State of the Thunix - March 2020================================So,
Thunix has moved to a new host. With this move comes many benefits,and a
couple of tradeoffs.So, first for what we lost: We lost \~8GB of RAM and
1TB of disk space.We rarely utilized more than 1/4 of the RAM, so we're
still way good togo there.We haven't ran out of disk space, with 2TB, in
fact, we have beenhovering \~1/4 usage. So, right now, we're at \~50%
usage. We will begetting rid of some low-usage mirrors, that have plenty
of replicasalready in Germany, which should free up a bunch more
space.What we have gained: ipv6 addresses, full virtualization (Which
allowsus to modify the system more heavily, better isolation (Which
means moreprivacy and security for users), we can do snaps and
containers now aswell!We have also gotten what should hopefully be a
more sustainable model:Thunix is now being graciously sponsored by [WNY
TechnologyCollaborative](https://wnytechcollab.com), a worker-owned
cooperative,that works with other cooperatives, socialist organizations,
non-profitorganizations, and local small businesses to meet their
informationtechnology needs. So, as long as they are still in business,
we have ahome :)All in all, this new home gives us a lot more
flexibility to grow, andgets us to a slightly more sustainable position,
since donations (Whilestill welcomed) have been pretty lacking. This
move provides stability,for the moment. Eventually, I would like to see
Thunix become a fullyself-sustaining community.If you see anything awry,
open an issue on our tildegit repo foransible, if you're unsure where
the problem is, or drop a line intilde.chat/\#thunix, and we'll check
into it, so see what is wrong.So, on to more good things!
New month Thunixers, and latest update!
Things are moving along swimmingly, more or less. We implemented a new
account recovery feature, which users are taking advantage of. And,
if you're in the IRC channel, you've been noticing a new project being
worked on: The Thunix API. Also, we were planning a migration to new
hardware this month, but that has been postponed.
If you've not set up your account recovery information, please make sure
you do so, soon, to ensure you can recover your account in the future,
should the need arise. Just put an email address or recovery passphrase
in ~/.thunix/recovery, and chmod 600 that file. This ensures only you
can see it (And the admin team when we need to), and we have a way of
reaching out and verifying it is you requesting the recovery.
We are projecting to do the hardware migration in February, but it is
still in flux a little. We'll let you know in IRC, and via email when
the time comes. You shouldn't notice anything different other than a
new IP address, but we will preserve the ssh keys, so you won't have to
worry about ssh breaking.
Also, we are working on an API to get info about the Thunix
systems, and also, to do some of the management for it, remotely.
This will enable us to (in the future) build some pretty awesome
apps around the system itself. If you would like to help with
the API development work, feel free to join us at
https://tildegit.org/thunix/thunix_api :)
Fellow users!
In order to increase security of user’s accounts, while also ensuring
the privacy for users, we are going to be changing how we do account
recovery.
For new users, at account creation time, we will be writing the file out
that contains the email address used at creation time. The file will be
located at:
~/.thunix/recovery
This will be the only email address we will accept, or send new
credentials to. Users are free to remove this file at any time (We will
never re-create it), or to change the contents from an email address, to
a passphrase.
If we see a non-email address in there, we will accept the passphrase as
proof of identity. You can even combine them!
So, your ~/.thunix/recovery file could contain:
ubergeek(a)thunix.net or "I really love Mountain Dew!"
Or:
ubergeek(a)thunix.net
Or:
I really love Mountain Dew!
It is not intended to be machine readable, and the only time an admin
will look at this file is if we get a request for credentials reset.
If this file does not exist, or is empty, we cannot accept credentials
changes. This is to ensure your account doesn’t get taken over by
another party.
Please, create this file at your earliest convenience. You can do it
like so:
mkdir ~/.thunix; echo "email(a)example.com" > ~/.thunix/recovery; chmod 600 ~/.thunix/recovery
--
There's no place like ::0
State of the Thunix - Janurary 2020
===================================
Well happy new years to all you Thunixers! Hope 2019 was a blast.
Thunix.net is officially over 1 years old this month! We've had some
great times this year, and have some seen some awesome improvements:
- We started off on a tiny Digital Ocean Droplet, and moved to a
dedicated server
- We've implemented a Continuous Integration/Continuous Development
system for our website, man pages, gopher site, and system ansible
playbook.
