Language Selection

English French German Italian Portuguese Spanish

Site News

Tux Machines is Now on Mastodon

Filed under
Site News

Tux Machines on Mastodon

Summary: We can now be found in Mastodon too

A FOSS and decentralised Twitter alternative has received plenty of media attention/traction lately, so Tux Machines belatedly joins in and we invite readers to follow us there if they wish to create an account. The popularity of the platform exploded (number of users quadrupled so far this month).

We've Made It! 100,000 Nodes

Filed under
Site News

A thousand dollars

Summary: Another milestone for Tux Machines, which will turn 15 in a couple of years

100,000 nodes in Tux Machines will have been published later tonight. This one will be assigned node ID/#99995. Earlier today someone anonymous told us, "I just wanted to say thank you for all the work you've done and new information updates at tuxmachines.org."

That's what we are here for -- to help spread information. We don't profit or gain anything from this site, but it's our way of giving back to the Free/Open Source software community.

On to 200,000 (this may take another decade or more).

Record-Breaking Traffic

Filed under
Site News

Summary: Quick report about site traffic

Tux Machines has been enjoying growth in recent weeks, though it's hard to attribute it to anything in particular. The following are the past 4 weeks' logs (we delete all logs after 4 weeks, for privacy reasons, assuring no long-term retention).

-rw-r--r--.  1 root root 389699117 Oct  9 04:40 access.log-20161009
-rw-r--r--.  1 root root 454715290 Oct 16 03:46 access.log-20161016
-rw-r--r--.  1 root root 478747167 Oct 23 03:12 access.log-20161023
-rw-r--r--.  1 root root 499911551 Oct 30 03:40 access.log-20161030

We recently quadrupled the servers' CPU capacity.

The above is not the complete picture. That's omitting all the Varnish activity, which handles the majority of the traffic but simply cannot cache all pages. We are still trying to reduce the frequency of spam incidents (some of the spamy submissions manage to inject JavaScript very briefly).

We'll soon reach the 100,000-node milestone of this Drupal site.

Web Site Traffic Growing

Filed under
Site News

The Linux Foundation recently added the Platform for Network Data Analytics (PNDA)

Panda

Panda

Summary: Network/traffic analytics for Tux Machines

ULTIMATELY, here in Tux Machines we strive to include every bit of relevant news (standalone pages for more important news, clusters of links for the rest, grouped by topic). We rarely blog although sometimes we add an opinion (marked "Ed", shorthand for "Editor").

It has been a long time since we last wrote about statistics. As readers may know by now, we only retain logs for up to 4 weeks (security/diagnostics purposes), then these get deleted for good so as to maintain privacy (we cannot be compelled to hand over data). Those logs show only direct hits, they don't include pages served through the cache* (Varnish) and here is the latest, where the date stands for "week ending":

-rw-r--r--.  1 root root 224439408 Aug  7 03:17 access.log-20160807
-rw-r--r--.  1 root root 310050330 Aug 14 03:22 access.log-20160814
-rw-r--r--.  1 root root 343901488 Aug 21 03:17 access.log-20160821
-rw-r--r--.  1 root root 344256886 Aug 28 03:15 access.log-20160828

The above indicates that, judging by the back end (not cache), traffic continues to increase. Over the past week the site was sometimes unbearably slow if not inaccessible. In the worse case we'll upgrade the server for extra capacity, assuring decent speed. Worth noting is that in the latest log (ending August 28th) less than 1,000 hits came from Edge, so very few among our visitors use the latest and 'greatest' from Microsoft.
____
* The cache server services several domains, notably Tux Machines and Techrights, and it averages at around 1.5 GB of traffic per hour.

Tux Machines Turns 12

Filed under
Site News

THE past few weeks were exceptionally busy for the site as readership grew considerably and the site turned 12. Originally, the site did not share Linux news but had various other sections. Years later Susan Linton made it the success story it is today and in 2013-2014 we only modernised the theme and kept the old tradition, format, etc. We hope this pleases longtime readers of the site. Comments on how the site is run are always taken into account.

Malicious Spam

Filed under
Site News

FOR those who may be wondering, we didn't get compromised or anything. We never had any such incidents. What happened earlier is that some spammer, who had created an account before we limited account creation (due to spam), made the spam expandable to the whole screen, covering many of the pages with that spam (overlay). We are working on code to help prevent such spamming so that legitimate users can post comments etc. without spammers ruining the experience for everyone else.

Baidu Stages De Facto DDOS Attacks (Updated)

Filed under
Site News

Summary: A 2-hour investigation reveals that Tux Machines is now the victim of an arrogant, out-of-control Baidu

TUX MACHINES has been mostly offline later this morning. It has evidently become the victim of Baidu's lawlessness, having fallen under huge dumps of requests from IP addresses which can be traced back to Baidu and whose requests say Baidu as well (we tried blocking these, but it's not easy to do by IP because they have so many). They don't obey robots.txt rules; not even close! It turns out that others suffer from this as well. These A-holes have been causing a lot of problems to the site as of late (slowdowns was one of those problems), including damage to the underlying framework. Should we report them? To who exactly? Looking around the Web, there are no contact details (in English anyway) by which to reach them.

