Re: [DNG] A Devuan kernel?
On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: > On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: > > On 08-07-18 23:32, aitor_czr wrote: > > > > > > Hi Jimmy, > > > > > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: > > > > Thoughts? Volunteers? > > > > > > I also would like to see devuan including its own kernel. I can help > > > on packaging stuff. > > > > > > Aitor. > > > > I am not a kernel guy so maybe i am asking a stupid question; but what > > other parts besides the official kernel from kernel.org would you > > install? Or leave out? > > > I don't think Linus is trying to hide anything, he just can't talk about a > backdoor and will deny a backdoor if you ask him about one. > > Something I haven't done but maybe a kernel source package can be opened to > expose what is in there? Something way over my head. > Anybody friends with Klaus Knopper? Or has other sources for help? Maybe > someone from Puppy Linux? The only problem with this theory is that Linus has not been the only developer of the Linux kernel at least since September 1991. Nowadays the Linux kernel has thousands of developers. If such a "backdoor" existed, we would know about it, as we knew about the Spectre and Meltdown vulnerabilities. You simply can't silence everybody, even if you are the NSA. Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 01:17:58AM +0200, Antony Stone wrote: [cut] > > Something way over my head. > > Anybody friends with Klaus Knopper? Or has other sources for help? > > Maybe someone from Puppy Linux? > > I think you're confusing the Linux kernel with GNU/Linux distributions. > > You might as well start looking at Android, if the Linux kernel is what's > bothering you. > Well, actually android has always used a Linux kernel... -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 09:53:06, KatolaZ wrote: > On Mon, Jul 09, 2018 at 01:17:58AM +0200, Antony Stone wrote: > > [cut] > > > > Something way over my head. > > > Anybody friends with Klaus Knopper? Or has other sources for help? > > > Maybe someone from Puppy Linux? > > > > I think you're confusing the Linux kernel with GNU/Linux distributions. > > > > You might as well start looking at Android, if the Linux kernel is what's > > bothering you. > > Well, actually android has always used a Linux kernel... That was my point. Why look at Puppy Linux in particular, if you're bothered about backdoors in the kernel? The same backdoor would be in Android, so it's just as worth while to look there. Antony. -- "If I've told you once, I've told you a million times - stop exaggerating!" Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: > Literally anybody can get the sources of the Linux kernel and read > through it. So I guess your fears are somehow unjustified... There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. Cheers A. -BEGIN PGP SIGNATURE- iF4EAREIAAYFAltDF2wACgkQqBZry7fv4vuOqAEAzsCAqEwTGdeU0naWbKauol8+ HtUPlRJNtcNftl+6G8AA/RE+ahm/ImQblbacaPOEVBDh/UmFqxfdd2NEUQFHroBN =+Tvv -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 01:06 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. I'm old and trying to remember is not easy at times, I think what we would be looking for could be a dbus-client, also another word mentioned was about 3-4 letters long and the first letter was a 'k' but nothing to do with kde, also mentioned was to check certificate files. This stuff is over my head and I yeld to the experts, but all these things are certainly worth checking out. Another way to corrupt a system is via the firmware and has also been mentioned in my readings. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > Hi again, > > El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: > > I am not a kernel guy so maybe i am asking a stupid question; but what > > other parts besides the official kernel from kernel.org would you > > install? Or leave out? > > I would leave out binary blobs :) > The Debian kernel already comes stripped of any binary blob, at least since Squeeze was testing (i.e., since about 2009). Binary firmware packages have been available in the non-free component since them. If you don't install any of those non-free packages, your kernel is equivalent to the one provided by LinuxLibre, the only difference being that you can still load binary blobs if you wish so (while that is forbidden in the kernels released by LinuxLibre). What are we talking about, exactly? HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 06:06:12PM +1000, Andrew McGlashan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > On 09/07/18 17:51, KatolaZ wrote: > > Literally anybody can get the sources of the Linux kernel and read > > through it. So I guess your fears are somehow unjustified... > > There were long standing problems with openssl -- the source code was > fully available, anybody could have found the problems, but they didn't. > > The Linux Kernel is HUGE, the possibility to find something that > shouldn't be there would not be very easy. Binary blobs remain the > most "risky" components, but anything else can easily hide in plain sigh > t. > Yeah, so what should we do? Stop working on Devuan and get a couple of years off just to check that the kernels provided in the already-released packages does not have any NSA backdoor? o_O -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] is there a problem with package signing?
On Sun, Jul 08, 2018 at 09:10:41PM -0400, Hendrik Boom wrote: > During and after my upgade to ascii, > when I try to install packages > I consistently get messages like > > WARNING: The following packages cannot be authenticated! > lighttpd > Install these packages without verification? [y/N] > > Is there something wrong with pakage signing? > My apt-sources are from pkgmaster.devuan.org, > and I did install the devuan-keyring, version 2017.10.03. > Aptitude doesn't seem to think there's a newer version. > Hendrik, I can't reproduce your error. Which release are you on? Are you using exclusively Devuan repos? HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 01:53 AM, Jimmy Johnson wrote: On 07/09/2018 01:06 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... Has the thought occurred to you that maybe the people that where finding those problems are now working for the bad guys? I remember way back in my days with windows all the good people finding problems with windows where soon bought up by microsoft, now they are buying up linux, do you really want to give up? Now I read even BSD is going to adopt systemd, it's looking like the without-systemd project is the only hope to save linux and keep it from becoming another microsoft project, I'm not willing to stop, I will still hold a candle for freedom. There were long standing problems with openssl -- the source code was fully available, anybody could have found the problems, but they didn't. Yes, ssl has been mentioned and also what they call watered down encryption, plus wireless password encryption, I understand is useless. The Linux Kernel is HUGE, the possibility to find something that shouldn't be there would not be very easy. Binary blobs remain the most "risky" components, but anything else can easily hide in plain sigh t. I'm old and trying to remember is not easy at times, I think what we would be looking for could be a dbus-client, also another word mentioned was about 3-4 letters long and the first letter was a 'k' but nothing to do with kde, also mentioned was to check certificate files. This stuff is over my head and I yeld to the experts, but all these things are certainly worth checking out. Another way to corrupt a system is via the firmware and has also been mentioned in my readings. Another thought comes to me, before moving back home I was living in Santa Cruz for 24 yrs, and active in the local PC Club and active in the linux group, we met at UCSC, if I was still living there I don't think it would be hard to get a group together and start looking for these things. I suggest looking for help where ever you can find it. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Hi Katola. KatolaZ - 09.07.18, 09:51: > On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: > > On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: > > > On 08-07-18 23:32, aitor_czr wrote: > > > > Hi Jimmy, > > > > > > > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: > > > > > Thoughts? Volunteers? > > > > > > > > I also would like to see devuan including its own kernel. I can > > > > help > > > > on packaging stuff. > > > > > > > >Aitor. > > > > > > I am not a kernel guy so maybe i am asking a stupid question; but > > > what other parts besides the official kernel from kernel.org > > > would you install? Or leave out? > > > > I don't think Linus is trying to hide anything, he just can't talk > > about a backdoor and will deny a backdoor if you ask him about one. > > > > Something I haven't done but maybe a kernel source package can be > > opened to expose what is in there? Something way over my head. > > Anybody friends with Klaus Knopper? Or has other sources for help? > > Maybe someone from Puppy Linux? > > The only problem with this theory is that Linus has not been the only > developer of the Linux kernel at least since September 1991. Nowadays > the Linux kernel has thousands of developers. If such a "backdoor" > existed, we would know about it, as we knew about the Spectre and > Meltdown vulnerabilities. You simply can't silence everybody, even if > you are the NSA. > > Literally anybody can get the sources of the Linux kernel and read > through it. So I guess your fears are somehow unjustified... I agree with that. This discussion seems bordering on conspiracy theories. Those claim that something might be true and sow fear, uncertainty and doubt. Some parts of conspiracy theories may turn out to have been true, like for example all the spying the NSA and other secret agencies are doing. But I see no benefit in fearing something I have seen no proof of. Anyone ever saw any proof that such a backdoor exists within the Linux kernel source? I haven´t. Aside from that, I´d be more vary about the firmware in PCs. The closed- source binary blobs almost everyone is using who is using a computer these days. I do not think this discussion is helpful. There may be reasons for an own kernel, but IMO this is no reason. Thanks, -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 02:53 AM, Martin Steigerwald wrote: Hi Katola. KatolaZ - 09.07.18, 09:51: On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: On 08-07-18 23:32, aitor_czr wrote: Hi Jimmy, El 08/07/18 a las 23:24, Jimmy Johnson escribió: Thoughts? Volunteers? I also would like to see devuan including its own kernel. I can help on packaging stuff. Aitor. I am not a kernel guy so maybe i am asking a stupid question; but what other parts besides the official kernel from kernel.org would you install? Or leave out? I don't think Linus is trying to hide anything, he just can't talk about a backdoor and will deny a backdoor if you ask him about one. Something I haven't done but maybe a kernel source package can be opened to expose what is in there? Something way over my head. Anybody friends with Klaus Knopper? Or has other sources for help? Maybe someone from Puppy Linux? The only problem with this theory is that Linus has not been the only developer of the Linux kernel at least since September 1991. Nowadays the Linux kernel has thousands of developers. If such a "backdoor" existed, we would know about it, as we knew about the Spectre and Meltdown vulnerabilities. You simply can't silence everybody, even if you are the NSA. Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... I agree with that. This discussion seems bordering on conspiracy theories. Those claim that something might be true and sow fear, uncertainty and doubt. Some parts of conspiracy theories may turn out to have been true, like for example all the spying the NSA and other secret agencies are doing. But I see no benefit in fearing something I have seen no proof of. Anyone ever saw any proof that such a backdoor exists within the Linux kernel source? I haven´t. Aside from that, I´d be more vary about the firmware in PCs. The closed- source binary blobs almost everyone is using who is using a computer these days. I do not think this discussion is helpful. There may be reasons for an own kernel, but IMO this is no reason. Martin you are active with both KDE and Debian Development, I would not expect you to be of much help, so pleas stay out of the way. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 02:50:56AM -0700, Jimmy Johnson wrote: > On 07/09/2018 01:53 AM, Jimmy Johnson wrote: > > On 07/09/2018 01:06 AM, Andrew McGlashan wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > > Hash: SHA256 > > > > > > > > > > > > On 09/07/18 17:51, KatolaZ wrote: > > > > Literally anybody can get the sources of the Linux kernel and read > > > > through it. So I guess your fears are somehow unjustified... > > > Has the thought occurred to you that maybe the people that where finding > those problems are now working for the bad guys? I remember way back in my > days with windows all the good people finding problems with windows where > soon bought up by microsoft, now they are buying up linux, do you really > want to give up? Now I read even BSD is going to adopt systemd, it's > looking like the without-systemd project is the only hope to save linux and > keep it from becoming another microsoft project, I'm not willing to stop, I > will still hold a candle for freedom. You can't buy everybody. Not even Intel, which is the largest actor in IT, could silence the group which discovered Spectre and Meltdown, despite the trick costed them billion dollars and despite they were notified of the vulnerabilities several months before they were disclosed to the wide public. Conspiracy theories do not work for a simple reason: you just can't buy everybody, and even if you think you can, people have always liked to talk about their smart discoveries. Almost everybody out there seems to be looking for their 5 minutes of glory. Look for instance at all the clamour around the "fatal PGP vulnerability", which was not a PGP vulnerability at all, rather the manifestation of the sheer incompetence of almost all the developers of MUAs in the last 20 years. The result of that "discovery" was a totally wrong and misleading message: "Oh! Don't encrypt your emails any more because it's DANGEROUS!!!". Which is just plain nonsense, and tells a lot about how the media can disproportionately inflate even the most silly news about the most silly bug. You can fear only what you don't understand, and you can successfully fight only what you understand fully. There are lots of people out there who understand a lot more about the Linux kernel than many of us here. I simply decided to trust them, collectively, because I know that nobody can buy all of them. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 03:00:22AM -0700, Jimmy Johnson wrote: [cut] > > > > This discussion seems bordering on conspiracy theories. Those claim that > > something might be true and sow fear, uncertainty and doubt. Some parts > > of conspiracy theories may turn out to have been true, like for example > > all the spying the NSA and other secret agencies are doing. But I see no > > benefit in fearing something I have seen no proof of. > > > > Anyone ever saw any proof that such a backdoor exists within the Linux > > kernel source? I haven´t. > > > > Aside from that, I´d be more vary about the firmware in PCs. The closed- > > source binary blobs almost everyone is using who is using a computer > > these days. > > > > I do not think this discussion is helpful. There may be reasons for an > > own kernel, but IMO this is no reason. > > > Martin you are active with both KDE and Debian Development, I would not > expect you to be of much help, so pleas stay out of the way. > > Thanks, uh?!? o_O I guess we need to calm down a bit here? Martin expressed his view. You Jimmy expressed yours, and nobody asked you to get/stay out of the way. I presume you should give to the opinions of others the same treatment you expect for yours, as a baseline. Or at least expect your opinions to be treated with the same respect with which you treat those of others... HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
