cron.weekly issue #66: Git Filesystem, Security, JVM, Fission, Habitat, TLS 1.3 & more!

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, February 05, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #66 for Sunday, February 5th, 2016.

If you managed to attend FOSDEM this weekend, I hope you had fun. The schedule was mind-blowingly big! If you’re at Config Management Camp in Ghent on Monday & Tuesday, come say hi – I’ll be around too. There are still spots available so you can drop by last-minute.

As for this issue: there’s a remarkable Git project from Microsoft, a new container initiative focussed on security and some good guides on using htop, containers and TLS 1.3.


Linux Container Hardening

This new initiative focusses on container security: by contributing patches to the Kernel Self Protection Project that evolve the primitives in the Linux kernel used by containers (namespaces, cgroups, etc) to be more secure.

Exploring Unseen Open Source Infrastructure

There are a lot of open source projects out there that are used by thousands of projects but remain in the shadows, without anyone knowing them. This post explores some of them and makes good note that, one day, these projects – on which many projects rely – could become to the next left-pad or Heartbleed problem.

Thoughts On Gitlab Data Incident

Many of probably heard of the GitLab data loss incident earlier this week. Many posts have been written, but I like this one as it touches on all the good topics: blameless post-mortems, a good summary and review of the events.

The JVM is not that heavy

In defence of the Java Virtual Machine, the author looks at how heavy the JVM really is, when you run multiple processes.

Backblaze Hard Drive Stats for 2016

If you’re going to be buying a new server anytime soon, check out these hard drive statistics: Backblaze has more than 70.000 hard drives running and shows a lot of stats about them, like failure rates, performance, …

Tools & Projects

DataDog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)


Send e-mail marketing campaigns without servers: MoonMail is built entire on the “serverless” architecture of AWS Lambda. Written in Node, it composes and sends all your e-mails through Amazon’s SES and Lambda functions.


An embeddable, statically-typed PHP alternative: Lily is an interpreted language with a focus on expressiveness and type safety.


Craft is an open source meta build system and package manager. What was formerly the KDE Windows build tool is now available for any C/C++ application to be built and packaged.

Git Virtual File System (GVFS)

Microsoft introduces the Git file system for use in very large projects. It only downloads the git objects you actually need and can speed up git status/checkout/commits by orders of magnitude for large code bases.

sqlite json1 extension

This extension allows you to use native json types in sqlite, the embeddable database.


Ledger is a powerful, double-entry accounting system that is accessed from the UNIX command-line. It’s an accounting system. At the command line. How geeky do you have to be to use this? 🙂


Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.


Fission is a Functions as a Service (FaaS) / Serverless function framework built on Kubernetes. Fission allows you to easily create HTTP services on Kubernetes from functions. It works at the source level and abstracts away container images (in most cases).

Guides & Tutorials

Limit a container resources

The documentation for doing so are pretty spot on: you can limit memory & CPU shares per container in a variety of ways.

Tuning Linux servers for scalability

This guide covers all the necessities: max open files, increasing the TCP ephemeral port range, increasing the connection tracking limit, …

TLS 1.3 explained by the Cloudflare Crypto Team at 33c3

It might take a while before you can use TLS 1.3 of you’re on CentOS/Red Hat releases, but this is a very good introduction on the topic nonetheless.

Habitat and Docker

Chef’s Habitat and Docker containers seemingly do the same thing: package applications in a neat, convenient method. This post goes into more details to highlight where the differences and strengths lie.

The Ultimate Linux Newbie Guide

Lots of good novice content for getting start with Linux, from choosing a Linux distro to using a package manager to giving tips on what software to run. If you’ve run Linux before, this probably isn’t for you.

10 Myths About Docker That Stop Developers Cold

This post answers a lot of questions, not only for developers, about using, running and developing with Docker.

Htop explained visually

A nice graph about the different parts of htop and how to interpret its output.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.