Language Selection

English French German Italian Portuguese Spanish

Roy Schestowitz's blog

Photos: Tux Machines at 18

Filed under
Site News

Tux Machines Eighteen

Tux Machines Eighteen

Tux Machines Eighteen

Tux Machines Eighteen

Tux Machines Eighteen

Tux Machines Eighteen

We're Eighteen Today

Filed under
Site News

TuxMachines at 18

TODAY is a special day because tuxmachines.org was registered exactly 18 years ago. We recently renewed this domain's registration for 5 more years (i.e. until middle of 2027) as we certainly expect the site to go on and on for a long time to come.

As people who do technology for a living, with a focus on Free software in particular, running this site is also an educational experience. It helps keep track of what's happening (e.g. new releases, security patches) and if other people find our news picks useful, it motivates us to keep it updated 24/7 every day of the year. We of course receive a lot of help from submitters who themselves produce original works (articles). A personal word of gratitude to all and an outlook (as video):

Video download link | md5sum 7db0f40f2834a02615c5a7d16a7151b2
Turning 18
Creative Commons Attribution-No Derivative Works 4.0

tuxmachines.org is a very busy news hub. Before Alexa.com was shut down (and we before we shunned Phoronix) Alexa said that tuxmachines.org was the biggest source of traffic to Phoronix.

ICANN on tuxmachines.org

Tux Machines All Grown Up Soon

Filed under
Site News

18th birthday
Coming soon!

IN a matter of days we'll celebrate our birthday or anniversary. It started in 2004 and it's still going strong.

We have some potential improvements for the site in mind.

We Turn 18 Next Month

Filed under
Site News

ICANN on tuxmachines.org

A month from now this site turns 18. No special event is planned, but we're gratified to have come this far. Days ago we registered the domain for 5 more years (2027), seeing that everything continues to grow, just like GNU/Linux itself (along with BSDs). Thanks to the many people who choose this site as their daily "news fix"...

We remain apprehensive about social control media, including Twitter. We suggest people subscribe via RSS rather than external third parties. The latter simply cannot be relied on. For instance, earlier this year JoinDiaspora joined the many dead Diaspora pods; it shut down and we had to start a new account in another pod, taking us down from thousands of subscribers to only zero.

Migration of Diaspora Account

Filed under
Site News

No more joindiapora... psyco.fr?

If you have been following Tux Machines over Diaspora, be sure to update to the existing pod, psyco.fr. Our account is here following the shutdown of the JoinDiaspora pod earlier this month.

Be Careful What You Wish For...

Filed under
Just talk

Ukrainian Flag Editorial

A CONCEPT like "Free software" was formulated more than 38 years ago at MIT (United States). Linux, the kernel, came from a neighbour of Russia in 1991. The father of Linus Torvalds is a politician known for his connections to Russia; he encouraged non-confrontational politics, the mindset of co-existence. At the moment there are attempts to leverage Free software projects for political purposes, mostly by banning Russians and sometimes Belarusians (collective punishment). This approach is deeply misguided because it's unlikely to accomplish anything except harm to Free software. It's striking at the very core of what GNU/Linux is and what it stands for. Be careful what you wish for...

Microsoft is Faking It and Windows Market Share Worldwide Now Lowest Since the Release of Vista 11

Filed under
Linux

With February now over, let's examine the actual numbers; Microsoft boasts "success", but that's just "fake news"...

Windows share

We're winning; Failing that, we nuke Linux/Android!

Our 18-Year Anniversary is Fast Approaching and We Move on From JoinDiaspora

Filed under
Site News

Almost 2,500 "followers" will be lost

linux joindiaspora connections

OVER the past couple of years we've not done anything special in site anniversaries, except the 15th (months before the COVID-19 outbreak). We'll soon change our account in Diaspora because JoinDiaspora is shutting down. Our account had been there for over a decade, even before it was adopted by TuxMachines, but all things come to an end. We'll say more nearer to the time of migration (some time in March).

Dancing penguins

The Command Line Challenge

Filed under
Just talk

Authored by Andy Farnell

Free red light

Cheapskates wonderful guide is currently running a "One Week Command Line Challenge". Some of the students I teach now are so young (to an old beard like me) they think this is some "crazy new thing". Is there new hope and a new perspective to be explored here? Something other than retro and cool. Perhaps historical baggage, the narrative of how "superior" graphical interfaces replaced "old" consoles is an obstacle to new visions for the next generation?

