Language Selection

English French German Italian Portuguese Spanish

Site News

Record-Breaking Traffic

Filed under
Site News

Summary: Quick report about site traffic

Tux Machines has been enjoying growth in recent weeks, though it's hard to attribute it to anything in particular. The following are the past 4 weeks' logs (we delete all logs after 4 weeks, for privacy reasons, assuring no long-term retention).

-rw-r--r--.  1 root root 389699117 Oct  9 04:40 access.log-20161009
-rw-r--r--.  1 root root 454715290 Oct 16 03:46 access.log-20161016
-rw-r--r--.  1 root root 478747167 Oct 23 03:12 access.log-20161023
-rw-r--r--.  1 root root 499911551 Oct 30 03:40 access.log-20161030

We recently quadrupled the servers' CPU capacity.

The above is not the complete picture. That's omitting all the Varnish activity, which handles the majority of the traffic but simply cannot cache all pages. We are still trying to reduce the frequency of spam incidents (some of the spamy submissions manage to inject JavaScript very briefly).

We'll soon reach the 100,000-node milestone of this Drupal site.

Web Site Traffic Growing

Filed under
Site News

The Linux Foundation recently added the Platform for Network Data Analytics (PNDA)

Panda

Panda

Summary: Network/traffic analytics for Tux Machines

ULTIMATELY, here in Tux Machines we strive to include every bit of relevant news (standalone pages for more important news, clusters of links for the rest, grouped by topic). We rarely blog although sometimes we add an opinion (marked "Ed", shorthand for "Editor").

It has been a long time since we last wrote about statistics. As readers may know by now, we only retain logs for up to 4 weeks (security/diagnostics purposes), then these get deleted for good so as to maintain privacy (we cannot be compelled to hand over data). Those logs show only direct hits, they don't include pages served through the cache* (Varnish) and here is the latest, where the date stands for "week ending":

-rw-r--r--.  1 root root 224439408 Aug  7 03:17 access.log-20160807
-rw-r--r--.  1 root root 310050330 Aug 14 03:22 access.log-20160814
-rw-r--r--.  1 root root 343901488 Aug 21 03:17 access.log-20160821
-rw-r--r--.  1 root root 344256886 Aug 28 03:15 access.log-20160828

The above indicates that, judging by the back end (not cache), traffic continues to increase. Over the past week the site was sometimes unbearably slow if not inaccessible. In the worse case we'll upgrade the server for extra capacity, assuring decent speed. Worth noting is that in the latest log (ending August 28th) less than 1,000 hits came from Edge, so very few among our visitors use the latest and 'greatest' from Microsoft.
____
* The cache server services several domains, notably Tux Machines and Techrights, and it averages at around 1.5 GB of traffic per hour.

Tux Machines Turns 12

Filed under
Site News

THE past few weeks were exceptionally busy for the site as readership grew considerably and the site turned 12. Originally, the site did not share Linux news but had various other sections. Years later Susan Linton made it the success story it is today and in 2013-2014 we only modernised the theme and kept the old tradition, format, etc. We hope this pleases longtime readers of the site. Comments on how the site is run are always taken into account.

Malicious Spam

Filed under
Site News

FOR those who may be wondering, we didn't get compromised or anything. We never had any such incidents. What happened earlier is that some spammer, who had created an account before we limited account creation (due to spam), made the spam expandable to the whole screen, covering many of the pages with that spam (overlay). We are working on code to help prevent such spamming so that legitimate users can post comments etc. without spammers ruining the experience for everyone else.

Baidu Stages De Facto DDOS Attacks (Updated)

Filed under
Site News

Summary: A 2-hour investigation reveals that Tux Machines is now the victim of an arrogant, out-of-control Baidu

TUX MACHINES has been mostly offline later this morning. It has evidently become the victim of Baidu's lawlessness, having fallen under huge dumps of requests from IP addresses which can be traced back to Baidu and whose requests say Baidu as well (we tried blocking these, but it's not easy to do by IP because they have so many). They don't obey robots.txt rules; not even close! It turns out that others suffer from this as well. These A-holes have been causing a lot of problems to the site as of late (slowdowns was one of those problems), including damage to the underlying framework. Should we report them? To who exactly? Looking around the Web, there are no contact details (in English anyway) by which to reach them.

Baidu can be very evil towards Web sites. Evil. Just remember that.

Update: 3 major DDOS attacks (so far today) led to a lot of problems and they also revealed that not Baidu was at fault but botmasters who used "Baidu" to masquerade themselves, hiding among some real and legitimate requests from Baidu (with Baidu-owned IP addresses). We have changed our firewall accordingly. We don't know who's behind these attacks and what the motivations may be.

