cron.weekly issue #86: Debian 9, Kernel vulnerability, Ubuntu, GitLab, casync, SSH tunnels & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.

Want to help support this blog? Try out Oh Dear, the best all-in-one monitoring tool for your entire website, co-founded by me (the guy that wrote this blogpost). Start with a 10-day trial, no strings attached.

We offer uptime monitoring, SSL checks, broken links checking, performance & cronjob monitoring, branded status pages & so much more. Try us out today!

Image of Mattias Geniar

Mattias Geniar, June 25, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to _cron.weekly _issue #86, the newsletter where the projects are open source and the points don’t matter!

We’re just coming out of a heat wave here in Belgium which gave me plenty of time to browse the web and very little time to actually get anything done. The result are a lot of links & guides to share!

Enjoy your Sunday folks!


A $2 Million Prize to Decentralize the Web

Mozilla is offering a 2.000.000$ prize (lots of zeros!) for ideas that help decentralize the web. This in and of itself might not interest you as a sysadmin, but it shows a shift in system management: our traditional client/server model might not come to an end entirely, it is shifting to decentralized services more and more – it’s time to jump on board.

Elastic enters APM space with Opbeat acquisition

Elastic, the company behind ElasticSearch, Kibana, Logstash, … has bought Opbeat, a SaaS app that focuses on monitoring applications.

Linus Torvalds Explains How Linux Still Surprises and Motivates Him

This is a write-up of an interview Torvalds gave at LinuxCon last week in China, giving more insights in the ideas and work that motivate him to keep development of the Kernel going.

Full Stack Fest 2017: Problems of today, wonders from the future.

Are you a curious mind? Full Sack Fest is a week-long conference based in the amazing city of Barcelona that peeks into the web of tomorrow! Serverless, Blockchain, WebVR, Distributed Web, Progressive Web Apps… Come and see. Early bird tickets available! Use CRONWEEKLY to get 10% off! (Sponsored)

Stack Clash vulnerability

A new Linux & BSD vulnerability was disclosed last week, allowing local users to escalate their privileges to root level. Kernel & glibc updates are required, so looks like you’ll be rebooting your Linux boxes. For a more web/marketing oriented write-up, see the Qualys blogpost.

An Ancient Kernel Hole is (Not) Closed

A critical look at the aforementioned Stack Clash vulnerability, that actually appears to have been released in as early as 2004, but didn’t get the attention it deserved back then.

Ubuntu’s plans for networking in 17.10

In preparation of the 18.04 LTS release, Ubuntu is making considerable changes to the network stack in the 17.10 release. 17.10 introduces a new default configuration method for network devices, using netplan instead of ifupdown. Configuration is now written as YAML files to /etc/netplan instead of in /etc/network/interfaces.

Tools & Projects

Datadog: all your infrastructure, in one place

Track & alert on the health and performance of every server, container, and app in any environment, with Datadog. Sign up for a free 14-day trial. (Sponsored)

Debian 9

Just hours after last week’s issue went out, Debian 9 “Stretch” was released! It replaces the default MySQL server with MariaDB 10.1, has 90% of its packages as Reproducible Builds (every compile produces bit-by-bit the same results), X display no longer requires root privileges to run & lots and lots of package updates.


A PAM webhook endpoint that can be used with Kubernetes.

GitLab 9.3

That team moves fast with their releases! This new release focuses on code quality and adding relations between projects, which is especially useful if you use separate repositories for each “module” of your application (think composer.json, Puppetfile, …).


nosuspend sets the systemd-inhibit flag with UID 0/root in order to block computer suspend while another command-line operation is running.


Casync creates a new system for efficiently storing and delivering file system images, optimized for high-frequency update cycles over the Internet. It’s created by Lennart Poettering of systemd fame.

webpack 3

I find frontend (web) development to be overly complicated nowadays, but there’s no denying it: tools like webpack are very popular. Developers will like this upgrade, it’s compatible with 2.x, offering speed improvements, magic comments & plenty of bugfixes.


Simple zsh plugin that reminds you that you should use one of your existing aliases for a command you just typed.

Apache 2.4.26

A minor release for Apache 2.4, but with an interest release note: HTTP/2 support no longer tagged as “experimental” but is instead considered fully production ready. See the changelog for more details.


termplay is the tool to convert images to ANSI sequences. But it also supports playing videos – and YouTube – right in your terminal.


Passmgr is a simple password manager which allows to securely store passphrases and retrieve them via commandline. **Update: **seems the project is already offline now. -_-


A menu driven bash script which provides updates, maintenance, backups and system checks for an Arch based linux distribution.


Linux for toys: ev3dev is a Debian Linux-based operating system that runs on several Lego Mindstorms compatible platforms including the Lego Mindstorms EV3 and Raspberry Pi-powered BrickPi.

Guides & Tutorials

A step by step guide to model deployment pipeline

This blog series uses a simple application as an example to guide you on building deployment pipelines. Following it, you will get an in-depth understanding of continuous delivery and also hands-on practices of deployment pipeline modeling. Check it out here. (Sponsored)

SSH Tunnel – Local and Remote Port Forwarding Explained With Examples

I’m not sure about you, but I keep forgetting the order in which to place the ports when creating SSH tunnels. This blogpost does a really good job of explaining how it works with clear examples.

Buildah – build your containers from the ground up!

Buildah is a newly released command line tool for efficiently and quickly building Open Container Initiative (OCI) compliant images and containers. This post gets you up and running in no time.

Cache invalidation in Varnish with examples

There are quite a few ways to invalidate page caches if you use Varnish as a reverse proxy (other than restarting Varnish entirely). This post gives you several ways, giving the pro’s & con’s of each method.

Kubernetes workshop

A lengthy post normally part of an actual hands-on workshop, but the text & diagrams are self explanatory enough. Lots of details for getting started with Kubernetes in there.

Why Your Dockerized Application Isn’t Receiving Signals

Some good gotcha’s when creating your own Docker images that might prevent your app from receiving signals to handle proper shutdowns. Quite a few interesting details in there where even the syntax of your commands can make a big difference!

How to automatically execute shell script at startup boot on systemd Linux

Some good copy/paste’able examples of creating a one-off systemd unit file that starts a script on server boot.

Playing With ZFS (on Linux) Encryption

A vagrant box that allows you to play with ZFS’s encryption configurations, together with all the example commands to get you started. It’s playtime!

MariaDB MaxScale 2.1 defaulting to IPv6

A cautionary tale that might bite you; if you upgrade your MaxScale from 2.0 to 2.1 (a simple “yum update”), beware that the default behaviour is to bind on IPv6 and IPv4 interfaces instead of just IPv4, which might alter your authentication behaviour towards MySQL.

Building an OpenBSD wireless access point

A slightly older post, but this should get you started just fine: practical commands & good how-to for building your own Wireless AP’s.

An In-Depth Guide to iptables, the Linux Firewall

This guide covers pretty much every angle of iptables, from basic rules to NAT’ing to protocols & interfaces.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.