Language Selection

English French German Italian Portuguese Spanish

Roy Schestowitz's blog

Site Update (Updatedx2)

Filed under
Site News

Newspaper

Summary: Recent changes at Tux Machines, in just a nutshell

INSPIRED in part by Slashdot, we recently added topical icons to submissions, applying these changes retroactively to over 50,000 older pages. The idea was, this can improve orientation by helping to quickly associate text with topics. More minor modifications were made as well, some textual and some layout related. They are subtle but they can be seen. After receiving feedback regrading icons size we made further modifications. Regarding social media buttons, some of the ones we initially found were unbelievably privacy-infringing (allowing Google, Facebook, Twitter etc. to see visitors of this site), so we disabled them immediately and replaced them with static buttons. Right now we can assure that whenever loading pages in this Web site nothing except our security-aware network gets contacted. We share no data about visitors (with anyone) and Apache logs get shredded for good after a few weeks, leaving sufficient trail just in case of attacks on the site, which would merit investigation. Log rotation is similarly privacy-respecting at the cache level, which leads to the following point.

Today, after the above changes had been made and stability attained (there were some network disruptions yesterday), we also updated Drupal, ensuring it is secure and fully up to date (the latest minor bugfix release is a month old). There is still an issue with Varnish and until we tackle this issue users who are not logged in might be getting error pages. One way to overcome this is to append "?something" to the URL requested. This bypasses the Varnish cache until we finish our investigation of this issue and resolve it for good.

Update: The issue with Varnish turns out to be a conflict between two caching layers. It's fixed now. If you spot an issue, still, please let us know.

Update #2: Yesterday we identified another issue and soon thereafter fixed it. After Twitter syndication had failed we realised that RSS feeds were not standards-compliant, due to a blank line at the start of each generated page in Drupal. This is a common issue and it is a nightmare to debug (requires a complete code review with help of GNU utilities like grep). After 4 hours of investigation I found the culprit and fixed the coding error. RSS feeds are back.

Statistics Not Compatible With Varnish

Filed under
News

Statistics

VARNISH is valuable for a number of reasons, including security, privacy, and performance. I first used it around 2009 when another site of mine had repeatedly come under DDOS attacks. Using Varnish means that requests for pages usually come from the same IP address (the cache proxy), if at all. Much of the time visitors get served static (cached) pages transparently and quickly. The downside is, this interferes with statistics (the Apache server does not even see all requests) and it is not compatible with modules like polls, where each IP addressed is allowed just one vote.

During the server/site migration we tried to preserve as many of the features as we could. There was a transition from old Debian to new CentOS and the new architecture is quite different (still 2 CPU cores but with more RAM, a virtual container, and resilience owing to proxies/redundancy). Thanks to those who suggested workarounds. We have looked at some of them, but without losing on performance there is no way to keep meaningful statistics. These statistics have been disabled. Not even we, with direct access to the server and the CMS, have access to meaningful statistics.

We are going to try to focus on high quality selection of news, not on numbers.

Slight Site Changes

Filed under
News

Yesterday, following a mostly successful migration (there are still some impending fixes to .htaccess), slight changes were applied. For regular readers of the site, here they are summarised:

Syndicate content

More in Tux Machines

Canonical Outs New Linux Kernel Security Update for Ubuntu 18.04 and 16.04 LTS

Affecting both the Linux 4.15 kernel used in Ubuntu 18.04 LTS (Bionic Beaver) and Ubuntu 16.04.6 LTS (Xenial Xerus) systems, the new security patch fixed an improperly implemented Spectre mitigation in the ptrace susbsystem (CVE-2019-15902), which could allow a local attacker to expose sensitive information. It also addresses a buffer overread (CVE-2019-15918) discovered that the SMB networking file system implementation, which could allow an attacker to expose sensitive information (kernel memory), two flaws (CVE-2019-15117 and CVE-2019-15118) discovered in the USB audio driver that may allow a physically proximate attacker to crash the system, and a flaw (CVE-2019-14821) in the KVM hypervisor implementation that let a local attacker to crash the system. Read more

Leftovers: MX-19, Versalogic and Security

  • MX-19 “patito feo” released!

