Venker | 'Green hats' is too obvious, unless this was planified to seem a joke instead of a real attack | 00:02 |
---|---|---|
tuxd3v | Yes to obvious | 00:04 |
tuxd3v | but who, exactly? | 00:05 |
tuxd3v | that's the problem.. | 00:05 |
Venker | Fear, uncertainty and doubt | 00:06 |
tuxd3v | OVH should habe ips of conections made to the site, when it was takn off | 00:06 |
tuxd3v | habe -->have | 00:06 |
tuxd3v | also they can block ssh trafic to the servers.. | 00:07 |
tuxd3v | And why devuan.. | 00:15 |
tuxd3v | Its a free software organization, with lots of cultural values.. | 00:16 |
_abc_ | Because red hats are considered more free and better organized? | 00:18 |
Venker | for being unruly to Hydra mainlines | 00:18 |
watchcat | spoze this was a real pwnjob. you'd have a topic change. you have a guy here assuring everyone it's being worked on. in fact, it even would have been fixed by now. conclusion: lirpa loof did it. | 00:20 |
KatolaZ | watchcat: we have said several times we are working on it | 00:21 |
KatolaZ | :\ | 00:21 |
KatolaZ | we have got contact with the customer service of the provider | 00:22 |
KatolaZ | we are trying to get back access to the consoles | 00:22 |
KatolaZ | I just sent an update on DNG | 00:23 |
Venker | The last tweets from the official Devuan account are legit? | 00:29 |
KatolaZ | Venker: which tweets? | 00:34 |
targz | KatolaZ: 3 in the last hour | 00:36 |
Venker | "[...] we'll have a fresh campfire and time to plan next moves, hopefully aligned with the #GreenHat hackers, who are now our new overlords." | 00:36 |
Venker | https://twitter.com/DevuanOrg/status/1112476085244096513 | 00:37 |
Venker | those texts, in somewhat way, admit defeat | 00:38 |
redrick | Venker: I don't speak for Devuan Project in any way, but it seems to me those tweets reflect a sense of humour while waiting for the hosting provider to help with access to regain control. | 00:40 |
KatolaZ | Venker: what can you go against Green Hat Hackers? | 00:40 |
KatolaZ | https://idle.slashdot.org/story/19/03/31/212227/devuanorg-now-points-to-pwned-page-with-gopher-urls | 00:40 |
KatolaZ | it's even on shashdot! | 00:40 |
Venker | redrick: it could be | 00:41 |
KatolaZ | if anybody can help finding a clue | 00:44 |
KatolaZ | they asked us to focus on the last line of the pwned page | 00:44 |
KatolaZ | "BOTH 7779847 AND 1554080659 ARE PRIME NUMBERS" | 00:44 |
KatolaZ | o_O | 00:45 |
Venker | I'm looking for help | 00:45 |
KatolaZ | please Venker | 00:45 |
KatolaZ | thanks for your support | 00:45 |
Venker | you are welcome ;-) | 00:45 |
meandrain | hi, guys can you tell me (and point me to some direction) how you deal with packages that require systemd? Do you have some kind of wrapper or you use older versions of those packages? | 00:46 |
KatolaZ | meandrain: packages that require systemd are banned | 00:47 |
KatolaZ | those which require libsystemd or libpam-systemd still work | 00:47 |
DonkeyHotei | https://pkgmaster.devuan.org/bannedpackages.txt | 00:47 |
meandrain | thank you! I'll start from there | 00:47 |
Venker | KatolaZ: a user suggests it could be refering to p and q in RSA cypher | 00:48 |
KatolaZ | we tried that but no success | 00:48 |
KatolaZ | they are too small as p and q | 00:48 |
redrick | KatolaZ: They may have asked you to concentrate on that question, but as an SA I'd concentrate on the traditional ones: How was entry and compromise accomplished, how to rebuild/restore, how to prevent recurrence. | 00:49 |
KatolaZ | redrick: they really insisted on that line though | 00:50 |
redrick | Sometimes you cannot determine answer to the first question in reasonable time, so you attend to basics, issue new credentials, study and tighten as you can. | 00:50 |
Venker | Did you find any cyphered message or file? | 00:50 |
KatolaZ | so there must be something in those two numbers | 00:50 |
roo^y | Mind your Ps and Qs is an English language expression meaning "mind your manners", "mind your language", "be on your best behaviour", "watch what you're doing" or similar -Wikipedia | 00:50 |
redrick | KatolaZ: Sure, but do you-plural really care? If it were my site, I wouldn't. | 00:51 |
DonkeyHotei | also, what roo^y said | 00:51 |
redrick | In 2005, I had defacement of my site front page because I'd stupidly had index.html writable by www-data and a bug in Apache2 got exploited. I overreaced and assumed root compromise in error, and rebuilt. Figured that part out later. http://linuxmafia.com/news.html | 00:54 |
redrick | (That was back before I said 'Screw PHP; I'm not going to expose it at all to public netwworks any more.') | 00:55 |
tuxd3v | redrick, agree | 00:56 |
KatolaZ | redrick: some of the comments on /. actually suggest a way through | 00:56 |
zeph1ro | @KatolaZ, what do u mean too small? the example at https://en.wikipedia.org/wiki/RSA_(cryptosystem) seems to be giving back a valid public/private key... that might be used to ssh into the system | 00:57 |
zeph1ro | no? | 00:57 |
