Re: [DNG] Update on the Green Hat Hackers attack
On 4/2/19 12:26 AM, Rick Moen wrote: > Quoting KatolaZ (kato...@freaknet.org): > >> Dear D1rs, >> >> we have analysed in depth the attack from the "Green Hat Hackers" that >> compromised the Devuan infrastructure in the last hours, and we >> concluded that you all are: >> >>* APRIL FOOLS * > > It was well done, IMO. I'm impressed as heck (and nostaligic) that you > created a fully populated Gopher presence. [snip] Indeed. I was worried quite a bit until nudged to look at the epoch dates. +1 for fitting gopher into the joke. Gopher is quite underrated. With OpenPGP-signed files, the lack of encryption is less of a problem, at least for public information. Maybe next year the gopher site could be done as an Onion service and thus wrap the gopher in an encrypted protocol. Though that may raise the bar for participation a bit too much. /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Mike Bird wrote on 2/4/19 5:02 pm: > The surviving Devuan core team members will take zero or > more steps to prove Devuan trustworthy and sysadmins will > each decide for themselves or with their lawyers whether > they can continue to use Devuan. This ancient religion that I just made up relies on goat liver for guidance in professional decisions. I'll confer with my butcher. Ralph. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 22:49:31 Steve Litt wrote: > Mike, please speak for yourself. I get it: This incident caused you to > take evasive action, and now you have serious doubts about using Devuan > further. That's fine: There are other sans-systemd distros and BSDS > that might be more or less secure and reliable than Devuan. > > But you can't dictate that everyone using Devuan in production must > drop Devuan unless a set of further procedures are followed. Move if > you must, but have the respect to allow each of us to handle this our > own way. The surviving Devuan core team members will take zero or more steps to prove Devuan trustworthy and sysadmins will each decide for themselves or with their lawyers whether they can continue to use Devuan. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon, 1 Apr 2019 13:52:34 -0700 Mike Bird wrote: > On Mon April 1 2019 13:25:15 Martin Steigerwald wrote: > > 1) please give any requests for removing one of the core members > > from the project or using legal enforcement a rest. KatolaZ > > apologized already several times. So please let it go. > > I have not threatened "legal enforcement" against Devuan. However > those of us who use Devuan in production cannot continue to do so > if Devuan does not take this issue seriously, least we suffer legal > consequences ourselves. Mike, please speak for yourself. I get it: This incident caused you to take evasive action, and now you have serious doubts about using Devuan further. That's fine: There are other sans-systemd distros and BSDS that might be more or less secure and reliable than Devuan. But you can't dictate that everyone using Devuan in production must drop Devuan unless a set of further procedures are followed. Move if you must, but have the respect to allow each of us to handle this our own way. And just for the record: This was a REALLY stupid "April Fools Joke" and I trust that the VUAs refrain from any further hijinks on April 1 or any other time. SteveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Update on the Green Hat Hackers attack
On 01/04/2019, info at smallinnovations dot nl wrote: > On 01-04-19 09:03, KatolaZ wrote: >> Dear D1rs, >> >> we have analysed in depth the attack from the "Green Hat Hackers" that >> compromised the Devuan infrastructure in the last hours, and we >> concluded that you all are: >> >>* APRIL FOOLS * >> >> :P >> >> Hope you enjoyed the new Devuan gopherholes, as they are most probably >> going to stay. Everything will be back to "normal" on: >> >>* Mon 01 Apr 2019 01:04:19 PM UTC * >> >> if you are wondering, unfortunately 1554123859 is not a prime number :\ >> >> >> See you at the 1st Devuan Conference on 5,6,7 April 2019. For more info: >> >> gopher://www.devuan.org/0/os/debian-fork/d1conf-announce-20190119.txt >> >> Never forget to Live, Love, Linux, and have a good Laugh! >> >> LLoLL >> > > I do not mind being a fool but i expected the Dev1 team to be wiser then > joking about security. Another such joke and you have a mirror site less > in the future. > > Grtz. > > Nick > Yes, hit them where it hurts. This is a 'joke' from some self inflated egos who think playing with 'customers' trust is a joke! How shall such naivity be described? Is it a sign of great intellectual ability? From someone who holds a PhD, users expect better. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On 4/1/19 09:03, KatolaZ wrote: we have analysed in depth the attack from the "Green Hat Hackers" that compromised the Devuan infrastructure in the last hours, and we concluded that you all are: * APRIL FOOLS * :P Hope you enjoyed the new Devuan gopherholes, as they are most probably going to stay. Everything will be back to "normal" on: * Mon 01 Apr 2019 01:04:19 PM UTC * Well, it's good you guys run a great Debian derivative distro and not some late night comedy show (cause you suck terribly at good jokes and entertaining humor). Check some of the April Fools RFCs for some inspiration what makes up actually *good* April Fool jokes (i.e. 2549, 1149 etc.). Cheers, Christoph ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
I'd definitively preferred: Devuan embraces Systemd! After thorough discussions in our technical committee Devuan decided to ship systemd with its next release "Beowulf" as the standard init. Systemd is a complete pot of terware that will enhance Devuan to an industry approved, enterprise grade blackbox system, that demands highest trust in its developers. Ubiquitous access for any user, no more security concerns combined with highest computing power needs for any system will be the remarkable achievement of this wise decision. Init freedom salutes you, veterans. Cheers, Adrian. -- Bitte das E-Voting-Moratorium unterstützen und unsere Demokratie schützen: https://evoting-moratorium.wecollect.ch/ ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Contributing package apt-cacher-ng
Hello! Can please someone review and add git.devuan.org/kaction/apt-cacher-ng to CI? -- Note, that I send and fetch email in batch, once every 24 hours. If matter is urgent, try https://t.me/kaction -- pgprtPrnwxeRh.pgp Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Update on the Green Hat Hackers attack
I like Devuan. I am proud to financially contribute to a project so desperately needed in our time. But I would like to join others in registering that this "joke" was in poor taste. I don't know if it was one individual with Devuan who found it so hilarious and single-handedly "defaced" the web site, and then added to the uncertainty with the supposed investigation. I really hope it wasn't a group effort. In any case, you may benefit from reconsidering the policy on who gets to put what on the web page. Leave the stupid jokes for the school playground. Do consider how you would like it if the pilot of your next flight made an announcement that they mixed up the kerosine with the salad oil, and they're investigating the extent of the problem. Greetings, Michael. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On 2019-04-01 15:18, Daniel Abrecht via Dng wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I assume the other staff members knew about it, was it discussed > at the last meeting? I was not aware of any discussion about this action. If I had been, I would have done my best to stop it or present it differently. This event has been quite stressful for me, Apologies for the tardy response but I'm on my way to AMS atm and don't own a mobile device to keep current. golinux ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On 4/1/19 5:14 PM, Rick Moen wrote: Quoting Mike Bird (mgb-dev...@yosemite.net): [...] KatolaZ has admitted guilt. Evilham has suggested an offline "discussion" in a few days - a positive but inadequate response. None of the other core team members have commented on this fiasco. I look forward to hearing that they have taken appropriate action. Have you considered decaf? I did... Then giggled hysterically ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Quoting Mike Bird (mgb-dev...@yosemite.net): [...] > KatolaZ has admitted guilt. Evilham has suggested an offline > "discussion" in a few days - a positive but inadequate response. > None of the other core team members have commented on this fiasco. > I look forward to hearing that they have taken appropriate action. Have you considered decaf? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Quoting etech3 (ete...@e-tech-systems.com): > My advice to you is like the Marines motto: Lead, follow or get the > hell out of the way. That might be the motto of _some_ group of marines, but FWIW actual service mottos are: o Royal Marines (UK): Per mare, per terram.[1] o U.S. Marine Corps: Semper fidelis. (Yr. humble servant has family in the latter but not the former.) [1] Prior to the 1880s, USMC also used this motto. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
It really is more than just "Bad Idea" poisson d'avril artwork. Now that is funny. (-: Clarke ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 15:22:02 Martin Steigerwald wrote: > And give the other core members a moment to give you the reassurance you > need. They haven't issued a statement since this began 30 hours ago. Maybe they haven't finished their forensic analysis but they should at least say whether they're taking it seriously or blowing it off so that sysadmins using Devuan can decide what to do next. Devuan's response is inadequate and unprofessional. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Mike Bird - 02.04.19, 00:03: > On Mon April 1 2019 14:39:28 Martin Steigerwald wrote: > > In what way is that not good enough for you? What would be required > > for you to forgive a mistake and go on with your life? […] > What part of Evilham's statement that "it still looks as if gdo and > the build system were compromised" [1] did you not believe? > > Do you think Evilham was mistaken? Why? > > Do you think it possible an attacker - KatolaZ or another - was > in there and later covered his tracks? Why not? > > I am still hoping the silent core team members are working on this > as I really don't want to spend the next few months changing distros. Sorry… at this point I just highly recommend to you: Breathe in deeply, breathe out deeply. And give the other core members a moment to give you the reassurance you need. Evilham already did so. Unsigned for now, but still. And after that recommendation I just do the same as Evilham: Go to sleep. Honestly: For me there is a fine line between valid security concerns and paranoia and for me you just crossed this line. Give it a rest just for the moment and give the team some time to react to your concerns. If you need: Hold back updates for a little longer. That update of tzdata I just installed some time ago did not contain any security fixes, so there is not really an immediate urgency here. Martin -- Martin signature.asc Description: This is a digitally signed message part. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 14:39:28 Martin Steigerwald wrote: > In what way is that not good enough for you? What would be required for > you to forgive a mistake and go on with your life? Hi Martin, What part of Evilham's statement that "it still looks as if gdo and the build system were compromised" [1] did you not believe? Do you think Evilham was mistaken? Why? Do you think it possible an attacker - KatolaZ or another - was in there and later covered his tracks? Why not? I am still hoping the silent core team members are working on this as I really don't want to spend the next few months changing distros. --Mike [1] https://lists.dyne.org/lurker/message/20190401.132910.da02134d.en.html ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Mike Bird writes:
On Mon April 1 2019 14:18:38 Martin Steigerwald wrote:
For me that is good enough.
