I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

cron.weekly issue #27: OpenSSL & ImageMagick, Chaos Monkey, Container Sandboxes, HAProxy, SSH & more

May 8, 2016 - Mattias Geniar

Welcome to cron.weekly issue #27 for May 8th, 2016.

This edition includes a list of upcoming conferences at the bottom, if you know of any more do let me know!

Enjoy this edition, more guides and tutorials than new projects this time, so plenty of how-to’s to help get you started.


Security week: 2x High Severity OpenSSL vulnerability & critical ImageMagick flaw

OpenSSL released 2 high severity patches and the ImageMagick image processing tool, widely used on webservers and in PHP, Ruby and NodeJS, has a critical Remote Code Execution vulnerability. You’ll want to patch both, ASAP.

Why Atom Can’t Replace Vim

I couldn’t live without my personalised .vimrc file on servers, but when I’m on a desktop I still prefer Github’s Atom text editor.

Chaos Monkey for Fun and Profit

The idea of a ‘Chaos Monkey’ came from Netflix: your randomly shutdown one of your servers (or multiple) in order to force developers and sysadmins to build resilient applications, that can withstand the failure of multiple parts. This post introduces a Docker container that runs the Chaos Monkey service continuously.

Understanding the bin, sbin, usr/bin , usr/sbin split

Modern Linux servers have several “bin” and “sbin” directories: the story behind it is both fascinating and, when you keep Linux’s age in mind, very obvious.

DuckDuckGo: Our 2016 Open Source Donations

I’m happy to read about large donations to open source projects! The DuckDuckGo search engine donated some serious money to OpenBSD, Tor, GPG and many other projects.

Save Yourself from Years of Turmoil by Using Docker Today

A fictional tale about the benefits of Docker and why you should start using it today.

The Open Source Maintainer’s Dilemma

Open sourcing software is super easy, but it comes at a burden: who’s going to maintain it? Open source is “free as in puppy”: it needs to be nurtured.

Getting Towards Real Sandbox Containers

A very interesting read on what it takes to consider containers (à la Docker, LXC) as sandboxed environments, together with a proposed solution.

Tools & Projects


The Katello project brings the full power of content management alongside the provisioning and configuration capabilities of Foreman: a local yum repository and snapshotted content (so you can guarantee repo packages are delivered the same way to all your hosts).

Redis 3.2.0 released

The new versions’ biggest feature is a Geo API, allowing you to index content by latitude and longitude and query it by radius. Many other improvements to master/slave configurations, data storing and memory efficiency.


rdedup is a tool providing data deduplication with compression and public key encryption written in Rust programming language. The primary use case is storing deduplicated and encrypted backups.


xo is a command line utility that takes an input string from stdin and formats the regexp matches. You might immediately think that this is a knockoff of sed, but xo has only one job: to format matches.


Bash function that allows to go up to a certain directory. Stop counting how many levels you have to go up in a folder tree and just type where you want to go! No more cd ../../../…

Guides & Tutorials

Creating a CentOS 7 VMware Gold Template

Many of us run our Linux instances on top of a virtualised stack: this post explains how you can create a “Golden Image” out of a CentOS 7.2 installation on VMware, to reuse in templates.

Test-driving web server configuration

An interesting approach to testing web server configs, like Nginx: how do you know your new configuration performs the right actions? This post uses rspec testing to take a test-driven approach that validates the correct functioning of an nginx config.

Preventing Ubuntu 16.04 from starting daemons when a package is installed

It’s personal preference, by I’m with Major on this one: it baffles me how services on Debian/Ubuntu start up immediately after installation, with a default (and often insecure) configuration. This post shows a way to prevent services to automatically start after installation.

Docker Compose and Docker network support in Puppet

The latest release of the Docker Puppet module adds support for Docker networking as well as integrating Puppet with Docker Compose. This blogpost shows what that Puppet code looks like.

LXD, ZFS and bridged networking on Ubuntu 16.04 LTS

A very clear tutorial on using the newly support ZFS filesystem on Ubuntu 16.04 (LTS) to run your LXD containers.

Linux System Administrator/DevOps Interview Questions

If you’re tasked with (technically) interviewing candidates for Sysadmin roles, which questions do you ask them? If you’re running out of inspiration, this list can give you some ideas.

Performance Checklists for Site Reliability Engineers 2016

If something goes wrong on your servers, where do you start to check? Brendan Gregg (performance engineer at Netflix) gave a presentation with practical tips on debugging performance-related issues (or downtime, for that matter) as quickly as possible.

Recompile NGINX with OpenSSL 1.0.2+ for HTTP/2 via ALPN – Ubuntu 14.04

The Chrome webbrowser will soon drop the NPN extension in favour of the new ALPN one, for protocol negotiation. This is a crucial part of the HTTP/2 support, but unfortunately most OpenSSL installations don’t support it. You need at least OpenSSL 1.0.2 and this post shows you how to upgrade your local OpenSSL installation.

How to Properly Close a Frozen SSH Session

How do you properly terminate a frozen session without closing your terminal? It turns out there is a very easy way yet not widespread.

NodeJS clustering

This post explains 2 ways of running NodeJS instances “clustered” (aka: multiple processes): the ‘cluster’ package and the ‘PM2’ package. Personally, I prefer multiple processes behind an Nginx load balancer.

Scaling down gracefully with AWS Lambda and HAProxy

There’s a lot of talk about scaling up: adding more instances to a load balancer and adding more and more capacity. This tutorial covers using AWS Lambda to gracefully scale down your instances.

Stack Overflow: How We Do Deployment – 2016 Edition

A very detailed explanation about how Stack Overflow handles it deployments: from git branches to the build system to performing database migrations, pretty much everything is covered.

Introducing Syslog to AWS Kinesis via Osquery

The team at AirBNB has open sourced several osquery enhancements that allow you to send syslog info easily Amazon Kinesis or Firehose for storing.

SSH for fun and profit

The author decided to write his own SSH client and documented its adventures in this blogpost: it covers, in great detail, how an SSH client works and what protocols are involved.

Pragmatic Debian Packaging

A very clear tutorial on building your own packages for Debian, without the complexity that the official guides seem to include.

Upcoming conferences

This is a new section that got suggested to me, but I’ll need your help to maintain it: if you know of interesting upcoming open source / linux conferences, let me know and I’ll happily include them.

NLUUG 2016

This conference takes place in Utrecht (Netherlands) on May 26th, 2016. The talks are varied and are “all things linux”, the schedule is already available online. (Some talks are in Dutch, so is the website)

Varnishcon: June 2016

This conference revolves around the Varnish caching and load balancing daemon, with tutorial sessions and a full day conference. It’s held in Amsterdam (Netherlands) on Friday June 17h.

Zabbix Conference: September 2016

ZabbixCon takes place in Riga (Latvia) on September 9-10th, 2016.

systemd.conf: September 2016

The conference around systemd will be held in Berlin, Germany, on September 28th until October 1st, 2016.

I respect your privacy and you won't get spam. Ever.
Just a weekly newsletter about Linux and open source.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!