As a lifelong textual user interface (TUI) user this got me thinking. If you were to give me "The GUI Challenge" I'd be sunk! My world (dwm, emacs, w3m etc) feels so familiar, it's in my bones. After thirty or forty years on the command line if I were forced to use "normal computers" it would cripple my ability to do anything.

The command-line is super empowering, but particular. Put me on a Mac or Windows machine and I revert to a child-like flap, randomly clicking around on icons that look promising. I'd be twenty times less productive than my peers, yet, modesty be damned, I'm ten times more effective/productive at average computing tasks than other professionals when in my comfort zone - at the command-line. Isn't this true for us all, that we have our comfy shoes?

Of course this isn't about some innate inability to use graphical tools. I've mastered some jolly complex ones like Blender and Unreal editors (virtual world building), and ProTools or Ardour (for sound and music). One of the most complex I recall was a VLSI/CAD creator that used two four button mice (or mouse and ball).

So, is the command line challenge unfair? I am no more capable of quickly learning a new graphical paradigm than an entrenched GUI user is of adopting the keyboard and console. This probably applies at any age or ability level where you are comparing like-for-like paradigm switching.

No, the issue here is deeper and is about utility paradigms. How do people relate to computers as tools at the highest level - at the operating system level and above?

If you dig back in the Usenet and mailing-list archives, you'll find fascinating, passionate and intelligent debates on the merits of different interfaces going right back to Xerox-PARC. They are really separate computing cultures. There's a fair historical summary here.

The above history ends in 2001. GUIs did not end there, the debate has moved further, and many new things have not been well analysed. Mobile, which essentially emulates button-based handheld appliances, cannot really be compared to GUI (in its traditional sense), even though it's technically a computer running a graphical interface.

It's only since about 2010 that the GUI function of abstracting (hiding away complexity) was subverted by wicked corporations to hide away deception and to effect control. This shift from the abstract to the abstruse and obstructive is what we sometimes call "Dark Computing Patterns", but really it goes deeper than that - visual computing is it's own realm of psychology, politics, semiotics, iconography and subterfuge that in many cases thoroughly bastardises the function of computers qua "tools".

The GUI/TUI debate can be framed in many ways; preference, freedom, extensibility, cognitive overhead, portability, control (tweakability), depth of understanding (legibility), and more.

For me, tool longevity and stability are important. I still use the same applications and skills I learned in 1980. Some people, foolishly I think, imagine that to be a bad/anti-progressive stance. One of the most underrated abilities in computer programming is knowing when something is finished. As is the ability to just use something instead of worshipping it as a digital artefact (cue NFT "first editions of brand apps).

By contrast many of my colleagues must re-learn their entire productivity stack every few months at the whim of corporate developers or seemingly random events in "the market". I literally hear them anthropomorphising:

"Oh, Slack won't let me do that now"

"Oh, Google ate my email"

"Sorry, something broke, can you resend it please?"

Their "computers" are chaotic mystery machines, magic fun fairs where superstitious ritual ministrations must be performed. This sort of Scooby-Doo "clown computing" has no place in serious business, in my opinion. So, another hugely underrated quality that TUIs favour is stability.

Where did this mess come from? In the 1980s "home computers" created a culture of their own, and from there Apple and Microsoft, needed to counter a socially constructed but actually mythical "fear" of computers as nerdy and silly, but also "dangerous". Remember granny worrying that it would "blow up" if you typed the wrong thing?

Continuing a culture of sysadmins from the time-sharing Unix days, we created the "user" as a particular stereotype. To put it quite bluntly, we manufactured "users" to be idiots. Indeed, use of the word "users" instead of a more neutral term like "operators" is significant. The developer-user relationship today is a power relationship, and often an abusive one (in both directions).

In fact denigrating attitudes have their roots in the fragility of early software development. The "user" was an enemy who would always find ways to break our software and exhibit extraordinary "stupidity" by failing to understand our non-obvious interface puzzles. We used tropes like (P.E.B.K.A.C), lusers, and treated others with disrespectful and superior smugness.

Computing had its hashtag moment, and markets demanded that perceptions change. Microsoft solved the problem by erecting some soothing blue fire-hazard cladding around a crumbling DOS. Underneath, exposure to "The Registry" was like staring directly into the open core of Chernobyl.

At that point, enter Apple, who could play Good Cop, adding value by simply subtracting (or consolidating) features. For many, Steve Jobs was elevated to the man who "invented computers". For a certain generation, he did. The ancient science of HCI (human computer interaction) was beaten and disfigured into the designer denomination of UX/UI that emphasised intuition, feel, and experience, which in turn ushered in the age of performative productivity. This trajectory of form over function culminated in neurotic obsessions with $2000 disposable thin laptops and the Onion's infamous Apple Wheel parody that confused many as to whether it was a genuinely good idea.

