cron.weekly issue #73: OpenSSL, Fossjobs, bcachefs, tmuxp, Gitlab, netbox, udocker, iptables & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, March 26, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #73 for Sunday, March 26th, 2016.

Those of you that signed up for this newsletter to learn about new tools are going to be super happy, because there are a ton of them in this release. Many shiny new projects!

Happy Sunday!


Percona Live Open Source Database Conference: April 24-27, 2017 in Santa Clara, CA

Open source database community event. MySQL, MongoDB, MariaDB, PostgreSQL & other open source databases. 1 day of tutorials & 3 days of keynote & breakout sessions. Register Now w/ CRON15 for 15% off. (Sponsored)

Introducing Zero Round Trip Time Resumption (0-RTT)

CloudFlare recently enabled TLS 1.3 for its customers, and has just enabled 0-RTT – making TLS more efficient, especially on high latency links. This post highlights the benefits of TLS 1.3 and its technical implementation. I’m looking forward to enabling this on all our servers, too!

OpenSSL project changes license to Apache 2.0

The team behind the OpenSSL project is moving their license from a – at first glance – rather obscure one, to one of the open source standards: Apache License Version 2.0. Quite a big move, as it seems, as all current contributors need to be informed & agree on the change.

Open source license descriptions and metadata

A really nice extra from the Github team: if a project has a LICENSE file, it’ll show a summary of the most interesting points related to that license. See a demo of the MIT license on one of my own repos. Or have a look at the Kubernetes repo for an Apache 2 license example.

An online job board focussing on jobs that directly improve and involve FOSS or Open Hardware projects.

Embrace open source

A list of GitHub issues to help beginners make their first pull request.

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)


Ostinato is a packet crafter, network traffic generator and analyzer with a friendly GUI. Also a powerful Python API for network test automation. Craft and send packets of several streams with different protocols at different rates. Think of it as “Wireshark in Reverse”.


TimescaleDB is an open-source database designed to make SQL scalable for time-series data. It is engineered up from PostgreSQL, providing automatic partitioning across time and space (partitioning key), as well as full SQL support.

RHEL 6.9

The latest “big” release of Red Hat Enterprise Linux 6.x series, 6.9. Updates to TLS 1.2, preparations to migrate existing workloads to containers on RHEL 7 & new hardware support and bugfixes. This also marks the last big release of the RHEL 6.x series, what follows now are security and critical bugfixes. Expect a CentOS 6.9 in the next few weeks.


Bcachefs is an advanced new filesystem for Linux, with an emphasis on reliability and robustness. It has a long list of features, completed or in progress: copy-on-write (COW), data & metadata checksumming, compression, encryption, snapshots, caching & a heap more features.


A new tmux session manager.

Gitlab 9.0

A new major release, offering: improved project navigation, deploy boards, application performance monitoring, subgroups, a revamped merge request widget, … so many new things!


NetBox is an IP address management (IPAM) and data center infrastructure management (DCIM) tool. Initially conceived by the network engineering team at DigitalOcean, NetBox was developed specifically to address the needs of network and infrastructure engineers.


This is an implementation of an ACME-based CA, that Let’s Encrypt uses. If you want to run your own CA at the office, this might be a tool for you.


A basic user tool to execute simple docker containers in user space without requiring root privileges. Enables basic download and execution of docker containers by non-privileged users in Linux systems were docker is not available.

Bloaty McBloatface

This tool lets you explore what’s taking up space in your .o, .a, .so, and executable binary files.

OpenSSH 7.5

A new OpenSSH release, focussing mostly on bugfixes.


Stone is a simple TCP/IP packet repeater according to its manual but it also does UDP/IP repeating. It also supports proxy, ssl encryption.


How2 finds the simplest way to do something in a unix shell. It’s like man, but you can query it in natural language.


Puppet Systems Infrastructure Construction Kit: A Puppet control-repo generator on steroids, featuring multiple ways to test Puppet code, a Gitlab CI pipeline, …


*nixy filter that adds color to its standard input by rows or (space separated) columns.

Guides & Tutorials

Block DNS queries for specific zone with IPTables

This is a pretty cool method where you can use iptables to block packages based on a particular payload or “string”, in this example it’s used to block certain kind of DNS requests. This method can be used for virtually any protocol.

Epoll is fundamentally broken 2/2

A follow-up in-depth post, looking at the Epoll implementation and its flaws.

Best 15 Unix Command Line Tools

A link-baity title, but gives some good examples of CLI tools; it introduces apropos, typo correction in your history, incron, usage of {}, …

Restricting process CPU usage using nice, cpulimit, and cgroups

An introduction to nice, cpulimit and cgroups to limit CPU usage on processes.

A good vimrc

Not your typical copy/paste config, but a carefully written guide on the reason & background of each parameter, so you can make informed decisions about your .vimrc configs.


These are 2 newsletters I’d like to highlight.


Written by Chris Short, this newsletter gives you lots of “soft” news about DevOps, collaboration and focusses more on the human side of doing Dev and/or Ops.

Monitoring Weekly

A new weekly newsletter about all things monitoring, that looks promising. It’s written by Jason Dixon and Mike Julian, who both have extensive backgrounds in monitoring.


Linux Monitoring at Scale with eBPF

The latest Linux kernels have implemented a Berkeley Packet Filter (BPF) virtual machine which can provide safe and efficient syscall hooking. There are many logging systems in Linux that provide security relevant data, and several excellent open source tools that sit on top of these. This talk showcases one particular BPF implementation.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.