cron.weekly issue #99: Struts, SELinux, Xen, JDK, Postgres, Caddy & more

cron.weekly is a newsletter about Linux, open source & webdevelopment. Want to get it in your inbox every Sunday? Subscribe below!

I respect your privacy and you won't get spam. Ever. Just a weekly-ish newsletter about Linux and open source.
Image of Mattias Geniar

Mattias Geniar, September 24, 2017

Follow me on Twitter as @mattiasgeniar

Welcome to cron.weekly issue #99 for Sunday, September 24th, 2017.

I’m writing this one a bit later than usual, if some of the comments seem a bit short – it’s just because I lack the time to dive in deeper. But, as usual, a good issue with lots of variation.

Next one will get some more attention, after all – it’s celebration time then.

Take care!


Go: Ten years and climbing

Happy 10th birthday, Go programming language!

Facebook Relicensing React, Jest, Flow, and Immutable.js

I didn’t think they’d do it, but after all the hassle & anger Facebook got over its React license, it’s now changing it to a basic MIT license.

The Realities of Being a FOSS Maintainer

The maintainer of Caddy, a popular HTTP/2 & security focussed webserver, shares his experience after a troubled week of trying to make an open source project a viable business.

Chrome to force .dev domains to HTTPS via preloaded HSTS

If you manage the server stack of developers, beware that if you’re using the “.dev” domain, Chrome (and soon other browsers) will now force those domains to HTTPS.

Xen announces ‘unicore’, a general purpose unikernel

This is still very much in alpha/beta, but the Xen team is working on a configurable unikernel that can be used as the basis for creating your own unikernels, targeting specific applications (like nginx, mysql, …).

iTerm leaked private data via DNS requests

If you use iTerm2/iTerm3 as your terminal, make sure you’re on the latest version: previous versions are known to leak private data (passwords, notes, URLs, …) via unwanted DNS requests. The latest update disables that feature.

Optionsbleed – HTTP OPTIONS method can leak Apache’s server memory

It requires a couple of specific conditions, but Apache can leak private data – like Heartbleed – when sending the OPTIONS HTTP method. No update to Apache has been released yet.

Tools & Projects

Get full-stack observability with Datadog

Go from a global view of your infrastructure to inspecting an individual request trace, all in one developer-friendly platform. Start a free 14-day trial. (Sponsored)

GitLab 10.0

This new release contains a feature called “Auto Devops” (don’t get me started), which auto-configures CI, code testing/quality, reviews, … a whole new GUI, stricter requirements on SSH keys & plenty more.


Java 9 is out!


Wire is a secure communication client, this part open sources the server aspect so you can run your own instance of a Wire-server.


This isn’t a practical project, but it’s a technical achievement I wanted to share: a full website, with audio, that fits in a single TCP packet. Many optimizations go into this to make it possible, which might give you ideas for solving other problems!


gops is a command to list and diagnose Go processes currently running on your system.


This is a tech demo of CRIU and Docker integration, featuring tmux.


NSQ is a realtime distributed messaging platform designed to operate at scale, handling billions of messages per day. It promotes distributed and decentralized topologies without single points of failure, enabling fault tolerance and high availability coupled with a reliable message delivery guarantee.

Guides & Tutorials

Free continuous delivery eBook from GoCD

This free reference guide will take you back to the basics. You’ll find visuals and definitions on key concepts and questions you need to answer about your teams to determine your readiness for continuous delivery. Download and share with your team(Sponsored)

Introduction to InfluxDB and TICK Stack

This post does a very good job at explaining “time series” databases, focusses on the use cases & advantages of InfluxDB and explains the concept of a “TICK” (Telegraf, Chronograf, Kapacitor) stack. Followed by a set of concrete commands to get you started. (Sponsored)

Parallel processing with unix tools

This post contains a lot of good tips & tricks for getting more processes running in your favor, by “threading” them, or starting multiple at once, using tools like ‘parallel’, ‘xargs’ & pipes.

Difference Between NFS Soft And Hard Mount With Example

If you’ve ever setup an NFS client/server configuration, you probably learned the hard way the difference between a soft & hard mount. It’s a tradeof between speed (in failure/boot/shutdown) vs. reliability & potential data loss. Something everyone should be aware of, I think.

What’s new in upcoming Postgres 10?

This wiki shows a list of all things new and shiny in the next upcoming PostgreSQL 10 release, which could be any day now.

Comparison of NTP implementations

An extensive overview of the different NTP clients & servers and how they differ. I often find these ancient protocols, that no one seems to care about anymore, very fascinating to dive into.

Learn from your attackers – SSH HoneyPot

In this post, the author explains what an SSH honeypot is and how you can set one up yourself. If you’re looking for motivation to firewall your 22/TCP port, running an SSH honeypot to see what kind of traffic comes in is a good method. 🙂

A brief overview and history of systemd — the Linux process manager

This one contains the basics of systemd, some basics regarding processes & file management & a fair amount of history on systemd.

Use .bashrc.d directory instead of bloated .bashrc

This is a very good tip if you have a rather big .bashrc file, to spread the content into logical files in a “.d” directory, and source each file individually. Much cleaner this way!

Hardening Apache Struts with SELinux

In this post, the author looks at the recent Apache Struts exploit and tries to launch it on a SELinux enabled system vs. one without SELinux. I think you can guess how that ended …

Per-IP rate limiting with iptables

This is useful when dealing with broken or malicious clients accessing your systems, to throttle them via their source IP.

Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.