Meanwhile the command line simply kept calm and carried on. Nothing changed in 30 years. Those who ran the servers, databases, scientific and technical applications never strayed far from the console, except where "presentation" demanded. However, through the mass media and advertising, digital technology became synonymous with these corporate veneers over actual computers, while Hollywood made the command-line a glowing green preserve of malcontents bent on destroying civilisation.

So, although the Command Line Challenge is fun - and I hope it inspires some people to go beyond their comfort zone - let's be aware that human factors, history and politics play a greater role behind the scenes. Yes, it's about mental models, rote motor skills and habits, rather than any intrinsic good or bad. But it's also about culture and popular ideas of what a computer "is".

The emphasis of Cheapskate's article is on TUI allowing the use of older computers. That's a very topical and important concern in the age of climate emergency. If readers don't know already about books like Gerry McGovern's World Wide Waste, I urge you to read more about e-waste. Making the connections between textual interfacing, more modest tech-minimalist use, and a better society and healthier planet, isn't obvious to everyone.

There are many reasons people may prefer to return to the command line. I vastly prefer TUI's for another reason. As a teacher I deal in ideas not applications, so it's a way of imparting lasting concepts instead of ephemeral glitter. Commands are connections of action concepts to words, essential for foundational digital literacy. Almost everything I can teach (train) students to use by GUI will have changed by the time they graduate.

For younger people the difference is foundational. My daughter and I sit down together and do basic shell skills. She can log in, launch an editor, play music and her favourite cartoon videos. We use Unix talk to chat. It's slow, but great fun, because character based coms is very expressive as you see the other person typing. She's already internalising the Holy Trinity - storage, processing and movement.

To make this work I obviously customised bash, creating a kind of safe sandbox for her with highly simplified syntax. This week we are learning about modifier keys - shift is for SHOUTING and control is to CANCEL (you can't get around needing to teach CTRL-C). What we are really working on is her typing skills, which are the foundation of digital literacy in my opinion. I think at the age of 5 she is already a long way ahead of her school friends who paw at tablets.

In conclusion then, the TUI/GUI saga is about much more than interchangeable and superficial ways of interacting with computers. In it's essence it is about literacy, the ability to read and write (type). Behind, and ahead of it, are matters of cultural importance relevant to education, autonomy, democracy, self-expression, and the economy. So if you're a mouser or screen smudger, why not give Cheapskate's challenge a try?

20-22 Vision for Tux Machines

Filed under
Site News

What lies ahead? Wait and watch

THIS year the site will turn 18 and will cross the 170,000-node threshold (some time in late summer), eclipsing the breadth and depth of many sites out there, not just GNU/Linux-centric sites.

Our plan is to not change much (Susan's tradition of "today's howtos", for instance, will be preserved and cherished). We'll try to publish blog posts more routinely, Rianne predicts she might write about animals (not only penguins), as she wants to encourage support for conservation.

Thank you for reading Tux Machines and happy new year!

An Advanced New Year's Message/Greetings From Tux Machines

Filed under
Site News

Tux Machines 2021-2022

ABOUT two days from now, depending on your local timezone, 2021 will be over. It's almost December 30th -- 30 minutes away to be precise -- in JST.

2021 was very good to us. We served about 190,000,000 hits, we published about 18,000 nodes, and about half a dozen regular contributors were involved, both behind the scenes and in public. In 2022 we'll turn 18.

Earlier this year we moved our IRC channel from the Freenode network to the Techrights network and days ago we published all the IRC logs. They tell quite the story.

Tux Machines at 160,000 Nodes

Filed under
Site News

TuxMachines at 160,000 nodes!

A number of months ago, way back in June, we celebrated passing the 150,000-node milestone. In a matter of a few hours we will have posted 160,000 nodes in total, so that's about 10,000 nodes in just over 6 months. 40,000 more should take just over 2 more years assuming the publication pace remains roughly the same. In 2022 the site turns 18.

December 25th...

Filed under
Just talk

A merry xmas from tux machines

TOMORROW we shall publish IRC logs for the whole year. It's this time of the year again. News is expected to be a lot slower over the weekend, but we'll stay on top of it regardless.

17.5 Years!

Filed under
Site News

Tux Machines started in 2004. We're soon entering 2022.