Record Week

Filed under
Site News

Encounter with a penguin

QUIETLY but surely, last week marked an important milestone, with traffic at the back end (not the cache layer*) exceeding 1.8 million hits, thus establishing a new record. So far this week it looks as though we are going to break this record again. We hope that the new format, which places emphasis on high importance links (as standalone nodes) and puts less important links in topical groups (grouping like games or howtos), makes reading the site more convenient and makes keeping abreast of the news easier, without getting overloaded in a way that is not somewhat manageable (links inside groups are typically less important, as intended). We're open to any suggestions readers may have to ensure we remain a leading syndicator of GNU/Linux and Free/Open Source software news. Any feedback can improve the site.

_____
* It is difficult to measure what happens at the Varnish layer as it's shared among several domains, including Techrights.

Back to Normal Next Week

Filed under
Site News

IN CASE it's not already obvious, we have been posting fewer links since the 14th of this month because we are both away and we catch up with some news only when time permits. Today's hot day (38 degrees) will probably allow us to stay indoors more time than usual and therefore post some more links (from Rianne's laptop), but a week for now is when we'll properly catch up with everything that was missed and gradually get back to normal, hopefully for a long time to come.

Please bear with us while we enjoy our last chance to have a summer vacation. It's already cold back home in Manchester.

Operating Systems in Tux Machines

Filed under
Site News

Summary: Some numbers to show what goes on in sites that do not share information about their visitors (unlike Windows-centric sites which target non-technical audiences)

THE common perception of GNU/Linux is that it is scarcely used, based on statistics gathered from privacy-hostile Web sites that share (or sell) access log data, embed spyware in all of their pages, and so on. Our sites are inherently different because of a reasonable -- if not sometimes fanatic -- appreciation of privacy at both ends (server and client). People who read technical sites know how to block ads, impede spurious scripts etc. These sites also actively avoid anything which is privacy-infringing, such as interactive 'social' media buttons (these let third parties spy on all visitors in all pages).

Techrights and Tux Machines attract the lion's share our traffic (and server capacity). They both have dedicated servers. These are truly popular and some of the leaders in their respective areas. Techrights deals with threats to software freedom, whereas Tux Machines is about real-time news discovery and organisation (pertaining to Free software and GNU/Linux).

The Varnish layer, which protects both of these large sites (nearly 100,000 pages in each, necessitating a very large cache pool), handles somewhere between a gigabyte to 2.5 gigabytes of data per hour (depending on the time of day, usually somewhere in the middle of this range, on average).

The Apache layer, which now boasts 32 GB of RAM and sports many CPU cores, handled 1,324,232 hits for Techrights (ranked 6636th for traffic in Netcraft) in this past week and 1,065,606 for Tux Machines (ranked 6214th for traffic in Netcraft).

Based on VISITORS Web Log Analyzer, this is what we've had in Techrights:

Windows: (36.2%)
Linux: (31.8%)
Unknown: (e.g. bots/spiders): (23.0%)
Macintosh: (8.8%)
FreeBSD: (0.1%)

As a graph (charted with LibreOffice):

Techrights stats

Tux Machines reveals a somewhat different pattern. Based on grepping/filtering the of past month's log at the Apache back end (not Varnish, which would have been a more sensible but harder thing to do), presenting the top 3 only:

Tuxmachines stats

One month is as far as retention goes, so it's not possible to show long-term trends (as before, based on Susan's summary of data). Logs older than that are automatically deleted, as promised, for both sites -- forever! We just need a small tail of data (temporarily) for DDOS prevention.

Mollom Issues

Filed under
Site News

TUX MACHINES has been having some issues with the spam filter, so people who regularly submit material, including comments, may have struggled to do so over the past fortnight of so. If that's the case, please re-attempt and report any issue you encounter to us (feedback button on the right).

Spring in Tux Machines

Filed under
Site News

Tux Machines traffic

Tux Machines traffic has been increasing during spring. The DDOS attacks are behind us thankfully, the latest problem is just a lot of spam, which we are deleting as soon as we can.

Syndicate content

More in Tux Machines

Google and Mozilla

  • Google Rolls Out Continuous Fuzzing Service For Open Source Software
    Google has launched a new project for continuously testing open source software for security vulnerabilities. The company's new OSS-Fuzz service is available in beta starting this week, but at least initially it will only be available for open source projects that have a very large user base or are critical to global IT infrastructure.
  • Mozilla is doing well financially (2015)
    Mozilla announced a major change in November 2014 in regards to the company's main revenue stream. The organization had a contract with Google in 2014 and before that had Google pay Mozilla money for being the default search engine in the Firefox web browser. This deal was Mozilla's main source of revenue, about 329 million US Dollars in 2014. The change saw Mozilla broker deals with search providers instead for certain regions of the world.