Baidu can be very evil towards Web sites. Evil. Just remember that.

Update: 3 major DDOS attacks (so far today) led to a lot of problems and they also revealed that not Baidu was at fault but botmasters who used "Baidu" to masquerade themselves, hiding among some real and legitimate requests from Baidu (with Baidu-owned IP addresses). We have changed our firewall accordingly. We don't know who's behind these attacks and what the motivations may be.

Record Week

Filed under
Site News

Encounter with a penguin

QUIETLY but surely, last week marked an important milestone, with traffic at the back end (not the cache layer*) exceeding 1.8 million hits, thus establishing a new record. So far this week it looks as though we are going to break this record again. We hope that the new format, which places emphasis on high importance links (as standalone nodes) and puts less important links in topical groups (grouping like games or howtos), makes reading the site more convenient and makes keeping abreast of the news easier, without getting overloaded in a way that is not somewhat manageable (links inside groups are typically less important, as intended). We're open to any suggestions readers may have to ensure we remain a leading syndicator of GNU/Linux and Free/Open Source software news. Any feedback can improve the site.

_____
* It is difficult to measure what happens at the Varnish layer as it's shared among several domains, including Techrights.

Back to Normal Next Week

Filed under
Site News

IN CASE it's not already obvious, we have been posting fewer links since the 14th of this month because we are both away and we catch up with some news only when time permits. Today's hot day (38 degrees) will probably allow us to stay indoors more time than usual and therefore post some more links (from Rianne's laptop), but a week for now is when we'll properly catch up with everything that was missed and gradually get back to normal, hopefully for a long time to come.

Please bear with us while we enjoy our last chance to have a summer vacation. It's already cold back home in Manchester.

Operating Systems in Tux Machines

Filed under
Site News

Summary: Some numbers to show what goes on in sites that do not share information about their visitors (unlike Windows-centric sites which target non-technical audiences)

THE common perception of GNU/Linux is that it is scarcely used, based on statistics gathered from privacy-hostile Web sites that share (or sell) access log data, embed spyware in all of their pages, and so on. Our sites are inherently different because of a reasonable -- if not sometimes fanatic -- appreciation of privacy at both ends (server and client). People who read technical sites know how to block ads, impede spurious scripts etc. These sites also actively avoid anything which is privacy-infringing, such as interactive 'social' media buttons (these let third parties spy on all visitors in all pages).

Techrights and Tux Machines attract the lion's share our traffic (and server capacity). They both have dedicated servers. These are truly popular and some of the leaders in their respective areas. Techrights deals with threats to software freedom, whereas Tux Machines is about real-time news discovery and organisation (pertaining to Free software and GNU/Linux).

The Varnish layer, which protects both of these large sites (nearly 100,000 pages in each, necessitating a very large cache pool), handles somewhere between a gigabyte to 2.5 gigabytes of data per hour (depending on the time of day, usually somewhere in the middle of this range, on average).

The Apache layer, which now boasts 32 GB of RAM and sports many CPU cores, handled 1,324,232 hits for Techrights (ranked 6636th for traffic in Netcraft) in this past week and 1,065,606 for Tux Machines (ranked 6214th for traffic in Netcraft).

Based on VISITORS Web Log Analyzer, this is what we've had in Techrights:

Windows: (36.2%)
Linux: (31.8%)
Unknown: (e.g. bots/spiders): (23.0%)
Macintosh: (8.8%)
FreeBSD: (0.1%)

As a graph (charted with LibreOffice):

Techrights stats

Tux Machines reveals a somewhat different pattern. Based on grepping/filtering the of past month's log at the Apache back end (not Varnish, which would have been a more sensible but harder thing to do), presenting the top 3 only:

Tuxmachines stats

One month is as far as retention goes, so it's not possible to show long-term trends (as before, based on Susan's summary of data). Logs older than that are automatically deleted, as promised, for both sites -- forever! We just need a small tail of data (temporarily) for DDOS prevention.

