Devaun gets pwned by cianiggers

Why do you hate security archive.fo/pOYsG archive.fo/LDQGb ? Yes that's irony but its true the old patchset is pwned or pwnable

If you gave a shit about being secured against script kiddies you should have installed gentoo a long time ago. If you fear cianiggers who are targeting you then stop using computers.

What did they mean by this?

Hacking the SSL of *insert your guess here*. Could just be the cianigger A.I spouting secret messages though. I highly doubt the cia hacked it themselves when they could just sick the a.i on it.

You can disable mitigations with kernel parameters

Are you a nigger? What bloated peice of shit software are you using that makes a difference in real world applications if you better ""secure"" the kernel? My shitty chinkshit CPU idle's at less then 1% usage with a web browser open like this.

what chinese browser do you have then? because firefox is using 30% cpu, with javascript disabled on all pages

TLDR; install gentoo.

the only thing not affected by the mitigations is something that makes zero syscalls, which is nothing

all the mitigations were backported to 4.X. the drop in kernel performance going from 4 -> 5 can not be explained by spectre/meltdown mitigations, 4 has them too.

They actually literally seriously just recreated the devuan site in gopher though. Open up your terminal and type "lynx gopher://www.devuan.org" and you'll see that it's there. It's just gopher instead of http. Pic related, you can even still download the .iso if you use a gopher-compatible browser.

Attached: download page.png (637x404, 35.71K)

Attached: opera.PNG (621x26, 2.85K)

If you had installed palemoon you could disable all logging and caches and or force all caches to be memory only. You can disable hardware acceleration in firefox as well as its derrivates but there's no reason to unless you don't have a GPU or its drivers are buggy/proprietary.
If you had been using a certain patchset you would get 0% performance impact by spectre/meltdown. Or so I hear. But yea there is a drop in performance going from 4 -> 5 that isn't caused by specter/meltdown. Its called the kernel psuedo devs changing internal syscalls for zero reason. In the past they changed these to improve them or other calls calling them for performance and or bug fixing.

Now they just randomize the internal kernel syscalls for literally zero reason besides making work for themselves to justify the donations/payments they get. With rare exceptions like what linus used to do.

Holy crap that's bloat. If I didn't have a gazillion addons enabled I would be using like 60MB. Instead I am at around 170MB

and your cpu?

please post more about this mysterious voodoo patchset
there was a thread on linux 5 performance regression until the mods censored it.

Oh man, good thing I didn't look into Devuan

Attached: tenor.gif (400x224, 1M)

Ok nevermind, it's a joke

twitter.com/DevuanOrg/status/1112483239187398656

Too bad, this would've been pretty funny had it been real.
They really overplayed the joke by sending concerned messages to their mailing list.

lists.dyne.org/lurker/message/20190331.175349.26a820e0.en.html
lists.dyne.org/lurker/message/20190331.191104.169aaf9a.en.html

Pretty much, and use (un)common sense.

Very good, well done

the mods are (((jewed))).

Also, the patchset is called "not using it".

Loonix retards will blame CIA instead of the incompetent idiots that forked a distro without the skill and manpower to maintain it properly, and of course they don't blame themselves for using such a shit distro in the first place.

Nice husbando.

i support gopher

$ date -ud @1554080659
19/04/01 - 01:04:19 (palindrome)

$ date -ud @7779847
70/04/01 - 01:04:07 (close)

Interestingly, both are prime numbers. It is a pretty magical date.
IRC Logs and mailing lists during the time of the hack show the devs have no idea whats going on and they are trying to figure out which one of the team is playing the joke.
maemo.cloud-7.de/irclogs/freenode/_devuan/_devuan.2019-04-01.log.html
maemo.cloud-7.de/irclogs/freenode/_devuan/_devuan.2019-03-31.log.html

_abc_ What the HELL devuan.org/pwned.html 19:33
KatolaZ _abc_: we are working on it :( 19:35
buZz april fools? 19:35
KatolaZ buZz: I bad one, since none of the devs knows about it... 19:35

Then a fun convo about how broken their key management system is and the manner in how they likely got hacked. Then it turned into KatolaZ (a dev) playing it off as if it were an april fools joke, after another user found it was a unix timestamp.