On Sun, Jul 08, 2018 at 09:12:12PM -0400, Hendrik Boom wrote: > I can't start lighttpd because something is already bound to port 80. > > How can I find out what's attached to this port? > $ netstat -lntpu $ man netstat HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Adam Borowski: > On Sun, Jul 08, 2018 at 09:12:12PM -0400, Hendrik Boom wrote: > > I can't start lighttpd because something is already bound to port 80. > > > > How can I find out what's attached to this port? > > man ss > > ss -lp46 Nice, didn't know about the ss command. You can also use netstat -tulp lsof -i :80 Regards, /Karl Hammar --- Aspö Data Lilla Aspö 148 S-742 94 Östhammar Sweden +46 173 140 57 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 03:16 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 02:50:56AM -0700, Jimmy Johnson wrote: On 07/09/2018 01:53 AM, Jimmy Johnson wrote: On 07/09/2018 01:06 AM, Andrew McGlashan wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 09/07/18 17:51, KatolaZ wrote: Literally anybody can get the sources of the Linux kernel and read through it. So I guess your fears are somehow unjustified... Has the thought occurred to you that maybe the people that where finding those problems are now working for the bad guys? I remember way back in my days with windows all the good people finding problems with windows where soon bought up by microsoft, now they are buying up linux, do you really want to give up? Now I read even BSD is going to adopt systemd, it's looking like the without-systemd project is the only hope to save linux and keep it from becoming another microsoft project, I'm not willing to stop, I will still hold a candle for freedom. You can't buy everybody. Not even Intel, which is the largest actor in IT, could silence the group which discovered Spectre and Meltdown, despite the trick costed them billion dollars and despite they were notified of the vulnerabilities several months before they were disclosed to the wide public. Conspiracy theories do not work for a simple reason: you just can't buy everybody, and even if you think you can, people have always liked to talk about their smart discoveries. Almost everybody out there seems to be looking for their 5 minutes of glory. Look for instance at all the clamour around the "fatal PGP vulnerability", which was not a PGP vulnerability at all, rather the manifestation of the sheer incompetence of almost all the developers of MUAs in the last 20 years. The result of that "discovery" was a totally wrong and misleading message: "Oh! Don't encrypt your emails any more because it's DANGEROUS!!!". Which is just plain nonsense, and tells a lot about how the media can disproportionately inflate even the most silly news about the most silly bug. You can fear only what you don't understand, and you can successfully fight only what you understand fully. There are lots of people out there who understand a lot more about the Linux kernel than many of us here. I simply decided to trust them, collectively, because I know that nobody can buy all of them. Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 03:22 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:00:22AM -0700, Jimmy Johnson wrote: [cut] This discussion seems bordering on conspiracy theories. Those claim that something might be true and sow fear, uncertainty and doubt. Some parts of conspiracy theories may turn out to have been true, like for example all the spying the NSA and other secret agencies are doing. But I see no benefit in fearing something I have seen no proof of. Anyone ever saw any proof that such a backdoor exists within the Linux kernel source? I haven�t. Aside from that, I�d be more vary about the firmware in PCs. The closed- source binary blobs almost everyone is using who is using a computer these days. I do not think this discussion is helpful. There may be reasons for an own kernel, but IMO this is no reason. Martin you are active with both KDE and Debian Development, I would not expect you to be of much help, so pleas stay out of the way. Thanks, uh?!? o_O I guess we need to calm down a bit here? Martin expressed his view. You Jimmy expressed yours, and nobody asked you to get/stay out of the way. I presume you should give to the opinions of others the same treatment you expect for yours, as a baseline. Or at least expect your opinions to be treated with the same respect with which you treat those of others... HND KatolaZ You've been showing contempt and disrespect for me since my first post in this group, never helpful. Why do you want to stand in the way of people in this group looking for malware in this distro? Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] > > > Well some of those kernel experts are saying you need to check your kernel. > Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 03:53:01AM -0700, Jimmy Johnson wrote: [cut] > > > > > > uh?!? o_O > > > > I guess we need to calm down a bit here? Martin expressed his > > view. You Jimmy expressed yours, and nobody asked you to get/stay out > > of the way. I presume you should give to the opinions of others the > > same treatment you expect for yours, as a baseline. Or at least expect > > your opinions to be treated with the same respect with which you treat > > those of others... > > > > HND > > > > KatolaZ > > > You've been showing contempt and disrespect for me since my first post in > this group, never helpful. Why do you want to stand in the way of people in > this group looking for malware in this distro? > o_O All the devuan repos are public. The sources of all the packages forked by Devuan are available at: https://git.devuan.org/devuan-packages Anybody is free to check any of those packages, one by one. If anybody finds something suspicious, or wrong, they should shout out as loud as possible, and as soon as possible. There is already so much hatred against Devuan. What we need is facts, not more FUD. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 12:42:40, Jimmy Johnson wrote: > On 07/09/2018 03:16 AM, KatolaZ wrote: > > > > There are lots of people out there who understand a lot more about the > > Linux kernel than many of us here. I simply decided to trust them, > > collectively, because I know that nobody can buy all of them. > > Well some of those kernel experts are saying you need to check your > kernel. It is just as plausible that these kernel experts are deliberately spreading fear, uncertainty and doubt with no substance whatsoever. Any responsible person who says "you need to check your kernel; there may be a backdoor (or two) in it" would point at what they found to back up their claim. Even if this results in said backdoor being promptly removed, only for another one to be lurking elsewhere unannounced, it's an improvement in the security of the code, and everyone knows that the person was speaking truthfully. Anyone who claims to know there are backdoors but doesn't say why they believe this, what the backdoors are, or where to find further information about them, is only as bad as a "security researcher" who claims to have identified a vulnerability in code (which I regard as different from a backdoor because vulnerabilities are accidental, backdoors are deliberate) but refuses to provide responsible disclosure to the vendor / developer responsible for that code and thereby leaves it open to (further) exploitation. > Also how you respond to this thread speaks volumes. This, of course, is also true about you. Antony. -- "It would appear we have reached the limits of what it is possible to achieve with computer technology, although one should be careful with such statements; they tend to sound pretty silly in five years." - John von Neumann (1949) Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 03:53 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. It's simple, because they can't say any more than Linus can, you are not being helpful and I will now stop replying to your unhelpful post. What you can do is look for malware, do some investigative research, just educate yourself, what I know is out there for all to read. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 13:02:23, Jimmy Johnson wrote: > what I know is out there for all to read. So give us some URLs to what you have already found. Or are you just trying to waste our time? Antony. -- The first fifty percent of an engineering project takes ninety percent of the time, and the remaining fifty percent takes another ninety percent of the time. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] dnsmasq: junk found in command line
Hi, I am having a problem starting dnsmasq after latest update to my devuan VM. The error is when trying to start the init script: dnsmasq: junk found in command line I think I might be on old Devuan version[1] because /etc/issue says "1". Maybe this is the problem but I see a directory added/updated on Jun 25 /usr/share/dns/ with a few files in it. The init script uses sed to get some options from the files there and then tries starting dnsmasq with fail message above. If I debug init script[3], I get weird options indeed. Any ideas how to fix this? For now I have dnsmasq started by command line with simple options "-d -C configfile" Thank you [1] # cat /etc/issu Devuan GNU/Linux 1 \n \l [2] # cat /etc/apt/sources.list # deb http://us.mirror.devuan.org/merged/ jessie main deb http://us.mirror.devuan.org/merged/ jessie main deb-src http://us.mirror.devuan.org/merged/ jessie main # jessie-security, previously known as 'volatile' deb http://us.mirror.devuan.org/merged/ jessie-security main deb-src http://us.mirror.devuan.org/merged/ jessie-security main # 2018-06-24 - root (tmb384) - added repo, but nothing shows up with apt # deb http://security.debian.org/ jessie/updates main # deb-src http://security.debian.org/ jessie/updates main # jessie-updates, previously known as 'volatile' deb http://us.mirror.devuan.org/merged/ jessie-updates main deb-src http://us.mirror.devuan.org/merged/ jessie-updates main # Devuan repositories deb http://packages.devuan.org/merged jessie main deb-src http://packages.devuan.org/merged jessie main [3] # bash -x /etc/init.d/dnsmasq start ... + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/dnsmasq.pid --exec /usr/sbin/dnsmasq --test + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/dnsmasq.pid --exec /usr/sbin/dnsmasq -- -x /var/run/dnsmasq/dnsmasq.pid -u dnsmasq -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service . 172800 IN DS 19036,8,2,49aac11d7b6f6446702e54a1607371607a1a41855200fd2ce1cdde32f24e8fb5 . 172800 IN DS 20326,8,2,e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d ... ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 04:01 AM, Antony Stone wrote: On Monday 09 July 2018 at 12:42:40, Jimmy Johnson wrote: On 07/09/2018 03:16 AM, KatolaZ wrote: There are lots of people out there who understand a lot more about the Linux kernel than many of us here. I simply decided to trust them, collectively, because I know that nobody can buy all of them. Well some of those kernel experts are saying you need to check your kernel. It is just as plausible that these kernel experts are deliberately spreading fear, uncertainty and doubt with no substance whatsoever. Any responsible person who says "you need to check your kernel; there may be a backdoor (or two) in it" would point at what they found to back up their claim. Even if this results in said backdoor being promptly removed, only for another one to be lurking elsewhere unannounced, it's an improvement in the security of the code, and everyone knows that the person was speaking truthfully. Anyone who claims to know there are backdoors but doesn't say why they believe this, what the backdoors are, or where to find further information about them, is only as bad as a "security researcher" who claims to have identified a vulnerability in code (which I regard as different from a backdoor because vulnerabilities are accidental, backdoors are deliberate) but refuses to provide responsible disclosure to the vendor / developer responsible for that code and thereby leaves it open to (further) exploitation. Also how you respond to this thread speaks volumes. This, of course, is also true about you. Antony. There's a big difference, I'm not the one trying to stop people from taking a interest an their distros security and you are. No more reply's to you unless you show a interest in helping find malware in this distro. Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Troll Alert Re: A Devuan kernel?