redrick | I still run /usr/bin/php5 from some cron jobs to generate static HTML, though. It turned out, lazy coders including yr. humble servant had treated page sets as dynamic when they didn't need to be. | 00:57 |
redrick | KatolaZ: Having a look at /. | 00:58 |
tuxd3v | KatolaZ, | 00:58 |
tuxd3v | root@desktop0:~# date -d @1554080659 | 00:58 |
tuxd3v | Mon 1 Apr 02:04:19 WEST 2019 | 00:58 |
tuxd3v | its a timestamp.. | 00:58 |
KatolaZ | oh really!?! | 00:58 |
KatolaZ | and what about the other one? | 00:58 |
snookiex | *pretends to be shocked* | 00:59 |
zeph1ro | gms@roger:~$ date -d @7779847 | 00:59 |
zeph1ro | mer 1 apr 1970, 02.04.07, CET | 00:59 |
zeph1ro | same... | 00:59 |
zeph1ro | xD | 00:59 |
KatolaZ | :D | 00:59 |
zeph1ro | dude... good night, i gotta work tomorrow | 00:59 |
zeph1ro | :D | 00:59 |
KatolaZ | that was the first April's fool in the Unix Era! | 00:59 |
KatolaZ | OMG! | 00:59 |
zeph1ro | ROTFL | 00:59 |
* KatolaZ hides away | 00:59 | |
Venker | O_o | 01:00 |
KatolaZ | actually, i guess they work better in UTC | 01:00 |
redrick | I'm trying to find the /. comments in question, but, seriously, if the host is (or is probably) root-compromised, then best practices is to rebuild. | 01:00 |
KatolaZ | 70/4/1 1:4:07 | 01:00 |
KatolaZ | 19/4/1 1:4:19 | 01:00 |
KatolaZ | redrick: date -d @7779847 | 01:01 |
KatolaZ | date -d @1554080659 | 01:01 |
DonkeyHotei | $ date -ud @7779847 | 01:01 |
DonkeyHotei | Wed Apr 1 01:04:07 UTC 1970 | 01:01 |
DonkeyHotei | $ date -ud @1554080659 | 01:01 |
DonkeyHotei | Mon Apr 1 01:04:19 UTC 2019 | 01:01 |
tuxd3v | but why 12 minutes diference? | 01:02 |
DonkeyHotei | seconds | 01:02 |
tuxd3v | thanks yes that is.. | 01:02 |
KatolaZ | 01:02 < KatolaZ> 70/4/1 1:4:07 | 01:03 |
KatolaZ | 01:02 < KatolaZ> 19/4/1 1:4:19 | 01:03 |
va7lnx | stack exchange is having April Fools day fun: https://superuser.com/questions/346958/can-the-telnet-or-netcat-clients-communicate-over-ssl | 01:04 |
Venker | if you substract both numbers, the resulting timestamp is | 01:04 |
Venker | $ date -ud @1546300812 | 01:04 |
Venker | mar ene 1 00:00:12 UTC 2019 | 01:04 |
KatolaZ | good job Venker | 01:05 |
DonkeyHotei | 49 years and 12 seconds | 01:05 |
roo^y | 59 | 01:05 |
KatolaZ | bad maths roo^y | 01:06 |
Venker | but why the 1st of january...? | 01:06 |
Venker | (I'm just trying combinations) | 01:06 |
DonkeyHotei | april, not jan | 01:06 |
KatolaZ | Venker: april | 01:06 |
Venker | ene = jan | 01:07 |
DonkeyHotei | because you subtracted, so it ceased to be a date | 01:07 |
Venker | I tried ^_^U | 01:08 |
tuxd3v | it was when time started to be counted on unix systems | 01:08 |
tuxd3v | root@desktop0:~# date -ud @0 | 01:08 |
tuxd3v | Thu 1 Jan 00:00:00 UTC 1970 | 01:08 |
tuxd3v | but the 12 seconds..don't get it.. | 01:08 |
DonkeyHotei | Venker: if you take the unix time of today and subtract the unix time of a year ago today, then convert that to a date, guess what month it'll be | 01:09 |
KatolaZ | tuxd3v: not all numbers are prime numbers... | 01:09 |
Venker | 1554080659-7779847=1546300812. Which is Tue Jan 1 00:00:12 UTC 2019 | 01:14 |
Venker | not April | 01:14 |
tuxd3v | January | 01:14 |
KatolaZ | -_- | 01:14 |
Venker | and still the same 12 seconds | 01:14 |
DonkeyHotei | Venker: if you take the unix time of today and subtract the unix time of a year ago today, then convert that to a date, guess what month it'll be | 01:14 |
tuxd3v | root@desktop0:~# date -ud @$(bc<<<'1554080659-1554080659') | 01:18 |
tuxd3v | Thu 1 Jan 00:00:00 UTC 1970 | 01:18 |
tuxd3v | they are limits | 01:18 |
KatolaZ | o_O | 01:18 |
tuxd3v | this gives the exact timestamp '0'(zero) | 01:19 |
tuxd3v | no more 12 seconds | 01:19 |
tuxd3v | wait | 01:19 |
tuxd3v | I messed it up | 01:19 |
tuxd3v | lool | 01:19 |
KatolaZ | tuxd3v: :D | 01:19 |
desperek | these are unix timestamps | 01:19 |
desperek | 1 apr 1:04 today gmt and in 1970 | 01:19 |
tuxd3v | loolroot@desktop0:~# date -ud @$(bc<<<'1554080659-7779847') | 01:20 |
tuxd3v | Tue 1 Jan 00:00:12 UTC 2019 | 01:20 |
desperek | you are doing it wrong | 01:20 |
desperek | the numbers alone | 01:21 |
abcabc__ | one hopes that NO keys or pwds were shared by any of the devuan devs between main site and repo/other hosts. Right KatolaZ ? | 01:22 |
KatolaZ | abcabc__: have you had a look at those numbers? | 01:23 |
abcabc__ | no. Why? | 01:23 |
desperek | isnt the answer 7 or 49? | 01:24 |
KatolaZ | the key is there | 01:24 |
KatolaZ | desperek: much easier | 01:24 |
abcabc__ | They're primes, no? And nix dates. | 01:24 |
desperek | yes | 01:24 |
desperek | its today 1:04 gmt | 01:24 |
desperek | and in 1970 | 01:24 |
KatolaZ | 01:05 <KatolaZ> date -d @7779847 | 01:24 |
KatolaZ | 01:05 <KatolaZ> date -d @1554080659 | 01:24 |
KatolaZ | yep | 01:24 |
KatolaZ | EOT | 01:24 |
desperek | the difference is 49 years | 01:24 |
desperek | and 7 is sqrt of 49 | 01:25 |
abcabc__ | i saw that. | 01:25 |
desperek | 7 is also a prime number | 01:25 |