They regained control to the servers, put the regular site back up... They still have no idea who dunnit, and suspect their own. If they dont make an official statement one way or another its gonna look like they still have a bad actor on their team or someone is backdoored.

IMO a dev tried to play a prank, everyone stated pretty clearly it was in bad taste before the dev got to say 'April fools', and now that dev is playing along... Autistic behavior

If it is a joke, there is no way to verify their keyring and reestablish security. There is nothing on their website or twitter currently to suggest it was a prank, or address the hack.

Seems like he took Yoda's advice to heart and didn't try, but did.
Not really a big deal anyway. Nobody with half a brain took Devuan seriously.

Great. Are the users exposed or what? I feel kinda sketched out. This happened a day after i switched distros from Mint. Which was too heavy.

No, it's just some out-of-touch faggot devs who don't realize april fools jokes are passe now. But you should be running gentoo either way.

kekd

Actually everyone here takes freedom from systemdicks quite seriously glownigger.

I currently use it as a daily runner. Was using Parabola (arch) except it would break if more than a few weeks went between updates, and updates would required manual intervention multiple times a year. Spent a lot longer trying to get Gentoo to work right (which I used for ~2 years) before throwing in the towel. Might be fine choices for a server distro but as a daily no good for me.

Most of my servers have been running on *BSD and as I get more used to it the more I feel I can move over as my daily. Until then this is the only project I have found that JustWerks, systemd free, and is completely free(asinfreedom). Up until this misstep I had faith.

I found with a low power laptop running gentoo was damn hard. I was using a homeserver to do all the compiling. SMGL same story. How do poorfags gentoo?

then install gentoo fgt, devuan is a hack job

I fucking hate spring break.

Attached: let out the sounds.mp4 (816x656, 429.26K)

Its ugly and is fucked up. But all i do is learn scripting. I just wanted a distro that doesnt have some perv looking at all my activity.

