The end is near … fork the end and move on X-org-files

Posted on by

Is X11 Xserver dying in a classic RedHat way, “pull the plug and let it rot advertising with 90% of tech-media on the pay-roll that X is dead!”

Read the following letter first that was axed by RedHat media then there will be some discussion of what this means

Hello,

I do not think the original post, by Enrico Weigelt, to the xorg-devel
mailinglist made its way thru, tho freebsd-x11 was CC’d.

Anyways, if anyone missed it, here it is:

Hello everybody,

this morning, Redhat employees banned me from the freedesktop.org gitlab
infrastructure – so censored all my work (not just on Xorg). They killed
my account, my git repos, my tickets in Xorg and closed all my merge
requests. And then making fun on social media about it.

Continue reading

The end of linux-kernel as free software we trust – war on FOSS revisited

Posted on by

Basically the article aims to help some of you decide on your own when and which kernel is the last “safe” kernel to use.  In the bottom of this article is relevant release dates of lts and current kernels with release dates before and after the ban.

Safe is and has always been a very relative term in FOSS and any OS for that matter.  It is most related to belief in trust between end user and author.  Especially FOSS, being exposed to millions of knowledgeable critics and auditors of software, beyond the millions of lines of code there is a relationship of trust more than being able to evaluate every single line of every single piece of software used.

Continue reading

XZ story REVISED: Should we apologize or demand an apology – This crisis is placing all of us under the test CVE-2024-3094

Posted on by

Systems running without systemd are apparently safe

What crisis?  CVE-2024-3094
Compromised lzma library triggered by an openssh-hook to systemd notify (sd_notify) to obtain code hidden in liblzma to create a backdoor to any debian/fedora/ubuntu ssh server.  Apparently not even openssh-selinux is safe under those conditions (glibc, x86-64, preconfigured tarball source from github 5.6.0 and 5.6.1, systemd, openssh, rpm or deb packaging, with enabled calls to systemd through the openssh.service ).  If source was built from git with native clean autoconf/make the suspect code is not included.  Musl systems have nothing to worry about, probably because they can’t compile sd_notify to trigger this whole thing.

Psychopath, paranoid, not knowing shit about software

When we criticized zstd and advocated that long term friend xz, suspecting zstd of a trojan horse for security and encryption, those were some of the names I/we were called by the fan-club of facebook-hired ex-military author of zstd.  Mind you zstd is commonly built with lzma library enabled!

IMPOSSIBLE, it is just a compression algorithm, it can’t be used to exploit security of a system. they said

Sorry, I may had no clue how but IT IS now POSSIBLE!!!

Good news:  As far as experts in debian fedora arch ubuntu can TELL it takes systemd  to energize the backdoor, specifically a hook used by debian to build openssh a certain way that systemd/dbus/sd-bus/sd-notify run rogue code to obtain material from a blob (check/test result) from lzma to modify running binaries to open the backdoor.

Continue reading

syslog-ng how long have logs being accessible by your sys-admin?

Posted on by

Interesting discussion taking place in a r/joborun thread about building syslog-ng without systemd and telemetry!

What is interesting is that the author of syslog-ng took notice of the article and responded himself defending his choice.

This may continue so visit the link directly but here are the first two responses to the article:

https://www.reddit.com/r/joborun/comments/16x7u8o/users_of_syslogng_beware_telemetry_is_coming_not/
users of syslog-ng beware …. telemetry is coming! Not from skarnet
Continue reading

Obarun alone employing a new paradigm of software building?

Posted on by

About the most outdated software in Obarun is s6 and 66.  The first stack from skarnet is about 4-5 versions behind on each piece, who knows why, maybe no time to test the changes?  The next, if it was rebuilt on top of skarnet’s latest stable stack maybe it would fall apart?  It hasn’t for Joborun after several rebuilds.  But the aging 66 hasn’t received much attention in recent time, many commits but no release for nearly 2 years now.  The next release will make your known 66 appear as very different software all together.  All documentation written in the past will have to be re-written, all procedures and commands changed, all options and ways of doing things will be new.  And new is always better!!  Right?  Right?

What is new in Obarun is the way packages are being built.  No longer labor intensive processes of overseeing bumps on software editions, it is all algorithm triggered.  How?  Since obarun chases arch-stable behind, as soon as a package placed on the new system is bumped by arch, the previous arch pkgbuild is contrasted against the new, its differences from obarun are saved in a patch file, and the patch is applied to the new pkgbuild.  Then the software is placed on the builder, tested that it is built without errors and warnings, and then placed on the repo.  Continue reading

IBM’s systemd attempt to pull the plug on distros using eudev

Posted on by

libgudev is a low level library that bridges connections between udev and graphic stuff (Gobject) and hasn’t been a problem in the past building it with libeudev instead of its own libudev from systemd.

