cron.weekly issue #79: OpenSnitch, VXLAN, GCC, 4.11 kernel, README’s, curl, monitoring tools & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, May 07, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #79 for Sunday, May 7th, 2017.

There’s a new Linux kernel out, some heavy networking guides on VXLAN and BGP & lots of newly released tools in this issue.

Happy Sunday everyone!


Debian 9.0 “Stretch” Might Not Have UEFI Secure Boot Support

It doesn’t look like Debian 9 is going to ship with UEFI Secure Boot, as time and resources are lacking to get it ready for the launch.

9 lessons from 25 years of Linux kernel development

A nice read on why tools matter, the value of short release cycles, the distributed nature of kernel development, why regression testing is given such a high priority, …

Security Newsletter: weekly digest of security news

Weekly e-mail that condenses security news into about 10 items that are worth knowing about. It will help you stay up-to-date on security, but with minimal effort. (Sponsored)

OpenSSH removes SSHv1 support

So long, SSHv1!

4.11 kernel released

Some headline features in 4.11 include: a new perf ftrace command restarting the work of better integrating the perf and ftrace subsystems, I/O scheduling support for the multiqueue block subsystem, journaling for device-mapper RAID 4/5/6 volumes, SipHash support, some swapping scalability improvements, a new LZ4 compression implementation, the new statx() system call, and more.

Security things in 4.11

A highlight of the security related features that made it to the 4.11 release. I think I understand about 10% of that post. 🙂

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)


OfflineIMAP is software that downloads your email mailbox(es) as local Maildirs. OfflineIMAP will synchronize both sides via IMAP. Looks useful for additional e-mail back-ups of hosted providers, like Gmail/Office365.


CoreFreq is a CPU monitoring software designed for 64-bits Processors w/ architectures Intel Atom, Core2, Nehalem, SandyBridge and superior, AMD Family.


“Open source your READMEs”: not many of us like writing documentation or README’s, yet there are writers that would like to contribute to open source that don’t know how to code. This project bridges the gap: it lists projects that need help getting their README files properly written and explained.


A CLI DNS tool that displays information about your domain. Think DNS Spy, but at your CLI.


Everything in RancherOS is a container managed by Docker. This includes system services such as udev and rsyslog. RancherOS includes only the bare minimum amount of software needed to run Docker.


OpenSnitch is a GNU/Linux port of the Little Snitch application firewall.


Rootbox is a tool that lets you create and distribute “boxes”: isolated environments designed for building code thanks to the power of chroots and mounts.

Pi-Hole 3.0

A new major release for the Pi-Hole project: it acts as a DNS server on your network and can block known trackers, advertisers, malware, … by blocking its DNS queries. The new release has a much faster web UI & under-the-hood improvements. I wrote up a quick review of Pi-Hole last year in case you’re interested.


A mobile app that allows you to store your SSH private keys on your phone, no longer on your laptop. Whenever access to your private key is needed (SSH etc.), you can approve it via your phone. Think of it as 2 factor authentication for your private keys.


Puppet Explorer is a web application for PuppetDB that lets you explore your Puppet data.

Software Collections

This project is a bit less known among Red Hat/CentOS users, but is a Red Hat approved/supported way of installing up-to-date packages on a “enterprise” operating system. Think the latest NodeJS, PHP, Ruby, … to be installed next to the OS default versions.

GCC 7.1

A new major release of the GCC compiler. Their version numbers are a bit odd, the 7.0 release is a “release candidate” and the 7.1 is the general available version of GCC. This is also the 30y anniversary release of the project!


A command line client for MySQL that can do auto-completion and syntax highlighting.

Scality S3

An open-source Node.js implementation of a server handling the S3 protocol, which you can run on your own servers with local or network storage.


An alternative S3 client, this time written in Go. Minio is an open source object storage server compatible with Amazon S3 APIs.

Guides & Tutorials

Estimating CPU Per Query With Weighted Linear Regression

It’s sometimes impossible to answer what’s consuming resources like CPU, IO, & memory in a complex software such as a database. This ebook explains how a specialization of ordinary linear regression answers seemingly unsolvable database questions. (Sponsored)

Varnish Wiki

I’m a big fan of Varnish so I’d like to highlight their newly released/revamped Wiki; it offers guides for implementing Varnish on WordPress, Drupal, … goes into more details to explain the VCL etc. Lots of good resources here.

Increase open-files-limit in MariaDB on CentOS 7 with systemd

If you hit MariaDB “max open files” errors (which still defaults to 1024), this guide can get you started on increasing that number on a systemd-enabled system.

80 Linux Monitoring Tools

You’re bound to find something new in this list; it’s got all the classics and some newer ones, like bandwidthd, NetHogs, iptraf, …

cURL Command Examples

Lots of practical curl examples with header redirection, downloading files, download resumption, …

Our first Kubernetes outage

Some really honest insights into a Kubernetes cluster failure, looking at where things went wrong and what areas to focus on next. I love these write-ups, it allows everyone to (attempt to) avoid similar downtimes.

OpenSSL: validate that certificate matches / signs the private key

Some useful commands to help you validate that your private & public key for TLS certificates match, before attempting to install them. This has become part of our (automated) pre-deploy checks because it’s so easy to implement.

VXLAN & Linux

A very detailed guide that allows you to implement VXLAN on your Linux servers. VXLAN is considered ‘complete’ as of kernel 3.12.

VXLAN: BGP EVPN with Cumulus Quagga

This post builds on top of the previous one, and introduces VXLAN tunneling, adding BGP to the mix in combination with Juniper hardware. A deep dive into modern Linux networking.

Bind 9.10 with GeoIP on Ubuntu 17.04 (Zesty Zapus)

This post explains how you can give a different DNS response based on the geolocation of the client making the request.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.