DAMAGE CONTROL
From [email protected] Mon Apr 1 13:18:03 2019Return-Path: by localhost with IMAP (fetchmail-6.3.26)X-Original-To: [email protected]: [email protected]: User-agent: mu4e 1.0; emacs 26.1To: [email protected]: Mon, 01 Apr 2019 15:29:10 +0200Message-ID: MIME-Version: 1.0Subject: [DNG] Fwd: April's fools messX-BeenThere: [email protected]: 2.1.23Precedence: listList-Id: "The first mailinglist after debianfork.org" List-Unsubscribe: mailinglists.dyne.org/cgi-bin/mailman/options/dng>, List-Archive: mailinglists.dyne.org/cgi-bin/mailman/private/dng/>From: Evilham via Dng Reply-To: Evilham Content-Type: text/plain; charset="utf-8"; Format="flowed"Sender: "Dng" Status: ROContent-Length: 4726Lines: 62Following is on a personal note after having tried to fix things behindcurtains and to get something "official" out.First things first and because I think somebody has to say it in theright tone the situation merits:I am really sorry for the mess of today (+/- 13 hours because timezones)and I hope it does not impact too negatively the trust of users in theproject in the long-run.Further clarifying things: **to my knowledge**(*) nothing has beencompromised, but it is indeed a very elaborated prank.I hope this helps reassure those who are rightfully concerned,disappointed or disgusted by the whole thing and that a more sensible"official"/definitive/detailed announcement comes soon.(*): **to my knowledge** means that I am still trusting thecommunications and the project, even if I decided keep in place thetemporarily disconnect of my systems from devuan's infra.Evilham writes:> Dear all,>> this is being sent privately, but with the perspective of it > being> public.>> I won't go into the stupidity of April's fools as a general> concept, but> instead meet halfway and consider that a valid thing to do (even> when> your users are not exclusively in the limited parts of the world> where> that's a thing) and instead analyse the way this was done.>> This is not an April's fools joke, this reflects very badly on> Devuan as> a distribution that is something beyond someone's playground.>> I will explain: we, as Devuan, need people's trust, the fact > that> anybody uses Devuan (or any distribution/Operating System),> implies a> huge degree of trust on the team behind it.>> After all, if you control an Operating System, you control in> fact, a> trivial way to gain root on everyone's systems.>> Even assuming a fakely claimed security issue were funny, this > was> badly> done. Had it been just about devuan-web, it wouldn't have been > as> terrible> as this is: going the lengths of doing it with gdo and the build> system> undermines that trust of users towards Devuan.>> It's been now well over 12 hours and the "joke" is still on, it> still hints> at all parts of the infraestructure being compromised, it still> looks as> if gdo and the build system were compromised.>> For anyone wanting to do serious things while using Devuan, this> is> extremely bad taste.>> I know of at least 5 people wasting a few hours of their lives > (me> included) over this, *obviously* if the peope you trust are> telling you> "Devuan is fucked, we don't even have access to the infra", the> very> first thing you are going to do is start all your contingency> plans, not> bother with "obvious" puzzles and hints.>> We are talking about critical infrastructure here, this is the> internet> equivalent of being in an airport and shouting "THERE IS A BOMB!> Nah> just kidding". It is not only childish, it is irresponsible.>> I kindly ask everyone to reconsider and bring the thing down as> soon as> possible and publish a public apology.>> In the end, this is not a PR stun, it's a PR disgrace and it's> messing> with the people who care about the distribution and the> distribution's> always-lingering reputation.>> Even if there is no public apology, I will at least on a > personal> level> do what I consider right and publish this email on DNG.