AS we noted about a month ago, today is a very special day because it's a decimally-significant (quarter decade times seven) anniversary for us as we approach our 160,000th site node. Meaningful milestones are rare; they're superficial, but they help morale.

Tux Machines microwaveThanks to all those who regularly contribute stories (Marius, Arindam etc.) and to readers who have been gathering news about GNU/Linux through Tux Machines for as long as we've existed. Since our last server reboot we've served 115 million hits. Since the birth of the site it certainly adds up to several billions. Maybe we'll have over 200,000 nodes some time before our 20-year anniversary. Time will tell...

Why We Can't Teach Cybersecurity

Filed under
Linux

By Dr. Andy Farnell

I teach cybersecurity. It's something I really believe in, but it's hard work for all the wrong reasons. First day homework for students is watching Brazil, No Country for Old Men, Chinatown, The Empire Strikes Back, or any other film where evil triumphs and the bad guys win. This establishes the right mindset - like the medics at the Omaha beach landing in Saving Private Ryan. Not to be pessimistic, but cybersecurity is a lost cause, at least as things stand today. If we define computer security to be the combination of confidentiality, integrity, and availability for data, and as resilience, reliability and safety for systems, then we are failing terribly on all points.

As a "proof" after a fashion, my students use a combination of Blotto analysis from military game theory, and Lubarsky's law ("there's always one more bug"). It is a dispiriting exercise to see how logic stacks up against the defenders, according to which "the terrorists always win". Fortunately, game theory frequently fails to explain a reality where we are not all psychopathically selfish Bayesian utility maximisers (unlike corporations which are programmed to be). Occasionally hope, compassion, gratitude, and neighbourly love win out.

Could things be worse than having mathematics against you? Actually yes. You could live in a duplicitous culture antithetical to security but favouring a profitable facsimile of it. Perhaps that's a means for obsolete power hierarchies to preserve themselves, or because we don't really understand what "security" is yet. Regardless, that's the culture we have, and it's a more serious problem than you might think, much more so than software complexity or the simple greed of criminals.

My optimism is that if we can face up to facts, we can start to change and progress. It is in the nature of teachers, doctors and drill instructors that we must believe people can change. So I'll try to explore here how this mess happened, how Linux, BSD and free open source software with transparent standards are a plausible even necessary way out of the present computer security crisis, and why the cybersecurity courses at most universities are not helping.

We have to keep faith that complexity, bad language design and reckless software engineering practices are surmountable by smart people. Maybe one day we'll build computers that are 99.9% secure. But that is unlikely to happen for reasons recently explained by Edward Snowden, who describes an Insecurity Industry. Indeed, I was a little disappointed by Snowden's essay which does not go nearly far enough in my opinion.

For me, the Insecurity Industry is not located in a few commercial black-hat operations like Israel's NSO Group, but within the attitudes and practices running through every vein of mainstream computing. As with its leaders, a society gets the technology it deserves. As we revel in cheap imported goods, surveillance capitalism, greed, convenience, manipulation, and disempowerment of users, we reap the security we deserve.

Blaming the cyber-arms trade, the NSO or NSA for answering the demands of cops and criminals alike, is distracting. Without doubt what they are doing is wrong and harmful to everyone, but we can't have secure computing while those who want it are an educated minority. That situation will not change so long as powerful and fundamentally untrustworthy corporations with business models founded on ignorance dominate our digital lives.

Projects of digital literacy started in the nineteen eighties. They kick-started Western tech economies, but faltered in the mid nineties. Programming and "computer studies" which attempted to explain technological tools were replaced by training in Microsoft Word and Excel spreadsheets. Innovation tailed-off. A generation taught to be dependent on tech, not masters of it, are fit only for what David Graeber described as Bullshit Jobs Graeber18.

Into this vacuum rushed "Silicon Valley values" of rent seeking, piggybacking upon established standards and protocols. With a bit of spit, polish, and aggressive marketing, old lamps could be foisted upon consumers. Twenty years later we have a culture of depressed, addicted, but disenfranchised technology users Lanier11.

We have moved from "It's more fun to compute" to "If you've nothing to fear you've nothing to hide". In other words, we've transformed digital technology from a personally empowering choice into systems of near-mandatory social command and control (see Neil Postman's Technopoly postman93). What advantage would any group have in securing their own chains and the weapons ranged against them? A sentiment only half-disguised in young people today is utter ambivalence toward tech.

