Language Selection

English French German Italian Portuguese Spanish

Site News

Tux Machines is Now on Mastodon

Filed under
Site News

Tux Machines on Mastodon

Summary: We can now be found in Mastodon too

A FOSS and decentralised Twitter alternative has received plenty of media attention/traction lately, so Tux Machines belatedly joins in and we invite readers to follow us there if they wish to create an account. The popularity of the platform exploded (number of users quadrupled so far this month).

We've Made It! 100,000 Nodes

Filed under
Site News

A thousand dollars

Summary: Another milestone for Tux Machines, which will turn 15 in a couple of years

100,000 nodes in Tux Machines will have been published later tonight. This one will be assigned node ID/#99995. Earlier today someone anonymous told us, "I just wanted to say thank you for all the work you've done and new information updates at tuxmachines.org."

That's what we are here for -- to help spread information. We don't profit or gain anything from this site, but it's our way of giving back to the Free/Open Source software community.

On to 200,000 (this may take another decade or more).

Record-Breaking Traffic

Filed under
Site News

Summary: Quick report about site traffic

Tux Machines has been enjoying growth in recent weeks, though it's hard to attribute it to anything in particular. The following are the past 4 weeks' logs (we delete all logs after 4 weeks, for privacy reasons, assuring no long-term retention).

-rw-r--r--.  1 root root 389699117 Oct  9 04:40 access.log-20161009
-rw-r--r--.  1 root root 454715290 Oct 16 03:46 access.log-20161016
-rw-r--r--.  1 root root 478747167 Oct 23 03:12 access.log-20161023
-rw-r--r--.  1 root root 499911551 Oct 30 03:40 access.log-20161030

We recently quadrupled the servers' CPU capacity.

The above is not the complete picture. That's omitting all the Varnish activity, which handles the majority of the traffic but simply cannot cache all pages. We are still trying to reduce the frequency of spam incidents (some of the spamy submissions manage to inject JavaScript very briefly).

We'll soon reach the 100,000-node milestone of this Drupal site.

Web Site Traffic Growing

Filed under
Site News

The Linux Foundation recently added the Platform for Network Data Analytics (PNDA)

Panda

Panda

Summary: Network/traffic analytics for Tux Machines

ULTIMATELY, here in Tux Machines we strive to include every bit of relevant news (standalone pages for more important news, clusters of links for the rest, grouped by topic). We rarely blog although sometimes we add an opinion (marked "Ed", shorthand for "Editor").

It has been a long time since we last wrote about statistics. As readers may know by now, we only retain logs for up to 4 weeks (security/diagnostics purposes), then these get deleted for good so as to maintain privacy (we cannot be compelled to hand over data). Those logs show only direct hits, they don't include pages served through the cache* (Varnish) and here is the latest, where the date stands for "week ending":

-rw-r--r--.  1 root root 224439408 Aug  7 03:17 access.log-20160807
-rw-r--r--.  1 root root 310050330 Aug 14 03:22 access.log-20160814
-rw-r--r--.  1 root root 343901488 Aug 21 03:17 access.log-20160821
-rw-r--r--.  1 root root 344256886 Aug 28 03:15 access.log-20160828

The above indicates that, judging by the back end (not cache), traffic continues to increase. Over the past week the site was sometimes unbearably slow if not inaccessible. In the worse case we'll upgrade the server for extra capacity, assuring decent speed. Worth noting is that in the latest log (ending August 28th) less than 1,000 hits came from Edge, so very few among our visitors use the latest and 'greatest' from Microsoft.
____
* The cache server services several domains, notably Tux Machines and Techrights, and it averages at around 1.5 GB of traffic per hour.

Tux Machines Turns 12

Filed under
Site News

THE past few weeks were exceptionally busy for the site as readership grew considerably and the site turned 12. Originally, the site did not share Linux news but had various other sections. Years later Susan Linton made it the success story it is today and in 2013-2014 we only modernised the theme and kept the old tradition, format, etc. We hope this pleases longtime readers of the site. Comments on how the site is run are always taken into account.

Malicious Spam

Filed under
Site News

FOR those who may be wondering, we didn't get compromised or anything. We never had any such incidents. What happened earlier is that some spammer, who had created an account before we limited account creation (due to spam), made the spam expandable to the whole screen, covering many of the pages with that spam (overlay). We are working on code to help prevent such spamming so that legitimate users can post comments etc. without spammers ruining the experience for everyone else.

