Language Selection

English French German Italian Portuguese Spanish

Site News

130,000!

Filed under
Site News

LOC number

YAY! It's Tux Machines' 130 thousandth post! (node)

Keeping a Web Site Safe and Available With or Without a CDN

Filed under
Site News

PostgreSQL

THE site Tux Machines is and has been online for over 15 years. It has not suffered security-related incidents. The same is true for Techrights, which soon turns 13. Tux Machines uses Gallery and Drupal, whereas Techrights uses MediaWiki, WordPress and Drupal. WordPress is its most important component as it contains over 26,000 posts. Tux Machines has about 130,000 nodes in Drupal. We don't use a CDN as we have a reasonably powerful server that can cope with the load on its own. For security we use best practices and keep critical issues plugged. I was recently asked for advice on these matters and explained things as follows.

There are mainly two types of attacks (maybe three if one includes social engineering, e.g. tricking a citizen journalist/blogger/administrator into a trap):

1) capacity-based, e.g. DDOS attack

2) exploiting vulnerabilities to degrade/compromise site's quality of service (similar to (1) above but not the same), access site data (confidential), spy on people (writers/staff/visitors) without them being aware.

WordPress runs lots of stuff and powers a lot of the Web, maybe 20% (or more) of today's Web sites. It's regularly checked for security issues and bugs are regularly fixed. Updates can be set to automatic, which means they happen in the background without user intervention. I check the site for updates several times per day, e.g. this one from yesterday.

I've used WordPress for 15 years as an early adopter and developer.

What's known as the "core" of WordPress is generally secure if kept up to date, manually or automatically (for large sites it might make sense to apply patches manually to reduce risk of unnoticed incidents and enable quality control, patch assessment etc). It's also important to keep the underlying operating system and pertinent packages like PHP (programming language), mysql/psql (WordPress and Drupal typically use MariaDB or MySQL as the database, but PostgreSQL should be possible too) and Apache (there are simpler alternatives e.g. NGINX for Web server) up to date.

If we get to keep everything up to date, and moreover we don't install WordPress extensions that cannot be trusted or are no longer maintained (or scarcely maintained), we should be OK. The social engineering part involves stuff such as phishing, e.g. someone sending out an E-mail in an attempt to obtain passwords of privileged users.

If you use a CDN for content distribution, e.g. CloudFlare, then availability will be mostly down to the CDN company. WordPress generates pages on the fly (dynamic), but it has caching mechanisms that can be further improved with extensions. The CDN likely obviates the need for those. So, if the site is receiving 'too many' requests, the CDN can probably scale to deal with that (maybe a more expensive protection plan).

I peronsally would never use CloudFlare (for a lot of reasons), but to many people it's the only CDN that 'counts' or exists. Brand recognition perhaps.

Contact Private Internet Access (PIA) Managers to Help Save Linux Journal From Shutdown

Filed under
Site News

Private Internet Access

TUX MACHINES turned 15 almost exactly two months ago. The site has operational costs, as one can expect, mostly the hardware and bandwidth. We've thankfully had these resources very kindly donated to us last year, basically saving us the massive burden of bills somewhere around $10,000. Running a site with a lot of traffic isn't cheap and it isn't getting cheaper, either. As an overhead or addition to server maintenance (uptime requires habitual work on repairing databases, managing backups, patching of software and agonising system upgrades once in a few years) it takes a lot of time to compose new material and moderate to keep spam out.

A lot of the mainstream media is bashing Linux Journal right now. It makes it seem like its demise is a problem with GNU/Linux itself. These are villainous lies from self-serving foes of Linux, sometimes people who are aligned with Microsoft or salaried by Microsoft (we don't want to link to their provocative clickbait). But anyway, the bottom line is that keeping Linux Journal online may be costly and people should prepare for the possibility of Linux Journal becoming unavailable (offline) some time soon. I try very hard to prevent this (today and yesterday). "There is a real (and ever-growing) danger that a massive trove of GNU/Linux and Free software history will vanish unless urgent action is taken right now," I said. There are ways to avoid this (writers of that site need to unite in a union-like sense). I also secure my own sites from such a fate, having reached almost 13 years in Techrights. This week the site is experiencing all-time traffic records.

I've decided to contact Rick Falkvinge (Dick Greger Augustsson), founder of the Swedish Pirate Party and head of privacy at Private Internet Access, which owns Linux Journal. Bear in mind he used to work for Microsoft. We're still friendly online (we've exchanged some messages over the years) and he probably has sufficient clout at Private Internet Access to sway their decisions. In case they plan to shut down the site, we must act fast. Please contact him; as per his Web site, his E-mail address is x1bpsas66na001@sneakemail.com and any message he receives he can relay to other high-level people at the company. I don't personally know anyone else at that company, so that's the only contact I'm able to provide.