Security Leftovers

  • Security updates for Friday
  • Understanding SELinux Roles
    I received a container bugzilla today for someone who was attempting to assign a container process to the object_r role. Hopefully this blog will help explain how roles work with SELinux. When we describe SELinux we often concentrate on Type Enforcement, which is the most important and most used feature of SELinux. This is what describe in the SELinux Coloring book as Dogs and Cats. We also describe MLS/MCS Separation in the coloring book.
  • The Internet Society is unhappy about security – pretty much all of it
    The Internet Society (ISOC) is the latest organisation saying, in essence, “security is rubbish – fix it”. Years of big data breaches are having their impact, it seems: in its report released last week, it quotes a 54-country, 24,000-respondent survey reporting a long-term end user trend to become more fearful in using the Internet (by Ipsos on behalf of the Centre for International Governance Innovation). Report author, economist and ISOC fellow Michael Kende, reckons companies aren't doing enough to control breaches. “According to the Online Trust Alliance, 93 per cent of breaches are preventable” he said, but “steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted.”
  • UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor
    Among the many unpleasant things in the Investigatory Powers Act that was officially signed into law this week, one that has not gained as much attention is the apparent ability for the UK government to undermine encryption and demand surveillance backdoors. As the bill was passing through Parliament, several organizations noted their alarm at section 217 which obliged ISPs, telcos and other communications providers to let the government know in advance of any new products and services being deployed and allow the government to demand "technical" changes to software and systems.
  • EU budget creates bug bounty programme to improve cybersecurity
    Today the European Parliament approved the EU Budget for 2017. The budget sets aside 1.9 million euros in order to improve the EU's IT infrastructure by extending the free software audit programme (FOSSA) that MEPs Max Anderson and Julia Reda initiated two years ago, and by including a bug bounty approach in the programme that was proposed by MEP Marietje Schaake.
  • Qubes OS Begins Commercialization and Community Funding Efforts
    Since the initial launch of Qubes OS back in April 2010, work on Qubes has been funded in several different ways. Originally a pet project, it was first supported by Invisible Things Lab (ITL) out of the money we earned on various R&D and consulting contracts. Later, we decided that we should try to commercialize it. Our idea, back then, was to commercialize Windows AppVM support. Unlike the rest of Qubes OS, which is licensed under GPLv2, we thought we would offer Windows AppVM support under a proprietary license. Even though we made a lot of progress on both the business and technical sides of this endeavor, it ultimately failed. Luckily, we got a helping hand from the Open Technology Fund (OTF), which has supported the project for the past two years. While not a large sum of money in itself, it did help us a lot, especially with all the work necessary to improve Qubes’ user interface, documentation, and outreach to new communities. Indeed, the (estimated) Qubes user base has grown significantly over that period. Thank you, OTF!
  • Linux Security Basics: What System Administrators Need to Know
    Every new Linux system administrator needs to learn a few core concepts before delving into the operating system and its applications. This short guide gives a summary of some of the essential security measures that every root user must know. All advice given follows the best security practices that are mandated by the community and the industry.
  • BitUnmap: Attacking Android Ashmem
    The law of leaky abstractions states that “all non-trivial abstractions, to some degree, are leaky”. In this blog post we’ll explore the ashmem shared memory interface provided by Android and see how false assumptions about its internal operation can result in security vulnerabilities affecting core system code.

GNU/FSF

  • The Three Software Freedoms
    The government can help us by making software companies distribute the source code. They can say it's "in the interest of national security". And they can sort out the patent system (there are various problems with how the patent system handles software which are out of the scope of this article). So when you chat to your MP please mention this.
  • Leapfrog Honoring the GPL
  • A discussion on GPL compliance
    Among its many activities, the Software Freedom Conservancy (SFC) is one of the few organizations that does any work on enforcing the GPL when other compliance efforts have failed. A suggestion by SFC executive director Karen Sandler to have a Q&A session about compliance and enforcement at this year's Kernel Summit led to a prolonged discussion, but not to such a session being added to the agenda. However, the co-located Linux Plumbers Conference set up a "birds of a feather" (BoF) session so that interested developers could hear more about the SFC's efforts, get their questions answered, and provide feedback. Sandler and SFC director of strategic initiatives Brett Smith hosted the discussion, which was quite well-attended—roughly 70 people were there at a 6pm BoF on November 3.
  • Join us as a member to give back for the free software you use
    At the FSF, we run our own infrastructure using only free software, which makes us stand out from nearly every other nonprofit organization. Virtually all others rely on outside providers and use a significant amount of nonfree software. With your support, we set an example proving that a nonprofit can follow best practices while running only free software.
  • The Free Software Foundation is in need of members

today's howtos