KatolaZ | it's today | 01:25 |
KatolaZ | yes | 01:25 |
KatolaZ | today | 01:25 |
abcabc__ | numerology? | 01:25 |
desperek | also the port to gopher is 70 | 01:26 |
tuxd3v | Port 70 | 01:26 |
tuxd3v | 1970 | 01:26 |
abcabc__ | and? | 01:27 |
desperek | difference between the dates is exactly 49 years | 01:27 |
KatolaZ | today abcabc__ | 01:27 |
KatolaZ | yes desperek | 01:27 |
desperek | sqrt of 49 is 7 and 70 is the gopher port | 01:27 |
KatolaZ | 'cause this year unix turns 50... | 01:27 |
KatolaZ | :) | 01:27 |
Venker | any of your devs is 49 or 50? | 01:28 |
abcabc__ | gopher is a cool name, go far. | 01:28 |
* abcabc__ is 51 i think | 01:28 | |
tuxd3v | :;D | 01:29 |
DonkeyHotei | if you take the difference of Oct 9 2011 and Oct 9 2010, then convert it to a date, it will be Jan 1 too | 01:29 |
desperek | ALSO 1:04 is 1st of April | 01:30 |
desperek | cus april is the 4th month | 01:30 |
KatolaZ | oh! | 01:30 |
DonkeyHotei | because the difference between two dates is not itself a date | 01:30 |
KatolaZ | 70/4/1 1:04:07 | 01:30 |
KatolaZ | 19/4/1 1:04:19 | 01:30 |
desperek | it makes more sense in a normal date format | 01:30 |
KatolaZ | OMG | 01:30 |
DonkeyHotei | they are palidromes | 01:30 |
tuxd3v | ies | 01:31 |
DonkeyHotei | they are palindromes* | 01:31 |
tuxd3v | 1970 | 01:31 |
desperek | oh yeah then yes | 01:31 |
tuxd3v | 19 + 07 | 01:31 |
desperek | well, not exactly palindromes i would argue | 01:31 |
tuxd3v | 1970 | 01:31 |
tuxd3v | 1970/04/01 | 01:31 |
desperek | maybe the answer is 2000? | 01:32 |
desperek | ok nvm that | 01:32 |
tuxd3v | :D | 01:32 |
tuxd3v | 1970/04/01 1:04 - 19:07 | 01:33 |
KatolaZ | desperek: the answer is today | 01:34 |
desperek | like the word today? | 01:34 |
KatolaZ | no today like today | 01:34 |
tuxd3v | between 1:04 and 19_07? | 01:35 |
tuxd3v | hours | 01:35 |
KatolaZ | -_- | 01:35 |
desperek | hm | 01:35 |
tuxd3v | humm | 01:35 |
desperek | well, go for it then maybe? idk | 01:35 |
desperek | or unix | 01:35 |
desperek | or april fools | 01:35 |
desperek | or unix april fools :D | 01:35 |
* KatolaZ looks at desperek and thinks "I like this chap..." | 01:36 | |
desperek | yea this truly is a magical date tbh | 01:36 |
desperek | :p i've got to go to sleep soon though :D | 01:37 |
desperek | i was also thinking of doing and on sole numbers but i dont think this would be the answer | 01:39 |
KatolaZ | desperek: you are done | 01:39 |
KatolaZ | the answer is today | 01:39 |
desperek | just that the binary form of it is kinda palindrome | 01:39 |
desperek | KatolaZ, no, but is it really like the answer that's accepted and all or not :e | 01:40 |
desperek | well, anyways, good night | 01:40 |
tuxd3v | any way how to we know that the answer is correct? | 01:40 |
redrick | 'Good night, Westley. I'll probably kill you in the morning.' | 01:41 |
KatolaZ | thanks redrick | 01:42 |
KatolaZ | 12 hours is a whole lot of time ;) | 01:42 |
redrick | Princess Bridge quotations while you wait. | 01:42 |
redrick | Er, Bride. | 01:42 |
KatolaZ | o_O | 01:42 |
redrick | Dammit, where's that coffee? | 01:43 |
KatolaZ | hehehehe | 01:43 |
Venker | I'm gonna leave, too | 01:44 |
Venker | Forza, admins! | 01:44 |
redrick | Buona notte! | 01:45 |
tuxd3v | Ciao | 01:45 |
redrick | A domani, even. | 01:45 |
KatolaZ | SYL redrick | 01:46 |
redrick | Ta-ta. | 01:46 |
KatolaZ | beware of green hats... | 01:46 |
tuxd3v | zumba | 01:46 |
tuxd3v | right now they are blue hats | 01:47 |
tuxd3v | :) | 01:47 |
redrick | på gjensyn. | 01:47 |
mns` | by this time, i hope the devuan domain have been pointed to another server ... | 02:19 |
KatolaZ | mns`: have a look at /. | 02:19 |
mns` | ok | 02:19 |
KatolaZ | and at the calendar | 02:19 |
mns` | Is it a april fools joke? | 02:22 |
KatolaZ | mns`: date -d @1554080659 | 02:23 |
mns` | because I'm not laughing | 02:23 |
mns` | i saw that | 02:23 |
opal | lol | 02:24 |
opal | glad to see devuan has switched to gopher Kappa | 02:25 |
golinux | mns`: I'm not laughing either | 02:31 |
bluemarlin | you sure those two primes aren't a hint - like you should construct private key from them and access the servers? | 02:38 |
KatolaZ | bluemarlin: date -d @1554080659 | 02:39 |
KatolaZ | :) | 02:39 |
bluemarlin | ah | 02:39 |
se7en | So is this or is this not a joke by devuan | 02:50 |
se7en | Or is it by a malicious hacker for april fools day | 02:50 |
se7en | KatolaZ: | 02:51 |
KatolaZ | se7en: wazzup? | 02:51 |
se7en | is this a joke by Devuan or is it by a malicious actor for april fools day | 02:51 |
se7en | I know of hacking groups hacking websites for april fools day | 02:52 |
KatolaZ | $ date -d @1554080659 | 02:52 |
se7en | Yeah, I know | 02:52 |
KatolaZ | se7en: do you have any contact with green hat hackers? | 02:52 |
se7en | no | 02:52 |
se7en | I have never heard the term befoee | 02:52 |
KatolaZ | I see | 02:52 |
se7en | I am just unsure if this is a joke by Devuan or if it is by another party | 02:52 |