On Mon, 9 Jul 2018 03:42:40 -0700 Jimmy Johnson wrote: > Well some of those kernel experts are saying you need to check your > kernel. Also how you respond to this thread speaks volumes. Well how about shouting: YOU ARE A TROLL! Or is you excuse for your stream of crap a total inability to have gained any knowledge from the experience you claim to have? I cut slack for the modest and the young. You claim the opposite and since you claim more experience than me, you should know as much as I do. Alternative, please go see your MD about some assistance with your anxiety problem. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 12:53:01, Jimmy Johnson wrote: > On 07/09/2018 03:22 AM, KatolaZ wrote: > > > > I guess we need to calm down a bit here? Martin expressed his > > view. You Jimmy expressed yours, and nobody asked you to get/stay out > > of the way. I presume you should give to the opinions of others the > > same treatment you expect for yours, as a baseline. Or at least expect > > your opinions to be treated with the same respect with which you treat > > those of others... > > You've been showing contempt and disrespect for me since my first post > in this group, never helpful. I can find no evidence of that whatsoever, reading back over your threads from April 10th, April 22nd and June 13th - which are the only threads I see started by you on this list. > Why do you want to stand in the way of people in this group looking for > malware in this distro? KatolaZ is not standing in the way of people looking for malware. He is asking for anyone to claims to have found evidence of it to show that. I agree with him. Antony. -- Anyone that's normal doesn't really achieve much. - Mark Blair, Australian rocket engineer Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Troll Alert Re: A Devuan kernel?
On 07/09/2018 04:09 AM, terryc wrote: On Mon, 9 Jul 2018 03:42:40 -0700 Jimmy Johnson wrote: Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Well how about shouting: YOU ARE A TROLL! Or is you excuse for your stream of crap a total inability to have gained any knowledge from the experience you claim to have? I cut slack for the modest and the young. You claim the opposite and since you claim more experience than me, you should know as much as I do. Alternative, please go see your MD about some assistance with your anxiety problem. I was told this group has enemies, bye, bye. -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Troll alert Re: A Devuan kernel?
On Mon, 9 Jul 2018 03:53:01 -0700 Jimmy Johnson wrote: > You've been showing contempt and disrespect for me since my first > post in this group, never helpful. No, I'm the guy that is doing that. Every one else is being polite. > Why do you want to stand in the > way of people in this group looking for malware in this distro? I dont, but the fact that Linux has an extraordinary collection of programs to look for signs of back doors and you have provided no/zip/zilch/nada/zero evidence to support your repeated claims tends to biase my view. > Thanks, Don't thank me. There is SFA on TV tonight so troll baiting will have to suffice since my User-in-Chief is obstructing my program of upgrading our collection of devuan boxen. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 04:02:23 -0700 Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > >> > >> > >> Well some of those kernel experts are saying you need to check > >> your kernel. Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what > > you are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they > > have allegedly said about the Linux kernel without providing any > > evidence for your claims, your posts can be easily misinterpreted > > by a distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are > not being helpful and I will now stop replying to your unhelpful post. > > What you can do is look for malware, do some investigative research, > just educate yourself, what I know is out there for all to read. > > Thanks, Jimmy, please either put up or shut up. If there are 'backdoors' in the kernel code, tells us where they are, if you cannot or will not, just shut up. Note to moderator: I would have been moderating his posts by now. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Troll Alert Re: A Devuan kernel?
On Monday 09 July 2018 at 13:13:55, Jimmy Johnson wrote: > I was told this group has enemies, Well, at least we've now clearly identified one of them. > bye, bye. Thank $deity for that. Antony. -- Pavlov is in the pub enjoying a pint. The barman rings for last orders, and Pavlov jumps up exclaiming "Damn! I forgot to feed the dog!" Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > > > > > > > > > Well some of those kernel experts are saying you need to check your > > > kernel. > > > Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what you > > are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they have > > allegedly said about the Linux kernel without providing any evidence > > for your claims, your posts can be easily misinterpreted by a > > distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are not > being helpful and I will now stop replying to your unhelpful post. > > What you can do is look for malware, do some investigative research, just > educate yourself, what I know is out there for all to read. > So if those "kernel experts" are not saying more than Linus can say, how comes that you got to know what they haven't dare to say to anybody else? o_O I guess we should all educate ourselves in substantiating our claims with facts, instead of throwing stones at random. I have had the opportunity to read through several parts of the Linux kernel in the past, mostly related to networking, scheduling, and vfs. Once I had to modify the vfs layer to trasparently include symmetric encryption for all the supported FS. I guess it was 2.4 or 2.6. Another time I developed a full soft real-time stack for ad-hoc sensor networking (that was definitely 2.6). I also had the opportunity to develop several custom device drivers, back in the days, and even to do some reverse-engineering on a few "closed" drivers. I can't say I have examined all that stuff in detail, but I think I have a very rough idea of what is going on under the hood. And what I saw is that the Linux kernel is in general very easy to read and to understand. Hence my conclusion: if anything wrong was there, we would most probably know already. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 04:02:23 -0700 Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > >> > >> > >> Well some of those kernel experts are saying you need to check > >> your kernel. Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what > > you are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they > > have allegedly said about the Linux kernel without providing any > > evidence for your claims, your posts can be easily misinterpreted > > by a distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are > not being helpful and I will now stop replying to your unhelpful post. !: BULLSHIT 2; any chance you can stop spamming the list? > > What you can do is look for malware, do some investigative research, > just educate yourself, what I know is out there for all to read. Hahahaha, mate, you claim equal experience to what I have and yet you display continual stupidity. How long has mummy let you connect to the internet. Hint, its long been an established practice on this here place for the claimant to provide the evidence for their claim. Hint, this is a Linux list. > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 12:15:27PM +0100, Rowland Penny wrote: [cut] > > Jimmy, please either put up or shut up. > If there are 'backdoors' in the kernel code, tells us where they are, > if you cannot or will not, just shut up. > Again, please, let's do our best to keep this discussion civilised. That's the reason I always ask for facts and references, because opinions can be easily misintepreted, and can quicly drive a civilised discussion down to a flame :) It would be great to have at least one link to a place where a kernel developer discusses a possible backdoor in the Linux kernel. That would set the bar of the discussion to a more concrete level, IMHO. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 04:09:14 -0700 Jimmy Johnson wrote: > There's a big difference, I'm not the one trying to stop people from > taking a interest an their distros security and you are. No more > reply's to you unless you show a interest in helping find malware in > this distro. 1: I already know where the malware is; between your ears. 2; Pot, kettle, black OR Put up ot shut up. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 09:30:48PM +1000, terryc wrote: > On Mon, 9 Jul 2018 04:09:14 -0700 > Jimmy Johnson wrote: > > > There's a big difference, I'm not the one trying to stop people from > > taking a interest an their distros security and you are. No more > > reply's to you unless you show a interest in helping find malware in > > this distro. > > 1: I already know where the malware is; between your ears. > 2; Pot, kettle, black OR Put up ot shut up. > Again, please: let's keep it civilised, and avoid to get personal. We are trying to understand more about possible backdoors in the Linux kernel, and personal attacks won't make the case a single bit more clear... Thanks KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 13:27:03 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 12:15:27PM +0100, Rowland Penny wrote: > > [cut] > > > > > Jimmy, please either put up or shut up. > > If there are 'backdoors' in the kernel code, tells us where they > > are, if you cannot or will not, just shut up. > > > > Again, please, let's do our best to keep this discussion > civilised. That's the reason I always ask for facts and references, > because opinions can be easily misintepreted, and can quicly drive a > civilised discussion down to a flame :) I thought I was being civilised, if you want, I could post an uncivilised version ;-) > > It would be great to have at least one link to a place where a kernel > developer discusses a possible backdoor in the Linux kernel. That > would set the bar of the discussion to a more concrete level, IMHO. > I thought that was basically what I asked for, information on these 'backdoors' that Jimmy is so worried about, either that or stop posting about something he cannot backup with proof, or as I said 'put up or shut up' Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Troll Alert Re: A Devuan kernel?
On Mon, 9 Jul 2018 13:19:40 +0200 Antony Stone wrote: > Thank $deity for that. Whoever He or She is, should not we accord Him or Her the civility of an upper-wase variable name as $DEITY ? ;-3) Cheers, Ron. -- A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of idea. -- John Ciardi -- http://www.olgiati-in-paraguay.org -- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 13:34:44 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 09:30:48PM +1000, terryc wrote: > > On Mon, 9 Jul 2018 04:09:14 -0700 > > Jimmy Johnson wrote: > > > > > There's a big difference, I'm not the one trying to stop people > > > from taking a interest an their distros security and you are. No > > > more reply's to you unless you show a interest in helping find > > > malware in this distro. > > > > 1: I already know where the malware is; between your ears. > > 2; Pot, kettle, black OR Put up ot shut up. > > > > Again, please: let's keep it civilised, and avoid to get personal. We > are trying to understand more about possible backdoors in the Linux > kernel, and personal attacks won't make the case a single bit more > clear... Naah, do not hold your breath. JJ is never going to deliver. All he delivered was insults and I'm way past following that french guy who said something along the lines "I'll support to my death your right to say what you want". JJ set the bar and received the response he deserved. This list is not the place to receive the support he seems to need in mental health. Now, we can all go back to assisting people with Devuan related problems and uses. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018, Jimmy Johnson wrote: > On 07/09/2018 03:53 AM, KatolaZ wrote: > > On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: > > > > [cut] > > > > > > > > > > > Well some of those kernel experts are saying you need to check your > > > kernel. > > > Also how you respond to this thread speaks volumes. > > > > Please, share some relevant links then, and let us understand what you > > are talking about. > > > > If you keep mentioning unspecified "kernel experts" and what they have > > allegedly said about the Linux kernel without providing any evidence > > for your claims, your posts can be easily misinterpreted by a > > distracted reader as FUD. > > It's simple, because they can't say any more than Linus can, you are not being > helpful and I will now stop replying to your unhelpful post. > > What you can do is look for malware, do some investigative research, just > educate yourself, what I know is out there for all to read. But you heve NEVER provided any links or references to back up your assertions. It is my OPINION that you are a troll. Jim (long time lurker) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] He's Baaaack! Re: A Devuan kernel?
On Mon, 9 Jul 2018 13:06:39 +0100 (BST)
Jim Jackson wrote:
> On Mon, 9 Jul 2018, Jimmy Johnson wrote:
>
> > On 07/09/2018 03:53 AM, KatolaZ wrote:
>
> > What you can do is look for malware, do some investigative
> > research, just educate yourself, what I know is out there for all
> > to read.
>
> But you heve NEVER provided any links or references to back up your
> assertions. It is my OPINION that you are a troll.
OH fornication, its bck
Who's trolling. Your count so far;
1. Provides no supporting evidence of its claims.
2. Claims extensive experience.
3. Posts from a gmail addy. (Very credible that)
4. Completely ignores evidence request when posted; Hint Eric&Eyes
would have been encountered by someone with your claimed experience and
thus you'd know the argument, but you ignored it.
5, 6 & 7 I can be arsed remembering. you'll find them in the posts I
made.
8, 9, 10 calling some one a troll. How many times have you done it
now. < Arsy aren't I {VBG)>
> Jim
> (long time lurker)
Yeash I've got a long one tooo!.
And I've got the floppies to prove it. (Hint, that is another
historical reference)
Seriously, go get assistance with your mental problem. This list isn't
the place to get assistance with your paranoia and esteem problems.
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [BACK ON LIST] [OFFLIST] Re: A Devuan kernel?