Photos: 15-Year Anniversary Party

Filed under
Site News

Tux Machines Over the Past 15 Years

Filed under
Site News

2005

Tux Machines site in 2005

2010

Tux Machines site in 2010

2012

Tux Machines site in 2012

2013

Tux Machines site in 2013

Late 2013

Tux Machines site in late 2013

2014

Tux Machines site in 2014

2015

Tux Machines site in 2015

2019

Tux Machines site in 2019

Happy 15th Anniversary to Tux Machines

Filed under
Site News

Anniversary of Tux Machines

Summary: Anniversary of Tux Machines is today, a special anniversary too

Today Tux Machines is celebrating its 15th year of existing. When we bought the website it was about 10 years old, so kudos to Susan Linton who devoted time to make and keep the site on pace. We promise to keep the website up to date with lots of insightful OSS/FOSS/Linux/Android-related articles. We hope to continue the job well into the distant future.

Tell Us About Your (or Others') GNU/Linux Blogs

Filed under
Site News

THE MEDIA online is dying. It's no secret. Not all sorts of media are dying but traditional media struggles to survive. Causes for these have been explained for years if not more than a decade. This won't be the subject of this post.

Tux Machines does not produce a lot of original material. Susan used to publish GNU/Linux reviews (with galleries of screenshots), but other than that we mostly cluster and syndicate news. This has been the case for nearly 15 years (our anniversary is next month).

Each year it feels like mainstream media produces a lot less stories (not just about GNU/Linux but about anything, in general terms). So we're 'mining' more and more RSS feeds, typically of blogs. Do you have a GNU/Linux blog or know one/s you wish to recommend? Let us know in the IRC channel because we always hunt for more news sources, no matter if they're 'mainstream' or not as long as they're credible, reliable, and on topic.

Fifteenth Anniversary of Tux Machines Coming Soon

Filed under
Site News

NOT many Internet enterprises or even protocols outlast the Web. IRC is under attack, E-mail is being hijacked by large corporations (the business model of spying), and copyright monopolies compel ISPs to disconnect from USENET. Even without the Web there's a similar problem; not many sites last a decade; some last a few years until interest is lost or life-changing events cause stagnation and ultimately shutdown (it's not cheap to keep a domain registered and it can be technically difficult to keep a host going). Some sites or blogs remain active only for days, weeks, months. Not many sites have lasted 2 decades. Some become dormant and shelved. Some suffer the "Google Plus effect" (host decides it's not viable to carry on hosting, mostly for selfish "business reasons").

Tux Machines domainTux Machines remains very active. Every day, almost every hour. Even when we're on holiday (or abroad) we still log in and post the more crucial news. We never wink or lose a heartbeat. Dedication like this becomes almost addictive.

In less than a couple of months the site will turn 15. We're planning to celebrate locally somehow (a little party), knowing that it's a rare event and seeing how the Web becomes just "apps" and "social media" it's hard to guarantee we'll reach 20 (we sure hope so). Over the years we've considered modernising the site (CMS overhaul), but such novelty may entail bloat, speed losses, 'UX' erosion, and a lack of 'traditional' feel, maybe even issues associated with navigation, user familiarity, backward compatibility of URLs (we still use node numbers!) and so on.

Real-time Tux Machines Chat Over IRC (Internet Relay Chat)

Filed under
Site News

The first IRC server
"The first IRC server, tolsun.oulu.fi, a Sun-3 server on display near the University of Oulu computer centre." Credit/licence: CC BY 2.5, Urpo Lankinen

TUX MACHINES reached all-time record traffic in the past couple of weeks. This (raw) traffic now stands at about 4 million hits/week, with 3,970,777 hits in the past 6 days and 4,289,540 hits last week (predating these 6 days). It's just a shame that interaction with readers became hard; the forums had a severe spam issue, as did comments and submissions (by new registrants, always, more so at a later stage) -- to the point where it became impractical to allow any new registrations (except adding people manually upon request). The open/incognito registrants would overrun the site within minutes (we tried several times over the years and saw the effect immediately).

So we've decided to try IRC and have added "IRC" to the menu at the top with an applet (JavaScript) to make life easier for those who aren't familiar with IRC clients.

Here's how to join us. This is still experimental. Real-time updates with posts (as they are posted) will in due course be shown in the channel and we can all casually chat in real-time, too. We are also still working on our Android app these days.