- We offer:
- Basic web services, like page hosting, email accounts, etc
- VHosts if requested
- DB's if requested
- Rather liberal storage, RAM, and CPU usage guidelines
- Our services are encrypted via TLS whenever posssible (Email, chat,
website)
- We have a Tor Onion service for all services
- Multiple open source projects have had their births here
- We've iterated through **three** major software versions for our
website
- We now have a community wiki
And tons more. This is all largely thanks to you, the community that,
and our admins Naglfar and Fosslinux (aka Fossy). Our goal it to
continue to tightly focus on building the community of users here, and
to make the system more privacy focused, and secure. To make it a better
place for you, and a safer place.
At the close of the year, we will be re-doing some of our policies. No
major deal breaking changes, but more or less making official some of
the things we do, and being even more open and transparent, which is our
goal.
We've always tried to remain as transparent and open as possible, but we
also recognize that we can always do better at it.
Namely, our terms of service will get cleaned up, and some additions
made. The privacy policy will be getting reworked as well, to be far
clearer in what we do. We will also be considering adoption a separate
"Code of Conduct" for community members.
That being said, last week, we implemented a third party email
monitoring service. NO. They do not get your emails, and scan them. We
would never even consider that. But, our deliverability reports are sent
to a company called "Postmark." They aggregate our DMARC reports, and
send us nice reports. They do not get any of your personal information,
but we most certainly want to be open about when we engage in third
parties for our data analysis. When we can, it will be replaced with a
open source tool, but that requires us to write one, because at this
time, none exist.
So, all that: I'm looking forward to a great 2020! We will keep growing,
and maybe the US will come out of it with a sane president, instead of
the current dumpster fire :) Cheers, and excited to have you all aboard
for many more years to come!
Your sysop,
ubergeek/ub3g33k
State of the Thunix - December 2019
Hello again!
It's that time already, for our monthly update, but also...
Annual Update!
Yep, it has been one year since Thunix re-launched! It's been an
exciting year, and we are still working to make this system a great
place for our community to enjoy, use, and learn.
In the past year, we've gotten you set up with most importantly: A
resilient system. Anyone can take our system configs, and pop up a new
place, should we sudently close. Not that I'm expecting that to happen,
but it's a failsafe feature, so you can feel comfortable contributing
here.
We've also got you all set up with webmail, bzflag, minetest, numerous
terminal based games, a wiki, iris (Forum software), mariadb databases
on request, tor onion services, tor network access, document processing
tools, wireguard VPNs for users, and several FOSS (Free and open source
software) project mirrors.
We cannot do this without our users, though, which make up our
community!
Our roadmap for this year is to improve our spam filtering for emails,
and doing much more in the way of system maintenance getting automated
away, and migrating us to full virtualization rather than a container.
Improving the spam filtering is pretty high on the list, to make the
email service more usable for everyone, and not just those with
filtering running on their clients. Also, full virtualization is high
on the list, primarily, because we'd like to offer user containers, but
we are currently constrained by our networking config and current
container technology.
This past years, we've recieved a total of 10.36USD in donations (After
paypal fees). While donations are not required, they are greatly
welcomed! A main hold up for the virtualization migration is the liquid
cash to lease a second server for one month, so we can perform the
migration. Currently, our monthly costs are ~38USD each month for IPs,
server leasing, and domain name. If you want to donate, head on over to
[20]our donate page.
This month, we've added some blocklists to our system, that should cut
down on spam, improved some of our internal tooling, and upgraded
rainloop, to give you a better webmail experience. Hope you're enjoying
the improvements!
So, here's to a great month, and to another great year!
ubergeek/ub3g33k
Hello all,
I've had an account at tildecow.com server, which is at pfhawkins' list.
The server is down since Sunday 19/10/27. Do you have any information about
the status (down for a certain time frame/forever), as admin/owner
Chickenbaconranch(a)protonmail.com does not
respond to my e-mails (but e-mails to this address are not bounced)?
Best regards and thanks,
~ml
Yep, Turkey Month (For US thunixers)!
Holidays are coming up, and Thunix is approaching our 1 year
anniversary! I hope you've enjoyed your stay thus far, and looking
foward to many more years! Someday, we'll be older than SDF :P
We're still working towards migration of the hardware, onto something
that is a little bigger, hopefully a little cheaper or the same cost, so
we have more room to grow. Mainly, our constraint is IP addresses,
which isn't too big of a deal. The main reason for it is so we can get
a proper hypervisor in place, which will afford us some more flexibility
in what we can offer as services.