From [email protected] Mon Apr 1 13:18:01 2019>From se7en Mon Apr 1 13:18:01 2019Return-Path: Delivered-To: [email protected]: from mail.cock.li [185.100.85.212] by localhost with IMAP (fetchmail-6.3.26) for (single-drop); Mon, 01 Apr 2019 13:18:01 -0700 (PDT)Received: from cock.li by cock.li (Dovecot) with LMTP id eWNCCk4Rolxr+QAAJxC7Iw for ; Mon, 01 Apr 2019 16:25:34 +0300X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on cock.liX-Spam-Level: X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_50,MAILING_LIST_MULTI, NO_RECEIVED,NO_RELAYS shortcircuit=_SCTYPE_ autolearn=disabled version=3.4.2X-Original-To: [email protected]: [email protected]: Mon, 1 Apr 2019 15:27:00 +0200From: KatolaZ To: [email protected]: MIME-Version: 1.0User-Agent: NeoMutt/20170113 (1.7.2)Subject: [DNG] devuan.org is backX-BeenThere: [email protected]: 2.1.23Precedence: listList-Id: "The first mailinglist after debianfork.org" List-Unsubscribe: mailinglists.dyne.org/cgi-bin/mailman/options/dng>, List-Archive: mailinglists.dyne.org/cgi-bin/mailman/private/dng/>List-Post: List-Help: List-Subscribe: mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng>, Content-Type: multipart/mixed; boundary="===============3816920835949634702=="Errors-To: [email protected]: "Dng" Status: ROContent-Length: 2755Lines: 81--===============3816920835949634702==Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="m4tfgmruthxi5hr5"Content-Disposition: inline--m4tfgmruthxi5hr5Content-Type: text/plain; charset=us-asciiContent-Disposition: inlineContent-Transfer-Encoding: quoted-printableAs promised, on Apr. 1st 2019 at 1:04:19pm UTC the Devuan worldstarted to make sense again. Please check: devuan.org git.devuan.org bugs.devuan.org pkginfo.devuan.org files.devuan.org popcon.devuan.org =20The gopherholes will remain online for the time being. The "pwned"page is still available at devuan.org/pwned.html.Again and to clarify once and for all: this was just an April fool. Nomachine was compromised. No content was moved, deleted, or tamperedwith in any way. Noone got access to the Devuan infra. No package ormirror was affected.=20I apologise if somebody thought the joke stretched a bit too far: I amresponsible for that. I thought all the clues were clear enough, butapparently they were not and some people got too stressed about it. Iam sincerely sorry about that.Pranks have always been an essential part of the hacker culture, andlike it or not, Devuan has been brought to all of us by a bunch ofpassionate hackers working long nights, not by a team of serious whitecollars in suit and scarf doing 9-to-5.I will definitely make sure I will not make such a mistake again inthe future.SorryAgainKatolaZP.S.: Please, do not let the world outside take away from you thepleasure of having a good laugh, at any cost. Stopping to laugh is thefirst step to the grave.--=20[ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] =20[ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ][ @) kalos.mine.nu --- Devuan GNU + Linux User ][ @@) maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ]=20[ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ]--m4tfgmruthxi5hr5Content-Type: application/pgp-signature; name="signature.asc"-----BEGIN PGP SIGNATURE-----iF0EABECAB0WIQSOWdaqRF79tKFTPVpfILOuC18GLwUCXKIRogAKCRBfILOuC18GL+TeAJ9OtkhmFySKre1iq4EKTUgnx2eOPgCdHv4ID1ib6tiAFJlKCPl6MLJQxWo==xfhR-----END PGP SIGNATURE-------m4tfgmruthxi5hr5----===============3816920835949634702==Content-Type: text/plain; charset="utf-8"MIME-Version: 1.0Content-Transfer-Encoding: base64Content-Disposition: inlineX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KRG5nIG1haWxpbmcgbGlzdApEbmdAbGlzdHMuZHluZS5vcmcKaHR0cHM6Ly9tYWlsaW5nbGlzdHMuZHluZS5vcmcvY2dpLWJpbi9tYWlsbWFuL2xpc3RpbmZvL2RuZwo=--===============3816920835949634702==--

Talk about lost in translation....

yeah, dont stop to laugh.

I would have not appologized. Weakling. Hold your ground if it was a joke. Not ur prob if ppl dont see the joke.

I take my LARPing very seriously. Pranks like this are a terrible betrayal.
equivalent of being in an airport and shouting "THERE IS A BOMB!> Nah> just kidding".
Couldn't agree more.

The problem is there is no way to conclude if this was a joke or not. Saying it was a joke by a lonewolf dev is easier and better PR than to admit you got compromised, repos and all.

This is more like bringing all the actual parts, putting one together, starting the timer, and disarming it right before the timer hits 0 then saying "Just kidding".

Meh, I thought it was fine. The Twitter posts gave it away.
Devuan isn't a large enough distro like Debian that they should really care about seriousness. The packages weren't affected by the joke either.

Attached: Screenshot_20190401_185505.png (647x661, 91.26K)

It's like someone saying hello customers todays flight to the moon is boarding at gate 3 and then a few idiots think aliens have taken over the air traffic control.

Nope. All of the actual parts of the hack were in place as if a dev had their computer hijacked. Other devs weren't even in on it and were locked out of infa.

Its like announcing aliens crashed landed, then the next day claiming it was really a weather balloon.

LOL

HACKTIVISM IS BACK, BABY!
which one of you fags was it? or do regular hackers hate JS dependants too?

read the thread

April Fools is dumb but I wouldn't mind it so much, but this bitch fight is just pathetic. The real immaturity is in the reaction. If this is how they react to something so trivial, how will they handle SJW entryism or glownigger infiltration? Yeah, no thanks.

Did you niggers forget what day it is?

It was still 03/31 when it was posted.

