Language Selection

English French German Italian Portuguese Spanish

Site News

The End of Tux Machines' Strongest Year

Filed under
Site News

Tux Machines 2020

TODAY is the last day of the last month of this year if not decade. We're pleased to close this year with record traffic levels. In 2019 we increased our coverage of programming-centric matters, especially when the underlying frameworks/languages were Free/libre software.

Earlier this year we also celebrated our 15th anniversary. There are three of us working behind the scenes to make the site up to date and keep it up (online). We're all passionate users of GNU/Linux who want to spread the word and encourage more people to use the platform.

In 2019 not only did we see record traffic levels; we also saw an unprecedented level of success for GNU/Linux in the adoption sense. Rianne is responsible for "Android leftovers" and remember that each Android device has Linux (or "Tux") in it. Google explored alternatives, but we haven't heard of these for months. It's nowadays very difficult to run a company or start a company without Linux -- no matter if in the server or device space. Let's hope Tux Machines will be around -- and online -- for many years to come. Happy new year.

Moving Into 'Christmas Mode'

Filed under
Site News

Slow news day

Summary: Fewer news items in days to come and potentially some planned downtime as well

AS ONE can expect, we won't be able to find much news over the next few days, and perhaps be 'low volume' for as long as a week or more to come (a problem to news addicts or neophiles). We'll try to also upgrade/migrate the site if all goes according to plan. In that case, there might be limited downtime (scheduled, altogether expected, no need to panic).

Merry Christmas to those who celebrate it.

Keep the Bees Going

Filed under
Site News

Bee

MANCHESTER is known as the city of "working bees" because of the work ethics or its hard-working people. Working bees are the symbol of Manchester, where my wife and I are based and spend each day -- morning, afternoon, evening and sometimes night -- posting updates here in Tux Machines.

The end of the year is fast approaching. Literally 22 days left, i.e. 3 weeks and a day. We wish to thank those who tipped up yesterday to keep us going. We accept donations through PayPal and we're grateful for any contribution readers can make, even if as meager as a cup of coffee's worth. It gives my wife and I motivation to continue and circulate updates as soon as we find them. Thank you! Smile

Tux Machines Entering a Third Decade Soon

Filed under
Site News

Put your tuxedo on

Tux Machines 2020
Getting better over time?

SUSAN created this site a very long time ago, more than a decade and a half in the past. Susan did a spectacular job. With regular news updates she managed to grow the site in terms of pages, screenshots, reviews, readers, and contributors. We are eternally thankful to her.

Rianne and I have run the site since 2013. 2020 is around the corner (just over 3 weeks left!) and that makes another new decade. In terms of site traffic we continue to grow. Other than Rianne and I posting news updates 'around the clock' there's already a systems administrator who volunteered to help keep the site chugging along. We are very thankful to him. He prefers to remain unnamed. So Tux Machines is basically not a one-person operation. It is basically a team of three people now (in addition to various people who add posts/links). Rianne (based in the UK) usually takes the lead with breaking stories, I tend to post summaries or clusters of related links and system integrity/uptime is assured from Scandinavia. The hypervisor is physically in the United States. We're a sort of international team with no income source (other than our jobs).

If you enjoy the site and find it handy, maybe you wish to drop us a tip for Christmas as a token of gratitude. Anything helps, even a cup of coffee's worth. Coffee helps keep us awake to post more links. Wink

130,000!

Filed under
Site News

LOC number

YAY! It's Tux Machines' 130 thousandth post! (node)

Keeping a Web Site Safe and Available With or Without a CDN

Filed under
Site News

PostgreSQL

THE site Tux Machines is and has been online for over 15 years. It has not suffered security-related incidents. The same is true for Techrights, which soon turns 13. Tux Machines uses Gallery and Drupal, whereas Techrights uses MediaWiki, WordPress and Drupal. WordPress is its most important component as it contains over 26,000 posts. Tux Machines has about 130,000 nodes in Drupal. We don't use a CDN as we have a reasonably powerful server that can cope with the load on its own. For security we use best practices and keep critical issues plugged. I was recently asked for advice on these matters and explained things as follows.