As states move to reclaim control from social media platforms, public debate has been framed around whether Facebook and suchlike are threats to democracy and ought to be regulated. But this is merely a fragment of a larger problem and of a discussion that has never been properly widened to examine the general dangers of information technology in all its manifest forms, in the hands of governments, businesses, rogue groups and individuals alike.

For me, an elephant in the room is the colossal distance between what we teach and what we practice. Twice convicted monopolists Microsoft set back computing by decades, and in particular their impact on security has been devastating. Yet their substandard wares are still pushed into schools, hospitals and safety-critical transport roles. Even as embarrassing new holes in their products are exposed daily, lobbying and aggressive misinformation from Microsoft and other Big-Tech companies, all of which suffer from appalling privacy and security faults, continues unabated.

Big-tech corporations are insinuating themselves into our public education and health systems without any proper discussion around their place. It is left to well educated individuals to opt-out, reject their systems, and insist on secure, interoperable choices. Advisories like the European Interoperability Framework (EIF is part of Communication COM134 of the European Commission March 2017) recognise that tech is set to become a socially divisive equality issue. The technical poverty of the future will not separate into "haves and have-nots", but "will and the will-nots", those who will trade their privacy and freedom for access and those who eschew convenience for digital dignity.

As the word "infrastructure" (really vertical superstructure) has slyly replaced ICT (a horizontal service) battles have raged between tech monopolies and champions of open standards for control of government, education and health. The idea of public code (see the commentary of David A Wheeler and Richard Stallman) as the foundation of an interoperable technological society, has been vigorously attacked by tech giants. Germany fought Microsoft tooth and nail to replace Windows systems with 20,000 Linux PCs in 2015, only to have Microsoft lobby their way back in, replacing 30,000 desktops with Windows 10 in 2017. Now the Germans seem poised to switch again, this time taking back all public services by mandating support for LibreOffice.

In the UK, several institutions at which I teach are 'Microsoft customers'. I pause to use the term "Microsoft Universities", but they may as well be. Entirely in the pocket of a single corporation, all email, storage networks, and "Teams" communication are supplied by the giant. Due to de-skilling of the sector, the ICT staff, while nice enough people, lack advanced IT skills. They can use off-the-shelf corporate tools, but anything outside lockstep conformity allowed by check-box webmin interfaces is both terrifying and "not supported". I met a secondary school headmaster who seemed proud to tell me that they were not in the pockets of Microsoft, because they had "become a Google Academy". I responded that "as a Linux child", my daughter woudn't be using any of that rubbish either.

Here's a problem; I don't use Microsoft or Google products. At one level it's an ethical decision, not to enrich aggressive bullies who won't pay proper taxes in my country. It's also a well informed technical position based on my knowledge of computer security. For me to teach Microsoft to cybersecurity students would bring professional disgrace. I won't be the first or last person to lose work for putting professional integrity first. They say "Nobody ever got fired for choosing Microsoft". At some institutions that is not merely advice, it's a threat. Security in the shadow of Big-Tech now means job-security, as in the iron rice bowl from which the compliant may feed, but educated independent thinkers must abstain.

A more serious problem is not just that companies like Google and Microsoft are an expensive, controlling foreign corporations supplying buggy software, or that university administrators have given away control of our networks and systems, it's that commercial products are increasingly incompatible with teaching and research. They inject inbuilt censorship and ideological micromanagement into academies and schools.

Another is that "choice" is something of an illusion. Whatever the appearance of competition between, say, Apple and Facebook, Big-Tech companies collude to maintain interlocking systems of controls that enforce each others shared values including sabotage of interoperability, security and inviting regulation upon themselves to better keep down smaller competitors. Big-Tech comes with its own value system that it imposes on our culture. It restricts the learning opportunities of our kids, limits workplace innovation and diversity, and intrudes into our private activities of commerce and health.

In such a hostile environment for teaching cybersecurity (which is to teach empowering knowledge, and why we call it "Ethical Hacking" 1) one may employ two possible methods. First, we can buy in teaching packages reliant entirely on off-site resources. These are the "official" versions of what computer security is. Two commonly available versions come from Cisco and the EC Council. Though slickly presented these resources suffer the same problems as textbooks in fast-changing disciplines. They very quickly go out of date. They only cover elementary material of the "Cyber Essentials" flavour, which ultimately is more about assurance than reality. And they are partial, perhaps even parochial versions of the subject arrived at by committee.

Online courses also suffer link-rot and patchy VM service that breaks lessons. Unlike in-house setups, professors or students cannot debug or change the system, itself an important opportunity for learning. Besides, the track record of Cisco with respect to backdoors no longer inspires much confidence.