Hard to say this was an okay move, considering it highlighted their issues with security and key management.

how is the security of your packages trivial? You are trusting a group of people to compile the correct code. Linux Mint got hacked awhile ago and all their ISOs had a back door. What part of having a hacked/malicious OS trivial to you?

Thats like saying you don't lock your doors, anyone is allowed in your house while your gone, and if they take something it's okay because they'll enjoy it more. Have some respect user.

Revenge!!

soylentnews.org/article.pl?sid=19/04/01/1048230

OK fuck this shit, I’m uninstalling Devuan and switching to OpenBSD tomorrow. Who thought this was OK?

Now I have to go and change all my passwords and shit too. Fucking nigger ass devs. It’s my fault for believing that there was still hope for Linux though.

Does this raise their credibility, since they're debilitatingly autistic?

That’s the thing, could be a hack by a disgruntled dev masked as a joke. There’s just no way to be sure.

Who could've guessed?

Dat wall paper mmmmmmmm

this
devuan is perma-fucked and to be relegated as nothing more than a joke security wise.

If debian or redhat did this the stock market would crash as all the tech companies around the world shit themselves and went into maximum panic mode. They both would likely be sued into oblivion and possibly charged with crimes. I don't know what crimes but jews loose billions of dollars because of a prank someone is going to jail.

maybe their site, but the OS is fine.

This really has nothing to do with the OS. 99% of the packages are just mirrored from Debian's repos. But yeah, both the "hack" and the reaction to it are fucking stupid. This is probably going to hurt them. I've been using Devuan for a few years now as a DD on both my work laptop and desktop and I've never had a problem. Really wish they hadn't done this.

When libreboot supports Open(/*)BSD with FDE, I'm in. I dont think there is a better alternative to Devuan for low powered devices (x200) on the JustWorks(tm) shelf, that also respects your freedom.

libreboot.org/docs/bsd/openbsd.html#installing-openbsd-with-full-disk-encryption

TLDR; 1 devuan dev is a CIAnigger

Attached: b3540e69635db94a5346f48b9203ae551b547cc4b8aa8bcc82e925d2809d4405.png (1158x1158, 1.28M)

The two are the most prominent Devian developers.

No, the joke is never too far, there are only degrees of tastelessness, and nobody was under threat. In fact the more we are deceived the more successful the joke is. Anyone who thinks otherwise is letting their emotions drive their reasoning and that's animalistic.

so (((someone))) chosen to hack (((SystemD))) free OS website
who could be behind that?

Anyone know if there's any way to unfuck the font rendering in devuan/debian? It looks like absolute shit on my machine, I ended up copypasting some fonts.conf from the internet and it's better now but Japanese characters still look like shit.

It's too late, Devuan's dev outed the project as a joke. While it's funny that Devuan is now confirmed the joke which it was long supposed to be, this bit of humor has also doomed the project.

Live and learn I guess.

it's not a joke, it's controlled opposition
(((they))) created systemd free debian project just to destroy it later

Yeah I think you're probably right, the Sam Hyde of Linux.

HAPAS ARE SUPERIOR TO WHITES

why do my posts get discarded for spam but the happa spammer is free to spam?

hapa spammer may be a mod. They hate this board and are trying to kill it 24/7

>(((J)))
That's metaphysically ruinous. Quintessential YHWH juice.

But why?

bumpa

HAPAS ARE SUPERIOR TO WHITES

HAPAS ARE SUPERIOR TO WHITES

Europeons need to burn in a tar-pit. Disgusting

DAILY REMINDER THAT BRENTON TARRANT WAS A MASONIC JEWISH/ZIONIST PSYOPS

Judensheim pls go

Indeed.

It's funny but I just want a normal fucking operating system. Do I want something without systemd, or something without autistic drama?

Attached: old mike.png (280x280, 107.75K)

just use one of those real distros that arent a debian fork. you are literally using debian with systemd uninstalled when you use devuan. it even wants to get reinstalled if you try to install some packages. you can uninstall systemd on normal debian too so devuan is useless.