When core team member Evilham writes "it still looks as
if gdo and the build system were compromised" [1] I need a
lot more than a limited admission of guilt from KatolaZ
before trusting that Evilham was mistaken rather than
KatolaZ just managed to hide his tracks better.
Obviously, even when trying, it is impossible to pick words in a
perfect
way since natural language is imprecise.
You are reading too much into that phrase.
In the context, it referred to the "pwned site" (still viewable)
**claiming** ("looks as") that gdo had been compromised.
If you read a paragraph further, that point is made very clear,
when I
mention that the "joke" wouldn't have been half as bad if it had
been
limited in scope to the plain devuan-web.
I kindly ask you not to read things that are not there and jump to
conspirations, it is what it is: a fuck up, a beautifully executed
one,
but a fuck up and a recognised one at that.
Discussing at this length what the fine letter said is not going
to help
move things forward, quite the opposite.
Again: there is no reasonable ground to think devuan the signing
keys
have been compromised or anyone with access to infrastructure is
acting
with ill-intention.
This email could have been signed, but being abroad and all,
access is
not the most trivial and it likely won't suffice for you, so I
have
better things to do, like sleeping!
--
Evilham
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 14:41:43 KatolaZ wrote: > You are spreading FUD, since in the email you quoted Evilham never > said the infra was compromised. Here is the complete sentence from Evilham's email [1]. If you didn't see it you didn't scroll down to read the full email. Evilham quotes his earlier private email: > It's been now well over 12 hours and the "joke" is still on, it > still hints > at all parts of the infraestructure being compromised, it still > looks as > if gdo and the build system were compromised. --Mike [1] https://lists.dyne.org/lurker/message/20190401.132910.da02134d.en.html ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Let it go, Mike. At one level, I postponed some updates until the "issue" was resolved, so I got caught in the joke. At another level, it was funny that I allowed myself get drawn in. So what? The Devuan team is working their asses off, with no requirement for compensation (have you donated?) to build a system I personally use daily. And I trust KatolaZ's retraction as much as I trusted his initial cracking claim. Sorry, but I think you are blowing this up. Give him the cred for pulling off a joke, be pissed you got caught, then decide whether you want to go with something else or not. I personally don't have any less respect and trust than I did yesterday. Planning several additional moves from Debian to Devuan over the next 60 days. So, let it go and let the team get back to continuing build the best Linux distro available right now. Rod On 04/01/2019 04:41 PM, KatolaZ wrote: > On Mon, Apr 01, 2019 at 02:28:48PM -0700, Mike Bird wrote: >> On Mon April 1 2019 14:18:38 Martin Steigerwald wrote: >>> For me that is good enough. >> >> When core team member Evilham writes "it still looks as >> if gdo and the build system were compromised" [1] I need a >> lot more than a limited admission of guilt from KatolaZ >> before trusting that Evilham was mistaken rather than >> KatolaZ just managed to hide his tracks better. >> >> --Mike >> >> [1] https://lists.dyne.org/lurker/message/20190401.132910.da02134d.en.html > > You are spreading FUD, since in the email you quoted Evilham never > said the infra was compromised. I discard the fact that you come here > out of the blue, lecturing about security, calling me a criminal, > threatening to sue people you don't even know, and not even bothering > signing your emails. > > I will stop here. I am sure the other Devuan developers will be able > to provide all the reassurances you need. > > HND > > KatolaZ > > > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 US http://dailydata.net 214.827.2170 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [kato...@freaknet.org: devuan.org is back]
On 4/1/19 11:46 PM, KatolaZ wrote: > I find it hilarious communities should be fun, glad you can laugh with some of the bs written in the dng "law & order" drama. to be honest, it's nice to see natural human behavior from a sysadm, for a change. (trust level +1 for humans ) without-systemd, not without-fun :) d. signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon, Apr 01, 2019 at 02:28:48PM -0700, Mike Bird wrote: > On Mon April 1 2019 14:18:38 Martin Steigerwald wrote: > > For me that is good enough. > > When core team member Evilham writes "it still looks as > if gdo and the build system were compromised" [1] I need a > lot more than a limited admission of guilt from KatolaZ > before trusting that Evilham was mistaken rather than > KatolaZ just managed to hide his tracks better. > > --Mike > > [1] https://lists.dyne.org/lurker/message/20190401.132910.da02134d.en.html You are spreading FUD, since in the email you quoted Evilham never said the infra was compromised. I discard the fact that you come here out of the blue, lecturing about security, calling me a criminal, threatening to sue people you don't even know, and not even bothering signing your emails. I will stop here. I am sure the other Devuan developers will be able to provide all the reassurances you need. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Dear Mike. Mike Bird - 01.04.19, 22:52: > On Mon April 1 2019 13:25:15 Martin Steigerwald wrote: > > 1) please give any requests for removing one of the core members > > from the project or using legal enforcement a rest. KatolaZ > > apologized already several times. So please let it go. > > I have not threatened "legal enforcement" against Devuan. However > those of us who use Devuan in production cannot continue to do so > if Devuan does not take this issue seriously, least we suffer legal > consequences ourselves. 1) KatolaZ publicly apologized. 2) He wrote that he will make sure not to make such a mistake again. 3) He wrote that no one unauthorized had access to the infrastructure. 4) Devuan is a community project. If you use Devuan in production you very likely do it without any support contract with the Devuan team whatsoever. Of course that is no license for Devuan people to do bad "jokes" like this, but it does also limit what you are entitled to request from Devuan people. 5) Apt also has some safe guards. In what way is that not good enough for you? What would be required for you to forgive a mistake and go on with your life? For me there is a point to just let it go… and for me this point is reached here. If you like a confirmation that it was just a joke by other core Devuan core people, I am quite sure that this could be arranged. Maybe other Devuan core people could reply to "devuan.org is back" thread, again signed via GPG, confirming that it was "just" a joke. For me the signed mail by KatolaZ is enough. I had contact with KatolaZ already, for example when helping to kickstart cooperation between Devuan and Debian (debian-init-diversity). I trust him and I see no gain whatsoever in removing one of the core Devuan people and contributors from the team for a single mistake like this. I trust that he did not intend to cause any harm with that "joke". So, please, is there anything else than removing a member or taking legal action against one that could be enough for you to regain trust in Devuan again? I can perfectly understand when other Devuan core people decide not to follow your request for such drastic measures. And I'd actually support them regarding such a decision. Remember, if you do not regain trust, you can always also use a different distribution. While I actually indeed postponed an update of one of my Devuan servers, I trust KatolaZ and just ran the update a few minutes ago. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 14:18:38 Martin Steigerwald wrote: > For me that is good enough. When core team member Evilham writes "it still looks as if gdo and the build system were compromised" [1] I need a lot more than a limited admission of guilt from KatolaZ before trusting that Evilham was mistaken rather than KatolaZ just managed to hide his tracks better. --Mike [1] https://lists.dyne.org/lurker/message/20190401.132910.da02134d.en.html ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
