OOM errors
Get comprehensive visibility into Linux out-of-memory errors with Datadog. Visualize OOM error logs, memory utilization metrics, and memory profiles in one place so you can get a complete overview of your system’s memory usage.
Sign up for a free trial today, install the agent, Datadog will send you a free t-shirt! Sponsored
ali
Ali is an HTTP load testing tool aimed to perform real-time analysis, inspired by vegeta and jplot. The results are shown in your terminal in real-time, much like top/htop.
grep 3.5
A new version of grep
, mostly covering bugfixes.
OBS Studio 26.0
A new major release for OBS Studio that allows you to do live streaming and screen recording.
wireflow
A user flow chart real-time collaborative tool.
elsa
Elsa is a minimal, fast and secure runtime for Javascript and Typescript written in Go.
OpenSSH 8.4
This new release adds better support for FIDO keys and announces the future deprecation of the “ssh-rsa” public key signature algorithm.
HEY.com - Email at its best, new from Basecamp
Stop emailing like it’s 2010 and get a fresh start with HEY. HEY is an all-new take on email designed to give you back control with features like the screener, reply later workflow, file attachment explorer and more. Run your email, don’t let it run you.
Learn more and try it free today at HEY.com. Sponsored
Debian 10.6
This point release mainly adds corrections for security issues, along with a few adjustments for serious problems.
GrumPHP
A client-side code quality tool for PHP, preventing commits unless they adhere to a set of defined rules.
hetty
Hetty is an HTTP toolkit for security research. It aims to become an open source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty community.
Guides & Tutorials 🎓
Escaping strings in Bash using !:q
This is a neat trick: enter a line of Bash starting with a # comment, then run !:q on the next line to see what that would be with proper Bash escaping applied.
Speeding up HTTPS and HTTP/3 negotiation with … DNS
I learned that there’s a new HTTPS
resource record in DNS (like A
, CNAME
, MX
, …)! It can be used to avoid the initial HTTP request to a new website, only to learn it’s being served over HTTPs and will be redirected away. Now, a browser/client can request the HTTPS
resource record instead and avoid the initial HTTP-hit on the origin server (without HSTS).
Understanding How UUIDs Are Generated
I didn’t know there was a structure to UUIDs, with meta data hidden inside it to clarify the format used. Cool!
PostgreSQL at Scale: Saving Space (Basically) for Free
The order in which you define your columns can, in some cases, influence the disk space consumption of your database server! In this example, you can save 10% on disk space used just by re-ordering columns.
A Linux sysadmin’s introduction to cgroups
A historical look at cgroups and how they can be used to get a better handle on the resources of your Linux server.
A beginner’s guide to gawk
gawk
is the GNU implementation of the Awk programming language. This guide contains practical examples and demo’s of using it in every-day sysadmin life.
How to properly manage ssh keys for server access
This guide introduces the method of using your own CA to sign/revoke SSH certificates, giving you a bit more flexibility to control server access (especially in larger environments).
Request for Comments 💡
PHP 8 RC1
A first release candidate of PHP 8! Lots of things are making it in this release, any help testing will be appreciated.
Fedora 33 Beta
Fedora 33 is scheduled for release at the end of October, you can now try the latest beta release to help ensure a smooth launch.
IETF Last Call for QUIC-HTTP/3
It’s your last chance to provide feedback on the QUIC working group (also known as “HTTP/3”), as the baseline requirements are almost nearing a final state.