The other method is to create "suitcase data-centres". A box of Raspberry Pi single board computers saves the day! The Raspberry Pi Foundation, perhaps modelled after the early digital literacy drives of Acorn/BBC has done more for British education than any dozen edu-tech companies by promoting (as much as it can) openness of hardware and GNU/Linux/Unix software.

Junk laptops running Debian (Parrot Linux) and SBCs make a great teaching setup because a tangle of real network cables, wifi antennas and flashing lights helps visualise real hacking scenarios. Professors often have to supply this equipment using our own money. I rescued a pile of 1.2GHz Intel Atom netbooks from the garbage. Because we are not allowed to connect to university networks, 3/4G hotspots are necessary, again using bandwidth paid for out of my own pocket in order to run classes. Teaching cybersecurity feels like a "forbidden" activity that we sneakily have to do despite, not because of, university support.

Teaching cybersecurity reflects a cultural battle going on right inside our classrooms. It is a battle between two version of a technological society, two different futures. One an empowering vision of technology, the other a dystopian trap of managed dependency. Dan Geer, speaking in 2014 described cybersecurity as a manifestation of Realpolitik. Nowhere does the issue come so clearly to a head as in the schism between camps of Snowden or Assange supporters and the US State, each of which can legitimately claim the other a "traitor" to some ideal of "security".

At the everyday level there is a tension between what we might call real versus fake security. The latter is a festival of form over function, a circus of phones, apps and gizmos where appearance triumphs over reality. It's a racket of productised solutionism, assurance, certification and compliance that's fast supplanting actual security efforts. By contrast, the former is a quiet anathema to "security industry" razzle. It urges thoughtful, modest simplicity, slow and cautious change. It's about what you don't do.

So, in our second lesson we analyse the word "security" itself. Security is both a reality and a feeling. There are perhaps masculine and feminine flavours of security, one following a military metaphor of perimeters, penetration and targets, the other, as Eve Ensler Ensler06 and Brene Brown Brown12 allude, an inner security that includes the right to be insecure and be free from patrician security impositions "for your own good". Finally, there is the uncomfortable truth that security is often a zero-sum affair - your security means my insecurity. While "good" security is a tide that raises all ships, some people misuse security as a euphemism for wielding power.

None of these social and psychological realities fit well into the lacklustre, two dimensional models of textbook computer security. Fortunately a mature discipline of Security Engineering which does not dodge social and political factors has emerged in the UK. Ross Anderson Anderson08 is part of a team leading such work at the Cambridge Cybercrime Centre. One take-away from lesson two is that the word "security" may not be used as a bare, abstract noun. One must ask; security for who? Security from who or what? Security to what end?

Once we begin to examine the deeper issues around device ownership, implied (but infirm) trust models, forced updates, security theatre, and conflicting cyber-laws, we see that in every important respect tech is anarchy. It's a de facto "might is right" free-for-all where much of what passes for "security" for our smartphones, online banking and personal information is "ignorant bullshit" (in the strict academic sense of bullshit according to Harry Frankfurt; that vendors and politicians don't know that they do not know what they are talking about - and care even less Frankfurt05).

Consequently, much of what we teach; the canonical script of "recon, fingerprinting, vulnerability analysis, vector and payload, clean-up, pivoting, escalation, keeping root…", and the corresponding canon of blue team defence (backup, intrusion detection, defence in depth, etc…) - has no context or connection to a bigger picture. It is ephemeral pop that will evaporate as technology changes leaving students with no deeper understanding of what we are trying to do by testing, protecting and repairing systems and data, or why that even matters.

We create more guards for the castles of tech-feudalism - obedient, unthinking security guards employed to carry out the whims of the management class. Leveraged by the unspoken carrot of preferential technical privilege and enforced by the stick of threatened removal of their "security status", they become administrators of new forms of political force. Challenges to grey-area behaviours beyond the legal remit of managers, are proclaimed "security breaches" unless pursued through intractable administrative routes or through appeals that can be deflected with allusions to "policy" or the abstract "security" of unseen authorities. Some of our smartest people are ultimately paid well to shut up and never to think for themselves.

There is a very serious concern that our "Ethical Hacking" courses (which contain no study of ethics whatsoever) are just creating fresh cyber-criminals. Despite the narrative that "we are desperately short of cybersecurity graduates and there are great jobs for everyone", the reality is that students graduate into an extremely competitive environment where recruitment is often hostile and arbitrary. It doesn't take them long to figure that their newfound skills are valuable elsewhere.