Quoting KatolaZ (kato...@freaknet.org): > Dear D1rs, > > we have analysed in depth the attack from the "Green Hat Hackers" that > compromised the Devuan infrastructure in the last hours, and we > concluded that you all are: > >* APRIL FOOLS * It was well done, IMO. I'm impressed as heck (and nostaligic) that you created a fully populated Gopher presence. I was too busy (with visiting houseguests) to go install a Gopher client and check -- and forgot that lynx still has native support. For those interested in doing so, here are options: o Lynx o KatolaZ's gophed (wow - a gopher client written in sh, ed, awk, cut, sed, and nc: I doff my hat to you, sir!) https://mygit.mine.nu/katolaz/gophed o SeaMonkey with OverbiteFF extension o Firefox with OverbiteWX extension (which in WebExtensions) or OverbiteNX o Konqueror with kio-gopher o gopherclient (graphical), https://github.com/prologic/gopherclient o VF-1 (command-line tool in Python), https://github.com/solderpunk/VF-1 o Gopherus (console, in C), http://gopherus.sourceforge.net/ o Little Gopher Client (console, in Pascal), http://runtimeterror.com/tools/gopher/ o Internet Gopher Client (console, in C), http://freshmeat.sourceforge.net/projects/gopher/ (This appears to be a maintained descendent of the original University of Minnesota gopher client, that was just called 'gopher' and is in the Debian collection here: https://packages.debian.org/source/jessie/gopher.) o Goldy (command-line tools, in C), https://github.com/TrilbyWhite/goldy-gopher o cgo (console, in C), https://github.com/kieselsteini/cgo/ o cacc (console, in C), https://git.fifth.space/sacc/ Why you should learn to love gopherspace: https://www.youtube.com/watch?v=kpd8ecH8uos -- Cheers, "I am a member of a civilization (IAAMOAC). Step back Rick Moenfrom anger. Study how awful our ancestors had it, yet r...@linuxmafia.com they struggled to get you here. Repay them by appreciating McQ! (4x80) the civilization you inherited." -- David Brin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
Quoting Arnt Karlsen (a...@iaksess.no): > > disagree. > > security can be joked about too: https://xkcd.com/538/ With a $5 wrench, silly (or spanner, depending on your geography). -- Cheers, The Viking's Reminder: Rick Moen Pillage first, _then_ burn. r...@linuxmafia.com McQ! (4x80) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Rowland Penny via Dng - 01.04.19, 22:37: > The stunt pulled here could have caused alarm and distress and should > never have happened. I do not know if this was a one person stunt or > not, but in my opinion, the guy who pulled it should offer a > grovelling apology and promise to never do anything as stupid again. That guy, KatolaZ, did both of that. Just see "[DNG] devuan.org is back" thread initial mail by him. So please… yes, it was not such a hot idea, and yes, KatolaZ realized that… He apologized and he wrote he will make sure not to make such a mistake again. For me that is good enough. I really highly recommend – to everyone, including myself – to let it go now. Forgiving is something that really makes my life a lot easier. It is in the past already and there is no use in trying to change the past. -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 13:55:28 Antony Stone wrote: > On Monday 01 April 2019 at 22:52:34, Mike Bird wrote: > > None of the other core team members have commented on this fiasco. > > I look forward to hearing that they have taken appropriate action. > > What, in your opinion, would be "appropriate"? I have already offered some suggestions but there is more than one way to prove a theorem. The surviving Devuan core team members will take zero or more steps to prove Devuan trustworthy and sysadmins will each decide for themselves or with their lawyers whether they can continue to use Devuan. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Martin Steigerwald - 01.04.19, 22:25: > 1) please give any requests for removing one of the core members from > the project or using legal enforcement a rest. KatolaZ apologized > already several times. So please let it go. > > 2) KatolaZ, could you repost your clarifying statement in thread > "devuan.org is back" signed with your gpg key. I bet it may have some > signatures from other devuan core members. Mike, is there anything > else you need to accept this statement as genuine? KatolaZ's mail had signatures to begin with. I just did not see any indication of it in K9 Mail. Thanks, Martin > Am 1. April 2019 22:12:45 MESZ schrieb Mike Bird : > >On Mon April 1 2019 12:44:05 Antony Stone wrote: > >> No, I have complied with my country's laws regarding personal data > >> protection and taken "appropriate technical and organisational > > > >measures" to > > > >> ensure the security of the systems. > > > >You do not seem to understand security. Once there is the > >possibility of an attack the security of the system has to be proven > >or rebuilt. Usually this entails locking out the attacker, > >generating all new security tokens and keys, wiping, and rebuilding > >from trusted source. > > > >An email claiming it was all a joke does nothing to prove the system > >secure even if it happens to be true. It could equally well be > >false. Similarly Evilham's suggestion of a future offline > >"discussion" is too little too late. > > > >Maybe the prankster/attacker left another easter egg or a backdoor. > >Maybe he stole keys. Maybe a black hat snuck in while the prankster > >was messing around. Maybe nothing at all bad happened. > > > >You can't entrust other people's credit cards to "maybe". > > > >And certainly the prankster cannot henceforth be trusted with > >privileged access to any systems. > > > >But don't believe me. Talk to your lawyers. > > > >I was just hoping the surviving Devuan four would take responsibility > >for fixing things before I have to invest a few months in moving > >a lot of systems to a different distro. But as time passes with no > >action it's looking increasingly as if they have no interest in > >keeping Devuan viable. > > > >--Mike > >___ > >Dng mailing list > >Dng@lists.dyne.org > >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 22:52:34, Mike Bird wrote:
> None of the other core team members have commented on this fiasco.
> I look forward to hearing that they have taken appropriate action.
What, in your opinion, would be "appropriate"?
Antony.