KatolaZ | $ date -d @1554080659 | 02:52 |
bluemarlin | i would expect them to operate from underground irish pub though | 02:52 |
se7en | KatolaZ: yeah I know | 02:53 |
se7en | [17:51 se7en@lappy ~] > date -d @1554080659 | 02:53 |
se7en | Sun Mar 31 18:04:19 PDT 2019 | 02:53 |
se7en | April Fools Day | 02:53 |
se7en | I know | 02:53 |
se7en | But is it by you | 02:53 |
KatolaZ | bluemarlin: you never know, it could be from a lagune | 02:53 |
mns` | by now, i guess its a 'inside job' joke | 02:53 |
se7en | or is it by a hacker | 02:53 |
KatolaZ | se7en: the pwned page says "Green Hat Hackers" | 02:53 |
KatolaZ | so it must be form some hacker of sort | 02:54 |
se7en | 02:54 | |
KatolaZ | bluemarlin: if anybody asks, just tell them `date -d @1554080659` | 02:57 |
KatolaZ | o/ | 02:57 |
se7en | KatolaZ: you need to add a -u to that | 03:00 |
KatolaZ | se7en: I just need a good sleep ;P | 03:00 |
Tazy | good jolly, even set up a gopher server. | 03:02 |
bluemarlin | KatolaZ: enjoy sleep, you got a twisted sense of humor :) | 03:04 |
roo^y | sorry to spam, but it was working fine before i ruined it with -u (or where exactly does the -u go) | 03:08 |
roo^y | date -d @7779847 | 03:08 |
roo^y | Wed Apr 1 11:04:07 AEST 1970 | 03:08 |
roo^y | date -d -u @7779847 | 03:08 |
roo^y | date: the argument ‘@7779847’ lacks a leading '+'; | 03:08 |
roo^y | when using an option to specify date(s), any non-option | 03:08 |
roo^y | argument must be a format string beginning with '+' | 03:08 |
roo^y | Try 'date --help' for more information. | 03:08 |
Tazy | too bad only the main site is accessible ;) | 03:09 |
roo^y | i got a flooding warning, so i'm not sure if my 7 lines posted. i'll leave it at that | 03:09 |
redrick | roo^y: Your seven lines of wisdom were transmitted. | 03:12 |
roo^y | thx :) | 03:13 |
redrick | -u is for UTC. (I for one welcome our Greenwich overlords.) | 03:15 |
redrick | Not that there's anything wrong with AEST. | 03:16 |
redrick | Though in many ways, truth is longitude-dependent, you may perceive. | 03:17 |
Jjp137 | roo^y, try: date -ud @7779847 | 03:18 |
redrick | I mean, if I observed AEST, at teatime it'd be the previous night, and that would never do. | 03:19 |
roo^y | ok. we go back to AEST in a week. currently at the end of AEDT, after summer | 03:20 |
roo^y | date -ud @7779847 | 03:20 |
roo^y | Wed Apr 1 01:04:07 UTC 1970 | 03:20 |
roo^y | this works! | 03:20 |
redrick | Welcome to Greenwich. There's a pedestrian tunnel to the Docklands for your convenience. | 03:21 |
roo^y | niiiiiiiice | 03:21 |
redrick | https://en.wikipedia.org/wiki/Greenwich_foot_tunnel | 03:22 |
redrick | roo^y: The AEST -> AEDT changeover date was presumbly earlier in 1970, FWIW. Date calculations are a special kind of hell for coders. | 03:23 |
roo^y | i wrote these 6 lines to answer repeated questions | 03:25 |
roo^y | It was worked out as typing the following into the terminal, populates april fools days | 03:25 |
roo^y | date -ud @1554080659 | 03:25 |
roo^y | Mon Apr 1 12:04:19 UTC 2019 | 03:25 |
roo^y | date -ud @7779847 | 03:25 |
roo^y | Wed Apr 1 11:04:07 UTC 1970 | 03:25 |
roo^y | *note: the 4mins can represent Apr, & 19secs represent year. 70secs can't be populated, so 7secs is the next best thing | 03:25 |
redrick | Et voila. | 03:25 |
watchcat | .oO(green wich... green hat... another clue...) | 03:26 |
redrick | Εύρηκα! So to speak. | 03:26 |
redrick | I was hoping it'd be questions like 'What is the airspeed of an unladen swallow?' | 03:27 |
watchcat | i propose that hencforth, the gopher should be the official devuan mascot. | 03:30 |
redrick | And Minnesota the official Devuan Place to Not Go on Holiday. | 03:30 |
redrick | (The protocol was named for the U. of Minnesota's mascot, in case the joke was too obscure.) | 03:31 |
Dsbeerf | so those iso can be compromised ? | 03:32 |
roo^y | Dsbeerf: the ISOs are safe (unlike the incident that happened to linux mint several yrs ago | 03:34 |
Dsbeerf | roo^y, ok that what i was refering to | 03:34 |
redrick | Dsbeerf: It's worth learning how to check gpg signatures on ISO checksums, then you wouldn't need to ask. | 03:35 |
mns` | golinux: :| | 03:35 |
watchcat | http://www.bakingdom.com/wp-content/uploads/2010/09/caddyshack-gopher.jpg | 03:35 |
Dsbeerf | redrick, i admit | 03:35 |
redrick | https://pastebin.com/1dX5XG7W | 03:35 |
redrick | (URL illustrating how.) | 03:36 |
Dsbeerf | redrick, thanks | 03:36 |
redrick | Seriously, worth picking up the knack. | 03:36 |
redrick | The one bit of humbug in that transcript is where I skip over how I found the signing key. | 03:38 |
Dsbeerf | ok | 03:42 |
redrick | I Web-searched around and found references to that key, chose to believe conditionally that the mentions weren't fraudulent, and fetched it from a keyserver. More ideally, one would be able to verifying key authenticity using gpg web of trust, but I evidently need to attend more keysignings for that. | 03:46 |