There are mainly two types of attacks (maybe three if one includes social engineering, e.g. tricking a citizen journalist/blogger/administrator into a trap):

1) capacity-based, e.g. DDOS attack

2) exploiting vulnerabilities to degrade/compromise site's quality of service (similar to (1) above but not the same), access site data (confidential), spy on people (writers/staff/visitors) without them being aware.

WordPress runs lots of stuff and powers a lot of the Web, maybe 20% (or more) of today's Web sites. It's regularly checked for security issues and bugs are regularly fixed. Updates can be set to automatic, which means they happen in the background without user intervention. I check the site for updates several times per day, e.g. this one from yesterday.

I've used WordPress for 15 years as an early adopter and developer.

What's known as the "core" of WordPress is generally secure if kept up to date, manually or automatically (for large sites it might make sense to apply patches manually to reduce risk of unnoticed incidents and enable quality control, patch assessment etc). It's also important to keep the underlying operating system and pertinent packages like PHP (programming language), mysql/psql (WordPress and Drupal typically use MariaDB or MySQL as the database, but PostgreSQL should be possible too) and Apache (there are simpler alternatives e.g. NGINX for Web server) up to date.

If we get to keep everything up to date, and moreover we don't install WordPress extensions that cannot be trusted or are no longer maintained (or scarcely maintained), we should be OK. The social engineering part involves stuff such as phishing, e.g. someone sending out an E-mail in an attempt to obtain passwords of privileged users.

If you use a CDN for content distribution, e.g. CloudFlare, then availability will be mostly down to the CDN company. WordPress generates pages on the fly (dynamic), but it has caching mechanisms that can be further improved with extensions. The CDN likely obviates the need for those. So, if the site is receiving 'too many' requests, the CDN can probably scale to deal with that (maybe a more expensive protection plan).

I peronsally would never use CloudFlare (for a lot of reasons), but to many people it's the only CDN that 'counts' or exists. Brand recognition perhaps.

Contact Private Internet Access (PIA) Managers to Help Save Linux Journal From Shutdown

Filed under
Site News

Private Internet Access

TUX MACHINES turned 15 almost exactly two months ago. The site has operational costs, as one can expect, mostly the hardware and bandwidth. We've thankfully had these resources very kindly donated to us last year, basically saving us the massive burden of bills somewhere around $10,000. Running a site with a lot of traffic isn't cheap and it isn't getting cheaper, either. As an overhead or addition to server maintenance (uptime requires habitual work on repairing databases, managing backups, patching of software and agonising system upgrades once in a few years) it takes a lot of time to compose new material and moderate to keep spam out.

A lot of the mainstream media is bashing Linux Journal right now. It makes it seem like its demise is a problem with GNU/Linux itself. These are villainous lies from self-serving foes of Linux, sometimes people who are aligned with Microsoft or salaried by Microsoft (we don't want to link to their provocative clickbait). But anyway, the bottom line is that keeping Linux Journal online may be costly and people should prepare for the possibility of Linux Journal becoming unavailable (offline) some time soon. I try very hard to prevent this (today and yesterday). "There is a real (and ever-growing) danger that a massive trove of GNU/Linux and Free software history will vanish unless urgent action is taken right now," I said. There are ways to avoid this (writers of that site need to unite in a union-like sense). I also secure my own sites from such a fate, having reached almost 13 years in Techrights. This week the site is experiencing all-time traffic records.

I've decided to contact Rick Falkvinge (Dick Greger Augustsson), founder of the Swedish Pirate Party and head of privacy at Private Internet Access, which owns Linux Journal. Bear in mind he used to work for Microsoft. We're still friendly online (we've exchanged some messages over the years) and he probably has sufficient clout at Private Internet Access to sway their decisions. In case they plan to shut down the site, we must act fast. Please contact him; as per his Web site, his E-mail address is x1bpsas66na001@sneakemail.com and any message he receives he can relay to other high-level people at the company. I don't personally know anyone else at that company, so that's the only contact I'm able to provide.