--
#define SIX 1+5
#define NINE 8+1
int main() {
printf("%d\n", SIX * NINE);
}
- thanks to ECB for bringing this to my attention
Please reply to the list;
please *don't* CC me.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [kato...@freaknet.org: devuan.org is back]
KatolaZ - 01.04.19, 22:46: > Martin, All, > > all my messages have always been signed, so I don't understand what > you are referring to. This message is signed as well, with my key, > which is the same I used to sign all the Devuan install images since > Jessie RC2 in April 2017, and minimal live since Jessie Beta 2 in > November 2016. You can find it in any keyserver. The fingerprint has > been included in my email signature since I can remember. Please refer > to the archives of the mailing list or to any personal email you have > received from me in the past. Sorry, I see that now. K9 Mail did not display even a slight indication that there is a signature in your mails and before Mike's comment I did not consciously check or recognize that your mails have signatures so… KMail does, the signature is valid, it has signatures from some people including a signature of someone I trust… that is good enough for me. It might be good to do a key signing party at the conference. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 13:25:15 Martin Steigerwald wrote: > 1) please give any requests for removing one of the core members from the > project or using legal enforcement a rest. KatolaZ apologized already > several times. So please let it go. I have not threatened "legal enforcement" against Devuan. However those of us who use Devuan in production cannot continue to do so if Devuan does not take this issue seriously, least we suffer legal consequences ourselves. > 2) KatolaZ, could you repost your clarifying statement in thread > "devuan.org is back" signed with your gpg key. I bet it may have some > signatures from other devuan core members. Mike, is there anything else you > need to accept this statement as genuine? I do not seriously doubt the authenticity of KatolaZ's admission but there is no point in doubting or believing it as it avails nothing. I'm curious as to the point Daniel Abrecht raised - whether this was an agreed team effort or a lone prankster/attacker whose access can be removed by the surviving core team members. KatolaZ has admitted guilt. Evilham has suggested an offline "discussion" in a few days - a positive but inadequate response. None of the other core team members have commented on this fiasco. I look forward to hearing that they have taken appropriate action. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] [kato...@freaknet.org: devuan.org is back]
Martin, All, all my messages have always been signed, so I don't understand what you are referring to. This message is signed as well, with my key, which is the same I used to sign all the Devuan install images since Jessie RC2 in April 2017, and minimal live since Jessie Beta 2 in November 2016. You can find it in any keyserver. The fingerprint has been included in my email signature since I can remember. Please refer to the archives of the mailing list or to any personal email you have received from me in the past. I must be honest I find it hilarious that a person that has contributed to Devuan for years is pointed to as a criminal by somebody that has posted only 12 messages on this list. But there you go :\ HND KatolaZ - Forwarded message from KatolaZ - Date: Mon, 1 Apr 2019 15:27:00 +0200 From: KatolaZ To: dng@lists.dyne.org Subject: [DNG] devuan.org is back User-Agent: NeoMutt/20170113 (1.7.2) As promised, on Apr. 1st 2019 at 1:04:19pm UTC the Devuan world started to make sense again. Please check: http://www.devuan.org http://git.devuan.org http://bugs.devuan.org http://pkginfo.devuan.org http://files.devuan.org http://popcon.devuan.org The gopherholes will remain online for the time being. The "pwned" page is still available at http://www.devuan.org/pwned.html. Again and to clarify once and for all: this was just an April fool. No machine was compromised. No content was moved, deleted, or tampered with in any way. Noone got access to the Devuan infra. No package or mirror was affected. I apologise if somebody thought the joke stretched a bit too far: I am responsible for that. I thought all the clues were clear enough, but apparently they were not and some people got too stressed about it. I am sincerely sorry about that. Pranks have always been an essential part of the hacker culture, and like it or not, Devuan has been brought to all of us by a bunch of passionate hackers working long nights, not by a team of serious white collars in suit and scarf doing 9-to-5. I will definitely make sure I will not make such a mistake again in the future. SorryAgain KatolaZ P.S.: Please, do not let the world outside take away from you the pleasure of having a good laugh, at any cost. Stopping to laugh is the first step to the grave. -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng - End forwarded message - -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 22:12:45, Mike Bird wrote: > An email claiming it was all a joke does nothing to prove the system > secure even if it happens to be true. It doesn't prove it to be secure, no, but it confirms that it's no less secure than it was before the joke was perpetrated. > It could equally well be false. If KatolaZ's assertion that the whole thing was a joke of his is false, then you may have a point. I believe him. > Maybe the prankster/attacker left another easter egg or a backdoor. Given that the prankster is a core member with full access to the systems, he could do this without making any public announcement of the fact, on 1st April or otherwise. He doesn't need to break in to anything to insert a backdoor. He has full full access to everything Devuan. This was not an attack. > And certainly the prankster cannot henceforth be trusted with > privileged access to any systems. You may not trust him. I think plenty of other people here do. They may not be impressed by his sense of humour, but that's a different matter. > I was just hoping the surviving Devuan four would take responsibility > for fixing things There's nothing to fix. There was no attack. Security has not been compromised. If you don't believe that by now then you may as well... > before I have to invest a few months in moving a lot of systems to a > different distro. Your choice. What makes you think *their* system admins haven't planted backdoors into their servers, but done it on March 1st, for example, and without any announcement, instead of April 1st? > But as time passes with no action it's looking increasingly as if they have > no interest in keeping Devuan viable. I repeat something I said earlier in this thread: "You're totally over-reacting, in my opinion. If this incident has made you distrust the Devuan project, you're probably better off using a different distro." I do wonder, though, what criteria you would use to trust another distro if you can't tell the difference between a security breach and a joke in poor taste. Antony. -- Wanted: telepath. You know where to apply. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon, 1 Apr 2019 20:18:01 + Daniel Abrecht via Dng wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > It's now clear that this was a planned action and there was no danger. > But when it happened, this wasn't obvious in any way. I assume the > other staff members knew about it, was it discussed at the last > meeting? > > I really like April Fools, but this was no April Fool. Faking a crime, > in this case claiming to have been hacked, is no prank or joke. It > doesn't matter that it was April 1. either. This was absolutely > unacceptable, never do this again! > > Regards, > Daniel Abrecht Well said Daniel, it wasn't an April fool joke and when I first read it it wasn't the 1st of April, it was still March 31. I don't think the internet is a valid place to try and pull an April fool joke, purely because of the time differences. If you do try and pull an April fool joke, it should be something that hurts nobody, but is possibly believable. I live in England and the most famous one was when the BBC convinced everybody that spaghetti grew on trees. Okay this was some time ago, but lots of people believed it and it hurt nobody. The stunt pulled here could have caused alarm and distress and should never have happened. I do not know if this was a one person stunt or not, but in my opinion, the guy who pulled it should offer a grovelling apology and promise to never do anything as stupid again. my one Penny's worth Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Hi. 1) please give any requests for removing one of the core members from the project or using legal enforcement a rest. KatolaZ apologized already several times. So please let it go. 2) KatolaZ, could you repost your clarifying statement in thread "devuan.org is back" signed with your gpg key. I bet it may have some signatures from other devuan core members. Mike, is there anything else you need to accept this statement as genuine? Thanks, Martin Am 1. April 2019 22:12:45 MESZ schrieb Mike Bird : >On Mon April 1 2019 12:44:05 Antony Stone wrote: >> No, I have complied with my country's laws regarding personal data >> protection and taken "appropriate technical and organisational >measures" to >> ensure the security of the systems. > >You do not seem to understand security. Once there is the possibility >of an attack the security of the system has to be proven or rebuilt. >Usually this entails locking out the attacker, generating all new >security tokens and keys, wiping, and rebuilding from trusted source. > >An email claiming it was all a joke does nothing to prove the system >secure even if it happens to