Re: [DNG] ..are we|Devuan safe from this systemd backdoor malware, taking our kernels from Debian?
Quoting marc (marc...@welz.org.za):
> Hello
And almost certainly goodbye. But before that:
> > It's irrational to talk about rootkits as if they were a security threat
> > (and my apologies in advance if, as seems likely, you're fully aware of
> > the difference; in these discussions, there will always be other readers
> > who don't.
>
> Apologies accepted :)
You know what's really tragic, here? I was trying to be nice -- since
your wording had left it very unclear whether you actually thought
rootkits are an attack vector. I said it's likely you didn't, being
generous of spirit, and apologised if that were the case -- an
obvious pro-forma apology, as a way to be nice. It would, of course, be
obvious that I had objectively offered no offence, therefore I wasn't
actually apologising, just trying to be nice about your unclear wording.
But hey, if you want to be ungracious, and act like you don't want to be
friends, I guess you do you.
> > By definition, a rootkit is a set of coverup tools installed by an
> > intruder _after stealing root via other means entirely). The point is
> > that focussing on what bad guys do after they broken into your system
> > and cracked the root account is largely a waste of time: After they
> > have completely broken security, they can do anything at all, and what
> > particular thing they choose do isn't very interesting -- or relevant
> > to system administration. What _is_ interesting and relevant is how
> > the bad guys got in and how they escalated privilege to root. And those
> > questions are the ones relevant to system administration.
>
> Well, yes and no. Of course if the system is fully compromised, then
> all bets are off. It does also mean that if a bad guy has broken into
> a system with writable {disk,graphics,nic,bios} firmware, then the only
> safe response is to throw away the hardware (owners of RPIs earlier
> than v4 only need to throw away the sd card).
You purport to disagree with what I said, but then throw out a lot of
word salad that doesn't address it.
I'm going to ignore that and move on.
> However, most system administrators don't do that. At best they reformat,
> cross their fingers and continue.
Anyone who does that, I'd fire.
> And you will note the current rootkit under discussion has two modes - a root
> mode where it pretends to be a systemd component, and a userlevel mode where
> it pretends to be a bit of gnome.
Completely irrelevant to what I was saying.
> But more importantly: This is a mailing list for a distribution, and
> distributions are where supply chain attacks can (or might already have)
> happen(ed).
A tautologically true but also totally useless observation.
> Some people subscribe to "with sufficient eyeballs, all bugs are shallow",
> others to "three people can keep a secret, if two are dead". Interestingly
> both apply - the latter when talking about who has access to the build
> infrastructure...
Another totally useless observation -- and also completely irrelevant to
what I said. _If_ you know anything about distros with competent build
infrastructures (including for example Debian), you will know that it is
for obvious reasons accessible only to the most highly trusted people.
Unless one of those happens to be Moriarty the Napoleon of Crime,
authors of *ix ELF infectors, rootkits, UDP-based backdoors, etc. can
dick around with their creations all day long and not be able to
compromise the package collection via the build infrastructure.
> There is always a first time (or a time of first discovery).
Send a telegram.
And I believe I'm done. Run away and play elsewhere, sonny. I'm busy.
[rest snipped per the Law of Diminishing Returns]
--
Cheers,There are really only two hard problems in computer science:
Rick Moen o Cache invalidation policy.
r...@linuxmafia.como Name-space management.
McQ! (4x80)o Off-by-one errors.
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] GNU SmartOS [WAS: FSF and human rights]
On 29.03.21 11:14, Alessandro Vesely via Dng wrote: Opposing voices are raising, and I look forward for a GNU SmartOS. I'm actually working on that. Yet just on fundamental concepts (and also some basic technologies), no code written yet, but it's in the pipeline. Anyone here who likes to join me ? If you look at the tangent envelope of all those curves, you see the growth of software is very strong. It is certainly an economic question. How, then, could you keep politics off? Free software poses political problems. These problems are different from those of the previous industrial revolution, but they are still political problems. ACK. --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering i...@metux.net -- +49-151-27565287 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] End of free open source software?
On 09.05.21 08:33, tito via Dng wrote: So the first question that arises is: how could open source and free software projects ensure protection from damage up to data loss if actually even proprietary software comes with no warranty at all? Make it crystal clear, that our software is neither a product, nor service, nor anything near to any commercial thing, but instead just a piece of art, like a novel or a poem. --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering i...@metux.net -- +49-151-27565287 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Collaboration between distros [WAS: FSF and human rights]
On 27.03.21 18:07, tito via Dng wrote: There is also PcLinuxOS even if rpm based but they have the full stack systemd free and could be a source of code for devuan as they already solved somehow most of the problems. Systemd free distros should pool their efforts to avoid duplication and to gain critical mass. I'd like to put that onto a broader level: IMHO most of the work to do for distros is about QM (testing, patching, bugfixing) - we should try to consolidate that work, independent of individual distros and their technology. For decades, whenever I package something for some distro, I try to do most of the work in a distro agnostic way. (used to have my own project, called "oss-qm", which collects patches ontop of upstream releases to make up QM'ed branches - unfortunately no distro really showed any interest in that). In essenence, I'm proposing fixing up packages (and individual releases) up to a point where the actual distro-packaging is pretty much trivial. For *most* SW out there we could even invent some universal packaging metadata format, that could be automatically transformed into dist- specific build files. Of course, that only works just *mostly*, since there're still many exceptions. Dh (and its various helpers) is already a great step into that direction, but we could go some steps further and make it useful for completely unrelated distros and even more tricky cases like crosscompiling and tiny embedded scenarios. --mtx -- --- Hinweis: unverschlüsselte E-Mails können leicht abgehört und manipuliert werden ! Für eine vertrauliche Kommunikation senden Sie bitte ihren GPG/PGP-Schlüssel zu. --- Enrico Weigelt, metux IT consult Free software and Linux embedded engineering i...@metux.net -- +49-151-27565287 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] connman bug?
Hi in file /etc/init.d/connman on line 22 seems missed "$" if [ "CONNMAN_RUNSTATEDIR_RESOLVCONF" != "no" ] ; then mkdir -p /run/connman ln -sf /run/connman/resolv.conf /etc/ fi i thing better one: if [ "$CONNMAN_RUNSTATEDIR_RESOLVCONF" != "no" ] ; then Bye Mestan -- Motto: Manželství je dobré pro dobré. -- španělské přísloví ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