redrick | Back in the 1990s, when the Linux community was small, we used to joke about keysignings letting us play 'Six degrees of Ted T'so.' | 03:47 |
redrick | Anyway, even if signing key verification's a weak point, it's IMO always worth trying to vet ISO checksums. | 03:48 |
Dsbeerf | yeah well is more that nothing | 04:14 |
redrick | Well, it'd require a heck of a plan to get away with having a bogus key in the public keyservers for e-mail address repository@devuan.org, especially for significantly long. | 04:21 |
redrick | Huh, just checked my verification transcript, and saw that the SHA256SUM file was signed with KatolaZ's key, not the Primary Devuan signing key. | 04:24 |
redrick | But, anyway, as you say, a lot better than nothing. | 04:25 |
Ryushin | Are the Devuan servers that got hacked VMs or physical hardware? | 04:35 |
benjikun | is this a meme | 04:38 |
benjikun | ??? | 04:38 |
furrywolf | is your question nonsensical? | 04:39 |
benjikun | seems like a brash april fools joke | 04:40 |
xrogaan | It is. | 04:40 |
benjikun | alright, thanks lol | 04:40 |
Leander | this 1st april thing has to die | 04:41 |
Ryushin | From the Devuan team or the hacker group? Not so sure about it being from the Devuan team. | 04:41 |
xrogaan | At least they're not going political: https://www.tuxfamily.org/en/news/2019040100 | 04:41 |
xrogaan | Ryushin: there is no green hat. | 04:41 |
opal | thanks for trolling me | 04:43 |
opal | im gullible v.v | 04:43 |
Ryushin | Well, reading on #devuan-dev, they don't seem to be impressed. | 04:43 |
benjikun | time to actually start using gopher again :^) | 04:43 |
Ryushin | Lets go back to 300 baud BBS. | 04:44 |
opal | gopher doesnt strike me as well-engineered; imo we just need a slimmed-down http | 04:44 |
plasma41 | opal: like HTTP/0.9? | 04:46 |
opal | not sure. i definitely think http/2 and beyond are too geared toward webapps, hacks upon hacks, to be any good | 04:47 |
opal | a lot of http/1.1+ headers for security can probably be easier managed with saner browser defaults, idk | 04:48 |
furrywolf | I've been really tempted to write a news article about Trump and Pelosi's surprise marriage announcement for tomorrow. | 04:48 |
opal | i think content security policies are their own brand of complexity that could cause as many issues as the things theyre trying to prevent | 04:48 |
opal | i think anyone would agree that information such as useragent and referer are entirely arbitrary to keep in the protocol | 04:49 |
plasma41 | I like that both Gopher and HTTP/0.9 are stateless protocols. No cookies | 04:49 |
opal | cookies/auth is a good point | 04:49 |
opal | do you think all of http should be authless and stateless | 04:49 |
opal | im trying to move my stateful stuff off of the web browser. i use mail in its own client, irc obviously, xmpp | 04:49 |
plasma41 | auth: yes. all other forms of state: no | 04:50 |
opal | hm | 04:50 |
Beerbaron23 | The website is now a GopherH0le!! | 06:55 |
DocScrutinizer05 | https://www.devuan.org/pwned.html yeah! ;-P | 08:25 |
guido_g | glad you mentioned it, noone else did in the last 24h | 08:38 |
DocScrutinizer05 | indeed, I'm really fast today ;:-) | 08:46 |
KatolaZ | https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 09:07 |
watchcat | yay. it just seemed to be too funny and benign to be real. :) | 09:12 |
ralpheeee | lost me as an end user ...good luck ! | 09:26 |
DocScrutinizer05 | LOL | 09:27 |
DocScrutinizer05 | @ ralpheeeeee | 09:27 |
DocScrutinizer05 | KatolaZ: excellently pitched and designed. And good "PR noise" | 09:28 |
MinceR | rotfl | 09:29 |
MinceR | well played | 09:29 |
KatolaZ | https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 09:29 |
DocScrutinizer05 | KatolaZ: one thing that gave it away for me (after I bothered to really investigate) was the rewrite, no hacker would go to such length to establish a defacing | 09:33 |
detha | All I can say is 'not funny' | 09:43 |
watchcat | hey but can we really adopt the caddyshack gopher as devuan mascot now? | 09:56 |
guido_g | stupidity at it's best | 09:57 |
GoatAvenger | is/was the Devuan crack legitimate? | 09:59 |
GoatAvenger | Or was/is it an april fools joke? | 09:59 |
watchcat | https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 10:01 |
GoatAvenger | April fooolsss... | 10:06 |
GoatAvenger | :) | 10:06 |
ruenoak | I do like the ascii art | 10:07 |
watchcat | somebody needs to make ascii art of a gopher wearing a green hat. | 10:12 |
DocScrutinizer05 | it should wear a red hat, just because... | 10:19 |
ruenoak | Does anyone if the Devuan Conference will be recorded at all? I would love to go but sadly I live at the bottom of the globe and it's a bit far. | 10:26 |
KatolaZ | ruenoak: it will be streamed and recorded | 10:35 |
ruenoak | Fantastic! | 10:39 |
sauvin | Can anybody comment on https://www.devuan.org? Has it really been pwned? | 10:58 |
Unit193 | sauvin: You might want to look at the date, https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 11:00 |
