Language Selection

English French German Italian Portuguese Spanish

Flathub, brought to you by…

Filed under
Red Hat

Mythic Beasts is a UK-based “no-nonsense” hosting provider who provide managed and un-managed co-location, dedicated servers, VPS and shared hosting. They are also conveniently based in Cambridge where I live, and very nice people to have a coffee or beer with, particularly if you enjoy talking about IPv6 and how many web services you can run on a rack full of Raspberry Pis. The “heart” of Flathub is a physical machine donated by them which originally ran everything in separate VMs – buildbot, frontend, repo master – and they have subsequently increased their donation with several VMs hosted elsewhere within their network. We also benefit from huge amounts of free bandwidth, backup/storage, monitoring, management and their expertise and advice at scaling up the service.

Starting with everything running on one box in 2017 we quickly ran into scaling bottlenecks as traffic started to pick up. With Mythic’s advice and a healthy donation of 100s of GB / month more of bandwidth, we set up two caching frontend servers running in virtual machines in two different London data centres to cache the commonly-accessed objects, shift the load away from the master server, and take advantage of the physical redundancy offered by the Mythic network.

As load increased and we brought a CDN online to bring the content closer to the user, we also moved the Buildbot (and it’s associated Postgres database) to a VM hosted at Mythic in order to offload as much IO bandwidth from the repo server, to keep up sustained HTTP throughput during update operations. This helped significantly but we are in discussions with them about a yet larger box with a mixture of disks and SSDs to handle the concurrent read and write load that we need.

Even after all of these changes, we keep the repo master on one, big, physical machine with directly attached storage because repo update and delta computations are hugely IO intensive operations, and our OSTree repos contain over 9 million inodes which get accessed randomly during this process. We also have a physical HSM (a YubiKey) which stores the GPG repo signing key for Flathub, and it’s really hard to plug a USB key into a cloud instance, and know where it is and that it’s physically secure.

Read more

More in Tux Machines

OSS Leftovers

  • This Program Makes It Even Easier to Make Deepfakes

    A new method for making deepfakes creates realistic face-swapped videos in real-time, no lengthy training needed. Unlike previous approaches to making deepfakes—algorithmically-generated videos that make it seem like someone is doing or saying something they didn’t in real life—this method works on any two people without any specific training on their faces. Most of the deepfakes that are shared online are created by feeding an algorithm hundreds or thousands of images of a specific face. The algorithm "trains" on that specific face so it can swap it into the target video. This can take hours or days even with access to expensive hardware, and even longer with consumer-grade PC components. A program that doesn’t need to be trained on each new target is another leap forward in making realistic deepfakes quicker and easier to create. [...] On their project website, the researchers say that the project code will eventually be available on GitHub...

  • 5 Free and Open Source CRM Software

    We’re here to save you time by going over some of the most popular free and open source CRM solutions and when you should consider paid system...

  • A free/open tool for making XKCD-style "hand-drawn" charts

    Tim Qian, a "full stack developer and open source activist," has published chart.xkcd, a free/open tool that lets you create interactive, "hand-drawn" charts in the style of XKCD comics. It's pretty fabulous!

  • The Secret Source: Machine Learning and Open Source Come Together

    There was a time when banks and asset managers would dare not talk about their use of AI—and, specifically, machine learning—in public forums, as they either viewed it as taboo or they wanted to hide its power from competitors. The secret, though, is out of the black box.

  • How China became a hero in open source

    China was once a relative zero when it came to software. Not anymore. In both proprietary and open source development, China's influence is growing. Sure, open source has helped to fuel that rise—as Swim.ai CTO Simon Crosby has suggested, "Now [China] can download our best, for free, every day"—but this tells an incomplete story. China may have been a net consumer of code once upon a time, but now has gone from zero to hero in open source.

  • The 7 Best Tools for Open-Source Network Bandwidth Monitoring

    Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic passing a given point on a network. Typically, the measuring point is a router or switch interface but it’s not uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is. There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. This is a fact of life. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users. Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when. Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

  • Au Revoir DTW

    While I wanted to use it for my tiny, crazy, work in progress thoughts, I find that it was increasingly being subsumed by my new shiny Mastodon. And as the volume of things I write now scales up, I do not want another place to maintain.