On Mon, 9 Jul 2018 14:16:01 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 12:55:39PM +0100, Rowland Penny wrote: > > On Mon, 9 Jul 2018 13:27:03 +0200 > > KatolaZ wrote: > > > > > On Mon, Jul 09, 2018 at 12:15:27PM +0100, Rowland Penny wrote: > > > > > > [cut] > > > > > > > > > > > Jimmy, please either put up or shut up. > > > > If there are 'backdoors' in the kernel code, tells us where they > > > > are, if you cannot or will not, just shut up. > > > > > > > > > > Again, please, let's do our best to keep this discussion > > > civilised. That's the reason I always ask for facts and > > > references, because opinions can be easily misintepreted, and can > > > quicly drive a civilised discussion down to a flame :) > > > > I thought I was being civilised, if you want, I could post an > > uncivilised version ;-) > > Damn claws mail, this was supposed to be onlist ;-) > Rowland, I know you get what I mean :) > > If we go down insulting each other, I am very sure I wasn't being insulting. > the only thing that will remain of > this thread is that "Devuan people start insulting you as soon as you > say that something might be wrong with their distro". There is absolutely no way you can say that 'Jimmy' was insulted from the start. All I saw was that he was asked several times to provide proof for what he was saying, but he didn't supply any proof and he still hasn't. > And the risk is > to just let the main point get missed in the noise (the main point > being that Jimmy is just spreading FUD that he can't substantiate with > evidence, and has now turned to personal insults in the hope the list > gets distracted by that...). There is a definition for such a poster and it is 'troll' > > If we only had a way of catalising those energies into something > useful for Devuan... Yes, it would be nice, but in the meantime, I think 'Jimmy' should have his posts moderated. Rowland ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] dnsmasq: junk found in command line
hal wrote on 09.07.2018 13:08:
> Hi,
> I am having a problem starting dnsmasq after latest update to my devuan VM.
> The error is when trying to start the init script:
>
>dnsmasq: junk found in command line
>
> I think I might be on old Devuan version[1] because /etc/issue says "1". Maybe
> this is the problem but I see a directory added/updated on Jun 25
> /usr/share/dns/ with
> a few files in it. The init script uses sed to get some options from the
> files there
> and then tries starting dnsmasq with fail message above.
>
> If I debug init script[3], I get weird options indeed. Any ideas how to fix
> this?
> For now I have dnsmasq started by command line with simple options "-d -C
> configfile"
> Thank you
>
[cut]
Hi hal,
I vaguely recall having had a similar issue on some Debian system some
time in the past. A quick web search dug up this link containing a
solution that looks familiar to me:
https://unix.stackexchange.com/questions/332168/how-to-get-dnsmasq-to-work
TL,DR: To solve the issue, purge and then reinstall dnsmasq, or, should
that fail, in /etc/init.d/dnsmasq change the line setting the dnsmasq
options to:
DNSMASQ_OPTS="$DNSMASQ_OPTS `mawk -- '{ printf " --trust-anchor=.,%d,%d,%d,%s",
$5, $6, $7, $8 }' $ROOT_DS`"
Root cause presumably is the field delimiters in /usr/share/dns/root.ds
having changed from spaces to TABs, tripping up the old parser.
HTH, regards
Urban
--
Sapere aude!
signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] [BACK ON LIST] [OFFLIST] Re: A Devuan kernel?
On Mon, 9 Jul 2018 13:49:44 +0100 Rowland Penny wrote: > Yes, it would be nice, but in the meantime, I think 'Jimmy' should > have his posts moderated. AOL!, which means +1 for the kiddies who don't know the historical reference. I agree entirely with Rowland's post. Even down the pub(bar) with the alcohol flowing; put up or shut up is the standard. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] DSA Ascii July9
Thu, 5 Jul 2018 22:57:52 +0200 [SECURITY] [DSA 4241-1] libsoup2.4 security update 2.56.0-2+deb9u2 Confirmed asci-security, ascii-proposed-updates Thu, 5 Jul 2018 22:34:23 +0200 [SECURITY] [DSA 4240-1] php7.0 security update 7.0.30-0+deb9u1 Confirmed asci-security, ascii-proposed-updates Tue, 3 Jul 2018 23:05:33 +0200 [SECURITY] [DSA 4239-1] gosa security update 2.7.4+reloaded2-13+deb9u1 Confirmed asci-security, ascii-proposed-updates Tue, 3 Jul 2018 23:02:42 +0200 [SECURITY] [DSA 4238-1] exiv2 security update 0.25-3.1+deb9u1 Confirmed asci-security, ascii-proposed-updates ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Weird jessie to ascii upgrade issue (WAS: Re: who's tying up my ptr 80
On Sun, Jul 08, 2018 at 09:12:12PM -0400, Hendrik Boom wrote: > I can't start lighttpd because something is already bound to port 80. > > How can I find out what's attached to this port? No one was on port 80. Startup of lighttpd failed for an even stranger reason: /etc/lighttpd/conf-enabled: total used in directory 8 available 21741968 drwxr-xr-x 2 root root 4096 Aug 1 2016 . drwxr-xr-x 4 root root 4096 Jul 8 20:57 .. lrwxrwxrwx 1 root root 27 Aug 1 2016 05-auth.conf -> conf-available/05-au\ th.conf lrwxrwxrwx 1 root root 33 Jan 13 2015 10-fastcgi.conf -> ../conf-available\ /10-fastcgi.conf lrwxrwxrwx 1 root root 37 Jan 13 2015 15-fastcgi-php.conf -> ../conf-avail\ able/15-fastcgi-php.conf lrwxrwxrwx 1 root root 42 Jun 26 2016 90-javascript-alias.conf -> ../conf-\ available/90-javascript-alias.conf The link 05-auth.conf doesn't have the "../" in it, and so points nowhere. Fixing this and doing /etc/init.d/lighttpd restart got the web server working. Now I don't remember ever messing with this link. But maybe I did long ago. Could this problem have been caused by the upgrade to ascii I did a week or two ago? The web server worked before the upgrade. Can anyone else check what's happened to their 05-auth.conf link? I'd like to know whether this is an upggrade failure (which should be fixed) or me bungling. I'd bet on me bungling long ago, but I don't know for sure. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] probably SOLVED: is there a problem with package signing?
On Mon, Jul 09, 2018 at 11:27:16AM +0200, KatolaZ wrote: > On Sun, Jul 08, 2018 at 09:10:41PM -0400, Hendrik Boom wrote: > > During and after my upgade to ascii, > > when I try to install packages > > I consistently get messages like > > > > WARNING: The following packages cannot be authenticated! > > lighttpd > > Install these packages without verification? [y/N] > > > > Is there something wrong with pakage signing? > > My apt-sources are from pkgmaster.devuan.org, > > and I did install the devuan-keyring, version 2017.10.03. > > Aptitude doesn't seem to think there's a newer version. > > > > Hendrik, I can't reproduce your error. Which release are you on? Are > you using exclusively Devuan repos? ascii. Upgraded a week or two ago week from jessie. That was upgraded lond ago from Debian to Devuan. As far as I know, I am now using only devun repositories. I was of course using Debian repositories on this system before I upgraded to Devuan. Yesterday I noticed some extraneous filed in etc/apt: sources.list.etch64 sources.list.sid and I deleted them just in case they caused the problem. They were presumably leftovers from Debain days several years ago. But could apt really be looing at thise misnamed files anyway? The directory /etc/apt/sources.list.d, where I'd expect it to read oddly named files, is and was empty. It looks like that fixed the problem. I just installed sakura, and it downloaded and installed without any complaint about authentication. -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] He's Baaaack! Re: A Devuan kernel?
Dear Terry,
Oh dear, just because I have the same initials and first name :-(
It really is embarrasing.
I apologise for not editing properly I should have deleted an extra
attribution line in my reply, but like you I was/am hacked off with
Jimmy whatsits ramblings. I was accusing HIM of being a troll.
Apologies to the list to causing more wasted resources.
cheers
Jim Jackson
(not the other JJ - check my web site franjam.org.uk )
> OH fornication, its bck
> Who's trolling. Your count so far;
> 1. Provides no supporting evidence of its claims.
> 2. Claims extensive experience.
> 3. Posts from a gmail addy. (Very credible that)
> 4. Completely ignores evidence request when posted; Hint Eric&Eyes
> would have been encountered by someone with your claimed experience and
> thus you'd know the argument, but you ignored it.
> 5, 6 & 7 I can be arsed remembering. you'll find them in the posts I
> made.
> 8, 9, 10 calling some one a troll. How many times have you done it
> now. < Arsy aren't I {VBG)>
>
> > Jim
> > (long time lurker)
> Yeash I've got a long one tooo!.
> And I've got the floppies to prove it. (Hint, that is another
> historical reference)
>
> Seriously, go get assistance with your mental problem. This list isn't
> the place to get assistance with your paranoia and esteem problems.
>
>
> > ___
> > Dng mailing list
> > Dng@lists.dyne.org
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> >
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nonexistent partition as swap drive.
On Sun, Jul 08, 2018 at 09:36:19PM -0700, Gregory Nowak wrote: > On Sun, Jul 08, 2018 at 09:46:45PM -0400, Hendrik Boom wrote: > > update-initramfs sets a nonexistent disk as a swap device. > > Check /etc/initramfs-tools/conf.d/resume. One line only: RESUME=/dev/hdc1 Looks like it's been there since at lease May 16, 2006. I presume I can just delete that file entirely? This machine never gets powered down with intent to resume instead of to restart from scratch. -- hendrik > > Greg > > > -- > web site: http://www.gregn.net > gpg public key: http://www.gregn.net/pubkey.asc > skype: gregn1 > (authorization required, add me to your contacts list first) > If we haven't been in touch before, e-mail me before adding me to your > contacts. > > -- > Free domains: http://www.eu.org/ or mail dns-mana...@eu.org > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, 8 Jul 2018 at 14:24:32 -0700 Jimmy Johnson wrote: > On 07/08/2018 02:25 AM, Antony Stone wrote: > > On Saturday 07 July 2018 at 14:03:33, Alessandro Selli wrote: > > > >> On Fri, 6 Jul 2018 at 10:52:20 -0700 Jimmy Johnson wrote: > >> > >>> Good sources > > > > Who / where? > > > You have to do a lot of reading, the information is out there Where? Please provide with some reference. > going back > to 2012 the main source is wanted by usa The Linux kernel sources have always been free for everybody to download and use the way they seem fit. > and has been given a gag order > by his keepers or will be forced to leave his protected living quarters. Sounds like a childish conspiracy theory to me. tell me we need our own kernel, >>> >>>Why? What's wrong with the available ones? [...] > 'IF' our existing kernel has a > backdoor client in it there is nothing 'I' can do about it, Yes, you can: you can remove it, you can patch the kernel. > but sources say I need to roll my own kernel. Starting from what? A from-scratch rewrite of the kernel? Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 18:06:12 +1000 Andrew McGlashan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > > > On 09/07/18 17:51, KatolaZ wrote: >> Literally anybody can get the sources of the Linux kernel and read >> through it. So I guess your fears are somehow unjustified... > > There were long standing problems with openssl -- the source code was > fully available, anybody could have found the problems, but they didn't. Yes, there were bugs. Not backdoors. OpenSSL is a project that very hardly compares to the Linux kernel: https://en.wikipedia.org/wiki/OpenSSL "The OpenSSL project management team consists of 8 people, and the entire development group consists of 13 members, out of which 10 are volunteers. There are only three full-time employees." > The Linux Kernel is HUGE, the possibility to find something that > shouldn't be there would not be very easy. However, all the backdoors I know of were found in proprietary software (like Cisco) or in Linux-running comsumer networking appliances operated with the admin default password or left unpatched for years. > Binary blobs remain the > most "risky" components, but anything else can easily hide in plain sigh > t. Actually the Linux kernel is the most scrutinized and secure piece of software that's around. There's no way a few people could make it more secure than it already is by forking it. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > Actually the Linux kernel is the most scrutinized and secure piece of > software that's around. Interesting claim. Citation/s? Antony. -- Don't procrastinate - put it off until tomorrow. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Woops, apologies all roudns Re: He's Baaaack! Re: A Devuan kernel?