mss | is the current state of the devuan.org a joke or did the site really get pwned? | 12:05 |
mss | got* | 12:05 |
KatolaZ | https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 12:05 |
mss | i see. | 12:06 |
_abc_ | So, is everything back to non green hat normal? | 12:25 |
KatolaZ | _abc_: https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 12:28 |
DocScrutinizer05 | >> It all works, but it limits Linux processes to a mere 512GB of virtual address space. Such limits are irksome to the kernel developers when the hardware can do more, and, besides, somebody is likely to release a web browser or office suite which runs into that limit in the near future.<< | 12:30 |
DocScrutinizer05 | https://lwn.net/Articles/106177/ Posted Oct 14, 2004 | 12:31 |
djph | wait, what | 12:40 |
djph | 512GB (Virtual) Address Space is a limit ? | 12:41 |
_abc_ | KatolaZ: poisonne` en Avril... | 12:41 |
DocScrutinizer05 | stackoverflow.com makes me puke. I hope this is an april's fool | 12:44 |
DocScrutinizer05 | mousepointer throwing candy for sure is | 12:44 |
rafalcpp | it seriously lacks animated background | 12:50 |
_abc_ | Everyone pulled out all stops for April's fool day. Why? Halloween was meh. | 12:52 |
Ulrar | Congrats on the new site, I like it | 13:48 |
Ulrar | I wonder how many people will get it | 13:48 |
premoboss | hello, i have problem with date. i am located in italy, now it is 14:39 but the clock report +2 hours, I try to select the location with tzselect, but no way. also try to use command "date" to set the clock, but no way. what am i doing wrong? | 14:42 |
rrq | I always have to go to "man tzselect" to remember it, you should do: dpkg-reconfigure tzdata | 14:45 |
nailyk | https://lists.dyne.org/lurker/message/20190331.191104.169aaf9a.en.html is that true ? | 14:46 |
buZz | nailyk: read -all- the emails | 14:46 |
buZz | specifically ; https://lists.dyne.org/lurker/message/20190401.070222.844cb081.en.html | 14:47 |
nailyk | so it was a time stamp problem :p | 14:47 |
premoboss | rrq, i done, but: | 14:47 |
buZz | nailyk: just read the link | 14:47 |
premoboss | Current default time zone: 'Europe/Rome' | 14:48 |
premoboss | Local time is now: Mon Apr 1 16:44:55 CEST 2019. | 14:48 |
premoboss | Universal Time is now: Mon Apr 1 14:44:55 UTC 2019. | 14:48 |
premoboss | so, the time is still +2 hours. | 14:48 |
nailyk | thks buZz ;) | 14:48 |
rrq | premoboss: yes, CEST is +2 right now .. according to my tzdata as well | 14:48 |
buZz | premoboss: apt install ntpdate; ntpdate ntp.xs4all.nl | 14:48 |
buZz | or something | 14:48 |
premoboss | ok, but now, in itali, is 14:46 | 14:49 |
premoboss | not 16:46 | 14:49 |
premoboss | so, or italy dont follow CEST time rule ot tzdata os wrong about italy. | 14:49 |
premoboss | buzz i do. | 14:49 |
buZz | premoboss: you have your system on UTC, and in the wrong time | 14:50 |
buZz | you configured the UTC of your system to the correct time in italy | 14:50 |
premoboss | buZz, how to set my tine the right one? | 14:50 |
buZz | ntpdate with correct TZ selected should already fix it | 14:50 |
premoboss | ok | 14:50 |
premoboss | BANG! gone ok. thanks. | 14:51 |
buZz | :) | 14:51 |
premoboss | on otyer side, to be 1 hour ahead gave me always on time at meetings:))) | 14:52 |
buZz | :P | 14:55 |
Y_Plentyn | hm. is it still possible to register for the devuan conference? and how? | 15:15 |
Jookia | Who did the april fool's joke? | 15:16 |
buZz | Jookia: someone with bad taste | 15:18 |
Jookia | https://devuan.org/os/team/ says a 4/5 consensus is required for major decisions | 15:19 |
Evilham | not the case I'm afraid | 15:20 |
Jookia | so katolaz did this on their own? | 15:21 |
tuxd3v | I am a bit sad, it went so far.. | 15:21 |
tuxd3v | At least they could have done something like | 15:22 |
tuxd3v | StackOverFlow did | 15:22 |
tuxd3v | https://stackoverflow.com/questions/3817750/how-to-convert-date-to-unix-timestamp-in-shell-script-on-macos | 15:22 |
Evilham | Jookia: I didn't say that | 15:23 |
Jookia | Evilham: no, i'm just assuming based on the circumstances | 15:23 |
Jookia | will we ever know who did it | 15:23 |
buZz | well, KatolaZ was first to deny it was a april fools | 15:24 |
buZz | and the only one i've seen defending it | 15:24 |
Jookia | but then they also said it was an april fools joke | 15:25 |
Jookia | in the email | 15:25 |
KatolaZ | https://lists.dyne.org/lurker/message/20190401.132526.1a220dc3.en.html | 15:26 |
buZz | KatolaZ: was there really 4/5 concensus for this joke? | 15:27 |
buZz | consensus* | 15:27 |
buZz | already numerous ppl that moved away from devuan over it :) | 15:28 |
desperek | hmm | 15:28 |
desperek | hi | 15:28 |
gnarface | i think anyone who didn't realize it was a joke as soon as there was no javascript in that html and wasn't willing to wait until after april fool's to jump ship probably is dangerously irrational anyway | 15:29 |
KatolaZ | wow, so faithful devuan users we have... | 15:29 |
