cron.weekly issue #97: kernel 4.13, TLS, LLVM, Yarn, Vagrant, AWX, Nginx & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, September 10, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #97 for Sunday, September 10th, 2017.

Last week was an interesting issue, in the time between me writing and sending the newsletter, one of the featured projects got deprecated. On top of that, it looks like my URL manipulations caused one webserver to throw errors instead of the page I wanted. Ah well, lessons learned!

Meanwhile, major open source projects have been holding of on releasing new major versions for the beginning of September it seems! Many new releases in this issue, which makes it a pretty big one.

Happy reading!


Kernel 4.13 is released

Quite a few new security improvements in this release, better huge-page swapping & better handling of asynchronous I/O, TLS support directly in the kernel & many more improvements landed in this release.

New 4.14 Kernel = new LTS release

If everything goes according to plan, the next 4.14 kernel is going to be the new LTS release, receiving up to 2 years of support & patches.

TLS in the Linux Kernel

This is the very technical explanation of how the 4.13 kernel uses TLS directly in the kernel. An alternative read would be Filippo Valsorda’s, where he looks at the kernel patch & how it fits in with Go’s TLS implementation.

The Sizzle

Struggling to keep up with the flow of tech news? Need to improve your signal to noise ratio? One email a day, five must read tech news stories, sent in time for your commute home. Stay in the loop without burning all your free time. Read the first two weeks for free. (Sponsored)


IP version 10 (IPv10) is a new version of the Internet Protocol, designed to allow IPv6 [RFC-2460] to communicate to IPv4 [RFC-791] and vice versa.

Oracle fires everyone on Solaris, SPARC teams

This is essentially the end of the Solaris distribution.

The two metrics that matter for host security

This is an interesting approach to looking at the security or state of your systems: monitoring reverse uptime and golden image freshness.

CAA record checking now mandatory for Certificate Authorities

As of this month, every Certificate Authority has to check for CAA DNS records before it issues a new certificate. If you haven’t already, it’s a great way to better protect your domain(s) from getting unwanted certificates.

Why open source success is increasingly dependent on corporate cash

More and more of the strong, successful open source projects, are relying on money from either investments (see previous cron.weekly’s, plenty of seed rounds & venture capital) or from major companies behind the project, deciding to open source it.

Greg Kroah-Hartman: The Commander-in-Chief of the Linux Stable Branch

In this interview, Greg Kroah-Hartman – who’s responsible for the Linux releases making it out the door – shares his background & history with Linux and how he came to join the Linux Foundation.

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)


A simple command to fully update an Ubuntu PC/server via apt. Mostly hands-off and unattended.

LLVM 5.0

This new release adds support for C++17, co-routines, improved optimizations, new compiler warnings, many bug fixes.


Collection of Scripts to Automatically Unlock LUKS Devices on kexec Reboot. (kexec is a method to reload to a new kernel faster, without a full system reboot.)

Yarn 1.0

The Yarn JavaScript package manager reaches its first stable release. It’s main focus at first was to be much faster than npm, the native/official package manager, but has since grown to support lots of new features like version locking etc.

Vagrant 2.0

Who hasn’t used Vagrant by now? Vagrant is a tool for building and distributing development environments, the 2.0 version includes support for provisioning on VirtualBox, VMware, Hyper-V, Docker, AWS, GCP. It can virtualize Linux, Windows & Mac.

Ansible “tower” AWX

Ansible Tower is now open source and the project is called “AWX”. Jeff Geerling wrote up more details & how to get started with AWX on his blog.

Nginx Unit

Nginx has always been a powerful webserver & proxy, but it could never run your application code (Go/Java/PHP/…) directly. With Nginx Unit, it now can. It’s a new application server that can run your code, across multiple versions. It’s better explained in the Nginx Application Platform blogpost.


The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions. In short, it’s a game to test your hacking & infosec skills.


Now that Reddit decided to close its source code, Raddit is a new Reddit-like clone that’s fully open sourced.


Judging by the website, you’d think this project hasn’t been updated in 10 years, but it’s still in active development. HTTrack is an “offline website browser” and allows you to copy a website locally, crawling all pages.


container-diff is an image analysis command line tool. container-diff can analyze images along several different criteria, currently including Docker Image History, file system, apt-get + pip installed packages & more.

Guides & Tutorials

Jenkins vs. GoCD

GoCD or Jenkins? In this blog, we compare GoCD with Jenkins on philosophy, getting started, continuous delivery, and plugins. Understand more about how these CI/CD tools fit your needs(Sponsored)

Solaris to Linux Migration 2017

A very good guide on what you’d need to migrate from Solaris to Linux, not only the actual data migration, but how to transfer your skillset from Solaris to modern Linux.

Rosetta Stone for Unix

This is a giant matrix of comparisons between different Unix flavors (AIX, BSD, Linux, …) comparing terminology, tools, methods, …  Looks like a good place to fallback to if you’re ever switching from one Unix kind to another.

Optimizing web servers for high throughput and low latency

Dropbox has some experience with operating at scale, so when they write up guides, I read them. In this one, they look at everything that makes up a webserver; from the hardware to the network & software.

How to set up an Nginx HTTPS website with an ECDSA certificate

Another set of practical commands to get the latest ECDSA certificates with your Nginx installation.

Bash Scripts Quickstart Guide

This is a list of some of the most often used bash features and constructs.

Why favor PostgreSQL over MariaDB / MySQL

A really technical in-depth look at PostgreSQL vs. MySQL to try and persuade you to switch to Postgres.

Time for Makefiles to Make a Comeback

Every week it seems a new “task runner” is open sourced and announced, adding another layer of complexity to development. This post looks at using Makefiles instead of over-engineered tools to accomplish the same thing, but simpler.

Ask cron.weekly!

It’s been a bit quiet on the forum in the last few weeks, but that’s OK. It doesn’t need to be the most active forum, but it’s a good last resort to ask questions if you’re stuk elsewhere. After all, if cron.weekly readers don’t know the answer, you’re doomed – right? 😉

What file storage technology/system to use when accessing files remotely?

Are you looking at SAMBA or web-based tools like Owncloud?



All videos from this hacker camp, held a few months ago, are now available. Ranging from hardware hacking to security info & plenty of open source tools.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.