    We are pleased to offer MX-19 for your use. As usual, this iso includes the latest updates from debian 10.1 (buster), antiX and MX repos.

  • Compact Apollo Lake SBC aims sky high

    Versalogic’s Linux-ready, sandwich-style “Harrier” SBC has an Apollo Lake processor and a compact 95 x 55mm footprint, ECC RAM support, and ruggedization features designed for high altitude UAVs. Versalogic announced a Harrier SBC due in Q1 2020 that revises the compact, COM-and-carrier design of its three-year-old, Intel Bay Trail based Osprey, but advances to the newer Intel Apollo Lake. The Osprey is similarly bereft of real-world ports to enable easier real-world deployments in constrained environments.

  • Security updates for Tuesday

    Security updates have been issued by CentOS (jss and kernel), Debian (libpcap, openjdk-8, and tcpdump), Fedora (java-11-openjdk), openSUSE (libreoffice), Oracle (java-1.7.0-openjdk), Red Hat (java-1.7.0-openjdk, python, and wget), Scientific Linux (java-1.7.0-openjdk), SUSE (ceph, ceph-iscsi, ses-manual_en, dhcp, openconnect, and procps), and Ubuntu (exiv2, linux, linux-aws, linux-azure, linux-gcp, linux-kvm, linux-raspi2, linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon, linux-hwe, linux-azure, linux-gcp, linux-gke-5.0, linux-snapdragon, and uw-imap).

  • Password lessons: Longer is better, so is salt

    Infosec pros who had no idea of how easily a stolen list of hashed passwords could be cracked got a sobering lesson at this month’s SecTor security conference in Toronto. There, Will Hunt, co-founder of the U.K. based In.security consulting firm, casually talked of systems that can be built around a common (about $1,500) Nvidea GTX 2080 graphics card that could make 100 billion guesses a second in a brute force attack.

Unix Celebrates 50 Years

Today and tomorrow Nokia Bell Labs is hosting a two-day event celebrating 50 years of the Unix operating system, reflecting on Unix’s past and exploring the future of computing. Speakers and panelists include many of the original team that built Unix and designed the C programming language. Read more

Red Hat Leftovers

  • How we brought JavaScript to life for Command Line Heroes

    Animators within Red Hat?s Open Studio help bring Command Line Heroes? artwork more to life. All throughout Season 3, they?ve added movement to our episode pages and created eye-catching trailers for social and Red Hat?s YouTube channel. This post highlights their important contributions to the Command Line Heroes? creative process by looking at their work for Episode 3 of Season 4: Creating JavaScript. Also, designer Karen Crowson talks about the easter eggs in that episode?s artwork.

  • Red Hat Ceph Storage RGW deployment strategies and sizing guidance

    Starting in Red Hat Ceph Storage 3.0, Red Hat added support for Containerized Storage Daemons (CSD) which allows the software-defined storage components (Ceph MON, OSD, MGR, RGW, etc) to run within containers. CSD avoids the need to have dedicated nodes for storage services thus reducing both CAPEX and OPEX by co-located storage containerized daemons. Ceph-Ansible provides the required mechanism to put resource fencing to each storage container which is useful for running multiple storage daemon containers on one physical node. In this blog post, we will cover strategies to deploy RGW containers and their resource sizing guidance. Before we dive into the performance, let's understand what are the different ways to deploy RGW.

  • OpenShift 4.2: New YAML Editor

    Through our built-in YAML editor, users can create and edit resources right in the Red Hat OpenShift Web Console UI. In the latest release, we’ve upgraded our editor to include language server support. What is language server support? The language server support feature uses the OpenAPI schema from Kubernetes to provide content assist inside the YAML editor based on the type of resource you are editing. More specifically, the language server support offers the following capabilities: Improved YAML validation: The new editor provides feedback in context, directing you to the exact line and position that requires attention. Document outlining: Document outlines offer a quick way to navigate your code. Auto completion: While in the editor, language server support will provide you with valid configuration information as you type, allowing you to edit faster. Hover support: Hovering over a property will show a description of the associated schema. Advanced formatting: Format your YAML.