gnarface | i mean gopher, really? | 15:29 |
KatolaZ | anyway, it's all explained in the email | 15:29 |
KatolaZ | https://lists.dyne.org/lurker/message/20190401.132526.1a220dc3.en.html | 15:29 |
KatolaZ | bbl | 15:29 |
buZz | gnarface: well, ppl that administrate many servers dont usually kid around with such security issues | 15:29 |
Jookia | gnarface: the devuan infrastructure admins were saying they were hacked and denying it was an april fools joke | 15:29 |
gnarface | well, i'm not one of them, but i did say that might not be taken well | 15:30 |
buZz | admin* , i havent seen anyone 'back' the joke at all, beside KatolaZ | 15:30 |
Jookia | i don't think it's fair to say they're dangerously irrational for believing it | 15:30 |
gnarface | i was silent about it when i should not have been | 15:30 |
buZz | even 1 hour of actually hacked could mean millions of backdoored systems | 15:30 |
Jookia | katolaz apologized and that's about all that can be done | 15:31 |
Jookia | but its just kinda weird to me that one person can make such huge modifications to a trusted server like that | 15:31 |
gnarface | real villains would definitely have put tracking scripts on that page | 15:31 |
desperek | KatolaZ, aaaaaa! | 15:32 |
buZz | its just beyond bad taste, imho | 15:32 |
Jookia | like if someone stole katolaz's ssh keys could they actually hack the site | 15:32 |
desperek | you also need a password for ssh Jookia | 15:32 |
Jookia | ssh session then | 15:33 |
desperek | i dont think you can stole ssh session | 15:33 |
Jookia | it's a little bit scary to think that there's not a barrier with oversight for the entire website | 15:33 |
desperek | ? | 15:33 |
Jookia | not just the contents but also the infrastructure itself | 15:33 |
Jookia | usually with tech projects you see websites in github with merge requests handling changes | 15:34 |
buZz | well, infrastructure wasnt affected, all pkg mirrors etc were still up | 15:34 |
Jookia | i guess it is here: https://git.devuan.org/devuan-editors/devuan-www | 15:35 |
Jookia | but they changed the website without going through that review? idk | 15:35 |
Jookia | also does devuan use debian's repos with its own packages on top? or its own entire mirrors | 15:39 |
Evilham | former | 15:40 |
debdog | Y_Plentyn: do not know myslef but all you need to know should be in this thread: https://lists.dyne.org/lurker/thread/20181126.195746.a575f370.en.html | 15:41 |
KatolaZ | debdog: https://lists.dyne.org/lurker/message/20190401.132526.1a220dc3.en.html | 15:41 |
debdog | KatolaZ: sorry, I do not understand? | 15:42 |
gnarface | Jookia: mostly redirects from debian mirrors (because most packages so far are not changed) | 15:43 |
Jookia | Is there a list of changed packages? | 15:44 |
gnarface | uh.. yea somewhere... | 15:45 |
debdog | Jookia: https://pkgmaster.devuan.org/bannedpackages.txt | 15:45 |
gnarface | no that's the banned packages | 15:45 |
debdog | oh, assumed they were basically the same | 15:46 |
gnarface | no those are ones that need to be forked still to just work | 15:46 |
gnarface | so they're currently excluded | 15:46 |
gnarface | there is somewhere in the gitlab you should be able to get the list, but also if you just search for "devuan" in pkginfo.devuan.org, all the forked packages have devuan* in the version string | 15:47 |
gnarface | KatolaZ: well, you made the front page on Slashdot, so mission accomplished, i guess | 15:50 |
buZz | could have done that with actual news | 15:54 |
buZz | like 'devuan moving to gopher servers' | 15:54 |
buZz | instead of causing panic for the yolo | 15:55 |
gnarface | i think this is KatolaZ's way of protesting being left in charge of the web servers during the conference | 15:55 |
buZz | to ignore the 4/5 consensus needed for webpage changes? | 15:56 |
MinceR | lol | 15:56 |
_abc_ | Do you see polkitd taking load up to 0.6-0.7 for no reason? | 15:58 |
* gnarface isn't using it | 15:58 | |
buZz | that package isnt in devuan | 15:58 |
_abc_ | Ahh. systemd fun, without systemd this time. | 15:59 |
_abc_ | The package is in wheezy. I am trying to port linuxcnc user land to devuan ascii. | 15:59 |
buZz | you dont need policykit | 15:59 |
_abc_ | No success so far, missing packages which do not exist in devuan repos? | 15:59 |
_abc_ | Will be back about this. | 16:00 |
buZz | ciao | 16:00 |
_abc_ | [not polkitd] | 16:00 |
gnarface | stuff has been renamed since wheezy | 16:00 |
_abc_ | I know. | 16:00 |
_abc_ | Made a stick with refracta2usb testing it now with persistence, using live linuxcnc wheezy 2.7 iso as source | 16:02 |
DocScrutinizer05 | https://www.cons.org/cracauer/sigint.html TIL, quite interesting | 16:20 |
Y_Plentyn | debdog: thank you | 16:21 |
buZz | i wonder when Klipper will get 'random ass CNC' support | 16:23 |
buZz | it makes a lot more sense to me than LinuxCNC | 16:23 |
Y_Plentyn | ... but that not contain recent information - for example if and how it is possible after early registration | 16:23 |