Testers Wanted: Android App for Tux Machines Site

Filed under
Site News

APK icon

Diaspora logo Mastodon logo Pleroma logo

Tux Machines is turning 15 this summer and as we noted over the weekend, many people now access the site using mobile devices, for which the site provides a subpar experience due to legacy. RSS feeds are therefore recommended. There's our RSS feed for news, RSS feed for Tux Machines Blogs and another for Techrights, where I write my original articles.

Most readers, however, do not use RSS feeds. Consider the 700 followers of our Twitter account, the 2,365 followers of our Diaspora account, 1,080 followers of our Mastodon account, and 63 followers of our Pleroma account (so about 4,000 in total). Those are dependent on third parties (we do not self-host these platforms). Even if "apps" are used for access to these social media platforms/sites, the links would lead to Tux Machines Web pages, which don't render particularly well on small screens (phones). So we've made this simple "app" for the site, but we're still testing it. If anyone out there can try it on an Android device and report back to us, we'll appreciate it greatly and use the feedback to improve it.

Screenshot Tux Machines app

Syndicate content

More in Tux Machines

today's leftovers

  • Arm Server CPUs: You Can Now Buy Ampere's eMAG in a Workstation

    Avantek offers the system with three optional graphics cards: AMD FirePro W2100, a Radeon Pro WX 5100, and the NVIDIA Quadro GV100. OS options are variants of Linux: Ubuntu, CentOS, SUSE SLES, and openSUSE.

  • A General Notification Queue Was Pushed Back From Linux 5.5 Introduction

    Red Hat has been working on a "general notification queue" that is built off the Linux kernel's pipe code and will notify the user-space of events like key/keyring changes, block layer events like disk errors, USB attach/remove events, and other notifications without user-space having to continually poll kernel interfaces. This general notification queue was proposed for Linux 5.5 but has been pushed back to at least 5.6. This Linux kernel general notification queue builds off a standard pipe and allows user-space applications to efficiently become aware of changes to block devices (disks), keys, USB subsystem happenings, and other possible events. The proposed documentation spells out more of the planned functionality and behavior.

  • openSUSE Tumbleweed – Review of the weeks 2019/48 & 49

    Once again I’m spanning two weeks; besides the normal work on getting you openSUSE Tumbleweed updated and timely delivered, the release team has been working together with the build service team to implement/stabilize the OBS-internal staging workflow. There is (should) not be any real noticeable difference for the contributors – except the new used URLs. The Factory Staging dashboard can now be found at https://build.opensuse.org/staging_workflows/1 During the last two weeks, we have pushed out 10 Tumbleweed Snapshots (1121, 1122, 1123, 1124, 1126, 1127, 1128, 1202, 1203 and 1204) containing those changes...

  • Rugged Coffee Lake PCs offer up to two PCIe slots and two HDD bays

    Nexcom’s fanless, Linux-ready “NISE 3900 Series” features an 8th Gen Coffee Lake CPU with triple display support plus M.2, mini-PCIe, 3x GbE, 10x USB, and 2x serial ports. Six different models have various combinations of PCIe, PCI, and SATA. Nexcom announced a new series in its NISE family of industrial computers that follows recent models such as the Apollo Lake based NISE 51. The rugged NISE-3900 Series systems run Linux Kernel 4.9 or Windows 10 on Intel’s 8th Gen Coffee Lake CPUs, including the quad-core Core i3-8100T and the hexa-core, 2.1GHz i5-8500T and 2.4GHz i7-8700T.

  • More new books from The MagPi and HackSpace magazines

    If our recent release of Retro Gaming with Raspberry Pi, Getting Started with Arduino, and Coding the Classics isn’t enough for you, today sees the release of TWO MORE publications from Raspberry Pi Press!

OSS Leftovers

  • Ardour Digital Audio Workstation Finally Adds Native MP3 Importing Support

    While lossy compression audio formats like MP3 are not recommended for use within professional audio tasks, for those using the open-source Ardour digital audio workstation (DAW) software as of today there is finally native MP3 import support. Obviously it's better working with lossless audio formats as source material for Ardour and other digital audio workstation software suites, but given how common MP3 content is, there certainly is relevance to being able to import MP3s into DAWs. But historically due to licensing/patent issues, MP3 support within Ardour hasn't been possible -- thus leading to common complaints/questions by users over the years.

  • Certbot Leaves Beta with the Release of 1.0

    Earlier this week EFF released Certbot 1.0, the latest version of our free, open source tool that helps websites encrypt their traffic. The release of 1.0 is a significant milestone for the project and is the culmination of the work done over the past few years by EFF and hundreds of open source contributors from around the world.