be true. It could equally well be false. >Similarly Evilham's suggestion of a future offline "discussion" is >too little too late. > >Maybe the prankster/attacker left another easter egg or a backdoor. >Maybe he stole keys. Maybe a black hat snuck in while the prankster >was messing around. Maybe nothing at all bad happened. > >You can't entrust other people's credit cards to "maybe". > >And certainly the prankster cannot henceforth be trusted with >privileged access to any systems. > >But don't believe me. Talk to your lawyers. > >I was just hoping the surviving Devuan four would take responsibility >for fixing things before I have to invest a few months in moving >a lot of systems to a different distro. But as time passes with no >action it's looking increasingly as if they have no interest in >keeping Devuan viable. > >--Mike >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng -- Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 It's now clear that this was a planned action and there was no danger. But when it happened, this wasn't obvious in any way. I assume the other staff members knew about it, was it discussed at the last meeting? I really like April Fools, but this was no April Fool. Faking a crime, in this case claiming to have been hacked, is no prank or joke. It doesn't matter that it was April 1. either. This was absolutely unacceptable, never do this again! Regards, Daniel Abrecht -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEZT8xKpcJ1eXNKSM1cASjafdLVoEFAlyicfYACgkQcASjafdL VoGPKwf/X3xB71RjqPHO7EyxOiZbWA1oSj4jWNRV7GegPCpTWqLOQbdbiZtTgCeI fj1J8+ec0AUiL7MU8kG6iV1feK3coOdOUFXEzUZQ312niGo4EJEoVyfSQCLM0p/6 8ecxAPghEUPIPZeZRwB1pDPNgOggPJykLSRFfMywbYDCoqJ/5OzRC0IMNQGLRUht QHC7XCROiEsMSDh6LGNg0aINLTRuQ8RiiqVtklPYMaGp/0p+zSWeDKtZuzdzBCfl x4pOPSlVuRZ3x0R43kQw9m75hC6BaiH4msJyjyzr0kTnNhs1QhaetcjjR8Ujv7Hz ii69ahPVzG6zbrcBLfjjDDE/odWlxg== =c/i1 -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 12:44:05 Antony Stone wrote: > No, I have complied with my country's laws regarding personal data > protection and taken "appropriate technical and organisational measures" to > ensure the security of the systems. You do not seem to understand security. Once there is the possibility of an attack the security of the system has to be proven or rebuilt. Usually this entails locking out the attacker, generating all new security tokens and keys, wiping, and rebuilding from trusted source. An email claiming it was all a joke does nothing to prove the system secure even if it happens to be true. It could equally well be false. Similarly Evilham's suggestion of a future offline "discussion" is too little too late. Maybe the prankster/attacker left another easter egg or a backdoor. Maybe he stole keys. Maybe a black hat snuck in while the prankster was messing around. Maybe nothing at all bad happened. You can't entrust other people's credit cards to "maybe". And certainly the prankster cannot henceforth be trusted with privileged access to any systems. But don't believe me. Talk to your lawyers. I was just hoping the surviving Devuan four would take responsibility for fixing things before I have to invest a few months in moving a lot of systems to a different distro. But as time passes with no action it's looking increasingly as if they have no interest in keeping Devuan viable. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Evilham via Dng writes: Evilham via Dng writes: (*): **to my knowledge** means that I am still trusting the communications and the project, even if I decided keep in place the temporarily disconnect of my systems from devuan's infra. FWIW if anyone cares, I checked what I could and things under my control are back to using devuan's infra. Everyone please abstain from escalating things forward, suggesting kicking someone out of the project or taking legal actions is premature; and claiming it's a harmless joke and everything is fine is is also missing the point. If I disconnected my systems from Devuan's infra was because it was the prudent thing to do while things were clarified, if I am satisfied with shallow tests is because I have no real reason to believe this was but a misdirected prank with all the "buts" I explained before. That message was just intended to help those who are so rightfully concerned about this see, that their views are also being taken into account and not ridiculed and left forgotten. My guess is that this will be discussed at length... Yes, at dev1conf, in person, where text will be much harder to be misinterpreted than on emails. Until then, speculation and pointless debates are just noise. And if it has become personal, take it to a private space. -- Evilham ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 21:27:25, Mike Bird wrote: > On Mon April 1 2019 12:18:53 Antony Stone wrote: > > If this incident has made you distrust the Devuan project, you're > > probably better off using a different distro. > > Are you a sysadmin? Yes. > Are you responsible for other people's data? Yes. > Let's say you have the misfortune to have one of your servers hacked > one day. Credit card numbers are stolen. Lawsuits are filed. Let's say, agreed. > You claim in your defense that you were doing your best to keep the > information secure. > > Plaintiff's lawyers discover that you were using Devuan and Devuan > had not responded seriously to this incident. What incident? Why can you not comprehend or accept that there has been no security breach of Devuan's systems? > You are now bankrupt, unemployed, and unemployable. No, I have complied with my country's laws regarding personal data protection and taken "appropriate technical and organisational measures" to ensure the security of the systems. Using a Debian-based Linux distribution which eliminates systemd does not mean I'm failing to do a competent job. > Believe me, the other four need to get their acts together and very > quickly if they want anyone other than themselves to continue using > Devuan. I don't believe you. Others can make their own minds up. Antony. -- "I find the whole business of religion profoundly interesting. But it does mystify me that otherwise intelligent people take it seriously." - Douglas Adams Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, On 2/4/19 4:13 am, Dimitris via Dng wrote: > On 4/1/19 7:49 PM, Arnt Karlsen wrote: >> ..this cartoon is used in production how? ;o) > > snowden told us how. > > dev1 joke affected production devuan systems how? There is just so much wrong about this. April Fools is fine in jest, but this prank, about a serious alternative to Debian. It may have caused heart attacks, it may have stopped systems from getting valid updates, it may have done all sorts of things. I never went to the website; reading the mailing list only "about the problems", any sane person shouldn't go to a website that is potentially laden with malware. For Android users, if you don't have the February 2019 updates, you can get owned with just a PNG file. So, this is very serious stuff. Keep the humour to things much less critical. If you relied on Devuan for all your machines and the problem really did happen; it would be hell. A good prank would be a blog post that doesn't question the real security of the project. Once you question the security of the project, you can then have lingering doubts .. that's not good for anyone here. There are times and places for great fun. This was a terrible idea and it has to lessen trust to at least some extent as well as posing a serious health risk for administrators who care about security, a lot. And the xkcd comic hsa nothing on this scare. Kind Regards AndrewM -BEGIN PGP SIGNATURE- iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXKJptgAKCRCoFmvLt+/i +5OPAQDPwW/D2S2sjxCQHmSCV4ptxC4V17qEoiNTKAMMLVS1ZAD9H6c1rtmYQtQR 6vD/bisjTQADFMhrkH6X8t1gpeVmfLs= =X64u -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
I have complete trust in the complete Devuan team. Having been around since the start, I know and have emailed/irc most if not all since the beginning. The clues were there from the start. If this is the worst that ever happens to you, consider yourself lucky. After forty years in telecommunications, I did not blink. Coming from a navy family that was stationed on aircraft carriers, you had better learn to keep a cool clam head under stress (remember Neil Armstrong?). My advice to you is like the Marines motto: Lead, follow or get the hell out of the way. That's all I got to say about that and I know that's more than 2cents Ciao On 04/01/2019 03:15 PM, Mike Bird wrote: On Mon April 1 2019 11:51:46 Antony Stone wrote: So, you did not believe one of the primary project contributors when he admits to having created the hoax? He has proven himself unworthy of trust. The only question is whether the other four choose to fix the problem in a sufficiently transparent manner as to restore trust in their own work. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Mike Bird [01.04.2019 20:43]: > Authorised access does not make wrongdoing lawful. The other Devuan > admins urgently need to remove you, consult a lawyer or the police, > replace all authorisation tokens and keys, and rebuild from trusted > sources. > > Or they could let Devuan revert to a toy project used by five people. Six. I will not stop using Devuan because of this. -- Hilsen Harald ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 12:18:53 Antony Stone wrote: > If this incident has made you distrust the Devuan project, you're probably > better off using a different distro. Are you a sysadmin? Are you responsible for other people's data? Let's say you have the misfortune to have one of your servers hacked one day. Credit card numbers are stolen. Lawsuits are filed. You claim in your defense that you were doing your best to keep the information secure. Plaintiff's lawyers discover that you were using Devuan and Devuan had not responded seriously to this incident. You are now bankrupt, unemployed, and unemployable. Believe me, the other four need to get their acts together and very quickly if they want anyone other than themselves to continue using Devuan. