Drupal's very own Mollom is a Free/Open Source (collaboratively-developed and freely-shared) software for battling script kiddies and fighting against SPAM. The past 2 weeks were difficult because spammers exploited the fact that we had opened up the site for registration/subscription (to leave comments). After exploring some options for dealing with the problem (spam making it to the front page even!) we found that Mollom was good enough to eliminate almost 100% of all of spam (so far). Hence, for the time being, it seems safe to say now that we beat the script kiddies. Thanks, Mollom! █
Tux Machines behind Varnish cache proxy
Summary: Tux Machines growth and a note regarding SPAM prevention after a week or so of experiments
Here are the first four weeks' log sizes, plotted with LibreOffice and demonstrating week-to-week growth since the site's nameservers changed and the server moved to CoPilotCo. After 4 weeks all logs get deleted (
logrotate) to ensure privacy through lack of data retention (except short term in case of DDOS).
Script kiddies can't get their way
Summary: Script kiddies made it impractical to manage comments and forum posts; we are trying to tackle this issue today
IN ANOTHER attempt to restore user registrations, this time on the new server which has just been configured for mail, we are enabling anyone to quickly self-register (takes less than a minute and requires no verification), then immediately post comments, forum posts, etc.
Summary: Recent changes at Tux Machines, in just a nutshell
INSPIRED in part by Slashdot, we recently added topical icons to submissions, applying these changes retroactively to over 50,000 older pages. The idea was, this can improve orientation by helping to quickly associate text with topics. More minor modifications were made as well, some textual and some layout related. They are subtle but they can be seen. After receiving feedback regrading icons size we made further modifications. Regarding social media buttons, some of the ones we initially found were unbelievably privacy-infringing (allowing Google, Facebook, Twitter etc. to see visitors of this site), so we disabled them immediately and replaced them with static buttons. Right now we can assure that whenever loading pages in this Web site nothing except our security-aware network gets contacted. We share no data about visitors (with anyone) and Apache logs get shredded for good after a few weeks, leaving sufficient trail just in case of attacks on the site, which would merit investigation. Log rotation is similarly privacy-respecting at the cache level, which leads to the following point.
Today, after the above changes had been made and stability attained (there were some network disruptions yesterday), we also updated Drupal, ensuring it is secure and fully up to date (the latest minor bugfix release is a month old). There is still an issue with Varnish and until we tackle this issue users who are not logged in might be getting error pages. One way to overcome this is to append "?something" to the URL requested. This bypasses the Varnish cache until we finish our investigation of this issue and resolve it for good. █
Update: The issue with Varnish turns out to be a conflict between two caching layers. It's fixed now. If you spot an issue, still, please let us know.
Update #2: Yesterday we identified another issue and soon thereafter fixed it. After Twitter syndication had failed we realised that RSS feeds were not standards-compliant, due to a blank line at the start of each generated page in Drupal. This is a common issue and it is a nightmare to debug (requires a complete code review with help of GNU utilities like grep). After 4 hours of investigation I found the culprit and fixed the coding error. RSS feeds are back.
I started to say "this is goodbye," but just because I sold the site doesn't mean I won't be around Linuxville. I'm still writing at ostatic and I may turn up here now and again as well. I'll be looking around to expand my writing after the new year too, so you're not rid of me yet. But the sale on tuxmachines.org has been completed.
I guess tuxmachines.org has been sold for $1000. I know it's kinda low, but times have changed and the new owner plans to carry on the tuxmachines tradition.
Well, I think I'm going to accept one of the two $1000 bids received, unless anyone else wants to bid...
I've decided to try and see if anyone might be interested in buying and doing something with my domain and site. So, today, I'm posting this ad here: tuxmachines.org for sale.
Update: I've received some bids and will decide by Monday....
Sorry I've slowed down on gathering the interesting news lately. I think my blood pressure is back up or something. I'm trying to get a dr appointment. But I'm trying to get back up to speed. Thanks for your patience.