Roy Schestowitz's blog
TODAY we have taken a bit of a break. It's Sunday after all. But here is a bit of a site status update.
The site's design has evolved a bit and it hopefully makes navigation a little better. SPAM is still a problem, but we do our best to keep it out of the sight of visitors. It's the result of a permissive policy that lets everyone publish a story, blog post, etc.
In terms of server load, we are still coping most of the time, but sometimes there's a flood of SPAM/rogue traffic that renders the server virtually unreachable. We use some ad hoc filters for to address this nuisance, but if we are away, then the site can be paralysed for a long time. We still need to find better solutions to that.
Thanks in advance for any feedback you may have and thanks for reading Tux Machines. █
THE WEATHER has been getting more pleasant and the news too is pleasant these days. Software patents are in a state of perpetual demise, Microsoft is dealing with its large-scale demise (layoffs also), FOSS is being adopted by very large nations (Russia and China are among them), the UK has adopted OpenDocument Format as the standard, and our family benefits from government migrations to FOSS (Rianne and I work through a FOSS specialist).
While it may seem like the FOSS world is quiet (judging by the volume of news), the truth of the matter is that FOSS professionals are busy migrating many systems from proprietary to FOSS. These people are committed to the cause not just with words but also with actions.
Tux Machines, realising that games for GNU/Linux are now a dozen a week (not literally), lumps together gaming news. Android, being a Linux-based platform with huge worldwide impact, receives frequent mentions. If anyone wishes to suggest other editorial priorities, please share with us in the comments. █
TODAY was the last day of the log rotation. The uncached requests to Apache (bypassing Varnish proxy) exceeded the record by a huge gap (around 20%) and nearly reached 300 megabytes.
It is reassuring and gratifying to know that our readers base is expanding each week and we welcome submissions (news, blogs, etc.), which can be automatically pushed to the front page by any subscriber. █
FIVE days ago TuxMachines turned 10 years old. Rianne and I were on holiday in Scotland at the time, but were still able to keep the site up to date, owing to a Wi-Fi connection which we had to work exceptionally hard for (an open Wi-Fi connection is hard to find in the UK, especially one that enables anonymous use).
Running the site requires a lot of dedication because in order to stay up-to-the-minute TuxMachines requires non-ending research/survey of news. It's truly life-changing, potentially affecting the first hours of the morning and the little hours of the night. Sometimes it affects holidays and every couple of days I browse through news and post links in-between sets at the gym. Both Rianne and I are very dedicated to the site.
Since this site keeps growing in size and in traffic (the past week saw traffic climbing 20% above the previous record) it's all worthwhile at the end, and we have no intention of slowing down. What's more, seeing how Linux expands in use (and clout) around the world assures us that efforts to popularise GNU/Linux are succeeding. █
SEVERAL days ago we visited Trafford Centre, which is a large shopping mall in Greater Manchester. The place is quite nice as it embodies very modern (yet classic) ornamental features, encompassing the best of outdoor and indoor decorations. It's all geared up towards consumerism, but there is also a nice cinema there. Now, here's the deal. Upon entering the mall one cannot help noticing that there is strong, universal Wi-Fi signal. Let's leave aside health implications. It's the same in other malls, such as the Arndale Centre near our house. It is also the same at airports, but if there is no payment needed for the Wi-Fi, then the user's identity is requested (if a payment is made, then the payment itself exposes the user's identity).
Following basic principles and common sense, I gave some fake details so that I can use the 'free' Wi-Fi anonymously and log into Tux Machines (checking the latest), but I not help wondering, still. Given what we know about NSA- and GCHQ-centric plans for surveillance on in-flight Wi-Fi, what are the chances that users' identities are being requested not just for marketing purposes but also for surveillance? It is becoming very hard to access the Net anonymously now. The UK is cracking down on 'free' Wi-Fi, saying that it facilitates copyright infringement and our home hub, which is open for all to use (no password needed), keeps warning us that it is "not secure" (because it facilitates sharing). This is actively being discouraged if not forbidden. In all sorts of beverage-serving places (hot or cold, or alcoholic) and restaurants it is getting hard to gain anonymous Wi-FI access and the only way I've found (out of curiosity) to attain anonymous Wi-Fi use is First Class in high-speed British rail, provided one purchases the train ticket with cash. Similarly, it is getting harder to purchase groceries with cash here, at least without being penalised (not receiving a discount in exchange for identifying cards like Nectar). It sure seems like the very idea of anonymity here is becoming synonymous with crime. For experimental reasons I researched which shops in the UK still enable people to purchase a mobile phone anonymously. It's not easy, but it is still possible. Maybe it's no longer possible because I haven't surveyed the shops in almost 3 years.
