cron.weekly issue #44: Docker, SELinux, Xen, Teeproxy, zstandard & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, September 04, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #44 for Sunday, September 4th, 2016.

A slightly shorter edition as I’m traveling – which is also true for next week. If I missed important Linux/Open Source news, let me know – I’ll be needing help filling next weeks’ issue too.


A Docker Fork: Talk of a Split Is Now on the Table

There’s more and more talk of a Docker fork being needed, one run by the community without enterprise backing. This articles goes more in to the why that may be needed.

An Ode to Boring: Creating Open and Stable Container World

A slightly shorter by related article to the one above: Docker needs to stop moving so fast and keep containers simple and boring: let orchestration, management and all other functions be handled by higher level tools (like Kubernetes, Mesos, …).

Multiple vulnerabilities in RPM – and a rant

This researcher discovered several vulnerabilities in RPM. That in and of itself is interesting, but the backstory to how it got reported to Red Hat and the act of filing the bug/security issue are more interesting pieces.

State of SELinux (PDF)

This presentation (PDF) gives a nice overview of SELinux’s new features and the current stance of the project: there’s Docker/rkt & overlayfs support, in the 4.8 kernel there will be labeled networking and new userspace tools.

Xen security vulnerabilities to be announced

It’s a bit of a teaser as there aren’t any details yet, but the Xen project has reserved several CVE’s critical enough to have major cloud providers scramble to patch their hosts: on September 8th, we’re probably looking at a guest-to-hv exploit. Be prepared.

Suspect Arrested for 5-Year-Old Linux Kernel Organization Breach

Back in 2011, some servers got hacked. It looks like someone got arrested as the culprit. The article also shares some details on the exploits and backdoors he used to get it.

Tools & Projects


This tool can visualise your infrastructure or traffic flows in a WebGL canvas (or, in more common words, your browser).


A reverse HTTP proxy that duplicates requests: this is a good tool to test-run a new environment or a PHP/Ruby/NodeJS version upgrade, by having teeproxy send incoming requests to a “real” backend and a “dummy” backend, discarding the response from the dummy backend.


This new compression standard by Facebook aims to rival with deflate (gzip, zip, zlib). Perhaps not a bad move, as our current compression standards are a few decades old.


Restic is a program that does backups right: easy, fast, verifiable, secure & efficient.


Rclone is a command line program to sync files and directories to and from cloud services like S3, Google Drive, Dropbox, …


Think of covervault as your self-hosted Github Gists, or simple, self-hosted, snippets. They can be private/public, so free to share any way you like.

OpenBSD 6.0 released

Right on schedule: the OpenBSD team announces their 6.0 release.


fwd is a network port forwarder written in golang. It’s cross platform, supports multiple architectures and it’s dead simple to use.

Guides & Tutorials

Two weeks with Terraform

A good opinionated write-up on using the terraform tool to define your infrastructure as code. Terraform gives you an abstract language to describe your Amazon EC2 (or other) instances so you can easily reproduce that environment.

Debugging a kernel crash

A really nice low-level write-up of what it takes to diagnose and interpret the kernel stacktraces whenever your server does a kernel panic. Lots of C code in there, so this probably isn’t for everyone.

File system features we encountered developing the Mail.Ru Cloud synchronization mechanism

Another low-level post, this time about file operations: some insights in how _inotify _works and some good info on working with inodes identifiers.

10 tips to improve MariaDB performance

Some good starting points with regards to InnoDB buffers & sizes, caches, swap usage & some other neat tricks for tuning your MariaDB instance.

Advancing in the Bash shell

Not your average Bash tips & tricks: good pointers on using the _history _in Bash with new modifiers, fixing typo’s in commands, easily move around words with your cursor & more. I learned quite a few new tricks here!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.