On Mon, 9 Jul 2018 14:50:55 +0100 (BST) Jim Jackson wrote: > Dear Terry, > > Oh dear, just because I have the same initials and first name :-( > It really is embarrasing. Woops, part of brain brain did twigg it was just Jim, but rest of it didn't follow to further check. My apologies for not checking. > I apologise for not editing properly I should have deleted an extra > attribution line in my reply, but like you I was/am hacked off with > Jimmy whatsits ramblings. BTDT & Yes. There is enough to do without trolls. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 11:03:11 +0200, KatolaZ wrote in message <20180709090311.dfizki4zlq6ru...@katolaz.homeunix.net>: > On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > > Hi again, > > > > El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: > > > I am not a kernel guy so maybe i am asking a stupid question; but > > > what other parts besides the official kernel from kernel.org > > > would you install? Or leave out? > > > > I would leave out binary blobs :) > > > > The Debian kernel already comes stripped of any binary blob, at least > since Squeeze was testing (i.e., since about 2009). Binary firmware > packages have been available in the non-free component since them. If > you don't install any of those non-free packages, your kernel is > equivalent to the one provided by LinuxLibre, the only difference > being that you can still load binary blobs if you wish so (while that > is forbidden in the kernels released by LinuxLibre). > > What are we talking about, exactly? ..I'd say we'd look for "binary binary poisons", like the binary poisons made by combining 2 or more innocent chemicals to produce e.g. poison nerve gases of the kinds banned in chemical warfare. ..is a _partial_ install of systemd capable of loading such banned binary etc "binary nerve agents?" -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 16:15:20 +0200 Antony Stone wrote: > On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > >> Actually the Linux kernel is the most scrutinized and secure piece of >> software that's around. > > Interesting claim. > > Citation/s? https://www.linuxfoundation.org/2017-linux-kernel-report-landing-page/ https://storage.pardot.com/6342/188781/Publication_LinuxKernelReport_2017.pdf Version Developers Companies 4.8 1,597 262 4.9 1,729 270 4.101,680 273 4.111,741 268 4.121,821 274 4.131,681 225 "Since the beginning of the git era (the 2.6.11 release in 2005), a total of 15,637 developers have contributed to the Linux kernel; those developers worked for a minimum of 1,513 companies." And this lists only those developers and companies who contributed to the official code; it does not list security auditors or developers/companies who work on custom versions of the kernel. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] probably SOLVED: is there a problem with package signing?
On Mon, 9 Jul 2018 09:45:36 -0400 Hendrik Boom wrote: > As far as I know, I am now using only devun repositories. I was of > course using Debian repositories on this system before I upgraded to > Devuan. > > Yesterday I noticed some extraneous filed in etc/apt: > > sources.list.etch64 > sources.list.sid > > and I deleted them just in case they caused the problem. AFAIK, it only uses sources.list, unless there is something /etc/apt/sources.list.d, which is added first to the list it looks of repositries it compares. I have a collection of sources.list-YYMMDD in my /etc/apt formrecovery and references but it existence has no effect. IME, when you do apt/apt-get/aptitude update, it lists the sources.list entries that it references and it should show all jessie or ascii. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 07/09/2018 04:17 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote: On 07/09/2018 03:53 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. It's simple, because they can't say any more than Linus can, you are not being helpful and I will now stop replying to your unhelpful post. What you can do is look for malware, do some investigative research, just educate yourself, what I know is out there for all to read. So if those "kernel experts" are not saying more than Linus can say, how comes that you got to know what they haven't dare to say to anybody else? o_O I guess we should all educate ourselves in substantiating our claims with facts, instead of throwing stones at random. I have had the opportunity to read through several parts of the Linux kernel in the past, mostly related to networking, scheduling, and vfs. Once I had to modify the vfs layer to trasparently include symmetric encryption for all the supported FS. I guess it was 2.4 or 2.6. Another time I developed a full soft real-time stack for ad-hoc sensor networking (that was definitely 2.6). I also had the opportunity to develop several custom device drivers, back in the days, and even to do some reverse-engineering on a few "closed" drivers. [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf GitHub - "dbus-like" code for the Linux kernel https://github.com/gregkh/kdbus OutlawCountry exploit - What this won't tell you is that it was created for the CIA and first tested in Fedora, was designed to read windows file servers. they got caught. https://access.redhat.com/solutions/3099221 Today Linux is pretty much owned by the NSA, including it's developers, not many educated eyes out there anymore to spot and report malware. Things have changed. I can't say I have examined all that stuff in detail, but I think I have a very rough idea of what is going on under the hood. And what I saw is that the Linux kernel is in general very easy to read and to understand. Hence my conclusion: if anything wrong was there, we would most probably know already. KatolaZ, I came looking for help. Reading a linux kernel requires knowledge of software engineering, I don't have that knowledge or experience, even if I open kernel source I would have no idea what I was looking at. I just want to know if dbus or any other exploit is in the kernel. And/or can we have are own kernel? Thanks, -- Jimmy Johnson Devuan Jessie - KDE 4.14.2 - AMD A8-7600 - EXT4 at sda2 Registered Linux User #380263 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] 1,000(?) eyes security Re: A Devuan kernel?
On Mon, 9 Jul 2018 16:48:34 +0200 Alessandro Selli wrote: > "Since the beginning of the git era (the 2.6.11 release in 2005), a > total of 15,637 developers have contributed to the Linux kernel; > those developers worked for a minimum of 1,513 companies." > > And this lists only those developers and companies who contributed > to the official code; it does not list security auditors or > developers/companies who work on custom versions of the kernel. The statement that started the claim was first made by ESR. The rebuttal is all the security holes that have been found in the code in various applications through out the Linux Epoch. However, In support , it beggars disbelief that with all the people involved in system/network/whatever security and their monitoring software, that AFAIK no one has made or reported any backdoor in the linux kernel. KISS says that it just isn't feasible that all that FOSS software has been hacked to prevent the detection of a backdoor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 04:15:20PM +0200, Antony Stone wrote: > On Monday 09 July 2018 at 16:10:02, Alessandro Selli wrote: > > > Actually the Linux kernel is the most scrutinized and secure piece of > > software that's around. > > Interesting claim. > > Citation/s? > This is not a definitive citation, but looks like a concrete starting point for a rational discussion: https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/ TL;DR: The article shows that only 2 Critical CVEs and 34 High CVEs were found in the Linux kernel between v.2.6.12 and v.4.9. This covers about 10 years of kernel development, during which the kernel has increased its size from about 8M LOC (2006) to about 22M LOC (2016). It's fair to stress that most of the increase is due to device drivers though, not to internal kernel components (which have increased in size, nevertheless). It's true that the average time before a bug is discovered can be quite high (the average is about 5 years), but it's also true that the average time to get it fixed once discovered is in the order of days, if not hours. My2Cents KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On 09/07/18 15:59, Jimmy Johnson wrote: On 07/09/2018 04:17 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 04:02:23AM -0700, Jimmy Johnson wrote: On 07/09/2018 03:53 AM, KatolaZ wrote: On Mon, Jul 09, 2018 at 03:42:40AM -0700, Jimmy Johnson wrote: [cut] Well some of those kernel experts are saying you need to check your kernel. Also how you respond to this thread speaks volumes. Please, share some relevant links then, and let us understand what you are talking about. If you keep mentioning unspecified "kernel experts" and what they have allegedly said about the Linux kernel without providing any evidence for your claims, your posts can be easily misinterpreted by a distracted reader as FUD. It's simple, because they can't say any more than Linus can, you are not being helpful and I will now stop replying to your unhelpful post. What you can do is look for malware, do some investigative research, just educate yourself, what I know is out there for all to read. So if those "kernel experts" are not saying more than Linus can say, how comes that you got to know what they haven't dare to say to anybody else? o_O I guess we should all educate ourselves in substantiating our claims with facts, instead of throwing stones at random. I have had the opportunity to read through several parts of the Linux kernel in the past, mostly related to networking, scheduling, and vfs. Once I had to modify the vfs layer to trasparently include symmetric encryption for all the supported FS. I guess it was 2.4 or 2.6. Another time I developed a full soft real-time stack for ad-hoc sensor networking (that was definitely 2.6). I also had the opportunity to develop several custom device drivers, back in the days, and even to do some reverse-engineering on a few "closed" drivers. [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf GitHub - "dbus-like" code for the Linux kernel https://github.com/gregkh/kdbus OutlawCountry exploit - What this won't tell you is that it was created for the CIA and first tested in Fedora, was designed to read windows file servers. they got caught. https://access.redhat.com/solutions/3099221 Today Linux is pretty much owned by the NSA, including it's developers, not many educated eyes out there anymore to spot and report malware. Things have changed. I can't say I have examined all that stuff in detail, but I think I have a very rough idea of what is going on under the hood. And what I saw is that the Linux kernel is in general very easy to read and to understand. Hence my conclusion: if anything wrong was there, we would most probably know already. KatolaZ, I came looking for help. Reading a linux kernel requires knowledge of software engineering, I don't have that knowledge or experience, even if I open kernel source I would have no idea what I was looking at. I just want to know if dbus or any other exploit is in the kernel. And/or can we have are own kernel? Thanks, What do you mean by 'having our own kernel' ? Read 'Linux From Scratch' and compile your own kernel - or use gentoo. Now if you mean our very own kernel with little or nothing from kernel.org, then no. Not happening. It would be 100 times more work than creating devuan. If backdoors in the linux kernel bother you I suggest your try one of the BSDs. But to what extent is the irascible Theo de Raadt in the pocket of the NSA too? DaveT ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 07:59:11 -0700 Jimmy Johnson wrote: > KatolaZ, I came looking for help. Reading a linux kernel requires > knowledge of software engineering, I don't have that knowledge or > experience, even if I open kernel source I would have no idea what I > was looking at. I just want to know if dbus or any other exploit is > in the kernel. That wasn't what you asked. > And/or can we have are own kernel? You can have your own kernel. That is the whole point of FOSS. Easiest way is to obtain the source kernel source code and include/exclude the bits you want in it. The caveat is that when it breaks, you are the person responsible for fixing it. As far as dbus goes, read the various posts from people who are working to remove/not use it. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, Jul 09, 2018 at 07:59:11AM -0700, Jimmy Johnson wrote: [cut] > > > [PDF]D-Bus in the Kernel - LinuxCon 2014, Tokyo, Japan > > https://events.static.linuxfound.org/sites/events/files/slides/linuxconjapan2014.pdf > > > GitHub - "dbus-like" code for the Linux kernel > https://github.com/gregkh/kdbus > There is no kdbus support in the official Linux kernel. It has been vetoed twice by Linus Torvalds. > OutlawCountry exploit - What this won't tell you is that it was created for > the CIA and first tested in Fedora, was designed to read windows file > servers. they got caught. > https://access.redhat.com/solutions/3099221 > > Today Linux is pretty much owned by the NSA, including it's developers, not > many educated eyes out there anymore to spot and report malware. Things have > changed. > The one you mentioned is not a backdoor in the Linux kernel, rather a vulnerability in a kernel distributed by RedHat, which was not proven to be a backdoor. The vulnerability requires the attacker to be already root in the system. Then, Linux 2.6.32 was available only on Debian Squeeze, which is three releases behind the current Debian and Devuan stable... Do you have anything more concrete, please? > > I can't say I have examined all that stuff in detail, but I think I > > have a very rough idea of what is going on under the hood. And what I > > saw is that the Linux kernel is in general very easy to read and to > > understand. Hence my conclusion: if anything wrong was there, we would > > most probably know already. > > > KatolaZ, I came looking for help. Reading a linux kernel requires knowledge > of software engineering, I don't have that knowledge or experience, even if > I open kernel source I would have no idea what I was looking at. I just > want to know if dbus or any other exploit is in the kernel. And/or can we > have are own kernel? > No Jimmy, you came here crying that Devuan needed to have another kernel because you had heard that unspecified kernel developers had said that there are backdoors put by the NSA in the Linux kernel. And you have not been able to substantiate your statement with any concrete reference. If you think that the two links you reported above are actually supporting your claims, then there is nothing more left to talk about. I don't know and I don't understand a lot of things. And for those many things I don't understand and I don't know, I am left with trusting the judgement of others who understand them better than I do. I find it quite disapponting, but it's the price I have to pay for my own ignorance. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] simple-netaid-gtk is comming soon