    Certbot was first released in 2015 to automate the process of configuring and maintaining HTTPS encryption for site administrators by obtaining and deploying certificates from Let's Encrypt. Since its initial launch, many features have been added, including beta support for Windows, automatic nginx configuration, and support for over a dozen DNS providers for domain validation.

  • Open Repos provides code metrics on open source projects

    GitClear is offering Open Repos as a free product, though it is not open source. GitClear’s paid product offers many of the same insights and more. Long-term plans include allowing projects to embed an Open Repos view of a project in their site, and “improving data quality before adding features.”

  • Improvements in LibreOffice’s PowerPoint presentation support

    LibreOffice’s native file format is OpenDocument, a fully open and standardised format that’s great for sharing documents and long-term data storage. Of course, LibreOffice does its best to open files made by other office software as well, even if they’re stored in pseudo-“standards” with cryptic and obfuscated contents. Compatibility with PowerPoint PPT(X) presentations is therefore a challenge, but developers are working hard on improvements… A few months ago, we announced an initiative to improve the support of PPT and PPTX files in LibreOffice. Lots of great work happened since then and the results are collected below!

  • People of WordPress: Jill Binder

    Jill Binder never meant to become an activist. She insists it was an accident. Despite that, Jill has led the Diversity Outreach Speaker Training working group in the WordPress Community team since 2017. This group is dedicated to increasing the number of women and other underrepresented groups who are stepping up to become speakers at WordPress Meetups, WordCamps, and events. [...] The following year her internship advisor, who had become a client, was creating the first ever BuddyCamp for BuddyPress. He asked Jill to be on his organizing team. At that event she also moderated a panel with Matt Mullenweg. Then, Jill was invited to be on the core organizing team for WordCamp Vancouver. Part of this role meant reviewing and selecting speakers. From 40 speaker applications the team had to pick only 14 to speak.

  • Mint: Late-Stage Adversarial Interoperability Demonstrates What We Had (And What We Lost)

    In 2006, Aaron Patzer founded Mint. Patzer had grown up in the city of Evansville, Indiana—a place he described as "small, without much economic opportunity"—but had created a successful business building websites. He kept up the business through college and grad school and invested his profits in stocks and other assets, leading to a minor obsession with personal finance that saw him devoting hours every Saturday morning to manually tracking every penny he'd spent that week, transcribing his receipts into Microsoft Money and Quicken.

    Patzer was frustrated with the amount of manual work it took to track his finances with these tools, which at the time weren't smart enough to automatically categorize "Chevron" under fuel or "Safeway" under groceries. So he conceived on an ingenious hack: he wrote a program that would automatically look up every business name he entered into the online version of the Yellow Pages—constraining the search using the area code in the business's phone number so it would only consider local merchants—and use the Yellow Pages' own categories to populate the "category" field in his financial tracking tools.

today's howtos

Programming: Kotlin, Python and More

  • Android’s commitment to Kotlin

    When we announced Kotlin as a supported language for Android, there was a tremendous amount of excitement among developers. Since then, there has been a steady increase in the number of developers using Kotlin. Today, we’re proud to say nearly 60% of the top 1,000 Android apps contain Kotlin code, with more and more Android developers introducing safer and more concise code using Kotlin. During this year’s I/O, we announced that Android development will be Kotlin-first, and we’ve stood by that commitment. This is one of the reasons why Android is the gold partner for this year’s KotlinConf.

  • Google Reaffirms Commitment To Kotlin Programming Language For Android

    Google is continuing to embrace Kotlin programming for Android, making more Android APIs accessible by Kotlin, Jetpack Compose as a UI toolkit catered to Kotlin, and Kotlin extensions for more Google libraries. Google is also working to offer more Kotlin + Android learning material, working with JetBrains on improving the Kotlin code compiler, speeding up the build time of Kotlin code, and other improvements.

  • Comparing equivalent Python statements

    While teaching one of my Python classes yesterday I noticed a conditional expression which can be written in several ways. All of these are equivalent in their behavior...

  • Serving Files with Python's SimpleHTTPServer Module

    Servers are computer software or hardware that processes requests and deliver data to a client over a network. Various types of servers exist, with the most common ones being web servers, database servers, application servers, and transaction servers. Widely used web servers such as Apache, Monkey, and Jigsaw are quite time-consuming to set up when testing out simple projects and a developer's focus is shifted from producing application logic to setting up a server. Python's SimpleHTTPServer module is a useful and straightforward tool that developers can use for a number of use-cases, with the main one being that it is a quick way to serve files from a directory. It eliminates the laborious process associated with installing and implementing the available cross-platform web servers. Note: While SimpleHTTPServer is a great way to easily serve files from a directory, it shouldn't be used in a production environment. According to the official Python docs, it "only implements basic security checks."