cron.weekly issue #25: Shift, Gentoo on Tesla, RPerl, BSD explained and many more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, April 24, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue 25 for Sunday, April 24th, 2016.

It’s been a pretty busy week once again with the major release of Ubuntu 16.04, a new Long Term Support Ubuntu version.

There’s a lot of practical guides in this edition too that can help you get started with running IPv6 or introduce Access Control Lists in your Linux environment.



Red Hat doubles down on OpenStack

The biggest open source company in the world is revealing more projects built on (and to support) OpenStack.

Count me as a systemd convert

Not everything in systemd is bad, this author discovers. The post mostly covers a particular debug session in which systemd offered the right tools to troubleshoot and fix the problem.

Gentoo Linux on a Tesla

If you’re driving a car that’s 99% computer, surely you can get Linux to run on it. Right? Well, turns out, running Gentoo inside your Tesla is perfectly possible.

A Look Back at One Year of Docker Security

A nice flashback on the various security mechanismes Docker has introduced over the last year in its various releases. It also offers a comparison between Docker, LXC and CoreOS rkt – although since this blogpost comes from the creators of Docker, I’d take it with a grain of salt.

Staying up-to-date on open source announcements & security issues via Twitter

We all know staging up-to-date on open source security issues or new versions isn’t easy. There are a lot of projects to follow and it can be intensive to stay informed. This newsletter (hopefully) helps, but can’t cover it all. That’s why I created the @oss_announce and @foss_security Twitter accounts that automated this whole process: they live-tweet whenever important releases or security announcements are made.

How I Hacked HackingTeam

As sysadmins, it’s our job to keep our systems secure. Reading about how an attacker goes about exploring a target and eventually breaching its security, offers us insights into areas we need to focus extra attention to. This particular post highlights flaws in no-sql databases (MongoDB) and shows how an attacker goes about a complicated hack.

libressl – more vague promises

A look back at how LibreSSL started, the promises made at the start of the project and the current state.

How Badlock Was Discovered and Fixed

Some more background to how Badlock, the samba vulnerability revealed last week, got discovered and how the fix got distributed to several distributions.

Tools & Projects

Ubuntu 16.04 LTS (Xenial Xerus) released

The latest Long Term Support (LTS) for Ubuntu is out: 16.04 ‘s most prominent features are ZFS support, the 4.4 kernel, the Mitaka release (13) of OpenStack and a new “snappy” package manager.

Hitch 1.2 released

Hitch is a high performant SSL/TLS proxy, created by the Varnish team that gave us the fast caching daemon and load balancer. Version 1.2 fixed a couple of bugs and offers more configuration options for the frontend (SSL, ciphers etc.). an open source pastebin

If you’ve ever wanted to run a service like Pastebin, which allows anyone to paste text and get a unique link to share it, now you can with If you’re looking for a Pastebin alternative for yourself or your organisation, have a look at


Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. All the informations a stored in an Elasticsearch database.

Rperl 1.7 released

Rperl is a “restricted perl”, a version of Perl with a select set of features included and optimised for pure performance. When used properly, rperl can be up to 100x faster as “regular” perl. Version 1.7 now offers support for stand-alone executable binaries.


Hex is a package manager for the Erlang ecosystem.

DC/OS: the Datacenter Operating System

DC/OS is an entirely open source software project based on Apache Mesos, Marathon and a whole lot more.

SSSD: System Security Services Daemon

SSSD is a system daemon. Its primary function is to provide access to identity and authentication remote resource through a common framework that can provide caching and offline support to the system. It provides PAM and NSS modules.


A clever hack to deal with WiFi-stealing neighbours: some iptables and perl scripts to automatically reverse all text on pages visited by unwanted WiFi guests.


Spash is a command line tool for Big Data platforms that simulates a real Unix environment, providing most of the commands of a typical Bash shell on top of YARN, HDFS and Apache Spark.

ScyllaDB 1.0

Scylla is a NoSQL column store database, fully compatible with Apache Cassandra at 10x the throughput and jaw dropping low latency.


A full BGP implementation for your network in a Go library. This could be the perfect corner stone if you’re building your own SDN (Software Defined Networking) solution.

Perfect: server-side Swift

Apple open sourced Swift a couple of months ago, their new programming language for developing iOS applications. The “Perfect” project takes the Swift language to the server, allowing you to write server-side applications in that very same language.


Micro is a terminal-based text editor that aims to be easy to use and intuitive, while also taking advantage of the full capabilities of modern terminals.

Shift: MySQL schema migrations

shift is an application that makes it easy to run online schema migrations for MySQL databases

Guides & Tutorials

How we found that the Linux nios2 memset() implementation had a bug

Some more very low level Kernel specifics: if you’re into custom bootloaders, exotic CPU’s, strange process architectures and even more obscure memory bugs, have a go at this article.

The BSD family of operating systems

If FreeBSD, NetBSD and OpenBSD all sound alike to you, this article can help shed light into the darkness that is BSD: the history and main direction of each *BSD project clearly explained.

Understanding and Hardening Linux Containers (PDF)

A very extensive paper on the security aspects of containers: cgroups, network namespaces, mandatory access control, different attack surfaces, … If you’re deep into containers (LXC, Docker), grab a coffee and take your time for this 122 page read.

Redis Administration: practical tips

A set of useful tips and configuration parameters when you’re just starting out with Redis. A couple of important kernel tweaks needed too, or you’ll quickly run into Redis issues along the way.

Detecting the use of “curl | bash” server side

Some very clever timing techniques are used here to detect, from the webserver that’s hosting the scripts, whenever a user directly pipes the output of a curl command into bash.

Gimp – A fast overview

Gimp is an open source photoshop alternative, this post highlights some if its biggest strengths.

19 Tips For Everyday Git Use

Another set of practica examples you might need to use when attempting git.

Git for beginners: The definitive practical guide

Git is still a complex matter, especially if you’re just starting with it. This guide takes on a very pragmatic approach with very specific questions you might have on Git and answering them clearly.

How “Exit Traps” Can Make Your Bash Scripts Way More Robust And Reliable

A clever way of adding more logic and error handling into your Bash scripts by catching signals like SIGHUP and acting upon them.

System Design Cheatsheet

A set of very good questions and considerations to make when designing a new system. Very practical questions like understanding bottlenecks, scaling and load balancing methods, replication methods to use, …

Running IPv6 in practice

This Debian guide walks you through activating IPv6 on your network and performing the first basic troubleshooting.

The Ars guide to building a Linux router from scratch

A do-it-yourself router, running Linux, with step by step instructions.

Secure Files/Directories using ACLs (Access Control Lists) in Linux

A guide that takes you beyond simple owner/group and file permissions and introduces Access Control Lists (ACLs) in Linux.

Making the case for make

A post in the defence of the tool ‘make‘ as your build tool, instead of complex scripts and dependencies that take in a lot of 3rd party software. A simple make configuration can go a long way.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.