Over the past month, we did get a couple of abuse notices, for people
running malware. As a reminder: Don't do that here. Most of the time,
I notice things awry, and will shut it down, or, we get an abuse notice,
and I go on to do the same, but more in depth. Your account will be
terminated immediately, and your files will be handed over to the
organization reporting it upon demand, and you will not get a second chance.
We also got a DMCA takedown request, for people trying to host pirated
content here. I work on a best-faith idea here, you end up with 1
warning, and no more. Afterwards, your account will be terminated.
This isn't a place to host your movies, your warez, or anything of that
sort.
We have to come down hard on folks abusing the resources here, to ensure
the community continues for everyone. It's pretty easy for one rotten
apple to ruin it all. Don't be the rotten apple.
Another thing to keep in mind: While we will make all attempts to back
up your data you have here, there are some caveats:
* We only keep 3 days of backups.
* Excessively large home directories will not be backed up
* Configuration files are not backed up, but kept in source control
We only keep 3 days worth due to privacy concerns, mostly. We don't
want to keep your personally identifiable information any longer than is
needed. We also limit it due to space concerns. Which brings us to the
large home directories.
If your home dir is bigger than most others, it's likely not being
backed up. For example, I've excluded my home dir from backups, because
my generally is over 1GB in size, There are some that are multiples of
that, which is fine, to a point. But they are not going to be backed
up, due to space and causing the backup jobs to run excessively long.
If you want your home dir backed up, but it's large, you can let us know
which sub directories you may have that can be excluded (ie, git repo
clones, as an example). Just ask in IRC, or by email to root.
Well, that sums it up. I hope everyone is enjoying the use of the
system here, and with my usual schpliel: If you want changes made, open
an issue, or a PR in our repos! Happy holidays, and we'll update here
again after the US Turkey Day :)
Your friendly neighborhood sysadmin,
ubergeek/ub3g33k
Howdy all!
More of the same this month, really. We've had a little spurt of new
user accounts getting requested due to tilde.club's grand re-opening.
We did add a couple of new features to Thunix this past month, though.
Well, for starters, Thunix is now a member of Tildenet, which is an
overlay network. This really just means it's a network, running on top
of the internet, and not running our own direct conneccts, or anything
like that.
What this means is that we can open a lot more services that would be
considered "unsafe" to open to the whole world. In fact, we will be
looking at opening all ports to the Tildenet network, which is in the
10.0.0.0/8 space. Even cooler? Thunix offers VPNs now, that will link
you right into Tildenet from your own machine. The only requirement is
that you individual machine must be able to run wireguard. Shoot me
(ubergeek) a message on IRC or an email, requesting a VPN connection,
if you're interested.
Also, there is a plan in place to perform an upgrade at the earliest
convience to the hardware we're running on. Prior to doing so, I'd
like to get some more donations in, to cover what will be a doubling
of monthly costs for a single month, as we need to rent the new server,
get it prepped, then cut over. If the donations don't come, it'll just
have to wait until I get some spare cash.
But, all in all, we're still going strong, and no bad news to report :)
Hello Thunixers!
Another month, and more users on board!
Not too much has been going on as of late, due to time constraints for
the admin team here, as well as just a low-volume of requests. Likely
due to a few things, mainly, it's summer for most of our users, and
well, Thunix has most services folks need. So, if it ain't broke, don't
fix it :)
The biggest change has been the addition of our wiki, which has some
good documentation there already. If there's a document you want to see
there, add it with a PR, or ask someone to write it up for you. It's
not particularly difficult, it's just Markdown.
In the roadmap for the next few months will be a hardware upgrade, but
we really need your help for this. In order to migrate to new hardware,
and in the long term, reduce monthly costs, we will need to pay for two
servers for one month. So, I'm letting you know now, all donations
coming in now will be funneled into the "Hardware upgrade bucket". It's
not a very high cost, we're looking at something around 30€ total for
this, maybe a euro or two more. This is ~$32US. So, if you can donate,
this is the time to do it. To date, we've received a total of $12US in
donations, which has gone towards current server leasing costs (Total of
$9US after fees, and I spent 1USD on coffee lol). I would like to have
the hardware upgrade done by December, if possible.
All that being said: I want to make sure nobody is feeling pressured to
donate. If you can donate, great! If not, that's cool too! We still
welcome you to be a part of this community!
Also, if there is anything you'd like to see offered as a service, let
us know! If it's doable, we'll do it. At worst, we'll say "No", but
also let you know why we can't. Most of the time, we say "Yes" though :)
So, here's to another month, and many more!
Ubergeek/ub3g33k