We are entering a new unprecedented norm as those in power gradually phase in scary forms of governance in society, where the assumption is that anonymity deserves to be maligned and people should always identify themselves everywhere (also enable tracking of themselves by carrying a mobile phone) so as to avoid looking "suspicious". That's the mentality of mass surveillance that people have become accustomed to (and rather apathetic towards) in the UK.
It's stuff like this that made me exceptionally stubborn about deleting server logs in Tux Machines and not connecting to any third-party entity (e.g. with interactive social buttons, cookies), unlike most other GNU/Linux/FOSS sites. █
THIS past week was not a bad week at all. There was lots to cover (without compromising focus and s/n ratio) and it was our biggest week ever (since we carried on from Susan) in terms of traffic, with as many visitors in 5.5 days as in the previous record for a week (7 days). Based on
whois, the Creation Date of Tux Machines is 2004-06-10 05:40:40, so we are exactly a month away from an important anniversary.
We don't track visitors, we just look at the size of uncached traffic logs (no unique IPs, only one IP -- that of the Varnish server -- is shown for everyone) before they are deleted for good, which would be every 4-5 weeks (
logrotate). Privacy preservation is a conscious decision for us.
Thanks to everyone for choosing us for news. We enjoy running the site and we hope you enjoy following it. Running the site requires a lot of dedication, including posting while out of the house (wirelessly) or staying up late at night to catch up with the latest headlines. Rianne sometimes stays awake until 3 AM because she wants to ensure readers are being informed. █
I am everything but a Google basher and I spent a lot of my life descending deep into research of Google foes, Google smear campaigns, lawsuits by proxy, and antitrust actions by proxy. I also advocate Android, but in recent years I have been increasingly concerned about the direction it is taking. I wish to share my latest concern. It relates to what the media characterises as "anti-theft" but is actually a facility to kill phones in a protest or convert them into hostile listening devices. Technology impacts human rights and those who control technology can be tempted to control humans.
Google habitually updates my tablet. It is a Nexus 7 tablet which Google invites itself to update remotely (shame on me for not installing Replicant, but this device does not support it yet). It is not a 3G tablet and it does not have two operation systems (unlike mobile phones) or even a carrier tracking its location all the time. It's a purely Android device with no network tying. It is network-agnostic. I only bought it because in order to replace my PDA (for over a decade) I wanted a device that is not a tracking device. Phones were out of the question.
Networks don't track the tablet. Google, however, is always out there, fully able to identify the connected user (latched onto a Gmail address because of Play), modifying the software without even the user's consent (the user is sometimes prompted to boot, without being able to opt out of the core update itself).
The update in itself is not a problem. What's problematic is its effect.
Following the latest Google update (which I was given no option to reject) I noticed that Google had added a remote kill switch as an opition. It was enabed by default. "Allow remote lock and erase" is what Google calls it and it is essentially working like a back door. Google and its partners in government are gaining a lot of power not over a smartphone but over a tablet.
The significance of this is that not only phones should be assumed to be remotely accessible for modification, including for example additional back doors. What's more, some devices that were sold without this functionality silently have it added. According to the corporate press, the FBI remotely turns Android devices into listening devices and it is getting simpler to see how.
NSA and PRISM destroy our computing. We definitely need to demand Free software, but we should go further by asking for audits, rejecting user-hostile 'features' like DRM, 'secure' boot, and kill switches. I gradually lose any remaining trust that I had in Google and even Free software such as Android.