Baidu Stages De Facto DDOS Attacks (Updated)

Filed under
Site News

Summary: A 2-hour investigation reveals that Tux Machines is now the victim of an arrogant, out-of-control Baidu

TUX MACHINES has been mostly offline later this morning. It has evidently become the victim of Baidu's lawlessness, having fallen under huge dumps of requests from IP addresses which can be traced back to Baidu and whose requests say Baidu as well (we tried blocking these, but it's not easy to do by IP because they have so many). They don't obey robots.txt rules; not even close! It turns out that others suffer from this as well. These A-holes have been causing a lot of problems to the site as of late (slowdowns was one of those problems), including damage to the underlying framework. Should we report them? To who exactly? Looking around the Web, there are no contact details (in English anyway) by which to reach them.

Baidu can be very evil towards Web sites. Evil. Just remember that.

Update: 3 major DDOS attacks (so far today) led to a lot of problems and they also revealed that not Baidu was at fault but botmasters who used "Baidu" to masquerade themselves, hiding among some real and legitimate requests from Baidu (with Baidu-owned IP addresses). We have changed our firewall accordingly. We don't know who's behind these attacks and what the motivations may be.

Record Week

Filed under
Site News

Encounter with a penguin

QUIETLY but surely, last week marked an important milestone, with traffic at the back end (not the cache layer*) exceeding 1.8 million hits, thus establishing a new record. So far this week it looks as though we are going to break this record again. We hope that the new format, which places emphasis on high importance links (as standalone nodes) and puts less important links in topical groups (grouping like games or howtos), makes reading the site more convenient and makes keeping abreast of the news easier, without getting overloaded in a way that is not somewhat manageable (links inside groups are typically less important, as intended). We're open to any suggestions readers may have to ensure we remain a leading syndicator of GNU/Linux and Free/Open Source software news. Any feedback can improve the site.

_____
* It is difficult to measure what happens at the Varnish layer as it's shared among several domains, including Techrights.

Back to Normal Next Week

Filed under
Site News

IN CASE it's not already obvious, we have been posting fewer links since the 14th of this month because we are both away and we catch up with some news only when time permits. Today's hot day (38 degrees) will probably allow us to stay indoors more time than usual and therefore post some more links (from Rianne's laptop), but a week for now is when we'll properly catch up with everything that was missed and gradually get back to normal, hopefully for a long time to come.

Please bear with us while we enjoy our last chance to have a summer vacation. It's already cold back home in Manchester.

Operating Systems in Tux Machines

Filed under
Site News

Summary: Some numbers to show what goes on in sites that do not share information about their visitors (unlike Windows-centric sites which target non-technical audiences)

THE common perception of GNU/Linux is that it is scarcely used, based on statistics gathered from privacy-hostile Web sites that share (or sell) access log data, embed spyware in all of their pages, and so on. Our sites are inherently different because of a reasonable -- if not sometimes fanatic -- appreciation of privacy at both ends (server and client). People who read technical sites know how to block ads, impede spurious scripts etc. These sites also actively avoid anything which is privacy-infringing, such as interactive 'social' media buttons (these let third parties spy on all visitors in all pages).

Techrights and Tux Machines attract the lion's share our traffic (and server capacity). They both have dedicated servers. These are truly popular and some of the leaders in their respective areas. Techrights deals with threats to software freedom, whereas Tux Machines is about real-time news discovery and organisation (pertaining to Free software and GNU/Linux).

The Varnish layer, which protects both of these large sites (nearly 100,000 pages in each, necessitating a very large cache pool), handles somewhere between a gigabyte to 2.5 gigabytes of data per hour (depending on the time of day, usually somewhere in the middle of this range, on average).

The Apache layer, which now boasts 32 GB of RAM and sports many CPU cores, handled 1,324,232 hits for Techrights (ranked 6636th for traffic in Netcraft) in this past week and 1,065,606 for Tux Machines (ranked 6214th for traffic in Netcraft).