Aitor, aitor whose netaid is going to be preferred? What did you do to the 'infamous' SUID backend? Did you add functions to it? Have you completely revamped it with completely new code and a different algorithms? I say 'Sorry' to Devuan for being absent almost regularly but at the moment I am indisposed. At least, I had quite good fruit harvests for this year. So, life for me is not as dark as it may seem. I am still using my dear Devuan (ASCII): I don't think I have enough patience to return to MS Windows, too many 'verboten' freedoms in that! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 11:06:55 +0200 KatolaZ wrote: > On Mon, Jul 09, 2018 at 06:06:12PM +1000, Andrew McGlashan wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > > > > > On 09/07/18 17:51, KatolaZ wrote: > > > Literally anybody can get the sources of the Linux kernel and > > > read through it. So I guess your fears are somehow > > > unjustified... > > > > There were long standing problems with openssl -- the source code > > was fully available, anybody could have found the problems, but > > they didn't. > > > > The Linux Kernel is HUGE, the possibility to find something that > > shouldn't be there would not be very easy. Binary blobs remain the > > most "risky" components, but anything else can easily hide in plain > > sigh t. > > > > Yeah, so what should we do? Stop working on Devuan and get a couple of > years off just to check that the kernels provided in the > already-released packages does not have any NSA backdoor? > > o_O > I think you just put things in perspective, KatolaZ. Extrapolating what you just said to users, what should I do? Stop using computers because CIA and NSA? I'd better stop using a phone too. I'd better stop walking downtown, because they have face recognition software downtown. I'd better stop using a credit card and leaving a money trail. You do your best to ensure your privacy, and don't use any technologies that are grossly privacy stupid (Google Home, for instance), encrypt your communications when you can. But if you're going to keep yourself secret from a state sponsored investigative agency who wants to learn about you specifically, you'll have to make a lot of difficult life choices, and basically leave mainstream society. What kernel you use on your desktop or laptop will be the least of your problems. Starting in the late 1970's, I never said anything on the telephone I didn't want the FBI to hear. But I didn't give up using a phone. SteveT Steve Litt Author: The Key to Everyday Excellence http://www.troubleshooters.com/key Twitter: http://www.twitter.com/stevelitt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Hello Jimmy > Today Linux is pretty much owned by the NSA, including it's developers, not > many educated eyes out there anymore to spot and report malware. Things have > changed. So there is a nice poster around with a grumpy cat saying "The NSA broke my internet, so I am building a GNU one". I understand the sentiment. However: Loads of eyes are looking at the kernel, and if I were to trust my intuition, I'd say that the back doors are more likely (or more numerous) in the processor, its microcode, the graphics card firmware and the ACPI nonsense. So: Coding a new kernel is probably one of the more expensive security exercises. Rebuilding from source is cheap, but it is unclear if it would remove the backdoors (keywords "On trusting trust", duckduckgo them, yandex it). However: The big security improvement you - Jimmy Johnson aka field.engin...@gmail.com can make without requiring any special skills is to stop using gmail. Google has pioneered many of the major privacy abuses: - the overt scanning of people's mail via gmail - the gathering of access point data via its streetview cars (got them into trouble in France, the rest of the world didn't want to notice) - its worldwide web tracking effort via google anal itics, fonts.googleapis, doubleclick.nyet - the major spyware known as chrome and its associated corruption of mozilla Summary: Google is probably *the* entity which has moved the Overton window towards the view that spying is socially acceptable. So: I struggle to reconcile your security concerns with your use of gmail. So maybe once you stop using gmail I'll examine your views on the NSAs kernel ownership more seriously Sorry marc ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Quoting KatolaZ (kato...@freaknet.org): > This is not a definitive citation, but looks like a concrete starting > point for a rational discussion: > > https://outflux.net/blog/archives/2016/10/18/security-bug-lifetime/ Kees Cook has always done really good work. > TL;DR: The article shows that only 2 Critical CVEs and 34 High CVEs > were found in the Linux kernel between v.2.6.12 and v.4.9. This covers > about 10 years of kernel development, during which the kernel has > increased its size from about 8M LOC (2006) to about 22M LOC > (2016). It's fair to stress that most of the increase is due to device > drivers though, not to internal kernel components (which have > increased in size, nevertheless). A good point -- and illustrates another point that I observed over years of interpreting CVEs for a living: Just because a piece of code gets installed on your system doesn't mean your system need be configured to use it. At $FIRM, I can't even say how many times a CVE turned out not to apply to our systems upon examination because it relied on exploiting optional code not locally enabled. And of course, unused device drivers would be a case in point. -- Cheers, "I am a member of a civilization (IAAMOAC). Step back Rick Moenfrom anger. Study how awful our ancestors had it, yet r...@linuxmafia.com they struggled to get you here. Repay them by appreciating McQ! (4x80) the civilization you inherited." -- David Brin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Quoting k...@aspodata.se (k...@aspodata.se): > Nice, didn't know about the ss command. You can also use > netstat -tulp > lsof -i :80 'netstat' in the 21st Century is spelled 'ss'. ;-> https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/ (My brain still defaults to the various net-tools utilities, too, But at least I cured it of the urge to use 'nslookup' a decade or so ago.) -- Cheers, "I am a member of a civilization (IAAMOAC). Step back Rick Moenfrom anger. Study how awful our ancestors had it, yet r...@linuxmafia.com they struggled to get you here. Repay them by appreciating McQ! (4x80) the civilization you inherited." -- David Brin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 03:53:01 -0700 Jimmy Johnson wrote: > On 07/09/2018 03:22 AM, KatolaZ wrote: > > I guess we need to calm down a bit here? Martin expressed his > > view. You Jimmy expressed yours, and nobody asked you to get/stay > > out of the way. I presume you should give to the opinions of others > > the same treatment you expect for yours, as a baseline. Or at least > > expect your opinions to be treated with the same respect with which > > you treat those of others... > > > > HND > > > > KatolaZ > > > You've been showing contempt and disrespect for me since my first > post in this group, never helpful. Why do you want to stand in the > way of people in this group looking for malware in this distro? Jimmy, you've just won a free procmail trip to /dev/null on my computer. You've been on the DNG list 3 months as of tomorrow. KatolaZ has been on this list since 1/25/2015 or before, making positive contributions the whole time, and I'm pretty sure he was one of the VUAs that started this revolution, before starting this revolution was cool. And I'm pretty sure KatolaZ and I were emailing each other about systemd replacement as early as 2014. When KatolaZ talks, I listen. SteveT Steve Litt Author: The Key to Everyday Excellence http://www.troubleshooters.com/key Twitter: http://www.twitter.com/stevelitt ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Weird jessie to ascii upgrade issue (WAS: Re: who's tying up my ptr 80
Am Montag, 9. Juli 2018 schrieb Hendrik Boom: > On Sun, Jul 08, 2018 at 09:12:12PM -0400, Hendrik Boom wrote: > The link 05-auth.conf doesn't have the "../" in it, and so points nowhere. > > Fixing this and doing /etc/init.d/lighttpd restart got the web server > working. Now I don't remember ever messing with this link. But maybe I did > long ago. Could this problem have been caused by the upgrade to ascii I did > a week or two ago? The web server worked before the upgrade. > Can anyone else check what's happened to their 05-auth.conf link? > > I'd like to know whether this is an upggrade failure (which should be > fixed) or me bungling. I'd bet on me bungling long ago, but I don't > know for sure. Hi Hendrik, I don't have this package on my system. You can take a look into the .deb file of the package, probably in your /var/cache/apt/archives dir. Start mc in a shell, change to that directory, find the file, hit Enter and browse the package. When you find the link in the package and it is correct, than it might have been changed on your system after installation--but, who knows? ;-) Regards, Stefan ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
Jimmy Johnson - 09.07.18, 12:00: > On 07/09/2018 02:53 AM, Martin Steigerwald wrote: > > Hi Katola. > > > > KatolaZ - 09.07.18, 09:51: > >> On Sun, Jul 08, 2018 at 03:52:48PM -0700, Jimmy Johnson wrote: > >>> On 07/08/2018 02:49 PM, info at smallinnovations dot nl wrote: > On 08-07-18 23:32, aitor_czr wrote: > > Hi Jimmy, > > > > El 08/07/18 a las 23:24, Jimmy Johnson escribió: > >> Thoughts? Volunteers? > > > > I also would like to see devuan including its own kernel. I can > > help > > on packaging stuff. > > > > Aitor. > > I am not a kernel guy so maybe i am asking a stupid question; but > what other parts besides the official kernel from kernel.org > would you install? Or leave out? > >>> > >>> I don't think Linus is trying to hide anything, he just can't talk > >>> about a backdoor and will deny a backdoor if you ask him about > >>> one. > >>> > >>> Something I haven't done but maybe a kernel source package can be > >>> opened to expose what is in there? Something way over my head. > >>> Anybody friends with Klaus Knopper? Or has other sources for help? > >>> Maybe someone from Puppy Linux? > >> > >> The only problem with this theory is that Linus has not been the > >> only > >> developer of the Linux kernel at least since September 1991. > >> Nowadays > >> the Linux kernel has thousands of developers. If such a "backdoor" > >> existed, we would know about it, as we knew about the Spectre and > >> Meltdown vulnerabilities. You simply can't silence everybody, even > >> if > >> you are the NSA. > >> > >> Literally anybody can get the sources of the Linux kernel and read > >> through it. So I guess your fears are somehow unjustified... > > > > I agree with that. > > > > This discussion seems bordering on conspiracy theories. Those claim > > that something might be true and sow fear, uncertainty and doubt. > > Some parts of conspiracy theories may turn out to have been true, > > like for example all the spying the NSA and other secret agencies > > are doing. But I see no benefit in fearing something I have seen no > > proof of. > > > > Anyone ever saw any proof that such a backdoor exists within the > > Linux kernel source? I haven´t. > > > > Aside from that, I´d be more vary about the firmware in PCs. The > > closed- source binary blobs almost everyone is using who is using a > > computer these days. > > > > I do not think this discussion is helpful. There may be reasons for > > an own kernel, but IMO this is no reason. > > Martin you are active with both KDE and Debian Development, I would > not expect you to be of much help, so pleas stay out of the way. I wanted to write a longer reply, but there is no point, for as long as you decide that I am or KatolaZ or the Linux kernel are against you. But in case you´d like to check whether I contributed something to a Debian package *specifically* for the aim of Devuan, just check the changelog of the fio package. Beware, there may be facts inside. -- Martin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 1,000(?) eyes security Re: A Devuan kernel?
On Tue, Jul 10, 2018 at 01:12:58AM +1000, terryc wrote: > On Mon, 9 Jul 2018 16:48:34 +0200 > Alessandro Selli wrote: > > > > "Since the beginning of the git era (the 2.6.11 release in 2005), a > > total of 15,637 developers have contributed to the Linux kernel; > > those developers worked for a minimum of 1,513 companies." > > > > And this lists only those developers and companies who contributed > > to the official code; it does not list security auditors or > > developers/companies who work on custom versions of the kernel. > > The statement that started the claim was first made by ESR. > The rebuttal is all the security holes that have been found in the code > in various applications through out the Linux Epoch. I'm not at all convince that the security holes constitute a rebuttal. Methings they could equally be evidence that having all those eyes on the kernel source code is weeding out such security holes. After all, do we know how many security holes are detected by no one reading kernel code? -- hendrik > > However, In support , it beggars disbelief that with all the people > involved in system/network/whatever security and their monitoring > software, that AFAIK no one has made or reported any backdoor in the > linux kernel. > > KISS says that it just isn't feasible that all that FOSS software has > been hacked to prevent the detection of a backdoor. > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Rick Moen [2018-07-09 21:01]: > 'netstat' in the 21st Century is spelled 'ss'. ;-> > https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/ Why, oh why replace well-known, portable commands with Linux-only commands that are no better? -- Hilsen Harald ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 1,000(?) eyes security Re: A Devuan kernel?