THE Web site is still experiencing a resurgence/growth while bits and pieces are being modernised to take advantage of CSS3. This site's Netcraft ranking climbed sharply to 8479th and this month alone traffic climbed by about 25%. Thanks to all those who choose Tux Machines as their source of news. █
LAST night I received a timely recommendation of the Debian-based MakuluLinux. For more details and background see the main page of MakuluLinux, this recent video review, and a very brief announcement of an upcoming release with MATE, which is described in this old post.
There is a lot more information out there about MakuluLinux Mate Edition, whose 1.8 version is being planned/finalised/slated for release this Monday. There isn't yet an official site announcement, but the links to the Preview Edition will hopefully help those who want to try out the distro. It is a "true" community distro of GNU/Linux. █
THERE HAS always been something different in Tux Machines. Rather than strictly follow what corporate media said was the "big" story, Tux Machines paid attention to blogs large and small, trying to extract the signal out of the noise and the hype (stories that 'sell' better, such as vulgar language from Mr. Torvalds). Tux Machines was the first site to visit (back when I was merely a visitor) to look for news in. If there is a blog, site, mailing list etc. that you think we should follow (syndicate), please let us know because we are always looking for more diverse sources, especially ones that offer original stories, not repetition.
There will soon be an important anniversary for this site, which is still growing not only in terms of size but also in terms of readership. We stay committed to the scope as explained yesterday in the update to this page and we are hoping to keep serving for another 10 (or tens of) years to come. Today we added a "view as PDF" functionality. Any ideas for improving the site (in terms of functionality, layout, stories selection) would be much appreciated. █
Manchester's role in the history of computing is not widely recognised. I spent several years working in Manchester Computing and I studied where the first programmable computer was built (by Kilburn, whom the building was later named after). One of my colleagues at Manchester Computing (MCC) was the person who was first to build and distribute a GNU/Linux distribution (combining both GNU and Linux) and yesterday I met and spoke to one of the earlier PC distributors from across the road (supplier for Manchester Computing). Right here at the centre of Manchester a lot of the early milestones of computing took place (Turing also), but Manchester became better known for the splitting of atoms, the football teams, famous bands like Oasis, and the industrial revolution. A few days ago Rianne and I visited the local museum which demonstrates the industrial revolution (photo above from this album); what we really need here, however, are more museums documenting Manchester's role in modern computing. This city deserves more credit. █
Non-cached site traffic still increasing
Tux Machines has been my favourite GNU/Linux news site since I first discovered it around 2005. I publicly recommended Tux Machines for several years. Susan knew how to select important stories and she contributed objective articles of her own.
TUX Machines has become an integral part of our life right here in this humble home. It's a rewarding experience but also a demanding experience. I personally write my articles in the lounge (which is no 'press room') and it requires many hours of digging and researching news. In Tux Machines, unlike in Techrights for example, it's mostly about finding news of high relevance and importance, and finding them fast! Timing counts. We don't want readers to waste their time wading/going through irrelevant, unimportant and out-of-date reports.
24/7 coverage of news is easy for us. Rianne works mostly at daytime, whereas I usually work at nights (customers are mostly government/public sector and they require 24/7 coverage). When Rianne is working I take over the responsibilities at Tux Machines and vice versa. We swap responsibilities like this when it comes to housework as well; we work out together when we are out of the house (also separately in terms of gym sections, e.g. cardiovascular/weights). This week we go to yoga classes as much as 5 times, but we usually just to Town for other facilities like pool, table tennis, sauna (men and women separately), gym, etc. This is our main escape from Tux Machines; given Wi-Fi (scarce coverage but definitely existent in Manchester City Centre), we sometimes update Tux Machines while out of the house as well.
The site forums are now open for participation and every registered member can add blog posts and push them to the front page (now that we've got the spam epidemic under control). Please do consider participating. This week, as in previous weeks, we are seeing a ~10% growth in traffic (week-to-week), perhaps owing to the slight redesign, loading speeds (Varnish cache), and very frequent updates. We check for news once in a few hours in order to keep abreast of breaking events.
