cron.weekly issue #52: Dtrace, nftables, bashcached, nodejs 7, elastic 5, bfs, varnish & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, October 30, 2016

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #52 for Sunday, October 30th, 2016.

There’s lots of DNS related news and tools this week as well as topics related to HTTPs, Varnish, Go videos and Linux internals. Plenty of content to keep you busy on a Sunday, I hope!


Free course: Introduction to DevOps: Transforming and Improving Operations

The Linux Foundation has introduced a new MOOC (Massive Open Online Course): Introduction to DevOps. This free-to-enroll course is available online through edX and starts on November 16th.

What comes after ‘iptables’? It’s successor, of course: nftables

Nftables is a new packet classification framework that aims to replace the existing iptables, ip6tables, arptables and ebtables facilities. It aims to resolve a lot of limitations that exist in the venerable ip/ip6tables tools.

DTrace for Linux 2016

The latest update to the Linux performance debugging chart by Brendan Gregg, as well as a detailed write-up on the tools and how to interpret their output.

Mozilla Distrusting New WoSign and StartCom Certificates

And just like that, Mozilla has put 2 companies out of business: as of October 21st, new certificates issued by WoSign and StarTcom will be marked insecure in Firefox. Other browsers will likely follow shortly, as a result of several security incidents with both CA’s.

Inside the Linux Kernel

This is a fun cartoon/visualisation of the linux kernel; processes table, crond, …

Tools & Projects

Datadog – Application monitoring done right

Get real-time, integrated statistics on your entire infrastructure: from Amazon stats on your servers to detailed numbers of your PostgreSQL, Elasticsearch, Node & other applications – all from a single, easy to use, interface. Sign up for a free trial to discover a better way to monitor your stack! (Sponsored)


This is the swiss army knife of document conversions: from markdown to HTML, from LaTeX to Word or PDF, … you name it, Pandoc can take pretty much any input and convert it to virtually any output.


Memcached built on bash + socat. You wouldn’t use this in production, but it’s super interesting to see Memcached get implemented in less than 100 lines of Bash!

Elastic Stack 5.0

A whole new set of releases: Elasticsearch 5.0, Kibana 5.0, Beats 5.0, Logstash 5.0, … more than a year of development has lead to this new release and it’s packed with new features and improvements.


The ‘bus1’ project is set as a replacement for IPC (Inter Process Communication) currently active in the Linux kernel. This page gives a really detailed view of how that will work.

Node.js 7

This latest version of nodejs introduces the latest V8 engine, 98% coverage of the ES6 language, improved performance & reliability.


A google drive client for the CLI.


The ‘Baidu file system’: a distributed file system designed to support real-time applications. Like many other distributed file systems, BFS is highly fault-tolerant. But different from others, BFS provides low read/write latency while maintaining high throughput rates.


fwknop stands for the “FireWall KNock OPerator”, and implements an authorization scheme called Single Packet Authorization (SPA). This method of authorization is based around a default-drop packet filter (fwknop supports iptables and firewalld on Linux) and libpcap. SPA is essentially “next generation port knocking”.


LibVMI is a C library with Python bindings that makes it easy to monitor the low-level details of a running virtual machine by viewing its memory, trapping on hardware events, and accessing the vCPU registers. This is called virtual machine introspection.


A blockchain-based DNS + HTTP server that fixes HTTPS security.


Namecoin is an experimental open-source technology which improves decentralization, security, censorship resistance, privacy, and speed of certain components of the Internet infrastructure such as DNS and identities.

Guides & Tutorials

Secret management with Vault

This is a practical introduction using Hashicorp’s Vault to store sensitive data, passwords, TLS or SSH secrets, …

Continuous MySQL backup validation: Restoring backups

A back-up is only good if it can be restored: this post by Facebook introduces how they handle automated restores and validation. If you’re thinking of implementing this yourself, lots of valuable tips in that post.

Varnish 5 configuration templates

This post announces a new set of configuration templates for using the latest Varnish 5 caching daemon & load balancer. Plenty of boilerplate code in VCL files to save you the trouble of writing it yourself.

Debugging with the BASH debugger

The purpose of a debugger such as the BASH debugger is to allow you to see what is going on “inside” a bash script while it executes.

Ops-Class: Hack the Kernel includes slides, hundreds of hours of videotaped lectures, and sample exams: everything you need to learn OS concepts online at your own pace.


dotGo 2016 videos

Since the Go language is increasing in popularity – not only for Devs, but Ops too – I wanted to share the videos of this conference. The first 3 videos of the dotGo conference are available online, I’m sure the others will follow shortly.

“Linux Sucks”

This is a really entertaining video about what “makes Linux suck”; a look at systemd with the pro’s & con’s, a critical look at the community and some funny Linux vs. Justin Bieber comparisons.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.