Years ago, it became clear to me that we must switch to a model of "Civic Cyber Security". I became interested in the work of Bruce Schneier not as a cryptographer but as an advocate of Technology In The Public Interest. National security is nothing more than the sum-total of individual earned and learned security. That means teaching children as young as five foundational attitudes that would horrify industry.

There is no room to lie back and hope Apple or Google can protect us. Organisations like the UK's National Cyber Security Centre, or US National Security Agency, which have conflicted remits, might wish to be seen as benevolent guardians. Their output has been likened by comedian Stuart Lee to "Mr Fox's guide to hen-house security". Cybersecurity can never be magically granted by those who have a deep and lasting interest in withholding it.

The business of "personal computing" has become ugly. Cybersecurity, in as much as it exists, is a conflicted and unreliable story we tell ourselves about power and tribal allegiances. We can't put on a "good guys" hat and beat "cyber-criminals" so long as we are competing with them for the same thing, exploitable clueless users.

The only questions are whether they are to be sucked dry by ransomware, "legitimate" advertising, or manipulated for political ends. If we are to engage in sincere, truthful education, then we have to call-out Big-Tech for what it is; more a part of the problem than a solution. Those of us who want to explore and teach must still circumvent, improvise and overcome within institutions that pay only lip service to authentic cybersecurity because they are captured by giant corporations

Bibliography

Bibliography

  • [Graeber18] David Graeber, Bullshit Jobs: A Theory, Simon and Schuster (2018).
  • [Lanier11] Jaron Lanier, You Are Not a Gadget, Vintage (2011).
  • [postman93] Neil Postman, Technopoly: The Surrender of Culture to Technology, Vintage Books. N.Y. (1993).
  • [Ensler06] Ensler, Insecure at last, Villard (2006).
  • [Brown12] Brené Brown, The Power of Vulnerability: Teachings on Authenticity, Connection and Courage, Sounds True (2012).
  • [Anderson08] Ross Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley (2008).
  • [Frankfurt05] Harry Frankfurt, On Bullshit, Princeton University Press (2005).

Footnotes:

1 A term made up to attract young students to cybersecurity while assuring parents and politicians.


About the author

Dr. Andy Farnell is a computer scientist, author and visiting professor in signals, systems and cybersecurity at a range of European universities.

His recent book "Digital Vegan" uses a dietary metaphor to examine technology dependency and over-consumption.

Tux Machines Turning 17.5 Soon

Filed under
Site News

In Short: Coming Soon: Tux Machines Turns 17.5 in About 3 Weeks From Now

Surprise anime guy: Tux Machines Turning 17.5 Soon
Another special semi-anniversary

Back when we turned 17 we were still suffering DDOS-like issues, which crippled the site. We've since then written a program to mitigate these issues and on December 8th we turn 17.5, which is a special number. The twentieth birthday will be in 2024.

Uptime in Tux Machines and Upcoming Relocation

Filed under
Site News

Tux Machines is down! Yes, We Know.
A heads-up, folks!

SOME time soon the physical server of Tux Machines will need to be moved from one datacentre to another (the current datacentre is shutting down for good). Nothing will change, except perhaps some IP addresses, and duration of downtime is expected to be a couple of hours. In that period of time the IRC network will also be down (same physical machine), but it will be back online at around the same time as the site.

In terms of uptime, we haven't done too badly. 126 days since the last downtime and the issues we recently mentioned (due to a sort of DDOS) have been mostly resolved for weeks. That started around February and stopped at the start of this month. It might resume. Hopefully not...

So, in summary, if some time this coming month there's a long downtime, then it is likely intentional and scheduled. Given sufficient leeway or advance notice, we might even give a heads-up before the server starts its journey. The downside with such things may be, if you post a message about a site going offline and immediately (or shortly) after that the site does go offline, who's actually going to see that message? So we forewarn readers as early as today.

Linux is a Lot More Dominant Than You Were Led to Believe

Filed under
Linux

(Almost 50% of Web Traffic is Linux at the Client Side, Even Higher on the Server Side)

GNU/Linux market share
We're not as small as they want us to think

Kong Godzilla Doge: Apple, Microsoft, GNU/Linux
Combined market share continues to grow

CONTRARY to myths perpetuated by corporate media (funded by companies such as Apple and Microsoft through advertising), "Linux" is not a niche player. As actual surveys show, GNU/Linux on the desktop keeps growing, Android is already dominant (de facto standard on portable/mobile devices), and ChromeOS is also a 'thing' -- something based on Gentoo GNU/Linux even if it no longer respects freedom.