  • How To Promote Real Social Good

    It was big news this week when the nation’s most powerful chief executives finally acknowledged that corporations should contribute more to society than maximizing shareholder value. [...] This news story caught our attention here at Purism because we have been thinking about how to build a company that promotes social good. Our company was incorporated in Washington State as a Social Purpose Corporation. [...] We at Purism are grateful to the many US states offering to give companies the freedom to actually benefit society, rather than contribute to its ills. We believe that consumers who really care about their freedom, privacy, and security, or other issues like climate change, seek out companies like ours that exist, first and foremost, to do something important that can better people’s lives. We use capitalism, and the corporate form, to build a sustainable company that can continue to serve our mission. Making money is a means to an end, not the end itself. We exist for our customers, not for our shareholders, and our shareholders back us because know the social good that comes from our efforts. People parting with their hard-earned money for products and services deserve that much.

Security Leftovers

  • Security Researchers Find Several Bugs in Nest Security Cameras

    Researchers Lilith Wyatt and Claudio Bozzato of Cisco Talos discovered the vulnerabilities and disclosed them publicly on August 19. The two found eight vulnerabilities that are based in the Nest implementation of the Weave protocol. The Weave protocol is designed specifically for communications among Internet of Things or IoT devices.

  • Better SSH Authentication with Keybase

    With an SSH CA model, you start by generating a single SSH key called the CA key. The public key is placed on each server and the server is configured to trust any key signed by the CA key. This CA key is then used to sign user keys with an expiration window. This means that signed user keys can only be used for a finite, preferably short, period of time before a new signature is needed. This transforms the key management problem into a user management problem: How do we ensure that only certain people are able to provision new signed SSH keys?

  • Texas ransomware attacks deliver wake-up call to cities [iophk: Windows TCO]

    The Texas Department of Information Resources has confirmed that 22 Texas entities, mostly local governments, have been hit by the ransomware attacks that took place late last week. The department pointed to a “single threat actor” as being responsible for the attacks, which did not impact any statewide systems.

  • Texas Ransomware Attack

    On Security Now, Steve Gibson talks about a huge ransomware attack. 23 cities in Texas were hit with a well-coordinated ransomware attack last Friday, August 16th.

  • CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry

    Apache Tapestry uses HMACs to verify the integrity of objects stored on the client side. This was added to address the Java deserialization vulnerability disclosed in CVE-2014-1972. In the fix for the previous vulnerability, the HMACs were compared by string comparison, which is known to be vulnerable to timing attacks.

GNOME Feeds is a Simple RSS Reader for Linux Desktops

Feedreader, Liferea, and Thunderbird are three of the most popular desktop RSS readers for Linux, but now there’s a new option on the scene. GNOME Feeds app is simple, no-frills desktop RSS reader for Linux systems. It doesn’t integrate or sync with a cloud-based service, like Feedly or Inoreader, but you can import a list of feeds via an .opml file. “Power” users of RSS feeds will likely find that GNOME Feeds a little too limited for their needs. But the lean feature set is, arguably, what will make this app appeal to more casual users. Read more

GNU Radio Launches 3.8.0.0, First Minor-Version Release In Six Years

The GNU Radio maintainers have announced the release of GNU Radio 3.8.0.0, the first minor-version release of the popular LimeSDR-compatible software defined radio (SDR) development toolkit in over six years. “It’s the first minor release version since more than six years, not without pride this community stands to face the brightest future SDR on general purpose hardware ever had,” the project’s maintainers announced this week. “What has not changed is the fact that GNU Radio is centred around a very simple truth: Let the developers hack on DSP. Software interfaces are for humans, not the other way around. And so, compared to the later 3.7 releases, nothing has fundamentally modified the way one develops signal processing systems with GNU Radio: You write blocks, and you combine blocks to be part of a larger signal processing flow graph.” Read more