Photos: 15-Year Anniversary Party

Filed under
Site News

Tux Machines Over the Past 15 Years

Filed under
Site News

2005

Tux Machines site in 2005

2010

Tux Machines site in 2010

2012

Tux Machines site in 2012

2013

Tux Machines site in 2013

Late 2013

Tux Machines site in late 2013

2014

Tux Machines site in 2014

2015

Tux Machines site in 2015

2019

Tux Machines site in 2019

Happy 15th Anniversary to Tux Machines

Filed under
Site News

Anniversary of Tux Machines

Summary: Anniversary of Tux Machines is today, a special anniversary too

Today Tux Machines is celebrating its 15th year of existing. When we bought the website it was about 10 years old, so kudos to Susan Linton who devoted time to make and keep the site on pace. We promise to keep the website up to date with lots of insightful OSS/FOSS/Linux/Android-related articles. We hope to continue the job well into the distant future.

Syndicate content

More in Tux Machines

Devices: PicoCore, u‑blox and ESP32

  • PicoCore MX8MN is a Tiny NXP i.MX 8M Nano Computer-on-Module

    The PicoCore MX8MN Nano carries the NXP i.MX 8M Nano F&S Elektronik Systeme has announced the development of the smallest i.MX 8M based CoM yet: the PicoCore MX8MN Nano.

  • u-Blox Launches JODY-W3 WiFi 6 & Bluetooth 5.1 Module for Automotive Applications

    u‑blox has just launched JODY-W3 wireless module which the company claims to be the first automotive-grade WiFi 6 module. Apart from supporting 802.11ax WiFi with 2×2 MIMO, the module also comes with dual-mode Bluetooth 5.1 connectivity. WiFi 6 will be used for applications demanding higher bitrates such as ultra‑HD video infotainment streaming and screen mirroring, wireless back‑up cameras and cloud connectivity as well as vehicle systems maintenance and diagnostics. Bluetooth 5.1 will be used for keyless entry systems and other applications leveraging direction-finding and the longer range offered by the latest version of Bluetooth.

  • Barracuda App Server for ESP32 Let You Easily Develop Lua Apps via Your Web Browser

    We covered Real Time Logic’s open-source lightweight Minnow Server for microcontrollers last year, and now the company has released another project: Barracuda App Server for ESP32. This project is more complex and requires an ESP32 board with PSRAM to run such as boards based on ESP32-WROVER module with 4 to 8MB PSRAM. The Barracuda App server (BAS) comes with a Lua VM, and in complement with the LSP App Manager that facilitates active development on the ESP32 by providing a web interface. The Barracuda App Server runs on top of FreeRTOS real-time operating system part of Espressif free ESP-IDF development environment.

3-D Printing and Open Hardware: MakerBot, AAScan and RISC-V

  • MakerBot Targets Schools With Rebranded Printers

    MakerBot was poised to be one of the greatest success stories of the open source hardware movement. Founded on the shared knowledge of the RepRap community, they created the first practical desktop 3D printer aimed at consumers over a decade ago. But today, after being bought out by Stratasys and abandoning their open source roots, the company is all but completely absent in the market they helped to create. Cheaper and better printers, some of which built on that same RepRap lineage, have completely taken over in the consumer space; forcing MakerBot to refocus their efforts on professional and educational customers.

  • 3D-Printed 3D Scanner made to work with your phone

    An Arduino-based 3D scanner was created by an industrious 3D printing enthusiast and released open source this week for all to enjoy. This open source project was made to take out the most time-consuming component of the 3D scan process, giving said process instead to an Android phone combined with 3D-printed parts, a cheap motor, and an Arduino. This is not the first time such a system has been attempted, but it does appear to be the most complete and ready-to-roll system to date.

  • AAScan open source Arduino 3D scanner utilizes the power of your smartphone

    Using the power of Arduino and utilising the camera and powerful performance of a smartphone QLRO has created a fantastic 3D scanner aptly named the AAScan. Check out the video below to learn more about the Android 3D scanner which is open source and fully automated.