Y_Plentyn | ... to register | 16:23 |
debdog | Y_Plentyn: maybe there: https://events.eventzilla.net/e/welcome-to-the-first-devuan-conference-d1conf-2019-2138704309 or contact conference@devuan.org | 16:32 |
Y_Plentyn | debdog: i know the first... | 16:32 |
Y_Plentyn | and justr mailed the second ;) | 16:35 |
zeph1ro | @KatolaZ, zuzurellone... got the time to tag and release d1h? i need the fix u made 7mo ago... ;) | 16:37 |
unixman | KatolaZ, I thought the joke was funny. I presumed it was a joke from the start. I love the fact that gopher actually works. :D | 16:40 |
desperek | yea leave it like thatr | 16:40 |
Y_Plentyn | I liked the joke, too, and I like gopher ;) | 16:40 |
* unixman had to install a gopher client to check and was pleasantly surprised :) | 16:41 | |
unixman | Just finished reading scrollback. Some folk need to get a sense of humor. Good grief. :P | 16:49 |
MinceR | indeed | 16:49 |
detha | Other folks haven't spent 3 months getting use of devuan approved by corporate security in a windows-centric company. Know what the knee-jerk reaction of ITSec types to this sort of stunt is? :P | 17:02 |
silverwillow | meh. IPSec peeps have no sense of humour. They don't count :P | 17:11 |
buZz | detha: yeah i've seen many ppl not respond nicely | 17:11 |
buZz | way more then expected by the 'prankster' i bet | 17:11 |
detha | silverwillow: count or not, they control their firewalls. And if they say 'no', you either comply or can the project. | 17:12 |
_abc_ | <almost systemd bashing>while looking for solutions for my current project, I found two nice links http://www.softpanorama.org/Commercial_linuxes/RHEL/index.shtml https://www.reddit.com/r/linux/comments/2hfvm0/so_after_4_hours_of_debugging_systemd_and/ | 17:20 |
_abc_ | detha: itsec suits get alarmed by an amber light on a junos box (local management ethernet down usually), jokes like the website put them into hyperventilation state, need ER. | 17:21 |
premoboss | KatolaZ, i read you did a minimal devuan CLI version. how to get it? | 17:24 |
KatolaZ | https://files.devuan.org/devuan_ascii/minimal-live/ <- premoboss | 17:24 |
premoboss | KatolaZ, thanks. | 17:25 |
KatolaZ | premoboss: yw | 17:25 |
furrywolf | I too was impressed that at least www. had working gopher. checked last night. :) | 17:40 |
m68000 | the port 70 revolution | 17:41 |
m68000 | :P | 17:41 |
_abc_ | 368MB for a cli only minimal edition is huuge :) But it's not your fault. Thanks for that KatolaZ. | 17:47 |
KatolaZ | _abc_: it's not "just a minimal image" | 17:52 |
KatolaZ | :) | 17:52 |
KatolaZ | it has a lot of stuff in there | 17:52 |
KatolaZ | but still boots in a quite small footprint | 17:52 |
KatolaZ | and gives you a fully functional system :) | 17:52 |
KatolaZ | I agree it's not as minimal as "tomsrtbt" though ;) | 17:53 |
gnarface | it's as small as you can reasonably expect a debian-compatible derivative to get though | 17:57 |
KatolaZ | well, it could be really made slimmer, by removing some stuff | 17:58 |
KatolaZ | anyway, it should be pretty straightfoward to customise it using live-sdk | 17:58 |
KatolaZ | _abc_: shout if you need help with that | 17:59 |
xrogaan | Apparently IBM is to start a non-free version of RHEL. They had enough of not being able to properly use xkbcomp with wayland. | 17:59 |
buZz | lol | 17:59 |
unixman | IIRC there is already a "non-free" version of RHEL. Try getting patches for an unregistered, or unpaid, or expired, RHEL subscription. | 18:05 |
furrywolf | I want un-RH linux. | 18:05 |
buZz | we all do | 18:07 |
xrogaan | https://www.commitstrip.com/en/2019/04/01/back-to-how-it-should-be/ | 18:26 |
buZz | xrogaan: weird | 18:31 |
buZz | there was no support for 'desktop notifications' from webpages in the 90s | 18:31 |
buZz | is the joke that the cartoonist wasnt on internet in the 90s? :P | 18:32 |
buZz | oh, -remove- , nmind | 18:32 |
DocScrutinizer05 | xrogaan: depressingly true | 18:33 |
buZz | missed <marquee> though | 18:33 |
xrogaan | anyhow, after today, I realize that the best way for a cracker to fuck around is to take over during the 1st of April. | 20:40 |
_abc_ | re: RH slime: I posted a link above some time ago about this. [relevant] | 21:03 |
_abc_ | http://www.softpanorama.org/Commercial_linuxes/RHEL/index.shtml repost | 21:03 |
xrogaan | _abc_: I have no idea about how to read that website | 21:11 |
_abc_ | scroll down until your eyes no longer hurt. | 21:16 |
_abc_ | At "Abstract" | 21:16 |
armin | https://www.devuan.org/pwned.html ;) | 21:37 |
_abc_ | With persistence on live images: is persistence-label= only supported in later (than wheezy level) distributions? It seems to not be treated in /bin/live-persistence at all. | 23:21 |
_abc_ | I wasted half a day trying to make it work | 23:21 |
_abc_ | Normally if "persistence" is on the kernel cli then something in the init scripts should call /bin/live-persistence, no? | 23:22 |
_abc_ | ?? | 23:24 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!