Based on VISITORS Web Log Analyzer, this is what we've had in Techrights:

Windows: (36.2%)
Linux: (31.8%)
Unknown: (e.g. bots/spiders): (23.0%)
Macintosh: (8.8%)
FreeBSD: (0.1%)

As a graph (charted with LibreOffice):

Techrights stats

Tux Machines reveals a somewhat different pattern. Based on grepping/filtering the of past month's log at the Apache back end (not Varnish, which would have been a more sensible but harder thing to do), presenting the top 3 only:

Tuxmachines stats

One month is as far as retention goes, so it's not possible to show long-term trends (as before, based on Susan's summary of data). Logs older than that are automatically deleted, as promised, for both sites -- forever! We just need a small tail of data (temporarily) for DDOS prevention.

Syndicate content

More in Tux Machines

GitLab Web IDE

  • GitLab Web IDE Goes GA and Open-Source in GitLab 10.7
    GitLab Web IDE, aimed to simplify the workflow of accepting merge requests, is generally available in GitLab 10.7, along with other features aimed to improve C++ and Go code security and improve Kubernets integration. The GitLab Web IDE was initially released as a beta in GitLab 10.4 Ultimate with the goal of streamlining the workflow to contribute small fixes and to resolve merge requests without requiring the developer to stash their changes and switch to a new branch locally, then back. This could be of particular interest to developers who have a significant number of PRs to review, as well as to developers starting their journey with Git.
  • GitLab open sources its Web IDE
    GitLab has announced its Web IDE is now generally available and open sourced as part of the GitLab 10.7 release. The Web IDE was first introduced in GitLab Ultimate 10.4. It is designed to enable developers to change multiple files, preview Markdown, review changes and commit directly within a browser. “At GitLab, we want everyone to be able to contribute, whether you are working on your first commit and getting familiar with git, or an experienced developer reviewing a stack of changes. Setting up a local development environment, or needing to stash changes and switch branches locally, can add friction to the development process,” Joshua Lambert, senior product manager of monitoring and distribution at GitLab, wrote in a post.

Record Terminal Activity For Ubuntu 16.04 LTS Server

At times system administrators and developers need to use many, complex and lengthy commands in order to perform a critical task. Most of the users will copy those commands and output generated by those respective commands in a text file for review or future reference. Of course, “history” feature of the shell will help you in getting the list of commands used in the past but it won’t help in getting the output generated for those commands. Read
more

Linux Kernel Maintainer Statistics

As part of preparing my last two talks at LCA on the kernel community, “Burning Down the Castle” and “Maintainers Don’t Scale”, I have looked into how the Kernel’s maintainer structure can be measured. One very interesting approach is looking at the pull request flows, for example done in the LWN article “How 4.4’s patches got to the mainline”. Note that in the linux kernel process, pull requests are only used to submit development from entire subsystems, not individual contributions. What I’m trying to work out here isn’t so much the overall patch flow, but focusing on how maintainers work, and how that’s different in different subsystems. Read more

Security: Updates, Trustjacking, Breach Detection

  • Security updates for Monday
  • iOS Trustjacking – A Dangerous New iOS Vulnerability
    An iPhone user's worst nightmare is to have someone gain persistent control over his/her device, including the ability to record and control all activity without even needing to be in the same room. In this blog post, we present a new vulnerability called “Trustjacking”, which allows an attacker to do exactly that. This vulnerability exploits an iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer. A single tap by the iOS device owner when the two are connected to the same network allows an attacker to gain permanent control over the device. In addition, we will walk through past related vulnerabilities and show the changes that Apple has made in order to mitigate them, and why these are not enough to prevent similar attacks.
  • What Is ‘Trustjacking’? How This New iOS Vulnerability Allows Remote Hacking?
    This new vulnerability called trustjacking exploits a convenient WiFi feature, which allows iOS device owners to manage their devices and access data, even when they are not in the same location anymore.
  • Breach detection with Linux filesystem forensics
    Forensic analysis of a Linux disk image is often part of incident response to determine if a breach has occurred. Linux forensics is a different and fascinating world compared to Microsoft Windows forensics. In this article, I will analyze a disk image from a potentially compromised Linux system in order to determine the who, what, when, where, why, and how of the incident and create event and filesystem timelines. Finally, I will extract artifacts of interest from the disk image. In this tutorial, we will use some new tools and some old tools in creative, new ways to perform a forensic analysis of a disk image.