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 21:15:13, Mike Bird wrote: > On Mon April 1 2019 11:51:46 Antony Stone wrote: > > So, you did not believe one of the primary project contributors when he > > admits to having created the hoax? > > He has proven himself unworthy of trust. No, he's demonstrated that he may have an inappropriate sense of humour, and he's apologised for it. > The only question is whether the other four choose to fix the problem in a > sufficiently transparent manner as to restore trust in their own work. You're totally over-reacting, in my opinion. If this incident has made you distrust the Devuan project, you're probably better off using a different distro. Antony. -- My life is going completely according to plan. I do sometimes wish it had been *my* plan, though. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 11:51:46 Antony Stone wrote: > So, you did not believe one of the primary project contributors when he > admits to having created the hoax? He has proven himself unworthy of trust. The only question is whether the other four choose to fix the problem in a sufficiently transparent manner as to restore trust in their own work. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 20:39:27, Mike Bird wrote: > On Mon April 1 2019 11:12:34 Antony Stone wrote: > > On Monday 01 April 2019 at 20:05:11, Mike Bird wrote: > > Which part of the following did you not understand? > > The post was easy to understand. > > It may be true. Or maybe not. So, you did not believe one of the primary project contributors when he admits to having created the hoax? Are you suggesting that KatolaZ is trying to cover up a genuine security breach by pretending that it was an April Fool of his own doing? > Sysadmins are entrusted with people's data - their bank accounts and credit > cards and personal photos and private messages and much more. Under appropriate access control laws, yes. > Any syadmin who thought the posted explanation to be adequate would be sued > or fired, and deservedly so. I totally disagree. 1a. Sued for what? 1b. By whom? 2. Fired for what? > If Devuan does not take security seriously it is > worse than worthless. Nothing about this prank has been about an actual security breach, and if you don't believe one of the five people who have full access to Devuan's infrastructure then maybe this project is not the right one for you. You may be better off with Linux From Scratch. Regards, Antony. -- The first fifty percent of an engineering project takes ninety percent of the time, and the remaining fifty percent takes another ninety percent of the time. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 11:30:34 KatolaZ wrote: > > I know nothing of Italian law but whether or not the incident > > should be referred for criminal prosecution is a question you > > should already be discussing with your lawyers or the police. > > Yeah, let's tell the Italian police that an administrator with lawful > full access to all our servers put a rewrite on three websites for an > April fool... Authorised access does not make wrongdoing lawful. The other Devuan admins urgently need to remove you, consult a lawyer or the police, replace all authorisation tokens and keys, and rebuild from trusted sources. Or they could let Devuan revert to a toy project used by five people. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 11:12:34 Antony Stone wrote: > On Monday 01 April 2019 at 20:05:11, Mike Bird wrote: > Which part of the following did you not understand? The post was easy to understand. It may be true. Or maybe not. Sysadmins are entrusted with people's data - their bank accounts and credit cards and personal photos and private messages and much more. Any syadmin who thought the posted explanation to be adequate would be sued or fired, and deservedly so. If Devuan does not take security seriously it is worse than worthless. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon, Apr 01, 2019 at 11:05:11AM -0700, Mike Bird wrote: > > There are two very real problems: (1) the untrustworthy person > with access to Devuan's infrastructure and (2) Devuan's thus-far > totally inadequate response to a serious security incident. > There was no "untrhustworthy person" accessing the Devuan infrastructure. I have said in another email that I am responsible for the prank. I have been a devuan developer since early 2016, and as one of the five caretakers I have access to all the Devuan infrastructure. There was no attack. There was no security incident. It was an April fool. We have clarified that several times. I have apologised for that. I am very sorry for the distress caused :\ [cut] > > I know nothing of Italian law but whether or not the incident > should be referred for criminal prosecution is a question you > should already be discussing with your lawyers or the police. > Yeah, let's tell the Italian police that an administrator with lawful full access to all our servers put a rewrite on three websites for an April fool... HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
you can always fork devuan and make a distro without-sense-of-humor :P signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Monday 01 April 2019 at 20:05:11, Mike Bird wrote: > This attack... It was not an attack. > Any security lapse is serious. It was not a security lapse. > Claiming the incident was not serious does not make it less so, However, admitting that it was a (possibly misguided) April Fool's prank does make it not at all serious (in security terms). > There are two very real problems: (1) the untrustworthy person > with access to Devuan's infrastructure and (2) Devuan's thus-far > totally inadequate response to a serious security incident. Which part of the following did you not understand? On Monday 01 April 2019 at 15:27:00, KatolaZ wrote: > Again and to clarify once and for all: this was just an April fool. No > machine was compromised. No content was moved, deleted, or tampered > with in any way. Noone got access to the Devuan infra. No package or > mirror was affected. > > I apologise if somebody thought the joke stretched a bit too far: I am > responsible for that. I thought all the clues were clear enough, but > apparently they were not and some people got too stressed about it. I > am sincerely sorry about that. > > I will definitely make sure I will not make such a mistake again in > the future. > > SorryAgain > > KatolaZ Regards, Antony. -- Numerous psychological studies over the years have demonstrated that the majority of people genuinely believe they are not like the majority of people. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
On Mon April 1 2019 06:29:10 Evilham via Dng wrote: > Further clarifying things: **to my knowledge**(*) nothing has been > compromised, but it is indeed a very elaborated prank. Redirecting a web site is a juvenile and trivial edit that anybody with access can do in seconds. But if that was all, why was it not fixed in seconds? This attack may have been a prank or it may have been a prank as a cover for an attack or it may have been a prank subsequently exploited by different black hats to cover an attack. You don't know. Any security lapse is serious. There is always the possibility that logs and checksums were compromised, backdoors installed, access credentials stolen, etc. You can never know that a compromised system is secure until it is wiped and rebuilt from trusted sources. Similarly you cannot trust any other system to which the admitted attacker had access. Claiming the incident was not serious does not make it less so, it just undermines the credibility of anyone who makes such a naive claim. There are two very real problems: (1) the untrustworthy person with access to Devuan's infrastructure and (2) Devuan's thus-far totally inadequate response to a serious security incident. Devuan/VUA must (1) remove the attacker and (2) announce a serious plan to restore security and trust. You will have to be transparent. You will probably have to replace all your security tokens and keys. Merely claiming you've examined a few things and didn't find anything wrong is ridiculous and the opposite of what any real Veteran Unix Admin would know to do. I know nothing of Italian law but whether or not the incident should be referred for criminal prosecution is a question you should already be discussing with your lawyers or the police. Anyone using Devuan in production will, like us, have frozen updates for now. This situation cannot persist long. If Devuan/VUA cannot quickly prove itself worthy of trust we too will have to rebuild our systems, and in doing so migrate away from Devuan. Devuan/VUA's lame response thus far has been infinitely worse than anything ever done by SystemD. --Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On 4/1/19 7:49 PM, Arnt Karlsen wrote: > ..this cartoon is used in production how? ;o) snowden told us how. dev1 joke affected production devuan systems how? d. === JOKE BELOW - PROCEED WITH CAUTION === i can also confirm that dev1 systems i run, weren't affected by the joke bug, but just to be sure, scratched 'em alltogether and switched to M$ win10, that doesn't joke at all and is really cerious & corporately correct.. === signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On Mon, 1 Apr 2019 19:23:49 +0300, Dimitris wrote in message <5604fee1-d2c8-e254-59f1-2bde73640...@stinpriza.org>: > On 4/1/19 7:04 PM, info at smallinnovations dot nl wrote: > > be wiser then > > joking about security > > disagree. > security can be joked about too: https://xkcd.com/538/ ..this cartoon is used in production how? ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On 4/1/19 7:04 PM, info at smallinnovations dot nl wrote: > be wiser then > joking about security disagree. security can be joked about too: https://xkcd.com/538/ signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On 01-04-19 09:03, KatolaZ wrote: > Dear D1rs, > > we have analysed in depth the attack from the "Green Hat Hackers" that > compromised the Devuan infrastructure in the last hours, and we > concluded that you all are: > >* APRIL FOOLS * > > :P > > Hope you enjoyed the new Devuan gopherholes, as they are most probably > going to stay. Everything will be back to "normal" on: > >* Mon 01 Apr 2019 01:04:19 PM UTC * > > if you are wondering, unfortunately 1554123859 is not a prime number :\ > > > See you at the 1st Devuan Conference on 5,6,7 April 2019. For more info: > > gopher://www.devuan.org/0/os/debian-fork/d1conf-announce-20190119.txt > > Never forget to Live, Love, Linux, and have a good Laugh! > > LLoLL > I do not mind being a fool but i expected the Dev1 team to be wiser then joking about security. Another such joke and you have a mirror site less in the future. Grtz. Nick signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: April's fools mess