Running Tux Machines will hopefully become more of a community effort over time. Anyone who is logged in can now submit stories. Unless this gets abused by spammers, we will keep it that way. █
Drupal's very own Mollom is a Free/Open Source (collaboratively-developed and freely-shared) software for battling script kiddies and fighting against SPAM. The past 2 weeks were difficult because spammers exploited the fact that we had opened up the site for registration/subscription (to leave comments). After exploring some options for dealing with the problem (spam making it to the front page even!) we found that Mollom was good enough to eliminate almost 100% of all of spam (so far). Hence, for the time being, it seems safe to say now that we beat the script kiddies. Thanks, Mollom! █
Tux Machines behind Varnish cache proxy
Summary: Tux Machines growth and a note regarding SPAM prevention after a week or so of experiments
Here are the first four weeks' log sizes, plotted with LibreOffice and demonstrating week-to-week growth since the site's nameservers changed and the server moved to CoPilotCo. After 4 weeks all logs get deleted (
logrotate) to ensure privacy through lack of data retention (except short term in case of DDOS).
Script kiddies can't get their way
Summary: Script kiddies made it impractical to manage comments and forum posts; we are trying to tackle this issue today
IN ANOTHER attempt to restore user registrations, this time on the new server which has just been configured for mail, we are enabling anyone to quickly self-register (takes less than a minute and requires no verification), then immediately post comments, forum posts, etc.
Summary: Recent changes at Tux Machines, in just a nutshell
INSPIRED in part by Slashdot, we recently added topical icons to submissions, applying these changes retroactively to over 50,000 older pages. The idea was, this can improve orientation by helping to quickly associate text with topics. More minor modifications were made as well, some textual and some layout related. They are subtle but they can be seen. After receiving feedback regrading icons size we made further modifications. Regarding social media buttons, some of the ones we initially found were unbelievably privacy-infringing (allowing Google, Facebook, Twitter etc. to see visitors of this site), so we disabled them immediately and replaced them with static buttons. Right now we can assure that whenever loading pages in this Web site nothing except our security-aware network gets contacted. We share no data about visitors (with anyone) and Apache logs get shredded for good after a few weeks, leaving sufficient trail just in case of attacks on the site, which would merit investigation. Log rotation is similarly privacy-respecting at the cache level, which leads to the following point.
Today, after the above changes had been made and stability attained (there were some network disruptions yesterday), we also updated Drupal, ensuring it is secure and fully up to date (the latest minor bugfix release is a month old). There is still an issue with Varnish and until we tackle this issue users who are not logged in might be getting error pages. One way to overcome this is to append "?something" to the URL requested. This bypasses the Varnish cache until we finish our investigation of this issue and resolve it for good. █
Update: The issue with Varnish turns out to be a conflict between two caching layers. It's fixed now. If you spot an issue, still, please let us know.
Update #2: Yesterday we identified another issue and soon thereafter fixed it. After Twitter syndication had failed we realised that RSS feeds were not standards-compliant, due to a blank line at the start of each generated page in Drupal. This is a common issue and it is a nightmare to debug (requires a complete code review with help of GNU utilities like grep). After 4 hours of investigation I found the culprit and fixed the coding error. RSS feeds are back.
VARNISH is valuable for a number of reasons, including security, privacy, and performance. I first used it around 2009 when another site of mine had repeatedly come under DDOS attacks. Using Varnish means that requests for pages usually come from the same IP address (the cache proxy), if at all. Much of the time visitors get served static (cached) pages transparently and quickly. The downside is, this interferes with statistics (the Apache server does not even see all requests) and it is not compatible with modules like polls, where each IP addressed is allowed just one vote.
During the server/site migration we tried to preserve as many of the features as we could. There was a transition from old Debian to new CentOS and the new architecture is quite different (still 2 CPU cores but with more RAM, a virtual container, and resilience owing to proxies/redundancy). Thanks to those who suggested workarounds. We have looked at some of them, but without losing on performance there is no way to keep meaningful statistics. These statistics have been disabled. Not even we, with direct access to the server and the CMS, have access to meaningful statistics.
We are going to try to focus on high quality selection of news, not on numbers. █
Yesterday, following a mostly successful migration (there are still some impending fixes to
.htaccess), slight changes were applied. For regular readers of the site, here they are summarised: