cron.weekly issue #47: OpenSSL, ripgrep, httpstat, CouchDB, Latency & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, September 25, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #47 for Sunday, September 25th, 2016.

A bit later than usual, but I’m liking it better this way. From now on, cron.weekly is not going to have a fixed time for delivery. It’s still weekly and it’ll still be sent on Sunday, but it’s less formal from now on.

After all, it’s just a hobby and having a time constraint & deadline in the weekend is taking its toll on me. Having the ability to finish the newsletter later will give me more peace of mind.

So long 08:00 UTC+2, hello $RANDOM!

News

OpenSSL Security Advisory [22 Sep 2016]

A new high severity vulnerability has been patched in OpenSSL: a denial of service attack when using OCSP stapling.

The MIT license explained, line by line

This is one of the most popular open source licenses, and it’s broken down line-by-line by a lawyer, in clear language (heck, even I understood it). The MIT license is pretty short, but there are a lot of nuances in those words that can make a difference.

Introducing the GitHub Load Balancer

The GitHub team has introduced their custom load balancer setup which handles their HTTP/HTTPS/SSH traffic. A mix of layer4 (ECMP) and Layer7 (proxies) are used to handle all the requests. Looking forward to their follow-up posts!

What it costs to run Let’s Encrypt

I like how they open up their finances too: a total yearly cost of 2.9M USD of which 2.0M USD goes to staffing.

Blurred Lines

An interesting blogpost about what happens when you join the company behind an open source project you’ve been contributing to, what changes, who takes responsibility, …

Tools & Projects

ripgrep

A faster grep, beating the silver searcher, ack, egrep, … Quite a lot of benchmarks on this page proving the speed of ripgrep!

httpstat

This one is going into my daily arsenal of HTTP tools: a wrapper around “curl -v” which offers a better view of the timings of a curl request. Nicely done! (make sure to check out the screenshot)

ClonOS

ClonOS is a free open-source FreeBSD-based platform for virtual environments creation and management. In the core: Xen, Jails, Puppet, bhyve hypervisor & ZFS.

pgslice

Postgres partitioning as easy as pie. Works great for both new and existing tables, with zero downtime and minimal app changes.

Deepstream

This is a fast, secure and scalable websocket & tcp server for mobile, web & “internet of things”. Think if it like a socket.io/Firebase/Pusher pub/sub & messaging server you can self-host.

CouchDB 2.0

A new major release for the database engine: native support for clustering, new admin interface, easier queries & improved performance.

Shipyard

Built on Docker Swarm, Shipyard gives you the ability to manage Docker resources including containers, images, private registries and more.

Vossibility-stack

Vossibility provides better visibility for your open source project. It can collect data from GitHub and visualise them, like commits, issues reported/solved, … In short, a fun dashboard for your OSS project.

TLSlayer

TLSlayer is a FAST TLS/SSL reconnaisance tool written in Go. The primary aim is to provide a tool that has no dependencies on OpenSSL that can utilize multiple cores.

VCLFiddle

A fun web interface to play around with the Varnish VCL configs, without having to spin up your own instances.

Guides & Tutorials

You probably want to start using the -w option with iptables

Did you know iptables can be locked? If that’s the case, commands you send to iptables will happily be ignored. The -w option prevents that from happening. This post is a good write-up on where that might sting you.

Upgrade your SSH keys to ed25519

A good post with practical tips on using more secure ciphers for your SSH keys by moving to an ed25519 key.

Using Ansible’s command and shell modules properly

This post offers some good tips (at least for beginner Ansible users) on when to use the command and the shell options.

Videos

How not to measure latency

I liked this talk about common pitfalls when monitoring latency, or just monitoring in general. Offers some good and practical points on improving your metrics and drawing better conclusions.

Conferences

LinuxDays Prague

On the 8th and 9th October 2016 in Prague, Czech. Quite the schedule if you happen to be around!

ContainerDays NYC

A different continent, ContainerDays is happening in New York on November 3-4. And if you’re looking for a discount, use promocode “CRON.TAINERDAYS”. That’s right, the first cron.weekly reader perk!

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.