Evilham via Dng writes: (*): **to my knowledge** means that I am still trusting the communications and the project, even if I decided keep in place the temporarily disconnect of my systems from devuan's infra. FWIW if anyone cares, I checked what I could and things under my control are back to using devuan's infra. -- Evilham ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan.org is back
On Mon, 1 Apr 2019 15:27:00 +0200, KatolaZ wrote in message <20190401132700.psamqzizffz6r...@katolaz.homeunix.net>: > As promised, on Apr. 1st 2019 at 1:04:19pm UTC the Devuan world > started to make sense again. Please check: > >http://www.devuan.org >http://git.devuan.org >http://bugs.devuan.org >http://pkginfo.devuan.org >http://files.devuan.org >http://popcon.devuan.org > > The gopherholes will remain online for the time being. The "pwned" > page is still available at http://www.devuan.org/pwned.html. > > Again and to clarify once and for all: this was just an April fool. No > machine was compromised. No content was moved, deleted, or tampered > with in any way. Noone got access to the Devuan infra. No package or > mirror was affected. > > I apologise if somebody thought the joke stretched a bit too far: I am > responsible for that. I thought all the clues were clear enough, but > apparently they were not and some people got too stressed about it. I > am sincerely sorry about that. > > Pranks have always been an essential part of the hacker culture, and > like it or not, Devuan has been brought to all of us by a bunch of > passionate hackers working long nights, not by a team of serious white > collars in suit and scarf doing 9-to-5. > > I will definitely make sure I will not make such a mistake again in > the future. > > SorryAgain > > KatolaZ > > P.S.: Please, do not let the world outside take away from you the > pleasure of having a good laugh, at any cost. Stopping to laugh is the > first step to the grave. > ..this is a nice, if obvious one: https://twitter.com/Meteorologene/status/1112640962482843648/photo/1 ...or: https://translate.google.com/translate?sl=auto&tl=en&u=https%3A%2F%2Ftwitter.com%2FMeteorologene%2Fstatus%2F1112640962482843648%2Fphoto%2F1 ..a _polite_ version of the political context: https://en.wikipedia.org/wiki/1994_Norwegian_European_Union_membership_referendum https://en.wikipedia.org/wiki/European_Economic_Area https://en.wikipedia.org/wiki/EEA_and_Norway_Grants ..the purpose of the EEA, the join-EU referendum sequence and the sabotage of President Boris Jeltsin and Russian democracy, was to try lure and scare the Norwegian voters into vote to join the EU. ..too many of us remembered how the Russians did 70% of defeating Adolf Hitler, and how the Russians chased the Soviet Union out of Russia in 1991, and thereby, _cancelled_ WWIII. Russians, I _Thank_You_All_!!! ..me, I would have spun an "horse trade with Trump to keep Stoltenberg in office as NATO boss" sort of story. ;o) -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] devuan.org is back
Hi KatolaZ. KatolaZ - 01.04.19, 15:27: > Again and to clarify once and for all: this was just an April fool. No > machine was compromised. No content was moved, deleted, or tampered > with in any way. Noone got access to the Devuan infra. No package or > mirror was affected. Thanks for clarifying. > I apologise if somebody thought the joke stretched a bit too far: I am > responsible for that. I thought all the clues were clear enough, but > apparently they were not and some people got too stressed about it. I > am sincerely sorry about that. Apology accepted. Regarding my own take: I just did not take the time to verify any of the clues. Part of it was, that in my local time it also was not 1st April and I forgot that there are quite a bunch of other timezones. Only later I installed a gopher client. Thing is: Devuan is used in production, so there is some responsibility coming with that. :) > Pranks have always been an essential part of the hacker culture, and > like it or not, Devuan has been brought to all of us by a bunch of > passionate hackers working long nights, not by a team of serious white > collars in suit and scarf doing 9-to-5. I certainly understand and can relate to that. While Microsoft's marketing directory tried to ban April fools jokes this year, I am always on the lookout for some. For me the joke was just a bit too… security sensitive. > I will definitely make sure I will not make such a mistake again in > the future. All is well. > P.S.: Please, do not let the world outside take away from you the > pleasure of having a good laugh, at any cost. Stopping to laugh is the > first step to the grave. Well, I even have a smile on my face at the moment. As for implementation of the "joke": You basically fooled me initially. Well done. Or as gamers say: Achievement completed. Thanks -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On 2019年4月1日 22:01:56 JST, lilo via Dng wrote: >Il 01/04/19 09:03, KatolaZ ha scritto: >> Dear D1rs, >> >> we have analysed in depth the attack from the "Green Hat Hackers" >that >> compromised the Devuan infrastructure in the last hours, and we >> concluded that you all are: >> >>* APRIL FOOLS * >> >> :P > ><3 > >i saw soon yestarday but lurking and a lot of lol reading here. Ops! > >:* > >and > >THE WEB SUCKS -- JAVASCRIPT SUCKS -- BROWSERS SUCK > >WE ARE GREEN HAT HACKERS: WE CAME, WE SAW, WE KICKED YOUR ASS > >*** KISS PORT 80 GOODBYE -- JOIN THE REVOLUTION ON PORT 70 *** > >\0/ yahyyy for ever and ever. > > > >--lilo; > > >-- >-e' tutto calcolato, ma non funziona niente- >X-LiLo >/Consulenza del Lavoro, Telematica, Fiscale. >centro autorizzato CAF CDL srl 00067 Uff. Periferico 1300E >ScosseCAF Scosse.org @Casa Internazionale delle Donne >Via della Lungara 19 - Roma - 1°piano, stanza 106 >martedi e giovedi 16.30 - 21.00 o su appuntamento. >PEC x-l...@legalmail.it >/// >bit in rebels => devuan.org un tres tres bel exploit!___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Fwd: April's fools mess
Following is on a personal note after having tried to fix things behind curtains and to get something "official" out. First things first and because I think somebody has to say it in the right tone the situation merits: I am really sorry for the mess of today (+/- 13 hours because timezones) and I hope it does not impact too negatively the trust of users in the project in the long-run. Further clarifying things: **to my knowledge**(*) nothing has been compromised, but it is indeed a very elaborated prank. I hope this helps reassure those who are rightfully concerned, disappointed or disgusted by the whole thing and that a more sensible "official"/definitive/detailed announcement comes soon. (*): **to my knowledge** means that I am still trusting the communications and the project, even if I decided keep in place the temporarily disconnect of my systems from devuan's infra. Evilham writes: Dear all, this is being sent privately, but with the perspective of it being public. I won't go into the stupidity of April's fools as a general concept, but instead meet halfway and consider that a valid thing to do (even when your users are not exclusively in the limited parts of the world where that's a thing) and instead analyse the way this was done. This is not an April's fools joke, this reflects very badly on Devuan as a distribution that is something beyond someone's playground. I will explain: we, as Devuan, need people's trust, the fact that anybody uses Devuan (or any distribution/Operating System), implies a huge degree of trust on the team behind it. After all, if you control an Operating System, you control in fact, a trivial way to gain root on everyone's systems. Even assuming a fakely claimed security issue were funny, this was badly done. Had it been just about devuan-web, it wouldn't have been as terrible as this is: going the lengths of doing it with gdo and the build system undermines that trust of users towards Devuan. It's been now well over 12 hours and the "joke" is still on, it still hints at all parts of the infraestructure being compromised, it still looks as if gdo and the build system were compromised. For anyone wanting to do serious things while using Devuan, this is extremely bad taste. I know of at least 5 people wasting a few hours of their lives (me included) over this, *obviously* if the peope you trust are telling you "Devuan is fucked, we don't even have access to the infra", the very first thing you are going to do is start all your contingency plans, not bother with "obvious" puzzles and hints. We are talking about critical infrastructure here, this is the internet equivalent of being in an airport and shouting "THERE IS A BOMB! Nah just kidding". It is not only childish, it is irresponsible. I kindly ask everyone to reconsider and bring the thing down as soon as possible and publish a public apology. In the end, this is not a PR stun, it's a PR disgrace and it's messing with the people who care about the distribution and the distribution's always-lingering reputation. Even if there is no public apology, I will at least on a personal level do what I consider right and publish this email on DNG. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] devuan.org is back
