cron.weekly issue #64: Kernel 4.9, hellogopher, ngrok, exabgp, yara, vmtouch, socks, bash & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, January 22, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #64 for Sunday, January 22nd, 2017.

Sit back and relax because there is a lot to share. There’s a special 50%-off promo code for the SCALE conference, lots of new tools and practical guides on using Vault, implementing caching strategies, …



Configuration-Driven PHP Security Advice Considered Harmful

This post is a good reminder that “secure code” doesn’t come from changing a few .INI settings here and there, but is a much more profound process. While there are a handful of PHP.INI settings to help secure PHP, most of the guides regarding these changes are not worth it.

Maintainers Don’t Scale

A critical view on how the Linux kernel is maintained and the role individuals play, the bottlenecks & powers that come from it and a proposal for improving this process.

Kernel 4.9 = new LTS release

As confirmed by Greg Kroah-Hartman, the new 4.9 kernel is going to be an LTS release. The previous LTS was 4.4.

vSphere 6.5 Container Integration

Many of us run our Linux servers on a VMware infrastructure, so it’s good news that VMware’s 6.5 release brings lots of support for container workloads.  With persistent volumes, it’s easier to run your containers on any VM.

The Downsides of Open Source Software

Some valid points in this critical piece: how internal ‘drama’ triggers forks, how open source projects are often delayed, …

Tools & Projects

DataDog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)


Hellogopher: “just clone and make” your conventional Go project. This greatly simplifies the whole GOPATH environment mess.


Run your application at full speed while syncing your code for development, finally empowering you to utilize docker for development under OSX.


Secure tunnels to localhost as an answer to ”I want to expose a local server behind a NAT or firewall to the internet.”.

Apache Kudu

A new addition to the open source Apache Hadoop ecosystem, Apache Kudu completes Hadoop’s storage layer to enable fast analytics on fast data.

Home Assistant

This is a thing for your home server & automation: Home Assistant is an open-source home automation platform running on Python 3. Track and control all devices at home and automate control.


ExaBGP provides a convenient way to implement Software Defined Networking by transforming BGP messages into friendly plain text or JSON, which can then be easily handled by simple scripts or your BSS/OSS.


Yahoo has open sourced Screwdriver, their Continuous Delivery Build System for Dynamic Infrastructure. Looks like a solid architecture and nice looking UI too.


A pattern matching swiss army knife: built for pentesters, but I can see a lot of use cases where it’s convenient even as “normal” sysadmins. YARA is a tool aimed to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.


Config management with Python: BundleWrap is a decentralized configuration management system that is designed to be powerful, easy to extend and extremely versatile.


A portable file system cache diagnostics and control. vmtouch is a tool for learning about and controlling the file system cache of unix and unix-like systems.

Guides & Tutorials

The Infrastructure Behind Twitter: Scale

A scale & setup most of us can only dream about: a very open and detailed view, by Twitter themselves, about the architecture and infrastructure the social network is built upon. From storage to networking to caching and even running Puppet at scale – well worth a read!

Distributing NixOS With IPFS

A very practical guide with lots of considerations for running IPFS, the “distributed web” (think of IPFS as Bittorrent meets git). If the distributed web is the future (instead of typical client <-> server), IPFS has the chance to become the standard in that area.

Caching at Reddit

Another very open write-up of the caching layer at Reddit: mostly using Memcached + mcrouter, how the servers are set up, how they balance the load, …

Create a SOCKS proxy on a Linux server with SSH to bypass content filters

If you have access to a Linux server with SSH, you can easily set up a SOCKS proxy that you can use in your browser. From that point forward, all your HTTP/HTTPs traffic will be routed over SSH and via your own server.

Upgrading Fedora using dnf directly

The official Fedora documentation on upgrading systems is very detailed, so I wanted to highlight it here too: this page describes how to (safely) use the dnf package manager to do a major distro upgrade.

Setting up Minio, an S3 compatible storage

This guide explains how to setup and configure Minio, an S3-compatible object-storage server that you can run on your own kit and has first-class Docker and Raspberry Pi support.

Rotate Passwords with Ansible and HashiVault

A practical guide on using HashiCorp’s Vault (secret & password manager) with Ansible’s automation.

‘You are Not Expected to Understand This’, explained

A solid explanation of one of the most iconic comments in the Linux source code: ‘you are not expected to understand this’. The post and video explain the mechanism that allows for time-sharing and multi-tasking … essentially how a computer is allowed to be shared by multiple concurrent users and concurrent applications.

Mastering Bash and Terminal

A solid introduction to Bash, covering changing directories (the absolute basics) to things like _pushd, fg/bg, find/ag/grep, … _



Lots of big and known names as speakers to the SCALE conference this year. On March 2-5th in Pasadena, California. Use promo code “CRON” for a 50% discount. (cron.weekly perks, cool!)


There are 2 security related newsletters I’d like to highlight. If you sign up to any of these, don’t let it replace your cron.weekly subscription. 🙂

Security Newsletter

To-the-point security news linking to lots of articles, each nicely summarised. Plenty of news I miss on a weekly basis, it’s nice to be kept informed this way. Gets sent every week.

Bulletproof TLS newsletter

A monthly newsletter on all things security with a focus on cryptography and TLS: lots of links get shared in every issue, giving you plenty of reading material.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.