Edition 238 comes out and specifies in code the udev version limit to 251 or higher, with a specific function checking this in the code provided by a similar function in udevd.  Gnome team is the one publishing ibgudev, so you can’t expect to talk sense into them.  The eudev project recently, carried over from the abandoned Gentoo project, is built on 243 edition.

As described by someone on the open issue of eudev the problem is: Continue reading

What does it take to form a large effective team of developers and have a professional product?

Posted on by

Money?  What else?  Fame, glory, power?

What motivates people to join a team to produce and construct something?

What specifically are people with a given skill see in contributing to benefit others indiscriminately?

FOSS may be the sole largest field where people as individuals or small teams contribute many many hours of their “free” time, for the benefit of anyone who wants to “consume” the product of their labor.  Sure, there may be some philanthropic activities, community gardens, bicycle co-ops and pizza co-ops, sports, theater, … but are minor to this endless contribution of open and free code consumed by millions around the earth.

Why?

Continue reading

2023: Linux rusting away into non-FOSS territory – Build rnote and you will see

Posted on by

Linux 6.2-rc2 kernel is out as the last commit in kernel.org at the start of the 2023 year.  RUST is here, the initial code-base is included in the kernel.  At least Arch seems to be disabling it for now, at the beta level at least, we shall see.

Rust is not just a language, as people commonly think, it is much more.  It is a building environment, system, and a mode change of the philosophy of building packages from source.   Rust incorporates its own git system in pulling code in from 2nd and 3rd parties.  So if you have never gotten into the real FOSS practice of auditing code before you build, try and audit this stuff.  If building in C you thought was a practice similar to building sand castles, by comparison, this is like building sand castles with quick-sand ON QUICK SAND.

Continue reading

On the discussion about elogind and dbus “hate”, is there reason?

Posted on by

A vivid discussion has broken out between members of the community, whether q66 considers her/himself one or not is not our prerogative to define, or exclude anyone, about the hardcore stance against FOSS pests such as systemd, elogind, dbus, udev, etc.  So since the topic of discussion is very specific it would have been best if a topic addressed the specific issue, which is irrelevant to whether Chimera Linux belongs on a strict list of distributions without systemd or not.  The criteria about that list are very clear.  The criteria for the “gray” list are not very clear, but nobody really cares about this sloppy list of gray categorized distros, such as void, artix, and devuan. Continue reading

How safe are you and how much do you trust your distro?

Posted on by

Except for a few distros that assist their users to build everything they install from source (kiss and forks, LFS and forks, gentoo and forks, crux, exherbo, T2-sde, etc), most linux-distributions, offer binaries to be installed, usually backed up by the source code (script) building the package from either their own source code, or what we call upstream (other FOSS sources).  How do you know though, that what the source repository shows and what the binary package contains is the same?  One way is to build it with the same recipe (packaging source script) and compare the sums.  Very few people do this and in very rare and controlled environments is the product the same, meaning checksums are identical (Arch is reporting 15-20% failure to reproduce their own packages).  So what most distros do is they sign their packages and by having their public signature key, you know what they built is what you got.  But are you sure they built it right, or did they take adequate measures to make sure what they pulled from upstream to build the package is what the author really published?  How can you check?

Continue reading

systemd and ipv6 – why should it/they not be disabled? Ever?

Posted on by

This article is written on a reverse logic, starting from end and attempting to go towards the beginning, although we are not very clear on where to begin 😉

In the end of the article there is the reference article and direct quote of the error and why it is produced.  To sum it up, logind within systemd produces an error for a user process attempt to start an X session process through an ipv6 connection.  Although our allergic reaction to the fact the author on this article speaks in general about linux and displays a systemd related error, we will bypass this detail for the content’s importance.

error: Failed to allocate internet-domain X11 display socket

Now why does X get compiled with its own networking abilities?  Because “some people” like to get X access to the machine remotely.  A problematic reason on its own, but we are not here to solve all of the world’s problems.  It is systemd complaining because sshd is not working right, it prevents a remote ipv6 connection, but logind is there to make sure that a proper connection is made when it should.  Many other pieces of software have their own parts of ipv6 networking functionalities and abilities.  Hmmm,…… !!!  Scratch …scratch … why should they?  Should they not?

WHOSE PROBLEM IS IPV6 MEANT TO SOLVE?

Yours, mine, … my ISP’s, …..?   It has taken nearly 2.5 decades (since 1998) to transition from ipv4 to ipv6. Continue reading