As promised, on Apr. 1st 2019 at 1:04:19pm UTC the Devuan world started to make sense again. Please check: http://www.devuan.org http://git.devuan.org http://bugs.devuan.org http://pkginfo.devuan.org http://files.devuan.org http://popcon.devuan.org The gopherholes will remain online for the time being. The "pwned" page is still available at http://www.devuan.org/pwned.html. Again and to clarify once and for all: this was just an April fool. No machine was compromised. No content was moved, deleted, or tampered with in any way. Noone got access to the Devuan infra. No package or mirror was affected. I apologise if somebody thought the joke stretched a bit too far: I am responsible for that. I thought all the clues were clear enough, but apparently they were not and some people got too stressed about it. I am sincerely sorry about that. Pranks have always been an essential part of the hacker culture, and like it or not, Devuan has been brought to all of us by a bunch of passionate hackers working long nights, not by a team of serious white collars in suit and scarf doing 9-to-5. I will definitely make sure I will not make such a mistake again in the future. SorryAgain KatolaZ P.S.: Please, do not let the world outside take away from you the pleasure of having a good laugh, at any cost. Stopping to laugh is the first step to the grave. -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
Il 01/04/19 09:03, KatolaZ ha scritto: > Dear D1rs, > > we have analysed in depth the attack from the "Green Hat Hackers" that > compromised the Devuan infrastructure in the last hours, and we > concluded that you all are: > >* APRIL FOOLS * > > :P <3 i saw soon yestarday but lurking and a lot of lol reading here. Ops! :* and THE WEB SUCKS -- JAVASCRIPT SUCKS -- BROWSERS SUCK WE ARE GREEN HAT HACKERS: WE CAME, WE SAW, WE KICKED YOUR ASS *** KISS PORT 80 GOODBYE -- JOIN THE REVOLUTION ON PORT 70 *** \0/ yahyyy for ever and ever. --lilo; -- -e' tutto calcolato, ma non funziona niente- X-LiLo /Consulenza del Lavoro, Telematica, Fiscale. centro autorizzato CAF CDL srl 00067 Uff. Periferico 1300E ScosseCAF Scosse.org @Casa Internazionale delle Donne Via della Lungara 19 - Roma - 1°piano, stanza 106 martedi e giovedi 16.30 - 21.00 o su appuntamento. PEC x-l...@legalmail.it /// bit in rebels => devuan.org 0x703374720A0E6F2A.asc Description: application/pgp-keys ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
On Mon, 1 Apr 2019 09:03:56 +0200, KatolaZ wrote in message <20190401070356.6jbd7eiovhr7m...@katolaz.homeunix.net>: > Dear D1rs, > > we have analysed in depth the attack from the "Green Hat Hackers" that > compromised the Devuan infrastructure in the last hours, and we > concluded that you all are: > >* APRIL FOOLS * > > :P ..some things warrant a little more wisdom than what you demonstrated here, e.g. Holocaust, war crimes, public safety, and privacy in less than democratic places, and computer security is a serious matter for e.g. whistle blowers, and we are not quite where we need to be on this. > Hope you enjoyed the new Devuan gopherholes, as they are most probably > going to stay. Everything will be back to "normal" on: > >* Mon 01 Apr 2019 01:04:19 PM UTC * > > if you are wondering, unfortunately 1554123859 is not a prime > number :\ > > > See you at the 1st Devuan Conference on 5,6,7 April 2019. For more > info: > > gopher://www.devuan.org/0/os/debian-fork/d1conf-announce-20190119.txt .. > Once again, the Veteran Unix Admins salute you, and now invite you > to celebrate community development and software freedom at the first > Devuan Conference this coming spring! > > Devuan Conference #1: “THE POWER OF CHOICE” > > Starting: Friday, April 5th 2019, 13:00 CEST > Ending: Sunday, April 7th 2019, 16:00 CEST > > Location: > > Amsterdam Houthavens > Haparandadam 7, 1013AK > The Netherlands > Latitude: 52.396795 | Longitude: 4.880298 > > > Presentations > - PID1: Welcome and Introductions > - The Importance of Minimalism and Modularity > - CI Galore: the Devuan SDK and the Docker Toaster > - Make Your Own Distro > - Competing with Giants: How to Sell Devuan to Your Company > - Maemo-Leste Mobile Phone OS on N900 > - DECODE OS for P2P Micro-Services over Tor > - Dowse: the Rod for Local Area Network Awareness > - Running a Devuan data center > - Demystifying init > - … More to be announced > > Hacking sessions > - Installing Devuan-live > - Devuan with s6/s6-rc > - Disk Encryption > - … Suggestions welcome ..suggest a safe newbie-proof Tor and firewall default setup, under the label "If you don't know what Tor or firewall is, or how to set these up safely, click here to use our safe newbie-proof Tor and firewall default setup." on our installers etc, e.g. with shorewall. ..conceptually, shorewall is about as easy to learn and understand as the good old http://ipcop.sourceforge.net/ : ... https://www.wikihow.com/Configure-IPCop-as-a-Firewall ...and far more powerful, and remains alive and under active development at: http://www.shorewall.net/ https://en.wikipedia.org/wiki/Shorewall http://www.shorewall.net/Introduction.html http://www.shorewall.net/shorewall_features.htm ..at a minimum, we want: http://www.shorewall.net/Laptop.html and _never_ the http://www.shorewall.net/FoolsFirewall.html . > For those unable to attend, the event will be live-streamed, > recorded, and available online. ..link? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
KatolaZ wrote on 01.04.19 09:03: > Dear D1rs, > > we have analysed in depth the attack from the "Green Hat Hackers" that > compromised the Devuan infrastructure in the last hours, and we > concluded that you all are: > >* APRIL FOOLS * > > :P D'oh! A prank well executed from a purely technical POV, kudos for that. However IMO in quite bad taste given anything even remotely security related when talking OS distributions is quite a touchy subject. At the very least you had me with my finger already on the kill switch for one of the packet mirrors, for a short while. Not sure it was worth it. > Hope you enjoyed the new Devuan gopherholes, as they are most probably > going to stay. Now, this is the one part of the joke I can wholeheartedly appreciate. ;-) [...]> if you are wondering, unfortunately 1554123859 is not a prime number :\ MFW I was literally only a few keystrokes away of actually checking. -.- [...] > Never forget to Live, Love, Linux, and have a good Laugh! > > LLoLL Evil me let off a diabolical chuckle, does that count? }:-> Reasonable me, however, would like to kindly suggest you a choose less sinister scenario for potential future jokes on that scale. And please keep in mind that April fools jokes are popular only in some parts of so-called western culture, and not a concept readily recognized or accepted globally. So yeah, please have a good laugh at your fellow Devuaners expense every once in a while, by all means. We all need to vent every now and then, especially those who work tirelessly to keep things rolling. Just be aware that this particular kind of joke might eventually backfire in unexpected ways. Just my two nano-cents. Cheers, Urban -- Sapere aude! signature.asc Description: OpenPGP digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] *** DEVUAN.ORG HAS BEEN PWNED *** , message -- UPDATE
mett - 01.04.19, 05:38: > On 2019年4月1日 11:03:36 JST, Hendrik Boom wrote: > >On Mon, Apr 01, 2019 at 01:35:30AM +0200, KatolaZ wrote: > >> On Mon, Apr 01, 2019 at 12:21:58AM +0200, KatolaZ wrote: > >> > >> [cut] > >> > >> > Just to let you know that Devuan's caretakers got anonymous > >> > emails > >> > from a group who identified themselves as "Green Hat Hackers". > >> > They > >> > insisted on the last line of the pwned website. If you have any > > > >clue, > > > >> > let us know. > >> > >> ok we probably got that! > >> > >> $ date -d @7779847 > >> $ date -d @1554080659 > > > >Or > > > >date -u -d @7779847 > >date -u -d @1554080659 […] > +1 for the -u IMO this is still a *very bad* taste for an April fools joke. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Update on the Green Hat Hackers attack
KatolaZ wrote: > * APRIL FOOLS * Not funny. Came here to get away from the crap. Going back to Debian, or maybe IBM Red Hat. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Update on the Green Hat Hackers attack
Dear D1rs, we have analysed in depth the attack from the "Green Hat Hackers" that compromised the Devuan infrastructure in the last hours, and we concluded that you all are: * APRIL FOOLS * :P Hope you enjoyed the new Devuan gopherholes, as they are most probably going to stay. Everything will be back to "normal" on: * Mon 01 Apr 2019 01:04:19 PM UTC * if you are wondering, unfortunately 1554123859 is not a prime number :\ See you at the 1st Devuan Conference on 5,6,7 April 2019. For more info: gopher://www.devuan.org/0/os/debian-fork/d1conf-announce-20190119.txt Never forget to Live, Love, Linux, and have a good Laugh! LLoLL -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