On Monday 09 July 2018 at 22:10:03, Hendrik Boom wrote: > On Tue, Jul 10, 2018 at 01:12:58AM +1000, terryc wrote: > > On Mon, 9 Jul 2018 16:48:34 +0200 Alessandro Selli wrote: > > > "Since the beginning of the git era (the 2.6.11 release in 2005), a > > > total of 15,637 developers have contributed to the Linux kernel; > > > those developers worked for a minimum of 1,513 companies." > > > > > > And this lists only those developers and companies who contributed > > > to the official code; it does not list security auditors or > > > developers/companies who work on custom versions of the kernel. > > > > The statement that started the claim was first made by ESR. > > The rebuttal is all the security holes that have been found in the code > > in various applications through out the Linux Epoch. > > I'm not at all convince that the security holes constitute a rebuttal. > Methings they could equally be evidence that having all those eyes on > the kernel source code is weeding out such security holes. After all, > do we know how many security holes are detected by no one reading kernel > code? I would look to Microsoft Windows for this. Quite a number of security holes have been discovered in versions of MS Windows over the years, and I'm pretty certain that the vast majority were discovered by people with no access to the source code. It's often commented that closed-source software has more bugs & vulnerabilities in it because the developers think "no-one's going to see this, so no-one's going to find the bugs" whereas open source developers know that anyone can see the mistakes they make, so they pay more attention to not making them. Whether that's true or not is hard to determine, but for me the mere discovery of so many problems in MS Windows by people with no access to the source code tells me that bugs and security holes will be found, given sufficient incentive (eg: the overwhelming number of Windows PCs on the planet), whether the source is open or not. Thus (coming back to the original argument) I find it hard to believe that backdoors and similar deliberate insertions of suspicious code wouldn't have been found by people responsible enough to publicise what they discover, given that it's clearly possible to do, either with access to the source code or without. Antony. -- "I find the whole business of religion profoundly interesting. But it does mystify me that otherwise intelligent people take it seriously." - Douglas Adams Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 1,000(?) eyes security Re: A Devuan kernel?
On Monday 09 July 2018 at 22:53:19, Fungal-net wrote: > On July 9, 2018 11:35 PM, Antony Stone wrote: > > > > > > Quite a number of security holes have been discovered in versions of MS > > Windows over the years, and I'm pretty certain that the vast majority > > were discovered by people with no access to the source code... > I don't think this mode of thinking helps, plenty of security holes are > discovered in linux and unix-derivatives daily and people have been > looking through this code for years, never realizing a weakness can be > utilized by "evil doers" to manipulate this hole. Alpine is as simple and > as security concerned as any linux, and someone proved recently how > vulnerable they are. Whether ms-win is better or worse is no reason to > relax about it. I wasn't trying to compare or comment on whether Linux or Windows is better or worse from a security perspective. I was just using the examples of Linux (open source, low desktop usage, fairly high server usage) versus Windows (closed source, very high desktop usage, lower server usage) to point out that vulnerabilities can be found whether the source code is available or not. Give bad people enough machines to benefit from finding a weakness in, and they'll put in the effort to find those weaknesses even without access to the code the machines are running. > But here we have not a bug, not a vulnerability, but a published addition > to the code called speck (and it cousin coming soon). I don't think > microsoft had included it yet. It is Linus vanguardism. Hm, Speck is German for bacon. I like bacon. > No one dare write a bug report about speck, it is perfect I tell ya! It is > in your libre kernel. Thanks for the tip :) Antony. -- 90% of networking problems are routing problems. 9 of the remaining 10% are routing problems in the other direction. The remaining 1% might be something else, but check the routing anyway. Please reply to the list; please *don't* CC me. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] 1,000(?) eyes security Re: A Devuan kernel?
On Mon, 9 Jul 2018 22:35:37 +0200, Antony wrote in message <201807092235.37608.antony.st...@devuan.open.source.it>: > On Monday 09 July 2018 at 22:10:03, Hendrik Boom wrote: > > > On Tue, Jul 10, 2018 at 01:12:58AM +1000, terryc wrote: > > > On Mon, 9 Jul 2018 16:48:34 +0200 Alessandro Selli wrote: > > > > "Since the beginning of the git era (the 2.6.11 release in > > > > 2005), a total of 15,637 developers have contributed to the > > > > Linux kernel; those developers worked for a minimum of 1,513 > > > > companies." > > > > > > > > And this lists only those developers and companies who > > > > contributed to the official code; it does not list security > > > > auditors or developers/companies who work on custom versions of > > > > the kernel. > > > > > > The statement that started the claim was first made by ESR. > > > The rebuttal is all the security holes that have been found in > > > the code in various applications through out the Linux Epoch. > > > > I'm not at all convince that the security holes constitute a > > rebuttal. Methings they could equally be evidence that having all > > those eyes on the kernel source code is weeding out such security > > holes. After all, do we know how many security holes are detected > > by no one reading kernel code? > > I would look to Microsoft Windows for this. > > Quite a number of security holes have been discovered in versions of > MS Windows over the years, and I'm pretty certain that the vast > majority were discovered by people with no access to the source code. > > It's often commented that closed-source software has more bugs & > vulnerabilities in it because the developers think "no-one's going to > see this, so no-one's going to find the bugs" whereas open source > developers know that anyone can see the mistakes they make, so they > pay more attention to not making them. > > Whether that's true or not is hard to determine, but for me the mere > discovery of so many problems in MS Windows by people with no access > to the source code tells me that bugs and security holes will be > found, given sufficient incentive (eg: the overwhelming number of > Windows PCs on the planet), whether the source is open or not. .._one_ way of using this knowledge, is keep a few sacrifical Wintendos in a "lan" tarpit, and pose as "one of them", e.g. "about to fall over" to try get the bad guys to try save their catch, and buy you time to evade them. > Thus (coming back to the original argument) I find it hard to believe > that backdoors and similar deliberate insertions of suspicious code > wouldn't have been found by people responsible enough to publicise > what they discover, given that it's clearly possible to do, either > with access to the source code or without. ..the best way is have people look for weird behavior, you don't need to know how to read kernel source or what to look for, to recognise new "weird shit it didn't do before yesterday", even WWI security skills will work fine here, and that means, say, 7 billion eyes watching. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Harald Arnesen wrote on 07/09/2018 03:23 PM: > Why, oh why replace well-known, portable commands with Linux-only > commands that are no better? Can we blame SCO or Microsoft somehow? ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] dnsmasq: junk found in command line
Irrwahn wrote on 07/09/2018 07:58 AM:
> DNSMASQ_OPTS="$DNSMASQ_OPTS `mawk -- '{ printf "
> --trust-anchor=.,%d,%d,%d,%s", $5, $6, $7, $8 }' $ROOT_DS`"
A purge/install did no better so the line above indeed fixed it.
# dnsmasq --version
Dnsmasq version 2.72 Copyright (c) 2000-2014 Simon Kelley
Thank you so much
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Quoting Harald Arnesen (skog...@gmail.com): > Why, oh why replace well-known, portable commands with Linux-only > commands that are no better? At your convenience look up how many years the net-tools codebase has been orphaned. Can't remember, but it's many.[1] There is also functionality supported in the iproute2 tools but not in the net-tools old-standard ones. Isn't this a revival of a discussion that's been done to death? [1] Looked it up for you: 2001. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] nonexistent partition as swap drive.
On Mon, Jul 09, 2018 at 09:55:53AM -0400, Hendrik Boom wrote: > One line only: RESUME=/dev/hdc1 > > Looks like it's been there since at lease May 16, 2006. > I presume I can just delete that file entirely? > This machine never gets powered down with intent to resume instead of > to restart from scratch. I've never needed to do that, but removing that file should be fine. The other option is to simply delete what's in the file, and leave the file there, which is the approach I use. Greg -- web site: http://www.gregn.net gpg public key: http://www.gregn.net/pubkey.asc skype: gregn1 (authorization required, add me to your contacts list first) If we haven't been in touch before, e-mail me before adding me to your contacts. -- Free domains: http://www.eu.org/ or mail dns-mana...@eu.org ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 15:16:27 -0400 Steve Litt wrote: > Jimmy, you've just won a free procmail trip to /dev/null on my > computer. Isn't this a stylish way to put it? :-) Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Il giorno Mon, 9 Jul 2018 22:23:04 +0200 Harald Arnesen ha scritto: > Rick Moen [2018-07-09 21:01]: > > > 'netstat' in the 21st Century is spelled 'ss'. ;-> > > https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/ > > > > Why, oh why replace well-known, portable commands with Linux-only > commands that are no better? Because: "These programs (except iwconfig) are included in the net-tools package that has been unmaintained for years. The functionality provided by several of these utilities has been reproduced and improved in the new iproute2 suite, primarily by using its new ip command." So, in short: because they *are* better! Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Sun, 8 Jul 2018 at 17:35:01 -0700 Jimmy Johnson wrote: > On 07/07/2018 05:03 AM, Alessandro Selli wrote: >> On Fri, 6 Jul 2018 at 10:52:20 -0700 >> Jimmy Johnson wrote: >> >>> Good sources tell me we need our own kernel, >> >>Why? What's wrong with the available ones? > > > Devuan is there someone that can at lest look at the Debian kernel? I think Devuan devs have more important things to do that looking for a pin in a haystack. Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 20:47:01 +0200 marc wrote: > Hello Jimmy > > > Today Linux is pretty much owned by the NSA, including it's developers, > > not many educated eyes out there anymore to spot and report malware. > > Things have changed. > > So there is a nice poster around with a grumpy cat saying > "The NSA broke my internet, so I am building a GNU one". I > understand the sentiment. > > However: Loads of eyes are looking at the kernel, and if > I were to trust my intuition, I'd say that the back doors > are more likely (or more numerous) in the processor, > its microcode, the graphics card firmware and the ACPI > nonsense. > > So: Coding a new kernel is probably one of the more expensive > security exercises. Rebuilding from source is cheap, but it > is unclear if it would remove the backdoors (keywords "On > trusting trust", duckduckgo them, yandex it). > > However: The big security improvement you - Jimmy Johnson > aka field.engin...@gmail.com can make without requiring any > special skills is to stop using gmail. > > Google has pioneered many of the major privacy abuses: > > - the overt scanning of people's mail via gmail > - the gathering of access point data via its streetview cars >(got them into trouble in France, the rest of the world >didn't want to notice) > - its worldwide web tracking effort via google anal itics, >fonts.googleapis, doubleclick.nyet > - the major spyware known as chrome and its associated >corruption of mozilla Plus running the same dirty tricks that in the past M$ played against Netscape/Mozilla/Firefox and Opera to make it's own browser Explorer look better: serving bad web pages based on the requesting client: https://news.slashdot.org/story/18/07/08/2241237/firefox-and-the-4-year-battle-to-have-google-to-treat-it-as-a-first-class-citizen "After years of requests, meetings, and to and fro, it has hit a point where the developers of Firefox are experimenting by manipulating the user agent string in its nightly development builds to trick Google into thinking that Firefox Mobile is a Chrome browser. Not only does Google's search page degrade for Firefox on Android, but some new properties like Google Flights have occasionally taken to outright blocking of the browser." "Do no evil", right? Yeah, sure! Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 at 16:15:20 +0200 Antony Stone wrote: [...] Oh my, who are these guys? Received: from pikantus.localnet (cable-78-34-34-47.netcologne.de [78.34.34.47]) by formal.dehy.de (8.14.3/8.14.3/Debian-5+lenny1) with ESMTP id w69EFPKD030503 https://www.debian.org/News/2012/20120209 Security Support for Debian 5.0 terminated February 9th, 2012 Security Support for Debian GNU/Linux 5.0 terminated on February 6th Alessandro ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