  • Video: RISC-V momentum around the world, from edge to HPC

    In this keynote talk from the 2020 HiPEAC conference, RISC-V Foundation Chief Executive Calista Redmond explains how the RISC-V open-source instruction set architecture is gathering momentum around the world, finding applications across the compute continuum from edge to high-performance computing.

  • Weekend Discussion: How Concerned Are You If Your CPU Is Completely Open?

    For some interesting Sunday debates in the forums, how important to you is having a completely open CPU design? Additionally, is POWER dead? This comes following interesting remarks by an industry leader this weekend. Stemming from discussions on Twitter about Raptor's new OpenBMC firmware with a web GUI in tow, one of the discussions ended up shifting to that of open CPU designs and the belief that secretive CPU startup NUVIA could be having an open-source firmware stack.

Security and FUD: SpaceX, NMap, Polyverse, MongoDB, NGINX and Kubernetes

  • All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert

    Last month, SpaceX became the operator of the world's largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months.

  • NMap - A Basic Security Audit of Exposed Ports and Services

    For a plethora of reasons, auditing the security of our servers and networks is of paramount importance. Whether we are talking about a development server, a workstation, or a major enterprise application, security should be baked into every step of the deployment. While we can easily check our firewall settings from “the inside” of our systems. It is also a good idea to run a security audit from "the outside”. Using a network enumeration tool such as the famous and highly vetted Network Mapper (NMap).

  • Cybersecurity startup Polyverse raises $8M to protect Linux open-source code from hackers [Ed: Right around the corner from Bill Gates, another company like Black Duck and it'll "protect" Linux... just buy its proprietary software]

    Polyverse has been validated by the U.S. Department of Defense for mitigating zero-day attacks, intrusions that occur just as a vulnerability becomes public, such as the infamous WannaCry ransomware and hacks of companies like Equifax. The company says its technology is “running on millions of servers.”

  • MongoDB: developer distraction dents DevSecOps dreams

    MongoDB’s director of developer relations has just opened a piece of internal research that suggests as few as 29% of Europe’s developers take full responsibility for security. Now, 29% is a somewhat arbitrary figure, cleary i.e. it could be 22.45% or it could be 39.93%… the fact that the firm has pointed to an exact sum in this way is merely intended to show that it has undertaken a degree of calculation and statistical analysis

  • NGINX Unit Adds Support for Reverse Proxying and Address-Based Routing

    NGINX announced the release of versions 1.13 and 1.14 of NGINX Unit, its open-source web and application server. These releases include support for reverse proxying and address-based routing based on the connected client's IP address and the target address of the request. NGINX Unit is able to run web applications in multiple language versions simultaneously. Languages supported include Go, Perl, PHP, Python, Node.JS, Java, and Ruby. The server does not rely on a static configuration file, instead allowing for configuration via a REST API using JSON. Configuration is stored in memory allowing for changes to happen without a restart.

  • Kubernetes Security Plagued by Human Error, Misconfigs

    Following a year of numerous security bugs within the Kubernetes ecosystem and the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), which hosts the open source platform, continued wide-spread adoption has seen security become somewhat of an afterthought. However, if security concerns continue inhibiting business innovation, does that fall on businesses for neglecting security practices or the market for not providing them with the tools to confidently secure their deployments? “People just get security wrong sometimes,” McLean said. “Companies need a combination of increased learning, cross-pollination, new tooling, and updated processes to identify and remediate these security ‘mistakes’ during build and deploy vs. waiting for exposure during runtime.”

Contributing to KDE is easier than you think — Localization plain and simple

Today’s post will essentially describe how quick and easy it is to work with localization for KDE software. My latest post might have sounded intimidating or people might have gotten tired from reading it in the middle, which is a shame; hence the reason for this post. Oh, existing translators should also have a reason to read this post, as I’ll be showing brand new functionality in Lokalize too. As a brief note, I’m currently using openSUSE Krypton with Plasma from master, meaning it’s as updated as possible. I’m also using the XWayland session, because it’s dope af. It doesn’t affect my workflow at all, either. But well, let’s keep it short and begin. Read more