Language Selection

English French German Italian Portuguese Spanish

Follow-Up: Attack on Exherbo.org machine

Filed under
Gentoo

Some of you might have read my previous blog post about the attack on Exherbo’s quote database that I wrote about yesterday. As promised I am going to write a follow up post about how this was handled and what the result of the cooperation with Gentoo’s infrastructure team was.

I also promised to give you an update based on the information that we received after the blog post and the bug was created:

* Alex Howells (Astinus) has been removed from all Gentoo infrastructure and as you can read on bug #229895, Gentoo’s infrastructure team has informed all the developers via the gentoo-core mailing list about what happened.
The developers received the following message (taken from the bug):

* As reported on bug #229895, on 27 Jun 2008 at 19:04 UTC, there was unwarranted traffic sent to http://quotes.exherbo.org/ and some of the traffic involved originated from various Gentoo Linux infrastructure machines. The Gentoo infrastructure team conducted an audit based on logs from the machines as well as those provided by Exherbo’s infrastructure team. Based on results of our audit and the user’s admission via email, we have concluded that the said actions were taken by one of our developers named astinus.
* We have taken appropriate action and have removed the developer in question from Gentoo Linux infrastructure.

More Here

Also:

Up until recently, I had thought most Gentoo users and developers to be adults, who made sensible choices in their actions (but not always their words). This may be generalized to acting professionally. I am saddened to report on the ongoing degradation of the community in this regard, and how infra will deal with their side of it.

If you abuse a Gentoo infrastructure system, we have no compunctions about kicking your ass and handing you to the suitable authorities (userrel, devrel, $GOV_AUTHORITY).

Rest "Going medival on your ass"




More in Tux Machines

today's leftovers

Linux/FOSS Events

  • The Linux Foundation Announces Session Lineup for ApacheCon(TM) Europe
  • OpenShift Commons Gathering event preview
    We're just two months out from the OpenShift Commons Gathering coming up on November 7, 2016 in Seattle, Washington, co-located with KubeCon and CloudNativeCon. OpenShift Origin is a distribution of Kubernetes optimized for continuous application development and multi-tenant deployment. Origin adds developer and operations-centric tools on top of Kubernetes to enable rapid application development, easy deployment and scaling, and long-term lifecycle maintenance for small and large teams. And we're excited to say, the 1.3 GA release of OpenShift Origin, which includes Kubernetes 1.3, is out the door! Hear more about the release from Lead Architect for OpenShift Origin, Clayton Coleman.

Security News

  • Report: Linux security must be upgraded to protect future tech
    The summit was used to expose a number of flaws in Linux's design that make it increasingly unsuitable to power modern devices. Linux is the operating system that runs most of the modern world. It is behind everything from web servers and supercomputers to mobile phones. Increasingly, it's also being used to run connected Internet of Things (IoT) devices, including products like cars and intelligent robots.
  • security things in Linux v4.6
    Hector Marco-Gisbert removed a long-standing limitation to mmap ASLR on 32-bit x86, where setting an unlimited stack (e.g. “ulimit -s unlimited“) would turn off mmap ASLR (which provided a way to bypass ASLR when executing setuid processes). Given that ASLR entropy can now be controlled directly (see the v4.5 post), and that the cases where this created an actual problem are very rare, means that if a system sees collisions between unlimited stack and mmap ASLR, they can just adjust the 32-bit ASLR entropy instead.

Raspberry Pi PIXEL and More Improvements