Don't let media shame and humiliate GNU/Linux advocates. So much progress has been made; further progress remains to be made.

Why Tuxmachines.org Refuses Connections Sometimes

Filed under
Site News

Junk request; Tuxmachines.org; /dev/null; Better!
Ongoing issue

EVER since February of this year we've had a hard time pushing back against a torrent of problematic requests, seemingly crafted to cause trouble. We wrote some programs a few months ago to automate mitigations, but occasionally the server still slows down or even hangs up on some legitimate connections/requests.

It would be nice to have an optimal, long-term solution, but we do not have that yet. At the moment it is a compromise.

Improving Our Commitment to Tux Machines Readers

Filed under
Site News

Tux Machines is now self-hosting IRC

Tux Machines IRC
Tux Machines is probably one of the largest (in terms of # of pages) GNU/Linux sites out there. But the IRC channel is relatively new (compared to the site).

THE 'IRC wars' of May (and to some degree June as well) left us in a precarious situation and over at Techrights we have set up our own IRC network. In June we set up a #tuxmachines channel in this new network. It has a two-way bridge set up with Freenode, so either network would be valid for following our updates.

We've accordingly updated the IRC page and the corresponding archives. We welcome people to join us in IRC. It's a substitute to RSS feeds or social (control) media. It's now hosted by us, so from a privacy perspective the readers are far better off. It's definitely an upgrade, a well overdue one.

Syndicate content

More in Tux Machines

today's howtos

  • How to install go1.19beta on Ubuntu 22.04 – NextGenTips

    In this tutorial, we are going to explore how to install go on Ubuntu 22.04 Golang is an open-source programming language that is easy to learn and use. It is built-in concurrency and has a robust standard library. It is reliable, builds fast, and efficient software that scales fast. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel-type systems enable flexible and modular program constructions. Go compiles quickly to machine code and has the convenience of garbage collection and the power of run-time reflection. In this guide, we are going to learn how to install golang 1.19beta on Ubuntu 22.04. Go 1.19beta1 is not yet released. There is so much work in progress with all the documentation.

  • molecule test: failed to connect to bus in systemd container - openQA bites

    Ansible Molecule is a project to help you test your ansible roles. I’m using molecule for automatically testing the ansible roles of geekoops.

  • How To Install MongoDB on AlmaLinux 9 - idroot

    In this tutorial, we will show you how to install MongoDB on AlmaLinux 9. For those of you who didn’t know, MongoDB is a high-performance, highly scalable document-oriented NoSQL database. Unlike in SQL databases where data is stored in rows and columns inside tables, in MongoDB, data is structured in JSON-like format inside records which are referred to as documents. The open-source attribute of MongoDB as a database software makes it an ideal candidate for almost any database-related project. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the MongoDB NoSQL database on AlmaLinux 9. You can follow the same instructions for CentOS and Rocky Linux.

  • An introduction (and how-to) to Plugin Loader for the Steam Deck. - Invidious
  • Self-host a Ghost Blog With Traefik

    Ghost is a very popular open-source content management system. Started as an alternative to WordPress and it went on to become an alternative to Substack by focusing on membership and newsletter. The creators of Ghost offer managed Pro hosting but it may not fit everyone's budget. Alternatively, you can self-host it on your own cloud servers. On Linux handbook, we already have a guide on deploying Ghost with Docker in a reverse proxy setup. Instead of Ngnix reverse proxy, you can also use another software called Traefik with Docker. It is a popular open-source cloud-native application proxy, API Gateway, Edge-router, and more. I use Traefik to secure my websites using an SSL certificate obtained from Let's Encrypt. Once deployed, Traefik can automatically manage your certificates and their renewals. In this tutorial, I'll share the necessary steps for deploying a Ghost blog with Docker and Traefik.

Red Hat Hires a Blind Software Engineer to Improve Accessibility on Linux Desktop

Accessibility on a Linux desktop is not one of the strongest points to highlight. However, GNOME, one of the best desktop environments, has managed to do better comparatively (I think). In a blog post by Christian Fredrik Schaller (Director for Desktop/Graphics, Red Hat), he mentions that they are making serious efforts to improve accessibility. Starting with Red Hat hiring Lukas Tyrychtr, who is a blind software engineer to lead the effort in improving Red Hat Enterprise Linux, and Fedora Workstation in terms of accessibility. Read more

Today in Techrights

Android Leftovers