Syndicate content

More in Tux Machines

Servers: Boltron, OpenStack, and GoDaddy

  • Announcing Boltron: The Modular Server Preview
    The Modularity and Server Working Groups are very excited to announce the availability of the Boltron Preview Release. Boltron is a bit of an anomaly in the Fedora world — somewhere between a Spin and a preview for the future of Fedora Server Edition. You can find it, warts (known issues) and all, by following the directions below to grab a copy and try it out. Fedora’s Modularity Working Group (and others) have been working for a while on a Fedora Objective. The Objective is generically called “Modularity,” and its crux is to allow users to safely access the right versions of what they want. However, there are two major aspects of “accessing the right versions.”
  • What you need to know about hybrid cloud
    At the center of hybrid cloud solutions sits open source software, such as OpenStack, that deploys and manages large networks of virtual machines. Since its initial release in October 2010, OpenStack has been thriving globally. Some of its integrated projects and tools handle core cloud computing services, such as compute, networking, storage, and identity, while dozens of other projects can be bundled together with OpenStack to create unique and deployable hybrid cloud solutions.
  • GoDaddy Drops Curtain on Its Cloud Business… Again
    Launched only a year ago, Cloud Servers was never intended to go after the big guys — AWS, Azure, GCP, and the like — and had no dreams of competing for well-heeled, big-business customers. Instead, it was hoping to position itself as a gateway to the cloud for small and medium sized businesses wanting to test the waters. In other words, it was hoping to take on DigitalOcean and Linode. It was also undoubtedly hoping to leverage the substantial base of its hosting business and convince some of those customers that their lives would only improve if they made a move to the cloud.

Kernel: "Secure Encrypted Virtualization" and New Blob From Nvidia

  • AMD Secure Encrypted Virtualization Updated For Linux
    While AMD's new Epyc processors have a new "Secure Encrypted Virtualization" feature, the support isn't yet mainlined in the Linux kernel but is getting closer.
  • Nvidia 384.59 Linux Graphics Driver Adds Support for GeForce GT 1030 GPUs, More
    Nvidia on Monday announced the release of a new long-lived graphics driver for Linux, FreeBSD, and Solaris-based operating systems, versioned 384.59, adding support for new GPUs, along with a bunch of bug fixes and improvements. Nvidia 384.59 is now considered the most advanced version of the proprietary graphics driver for GNU/Linux, FreeBSD, and Solaris platforms, which users should install on their personal computers running a supported Nvidia GPU immediately after reading this article.

Security: BKK, Password Managers, Kaspersky, Fruitfly, WHISTL, IoT and More

  • 18 year old guy arrested for reporting a shamefully stupid bug in the new Budapest e-Ticket system
     

    This last one was the one found by the 18 year old gentleman I started my story with. According to him, he doesn't even know how to program yet (he'll start the university this autumn). He just used the developer tools in the browser, that everybody has access to, saw that the price was being sent back to the server when he was about to make a purchase, and tried if he could change it. A monthly pass costs 9500HUF (about 30EUR) and he modified the price to 50HUF. When he got the confirmation that it worked and was able to see his pass in the app, he immediately emailed the BKK (the Transport Authority) that there was a serious problem. He got an email that his pass was invalidated, but otherwise they didn't get back to him. Instead, when it got leaked out to the press, and in a few hours everyone were talking about the above issues (not just this one), BKK together with T-Sytems Hungary started to what I would call massively covering their arses.  

  • How to use a password manager (and why you really should)
     

    Password managers remove both of these problems by generating and storing complex passwords for you. The password manager lives in your browser and acts a digital gatekeeper, filling in your login info when you need to get on a certain site. You just have to remember one (very secure!) master password for the manager itself, and everything else is taken care of for you. (For a quick introduction on creating a secure but memorable master password, check out this article.)  

  • US local govts still using Kaspersky software despite federal ban
     

    US local government agencies across the country are continuing to use software from Kaspersky Lab even though the federal government removed the company from a list of approved software suppliers for two government-wide purchasing contracts that are used to buy technology services.  

  • “Perverse” malware infecting hundreds of Macs remained undetected for years
    Besides the means of infection being unknown, the exact purpose of the malware is also unclear. Wardle said he found no evidence the malware can be used to install ransomware or collect banking credentials. That largely removes the possibility that Fruitfly developers were motivated by financial profit. At the same time, the concentration of home users largely rules out chances the malware was designed by state-sponsored hackers to spy on targets.
  • Exclusive: WHISTL Labs will be Cyber Range for Medical Devices
     

    The facilities, dubbed WHISTL, will adopt a model akin to the Underwriters Laboratory, which tests electrical devices, but will focus on issues related to cyber security and privacy, helping medical device makers “address the public health challenges” created by connected health devices and complex, connected healthcare environments, according to a statement by The Medical Device Innovation, Safety and Security Consortium (MDISS).

  • Smart fridges and TVs should carry security rating, police chief says
     

    Barton, the national policing lead for crime operations, proposed the idea as part of efforts to protect households from fraudsters and hackers in the era of the Internet of Things, where otherwise “dumb” devices can be put online and be interconnected for automation and smart appliance activities.

  • 'Devil's Ivy' Is Another Wake-Up Call for IoT Security

Fedora and Red Hat: Fedora Elections, Rawhide Notes, Financial Analysis