On Mon, Jul 09, 2018 at 12:01:06PM -0700, Rick Moen wrote: > Quoting k...@aspodata.se (k...@aspodata.se): > > > Nice, didn't know about the ss command. You can also use > > netstat -tulp > > lsof -i :80 > > 'netstat' in the 21st Century is spelled 'ss'. ;-> > https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/ And in this case, there _is_ a relevant difference: netstat -p lists only one process per socket despite them often being shared. ss -p handles them correctly. Meow. -- // If you believe in so-called "intellectual property", please immediately // cease using counterfeit alphabets. Instead, contact the nearest temple // of Amon, whose priests will provide you with scribal services for all // your writing needs, for Reasonable And Non-Discriminatory prices. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Mon, 9 Jul 2018 11:03:11 +0200 KatolaZ wrote: > On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > > Hi again, > > > > El 08/07/18 a las 23:49, info at smallinnovations dot nl escribió: > > > I am not a kernel guy so maybe i am asking a stupid question; but > > > what other parts besides the official kernel from kernel.org > > > would you install? Or leave out? > > > > I would leave out binary blobs :) > > > > The Debian kernel already comes stripped of any binary blob, at least > since Squeeze was testing (i.e., since about 2009). Binary firmware > packages have been available in the non-free component since them. If > you don't install any of those non-free packages, your kernel is > equivalent to the one provided by LinuxLibre, the only difference > being that you can still load binary blobs if you wish so (while that > is forbidden in the kernels released by LinuxLibre). > > What are we talking about, exactly? > > HND > > KatolaZ > Hi, I don't remind which kernel. but is was in the press for sure: USA authorities were given a backdoor in the kernel. Could have been 2.6 For security, fighting criminals whats however. There was absolutely no resistance in those days. Not any. Foreign countries began to develop their own kernels. In those days I was into floppy distro's on old kernels so did not bother very much. But I remember it well. Yes I am a veteran in Linux stuff, into floppy distros like trinux (cloud computing avant la lettre) John ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
> I think Devuan devs have more important things to do that looking > for a pin in a haystack. > > Alessandro I totally agree. Hard to find that pin. And once found how to get rid of it? Will authorities allow the removal? Think not. John ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 10 Jul 2018 05:02:52 +0200, arne wrote in message <20180710050252.3494d2af@fx4100>: > On Mon, 9 Jul 2018 11:03:11 +0200 > KatolaZ wrote: > > > On Sun, Jul 08, 2018 at 11:52:41PM +0200, aitor_czr wrote: > > > Hi again, > > > > > > El 08/07/18 a las 23:49, info at smallinnovations dot nl > > > escribió: > > > > I am not a kernel guy so maybe i am asking a stupid question; > > > > but what other parts besides the official kernel from kernel.org > > > > would you install? Or leave out? > > > > > > I would leave out binary blobs :) > > > > > > > The Debian kernel already comes stripped of any binary blob, at > > least since Squeeze was testing (i.e., since about 2009). Binary > > firmware packages have been available in the non-free component > > since them. If you don't install any of those non-free packages, > > your kernel is equivalent to the one provided by LinuxLibre, the > > only difference being that you can still load binary blobs if you > > wish so (while that is forbidden in the kernels released by > > LinuxLibre). > > > > What are we talking about, exactly? > > > > HND > > > > KatolaZ > > > > Hi, > > I don't remind which kernel. > but is was in the press for sure: > USA authorities were given a backdoor > in the kernel. > Could have been 2.6 > For security, fighting criminals whats however. > > There was absolutely no resistance in those days. > Not any. > > Foreign countries began to develop their own kernels. > > In those days I was into floppy distro's on old kernels so did not > bother very much. > But I remember it well. > > Yes I am a veteran in Linux stuff, into floppy distros like trinux > (cloud computing avant la lettre) > > John ...Hughes? -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel? Foreign countries began to develop their own kernels
On Fri, 6 Jul 2018 10:52:20 -0700 Jimmy Johnson wrote: > Good sources tell me we need our own kernel, do we have one? > Thanks. > > > This last week I've been testing Slackware and I see Patrick is > dealing with systemd too, Slackware 14.2 is on what seems to be a > ASCII system, except ASCII seems to be just a little bit more sable > in audio and video. I have Slack running on three computers and I got > my Canon printer working too. :) Of course Devuan Jessie is my go to > Linux distro, the easiest to work with and audio/video is most stable > of all. Hi, I don't remind which kernel. but is was in the press for sure: USA authorities were given a backdoor in the kernel. Could have been 2.6 For security, fighting criminals whats however. There was absolutely no resistance in those days. Not any. Foreign countries began to develop their own kernels. In those days I was into floppy distro's on old kernels so did not bother very much. But I remember it well. Yes I am a veteran in Linux stuff, into floppy distros like trinux (cloud computing avant la lettre) John ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] data reliability (was: Home server replacement hardware suggestions?)
On Sun, 8 Jul 2018 05:09:36 +0200 Adam Borowski wrote: > Do not use the words "USB" and "disk" together, please -- in any > context that involves basic reliability, and, especially, not > corrupting data. I understand there are problems with USB sticks, but what's wrong with that connection for a drive? (assuming cabling won't get kicked out) I've had the problem of file corruption on my mind for some time, and the only solution I've come across is btrfs, and that had some nightmarish issues for me, so I've moved away from it. I'm still wondering if an encryption partition also a mechanism to help mitigate file corruption issues, but I haven't looked into that. zfs needs fuse on Linux, and ext checksumming doesn't exist (though I heard a rumour of encryption support so who knows about the future) Beyond a checksumming filesystem would be backups which keep diffs, but that requires auditing every file with every backup to check for corruption, or keeping many many backups to restore from very early revisions before a corruption. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, 10 Jul 2018 05:17:07 +0200 arne wrote: > > I think Devuan devs have more important things to do that looking > > for a pin in a haystack. > > > > > Alessandro > > I totally agree. > > Hard to find that pin. Errr, try opening your eyes. Since the floppies came out, there have been incredible improvements in the detection of "pins" whether pins be "backdoors" or "do sharks swim in these waters", or which town pumps the most illegal drugs. Now, if your really looking for pins containing iron, magnets from old hard disks shouldn't be too hard to procure. > And once found how to get rid of it? For most people, you post your concerns to a/multiple, relevant list(s)/forum. > > Will authorities allow the removal? There is nothing they can do to prevent it. What part oF OSS do you not understand? Part of my archiving of "linux" includes collected multiple copies of various source over various releases. So the cat is well and truely out of the bag. > > Think not. Oh, you're stuck in the Microsoft/Google mind trap. since I got the floppies, I've been avoiding those and similar. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Home server replacement hardware suggestions?
On 2018-06-25 08:03 AM, wirelessd...@gmail.com wrote: I have an old desktop at home running Devuan ascii for some basic server/file storage functions. Unfortunately the disk sounds like it's almost dead so I took a clonezilla backup and now want to find some replacement hardware. Looking to get something a bit more power conservative than this old desktop tower. The old machine has an AMD A8-3850 APU with 1TB HDD and 4GB Ram, sitting on a A75M-HVS motherboard. I'm hoping I can just build/buy a replacement of some sort and load the clonezilla backup directly onto the new disk and just boot up, reinstalling the grub boot loader from livecd? Or will I have to reinstall if it's going onto different hardware? Does anyone have any suggestions on what to get or where to look? Intel vs AMD? My suggestion would be to keep your existing hardware, as it would seem more than sufficient for the required functions. I would throw a couple of 2TB hybrid SATA drives in there and give it some more RAM, I think the board will support 16GB, but 8GB would probably be OK. The performance should increase and the money you save can buy a decent amount of beer and pizza. Clarke ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] A Devuan kernel?
On Tue, Jul 10, 2018 at 05:02:52AM +0200, arne wrote: [cut] > > Hi, > > I don't remind which kernel. > but is was in the press for sure: > USA authorities were given a backdoor > in the kernel. > Could have been 2.6 > For security, fighting criminals whats however. > > There was absolutely no resistance in those days. > Not any. > Again, how difficult is it to find links to concrete references that can substantiate your claims? Not difficult at all, especially since the relevant links (search for "linux kernel backdoor" anywhere, there are literally hundreds): https://www.securityfocus.com/news/7388 https://freedom-to-tinker.com/2013/10/09/the-linux-backdoor-attempt-of-2003/ confirm instead that there *was* immediate resistance, and that the alleged "backdoor" (which many in the kernel development team concluded was probably just a silly bug), was discovered shortly after the patch was submitted, and never stood a chance to enter a released kernel: https://lwn.net/Articles/57135/ All those links (and many other ones on that story) confirm what many of us have been saying so far, which is perfectly summarised by the first comment to the last article above: "What I think stands out the most was not that the CVS gateway was hacked and questionable code inserted -- it was the speed and cooperation that allowed it to be quickly detected, removed and preventive measures taken to make it more difficult for such a compromise to take place. This is an EXCELLENT example of one of the strengths of Open Source Development -- hundreds of eyes looking at the same thing." Unless you are talking about another "Linux kernel backdoor" story that was widely covered by the press in 2013, and then carefully and completely removed from the Internet by the US government? Oh look, they did a very bad job: I managed to find two links (among mane other ones): https://thehackernews.com/2013/09/us-government-asked-linus-torvalds-to.html https://falkvinge.net/2013/11/17/nsa-asked-linus-torvalds-to-install-backdoors-into-gnulinux/ which refer to the famous interview at LinuxCon 2013, and have nothing to do with the *existence* of an NSA backdoor in the Linux kernel, rather with the fact that the NSA had put pressure on Linus to put such a backdoor there. Being a "veteran" has never been a sufficient excuse from the obligation to support your claims with actual facts. This is not a religion, and there has never been anything like a revealed gospel in the free software community[1]. HND KatolaZ [1] The only exception being that Emacs is the Only True and Holy Editor, and that ViViVi is the number of The Beast, as revealed by the venerable St. IGNUcius during his peregrinations around the world... :P -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
On 07/09/2018 11:23 PM, Harald Arnesen wrote: > Rick Moen [2018-07-09 21:01]: > >> 'netstat' in the 21st Century is spelled 'ss'. ;-> >> https://dougvitale.wordpress.com/2011/12/21/deprecated-linux-networking-commands-and-their-replacements/ > > Why, oh why replace well-known, portable commands with Linux-only > commands that are no better? Looking at the comparison table in that link, not only are the new utilities and order of magnitude more complex they also fail to deliver many of the functions available in the normal utilities. Newer is not better. Different is not better. Only better is better. ... and most of these new utilities don't cut the mustard from what I've experienced with them. I haven't decided about ss yet however. /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] who's tying up my port 80?
Rick Moen [2018-07-10 00:31]: > Quoting Harald Arnesen (skog...@gmail.com): > >> Why, oh why replace well-known, portable commands with Linux-only >> commands that are no better? > > At your convenience look up how many years the net-tools codebase has > been orphaned. Can't remember, but it's many.[1] There is also > functionality supported in the iproute2 tools but not in the net-tools > old-standard ones. So if my main machine runs *BSD, I will have to use a totally different set of commands on my Linux laptop? -- Hilsen Harald ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
